Is it possible to configure the user application to look under two different
bases for users? For example, we have a structure like this:
<root>
+ dc=secure
+ + ou=users
+ dc=public
+ + ou=users

Can I set things up so that users from both ou=users,dc=secure and
ou=users,dc=public can log in to the user app without specifying their fully
qualified names? I know that any user from any part of the tree can log in
with a fully qualified login ID (like cn=userid,ou=people,dc=foo), but I
would like to provide both sets of users the simplicity of logging in with
only their userid.

I know that another option is to combine the two user bases under a common
ancestor and use that ancestor as the user base for the userapp, like this,
but I would also prefer to avoid that unless it is the only option that I
have.
<root>
+ dc=org
+ + dc=secure
+ + + ou=users
+ + dc=public
+ + + ou=users

Thanks for the help!