Cached LDAP Auth from two directories

[Tom]

I have two different LDAP directories for authorization/authentication, one for users from group A and one from group B. I don't make the LDAP structure but I gotta live with it.

I've found that "distributed-realm" works fine, it checks A then B.

I'd like it better as a cached realm that wraps the distributed realm, but cached-realm cannot cache a distributed-realm. I'm not sure why.

I tried caching A and caching B, then wrapping both in a distributed-realm, but when searching for a member of B the initial check on cached-A misses, does a full query on A, then goes to B. And I used a cache in part to avoid full queries for known users.

Any hints to help me out?