Fill LMDB for ACL from LDAP using SyncRepl
For instant updates to the ACL, there is an LDAP subscription mechanism named SyncRepl. It is implemented in LDAP libraries, as well as in the utility Pulley that Adriaan & Rick built. SyncRepl can be used to "search and subscribe for updates" so changes come in immediately and update the ACL.
So, what we need is a mechanism (such as a Pulley backend library) that listens in on LDAP and updates an LMDB database with the proper ACL settings.
Any given ACL database may represent a subset of the available resources, resources instances, users/group/... objects.
Edited by Rick van Rein