authenticate against two ldap databases with pam_ldap

Hi,

I hope someone here can point me into the right direction.

I'm having two databases in an openldap server,
dc=intern and dc=extern. The different databases are
usually used to authenticate the different users on
different hosts. However, now i have the problem that I
have one host, where people of the dc=external and some of
the dc=internal need to be authenticated.

First I tried to define two hosts, and added two base statements, but the
second base statement overwrote the first. So I guess this functionality is
only intended for two servers containing the same database where the second
is used as a fallback, in case the first ldap server is unreachable.

Then I tried to define different uri's in /etc/ldap.conf like this:
uri ldap://ldap/dc=intern ldap://ldap/dc=extern
but that did not seemed to work either.

then I tried to create a second ldap.conf, and configured
pam for auth, session, password and account like this:

then I adding a second line in the pam like this:
auth    required        pam_env.so
auth    sufficient      pam_unix2.so
auth    sufficient      pam_ldap.so     use_first_pass
auth    required        pam_ldap.so     config=/etc/ldap-extern.conf
use_first_pass

I'm not sure, whether I mixed up sth. as it seems the system
behaves differently, when nscd is running or not? I'm on
opensuse and I'm not sure, whether there was sth. mixed up,
when I first configured ldap client with yast. This also seems
to modify /etc/openldap/ldap.conf, but as far as I thought pam_ldap
should use /etc/ldap.conf.

any hint is appreciated.

kind regards
Sebastian