The LDAP authentication is a bit inflexible. A better way would be to search for a user with a normal LDAP filter, and then try to bind as that user's DN.
The attached version of lib/auth_ldap.py should do this. Note that it includes some new parameters that should be moved to the LDAP configuration page.
Also note that the default port for ldaps is 636, not 689.