I have a similar situation. I am trying to use two client authentication methods, one SAML (okta) and one regular LDAP. They both point to different Active Directory groups and the regular ldap is first in order. I have tested and when GP doesn't see the user in the regular LDAP client I receive error that user is not in allowed list and it stops and does not try the second in the list for locating the user.
... View more