Loader jobs from LDAP present several ways for processing lists of users after all of the data has been pulled from the directory, especially the new in 2.4 ability to bulk process the returned data. However, it would be useful to be able to compose expressions for the LDAP filters.
The most useful (for me) would be date-based filtering. While SQL databases typically have rich data functions, LDAP filters don’t, and it would be nice to be able to compose filters that select based on relative dates. I can imagine uses for filtering based on dynamic attribute values, as well.
My example: We want a group of users who have activated their accounts in the 7 days. They have an LDAP attribute that indicates the time they activated. It would be nice to be able to filter on (now()-7 days) (put into appropriate expression language).