On IVE version 6.0r3, I noticed that Generic LDAP authentication is broken. We are using a regular LDAP server (slapd) and have tried SSL/Non-SSL ways to connect to the server. It knows when the admin password is wrong, and the connectivity checks out. I can connect to the ldap server via a query tool (ldapsearch - openldap v2.3.34 and ldapbrowser v2.8.2) using the same credentials as what I use in the IVE.
However, when people try to login, they are not getting login denied or any error messages. They're just not being allowed in. User policy traces and the logs state the following:
Sign-in rejected using auth server TAM LDAP - tekdev (LDAP Server). Reason: OK
I changed the type on our testmachine from eDirectory to Generic, had to refill the Admin-DN + BaseDN Filter but it still works fine. In case of wrong authentication it displays username or password not correct message...
Maybe 6.0r3.1 fixes this issue? It was not explicitly mentioned in the changenotes but it was the same with 6.0r3 where the ADS Problem was "silently" fixed (http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&thread.id=58)