I think we could easily achieve #2 with ApacheDS using an interceptor. 


On 3/1/07, Sam Hartman <hartmans@mit.edu > wrote:
1) I'd really like to see interested individuals work on the LDAP schema in the IETF.
The effort has floundered for lack of people driving it.

2) I'd really love to see an ldap plugin that used some schema and
   called kadm5_* interfaces--I.E. a way to replace kadmind with
   openldap even in situations where the ldap kdb layer was not used.