Interesting blog post this:
A simple solution to this problem is in the use of dynamic groups. One small problem though, a dynamic group is only a concept and, technically speaking, cannot be modeled in OpenLDAP, eTrust and IBM Directory Server. Therefore, dynamic groups functionality must be built into the application security architecture.
-- end snip
With a little side of applesauce...
©2006 Shannon Eric Peevey