Yes, I do see the problem. Now we have to find an elegant way to address
it. The concept of "name your admin" doesn't seem to fit well with LDAP.
Perhaps we should go with the group thing. Perhaps if the authentication
mode is AD then we should skip that entirely and simply use group membership
to define Citadel admin privileges. By default you get admin access (and
it's probably time to abandon the word "Aide" and change it to "Admin") if
you are a member of the "Domain Admins" group, but we could also allow that
setting to be changed to "Citadel Admins" or something like that...
