I have some information to contribute to this issue.
Packet captures of the communications between my w2p server and my Active Directory (LDAP) server show that there is extra string data being tacked onto the start and endo of the LDAP Search user string.
My LDAP search user is currently set (the same as it is in my old LDAP working 1.2.2 install) to:
The packet capture shows that w2p is sending this name:
That user name will not work as the packet capture shows with a "invalidCredentials" response from the LDAP server.
I modified line 53 of
$ldap_bind_dn = 'CN='.$this->ldap_search_user.',OU=users,'.$this->base_dn;
$ldap_bind_dn = $this->ldap_search_user;
Not the the LDAP Search user binds successfully. It looks like this kills hurdle 1. Hopefully it doesn't break something else, Unfortunately I know nothing about the w2p code base.
The problem Now
-LDAP Search User successfully binds to LDAP server
-does a search for sAMAccountName=testuser1 where testuser1 is the userfor the username at the w2p login screen.
-gets the results back on testuser1 that includes the full object name, which in my case is
"CN=Test User1,OU=IT,OU=User Accounts,DC=int,DC=mydomain,DC=com"
There is a second (successful) bind request for the LDAP Search User then an unbind request and that's it.
This second bind request SHOULD be a test to see if the password entered at the login screen was valid. It should be trying a bind with the full object name of the user that was entered on the w2p name and the password!