when trying to authenticate credentials, all authentication plugins are queried for the user credentials. the docs say, it stops when the first user is found: https://github.com/do3cc/Products.PluggableAuthService/blob/master/Products/... but it's implemented differently: https://github.com/do3cc/Products.PluggableAuthService/blob/master/Products/... - here the userinfo is added to a userids list, enumerating all activated authentication plugins. with a admin user defined in in acl_user's source_users authentication plugin but also having a LDAP authentication plugin ordered after source_users, it would be convenient to not having to deal with LDAP connection timeouts, but being authenticated right away. what's the purpose of having a list of user credentials to be authenticated anyways?