RE: Authorizing using LDAP attributes