In my scheme the users cannot log onto any directory - there is no need for them to do do as they are just using applications.
The database that the login is being tested against is the CURRENT database. In your new scheme I passed the following value into the new urlLoginNSF parameter in 1.2 - facesContext.getExternalContext().getRequestContextPath()
BUT - the trigger to test for a failed login is not the CURRENT database but names.nsf i.e
if (response.indexOf('action="/names.nsf?Login"')==-1){
I could be wrong but even with cascading adress books will it not always be names.nsf ?
Sean