With the new auth framework? If you are able to create a user object that maps to the LDAP fields it should be trivial to get authz for "free". >>> There's the rub. Authen::Simple::LDAP only provides "authenticate" as a method. It doesn't provide a way to query LDAP for additional attributes.