same objects in multiple ou?

[Joe Comeaux <joe.comeaux@gmail.com>]

I'm trying to design an environment that does not allow anonymous
binds, and the users that require authentication reside across
multiple OU's. It seems common practice among authentication modules
to take a cn, bind anonymously to scan for the full dn, and then check
password with full dn to authenticate.
What I'd like to avoid is the anonymous bind, or storing a name and
password with read access to bind, to increase security.

I think what would be ideal is to somehow map all objects across
multiple ou's to a single ou. Something along the lines of : all
objects in ou=Department1,dc=example,dc=com +
ou=Department2,dc=example,dc=com + ou=Department3,dc=example,dc=com to
be linked to ou=Everyone,dc=example,dc=com. If something like that
were in place, new users created in Department3 could be authenticated
with cn=username,ou=Everyone,dc=example,dc=com. All modules designed
to check authentication would not need to bind first to search the
directory for the full dn.

I've seen references to aliasing, but that applies only to a single
object, and also mentions of mapping, but I can't tell if that would
do what I expect it to do.

Has anyone else built something similar? Can what I explain even be
done with OpenLDAP? What should I be looking in to for direction on
setting this up?

Thanks in advance
-Joe Comeaux