I've installed iFolder 2.1 on a w2k server with an Active Directory domain
(DC on another server) as primary LDAP.

So far, so good... Everything works just fine in that domain!

But now I want to add a secondary User LDAP to another AD domain (in the
same forest), but I can't get that to work. All I get is "Unable to
authenticate to new LDAP directory".

When creating a User LDAP, you have to specify the logon account to be used
to logon to that directory. I use
cn=ifolderadmin,ou=iFolder,dc=mydomain,dc=net which is a "Domain Admins"

Strange thing is, that when taking a packet trace during the creation of the
User LDAP, it shows that the iFolder server tries to authenticate with user
cn=iFolder_ServerAgent,ou=iFolder,dc=mydomain,dc=n et. There is no such user
in that domain!

The iFolder_ServerAgent user is creating during the first logon after server
install, and in the domain holding the global settings LDAP.

Will iFolder create a ServerAgent account in every LDAP domain?

From previous experience I know that if schema extensions are already in
place during the first logon, the ServerAgent account and the other iFolder
objects won't be created. Since our two AD domains exists in the same
forest, and AD schema is forest-wide, schema extension will be in place on
the secondary domain!

But as I said, the iFolder_ServerAgent and the other iFolder objects should
only reside in the "primary" domain. All secondary User LDAPs should only
need to make changes to attributes on the User objects...