I am just brainstorming here and have in no way thought this out or
checked if it even works, but would it be possible to use the LDAP role
assignment feature? It only works with one LDAP server so reliability
might be an issue, but is there an LDAP attribute that would identify
these particular logins? Could one be created?
Dan S.