[xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time

Hi, On of the goal we would like to achieve using XWiki is SSO integration in relation to our openLDAP server, through LemonLDAP::NG (http://www.lemonldap-ng.org/). We have tried with success the extension at http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+He… but we see a limitation here : it seems not possible to re-configure this extension at run-time from the UI, it means that the instance should be restarted when in the need to alter a configuration option like xwiki.authentication.headers.groups_mapping (and fields_mapping too). The same remark apply to other SSO extensions like Jasig CAS/SAML one. What would be the implication in terms of development power to make those configuration properties available at run-time ? Like it's done within the LDAP Application for example. For a start we don't necessarily need an UI/app but at least the attributes somewhere available in object mode. Another option I see is the possibility to achieve group mapping directly from the LDAP instead of getting it from the headers. That would lead to a combination of the LDAP authenticator and SSO (but at the moment only one authclass can be used at a time). Cheers, Martin