I've modified the code to use ad_username and ad_password (I tried both DN notation and just using the username) but I still receive the same error in the Apache log:
None of our AD servers allow anonymous bind through LDAP. We connect several other applications using authenticated bind without issue. Is anonymous bind a requirement for this implementation? This will be problematic for us.
The reason why I ask is because I'm not sure if it'll work and I would like to test it and try to help you get it working but everything I've read says you can't force auth on the rootDSE per LDAP spec so I'm asking how you have it configured so that I can lab it up here.
I think at this point we need to let the developers do their thing. We can make minor edits here and there, but this is turning out to be more than just a one- or two-line fix. There is a feature request in place, and XI has been under heavy development recently since we just released XI 5. We are also releasing a new AD/LDAP component some time this week, so we'll see if the changes get added.