One of our requirements for CiviCase was a higher degree of security than what is normally associated with a community website. Users reach our CiviCase implementation via https, which is great, but leaves open the whole password issue. Those of you who live in the corporate IT world will be familiar with the two-factor ID solutions that are available on the market, from RSA, CryptoCard, and maybe others. We decided to use one of these solutions so that our users would always be given a "fresh" password for each login. If you're not familiar with these tokens, they require you to have a PIN / password, and to have the device physically in your possession when you attempt authentication. The device supplies you with a number, you append or prepend your PIN, and voilà: you have your password.
All well and good, but the solution we decided to use (from CryptoCard) didn't support LDAP, but rather RADIUS (Remote Authentication and Dial-in User Service), which is a standard used by many ISPs and corporate IT departments. Anyway, Dave D adapted the Drupal LDAP module to serve this purpose. He's contributed the code back through drupal.org, but isn't able to volunteer to maintain it at this moment. I did think that some folks might like to know that the solution is out there, and that we've tested it, and are pretty happy with it.