Here is what I was using to test my module. All you need it to provide some kind of translation of the username into the namespace used on the LDAP server. Changing the namespace also allows one server to authenticate multiple domains.
set ci [ns_queryget i "1"]
set cj [ns_queryget j "1"]
set start [clock clicks -milliseconds]
set count 0
set entries "no"
for {set i 0} {$i < $ci} {incr i} {
set ldaphandle [ns_ldap init "zmbh.com:389" "cn=Manager,dc=zmbh,dc=com" "mypassword"]
ns_ldap simple_bind_s $ldaphandle
for {set j 0} {$j < $cj} {incr j} {
ns_ldap search_s $ldaphandle "dc=zmbh,dc=com" "(objectclass=*)"
incr count
set entries [ns_ldap count_entries $ldaphandle]
}
ns_ldap unbind $ldaphandle
}
set total [expr [clock clicks -milliseconds] - $start ]
ns_return 200 text/plain "
time for $count cycles: $total milliseconds
found $entries entries
$ci bind-unbind cycles
$cj searches per cycle"
Btw, the bind/unbind cycle is very fast. I don't think there is any need to maintain a connection or use a pool of connections.