We are currently migrating from an iPlanet Web/Mail/Calendar environment
to Apache+Zimbra.

In our existing environment we have been using some of our mail groups to
restrict access to certain areas of our web sites. Basically access to certain
areas was allowed only to users who authenticate against our LDAP database
and are members of certain groups.

In Zimbra, Mail Distribution Lists are not "LDAP groups". i.e. they do not have
an objectClass of groupOfUniqueNames and the members of a distribution list
are identified by their email address, not their DN.

If we wanted to set up Apache authentication (mod_authnz_ldap) against our
Zimbra LDAP directory, we would not be able to validate that the user is part
of a particular group by using "require ldap-group".

Has anybody else tried to authenticate their Apache server against Zimbra
using group membership to restrict access? Any ideas how we can do this
without defining groups twice (once as a Mailing List and once as a group of
unique names)?

Thanks for any pointers.