<hr /><i>anonymous added on 2010-11-05 17:17:02:</i><br />
The easiest way to do this probably is to let the web server handle the LDAP via HTTP Basic Auth (secure enough when sent over SSL) and have Fossil merely pick up the login name from the CGI and use it as logged in user from there.

Support for HTTP Basic Auth would also be needed for Fossil's own network support (i.e. when the client talks to the server).