I'm referring to this line: bind authenticate root-dn testuser password testpwit should be: bind authenticate root-dn "cn=testuser,ou=serviceaccounts,ou=accounts,dc=gulfbasco,dc=local" password blahthe base-dn config line refers to the search...
The bind username has to be specified as the full LDAP object path per this http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_ldap.html#wp1069114. Use dsquery on the username that you want to use for the intial lookup...