Description
Knox should support dynamic LDAP groups.
Meaning
Knox should be able to look up LDAPEntries with objectclass groupofurls.
Then, based on the memberurl attribute of the entry, should evaluate whether a user is member of the dynamicgroup.
The fact that user was member of the dynamic group should be reflected in authorization checks for service level access