> Here's an option that has not been discussed in any depth yet.

The approach you suggest was discussed last year in this group. The
decision was made to go for a pluggable authentication modules (PAM)
that would allow authentication using LDAP, AD, NDS, etc. See the roadmap.

As to the authorization using LDAP server... I'm not sure that I
understood you right when you talk about LDAP being used for
authorization too. Do you consider Firebird to ask for a permission
each time a SQL statement is executed? If that's the case, I think
this will lead to an extreme performance degradation.

Roman