Hi Dennis,
Just to clarify, are you talking about including wildcards in the LDAP DN (by specifying them as part of the "LDAP principal template" field) or configuring the "LDAP domain" field (which currently accepts a single domain or '*')? The LDAP authentication page includes a screen shot of these fields,
https://www.labkey.org/Documentation/wiki-page.view?name=configldap
Either way, LabKey LDAP authentication doesn't "latch onto" anything... on every authentication attempt, LabKey issues a new LDAP connect, constructing the DN by substituting the appropriate values into the template. It round robins through the server URLs until it finds one that responds with either success or failure.
At the moment, only one LDAP configuration can be provided, which means there's no way to route different authentication requests to different LDAP servers, for example, if the organization manages email addresses under multiple domain names. We would like to extend the LDAP configuration to support this, but it's never been a priority for our clients.
Adam