Yeah, of course you're not responsible for the ACLs implementation complexity. If someone should be beaten, here I am 
Executing setfacl recursively two times, the first in nethserver-ibays-set-permissions and the second in nethserver-httpd-ModDav-permissions is not optimal. It could be enhanced by moving nethserver-httpd-ModDav-permissions logic into /etc/e-smith/templates/ibays/system-acls/10httpd template. However, doing it in this way requires also the modification of nethserver-httpd-sethtwritable action because it must be aware of the write permissions due to WebDAV.
An alternative to the setfacl approach is discussed on the other thread:
Both ways have their limitations, however I see ACLs are becoming a complex beast and I'm becoming a KISS fan, too 
Before going further I'd like to listen to other opinions from @dev_team (@giacomo, @davidep, @filippo_carletti, @alep, @stephdl, @Stll0, @alefattorini) and others...
In the meantime I opened an issue here: http://dev.nethserver.org/issues/3336
I want also to report here, as written by @stephdl, that the PR could be splitted into two parts:
- LDAP based authentication
- WebDAV protocol support
I don't see any problem for the LDAP based authentication. Only we should discuss if it is worth implementing it on NS6, or wait and see how it goes with Samba 4.
