The good news about using LDAP for authentication is that you don't need to pull a result set over and cycle through it. You can get a yes/no answer. But I don't think it will be any easy task to substitute general ACS permissions using this. Authentication should be a much simpler task, you simply pass the username/password to the server and see if it accepts it or not, I guess. I believe my module will already serve the purpose of doing this. (Still need to figure out how to get the data into the LDAP server, not too hard)
