We have a situation in a client where SMWALKER may be the solution. We already have an LDAP model for authentication and authorization in a TDS directory (IBM) and in the authorization we need a more complex search/validation.
We need to do two LDAP queries on the authorization. One in a group and the result in the user. Return the groups that have a certain value in an attribute and when to return see if the user is a member of this group. But looking at the memberOf attribute on the user, instead of the member attribute of the group. This avoids a large volume of values in the member object group (issue for this client).