Thanks Patrick and Trent for sharing the stunnel tip. That's very helpful. Glad you've managed to get things working for the most part.
There are a couple of things to look out for at this point - first, I found a bug in the way I documented the FDN search and bind call. Basically, your call should look like this:
if { ![empty_string_p $fdn] && [ns_ldap bind $lh "$fdn" "$password"]} {
set result(auth_status) ok
}Otherwise, if the FDN search returns nothing and anonymous binds are allowed, your attempt to bind will be successful regardless of the password and you will get a very confusing message stating that you have authenticated but don't have a local account. This is fixed in version 1.9.22 (oacs-5-2 branch). Shahid - this is where authentication takes place so make sure your auth-ldap-procs has that "ns_ldap bind" call in the right place.
Also, keep in mind that after you upgrade (and restart the server or reload the procs) to the as yet unreleased newer auth-ldap package, you will need to visit your auth admin pages and set your LDAP authority's BindAuthenticationP parameter to 1 in order to have things work as before. Might be easier just to grab 1.9.22 and set that up while you are tinkering with authentication.
