Multiple clientcert configuration

I use two PKIs for authentication. One is from Active Directory and is used for real users, so I would like to resolve roles using LDAP. I have another one for technical accounts, which is not backed by LDAP for roles, and where I explicitly define user roles in the SG configuration. Therefore, I believe it might be interesting to add a key to filter client certificate configuration by the DN of the certification authority.