About authentication:

When you're asked for a username or password, it tries to look up the user in ldap. if you enter admin and the ldap admin password, you will connect as ldap admin. you can also enter you normal username, and user password, and you will get the permission your users is set up with. The password for the authenticated user are stored in a coockie, using a session key from the server to "encrypt" the password (strings are xor'ed).