If you're already using it you must have asked yourself these questions already? What are you trying to do so we can help explain the options?
Our requirement is still evolving and authentication is going to be quite complex.
Authentication will be simple, I think you mean authorization.
We might have groups and groups can have roles/subroles(i.e. a role called doctor can access as a physician and can access as a admin too). Based on which role user belongs we want to show personalized screens.
Once you define something I'm sure we can help.
-- Kind Regards,
Gavin Henry. OpenLDAP Engineering Team.
Community developed LDAP software.