Hello Josip and thank you again for your response.
This is an orthogonal issue; you don't have to allow anyone to read the
value of the userPassword attribute, you just have to get the FR ldap
module to *bind* to the LDAP server with the username and password from
the request.
This is log output for an anonymous bind in authorize section ("bind as /
to" means "bind as <no user>/<no password>"). What is the output for the
authenticated bind, that happens in the authenticate section?