I was really hoping that was it, but it's still saying it can't locate the user matching the info provided.
So seeing that Catalyst::Plugin::Authentication::LDAP was superceded by Catalyst::Authentication::Store::LDAP, I take it means that C::A::Store::LDAP does the authentication too.
But looking at C::A::Store::LDAP it says that it authenticates a user if it finds the user info in the LDAP store. So it's really not even looking a the passwords. So this looks like it's not really an Authentication module. But why would an Authenticaiton module be superceeded by a Store module?
As an update I see that the first step is that C::A::Store::LDAP binds with the pre-set user and password, then it reconnects with the user and password sent in second time.
Here's a copy of my config in memory if that helps: