[xwiki-users] Limitng registered users list to Ldap (Active Directory) groups mapped to XWiki groups

Hi. I am evaluating XWiki's LDAP-based authentication capabilities. The intention is to have a locked-locked-light wiki instance for my group in a large AD-based corporate environment. The LDAP documentation in xwiki.cfg clarifies how to map LDAP groups to XWiki groups. However, for ease of ACL administration, I would like to treat only users belonging to xwiki.authentication.ldap.group_mapping as "registered" users and the rest of the users within the corporation as "Guests". Is there any way of achieving this mapping? Presently, I have setup LDAP config to authenticate any user within the corporation using xwiki.authentication.ldap.user_group=cn=workers,ou=etc.etc. This causes every user to be treated as a registered user (after successful authentication of course). The only work around I can see is to have an AD group (say X) that contains all the mapped groups specified in xwiki.authentication.ldap.group_mapping, but that requires X to be updated in sync with changes made to xwiki.authentication.ldap.group_mapping. If I can avoid the need for setting and maintaining X, that would be nice. Thanks, Milind