I find LDAP authentication quite easy to setup on TM1 with just the following cfg parameters:
IntegratedSecurityMode=2
PasswordSource=LDAP
LDAPPort=
LDAPHost=
LDAPSearchBase=
LDAPSearchField=
LDAPWellKnownUserName=
LDAPWellKnownPassword=
I find that if I have this setup though I can't use the admin account because it's not an LDAP account. Unless I'm missing something, its a shame that the TM1 admin account is not excluded from this rule.
