diff --git a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirContentsInitializer.java b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirContentsInitializer.java
index e2c7ad1e98..51adca5577 100644
--- a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirContentsInitializer.java
+++ b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirContentsInitializer.java
@@ -32,6 +32,9 @@ public class DirContentsInitializer {
         try {
             initSimpleUidUser();
             initSimpleCnUser();
+            
+            initOthersGroup();
+            initOthersUsers();
         } catch (NamingException e) {
             // TODO Auto-generated catch block
             e.printStackTrace(System.err);
@@ -69,4 +72,42 @@ public class DirContentsInitializer {
         
         serverContext.createSubcontext(name, attrs);
     }
+    
+    private void initOthersGroup() throws NamingException {
+        String otherUserOU = "ou=others";
+        Attributes attrs = new BasicAttributes();
+        attrs.put("dn", otherUserOU + ",ou=system");
+        attrs.put("ou", "others");
+        attrs.put("objectClass", "top");
+        attrs.put("objectClass", "organizationalUnit");
+        serverContext.createSubcontext(otherUserOU, attrs);
+    }
+    
+    private void initOthersUsers() throws NamingException {
+        String name1 = "uid=other.one,ou=others";
+        Attributes attrs1 = new BasicAttributes();
+        attrs1.put("dn", name1 + ",ou=system");
+        attrs1.put("cn", "Other One");
+        attrs1.put("givenName", "Other");
+        attrs1.put("sn", "One");
+        attrs1.put("uid", "other.one");
+        attrs1.put("mail", "other.one@hotmail.com");
+        attrs1.put("userPassword", "otherone");
+        attrs1.put("objectClass", "inetOrgPerson");
+        attrs1.put("objectClass", "top");
+        serverContext.createSubcontext(name1, attrs1);
+        
+        String name2 = "uid=other.two,ou=others";
+        Attributes attrs2 = new BasicAttributes();
+        attrs2.put("dn", name2 + ",ou=system");
+        attrs2.put("cn", "Other Two");
+        attrs2.put("givenName", "Other");
+        attrs2.put("sn", "Two");
+        attrs2.put("uid", "other.two");
+        attrs2.put("mail", "other.two@hotmail.com");
+        attrs2.put("userPassword", "othertwo");
+        attrs2.put("objectClass", "inetOrgPerson");
+        attrs2.put("objectClass", "top");
+        serverContext.createSubcontext(name2, attrs2);
+    }
 }
diff --git a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirSetupTestCase.java b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirSetupTestCase.java
index 60eb6bc937..8d96154986 100644
--- a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirSetupTestCase.java
+++ b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/DirSetupTestCase.java
@@ -34,4 +34,10 @@ public class DirSetupTestCase extends BaseLdapTestCase {
         assertEquals("Two", myAttrs.get("givenName").get() );
     }
     
+    public void testOthersUsers() throws NamingException {
+        Attributes myAttrs = getClientContext().getAttributes("uid=other.two,ou=others");
+        assertEquals("uid=other.two,ou=others,ou=system", myAttrs.get("dn").get() );
+        assertEquals("Other", myAttrs.get("givenName").get() );
+    }
+    
 }
diff --git a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java
index 073a4f46f3..4e5f8afe0e 100644
--- a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java
+++ b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java
@@ -30,6 +30,19 @@ public class LdapPasswordAuthenticationTest extends BaseLdapTestCase {
             fail();
         }
     }
+    
+    public void testSimpleUidUserBadPassword() throws NamingException {
+        dao.setUserContext("uid={0},ou=users,ou=system");
+        dao.setDefaultRole(DEFAULT_ROLE);
+        try {
+            UserDetails userDetails = dao.loadUserByUsernameAndPassword("one.user", "plainlywrong");
+            //assertEquals(1, userDetails.getAuthorities().length );
+            //assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
+            fail();
+        } catch (BadCredentialsException ex) {
+            assertTrue(true);
+        }
+    }
 	
     public void testSimpleCnUser() throws NamingException {
         dao.setUserContext("cn={0},ou=users,ou=system");
@@ -69,4 +82,12 @@ public class LdapPasswordAuthenticationTest extends BaseLdapTestCase {
                 ex.getMessage().startsWith(LdapPasswordAuthenticationDao.BAD_CREDENTIALS_EXCEPTION_MESSAGE) );
         }
     }
+    
+    /*
+     * @todo:
+     * 1. two different groups...
+     * 2. two groups, limit 'roles'
+     * 3. other stuff...
+     */
+    
 }
diff --git a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/package.html b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/package.html
new file mode 100644
index 0000000000..6b32a12663
--- /dev/null
+++ b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/package.html
@@ -0,0 +1,43 @@
+<html>
+<body bgcolor="#ffffff">
+	<h2>LDAP JUnit Tests and Helper Files.</h2>
+	<p>
+	Because the inter-class dependencies may not be obvious at first glance 
+	they are documented for this package; most of this complexity is on account 
+	of the JUnit design, hopefully future testing frameworks will be less intrusive.
+	</p>
+	<dl>
+		<dt>LdapTestHelper</dt>
+		<dd>Containing the majority of the code which references the 
+		apache directory server classes, LdapTestHelper is designed 
+		to be assigned as a static field in the BaseLdapTestCase, although 
+		it can be used elsewhere.  LdapTestHelper contains all the code 
+		needed to start, initialize, and shutdown the directory server.
+		</dd>
+		
+		<dt>DirContentsInitializer</dt>
+		<dd>DirContentsInitializer contains the JNDI code 
+		used to load the directory server up with entries (users and groups).
+		When I figure out how to correctly import LDIF files, DirContentsInitializer 
+		will probably be radically simplified.
+		</dd>
+		
+		<dt>BaseLdapTestCase</dt>
+		<dd>Contains common methods and fields that will probably 
+		be needed by any TestCase which interacts with the directory server, 
+		including a static reference to a LdapTestHelper instance.
+		</dd>
+		
+		<dt>DirSetupTestCase</dt>
+		<dd>Contains some simple code designed to test that DirContentsInitializer 
+		has functioned properly.  If these tests fail then the 
+		other tests are expected to fail too.
+		</dd>
+		
+		<dt>LdapPasswordAuthenticationTest</dt>
+		<dd>Contains tests which configure a LdapPasswordAuthenticationDao bean and
+		excersize it against the directory server.
+		</dd>
+	</dl>
+</body>
+</html>
\ No newline at end of file