To be fair, getting the connection strings right with LDAP can be a bit of a pain to get right if you don’t understand LDAP, or your LDAP schema is weird (I’m 2 for 2 here)
It took me just under two hours to get my all my settings correct. Without the detailed debug logging, I never would have gotten it configured.
I think if I had to do it again, It’d take me just as long because I invoked voodoo and various animal sacrifices towards the end.
(that’s not an xwiki problem - it’s a problem with LDAPs “design by committee” feature set)