Do you use a specific portal? E.g. in WebSphere Portal Server, it is no problem to configure the portal to the needs described in your post ... In the Java Portlet Specification, there is no chapter about portal page acces rights, for instance. Solutions tend to be vendor specific here, AFAIK ...
Author of German LDAP-Book
Committer at Apache Directory Project