This one has lain dormant for years is already implemented and checked into trunk.
https://issues.apache.org/jira/browse/FC-108 It requires setting a config param, rfc2307=true, then making fortress users and roles to be controlled in a NIS type of env using traditional LDAP controls. Shawn
