Re: authorization based on ldap attribute