Not returning a password probably isn't a problem. If I'm reading the C4::Auth_with_ldap code right, Koha sends the password to the LDAP and doesn't do anonymous binds. It's the lack of field data that's a pain.
I'm not (yet) familiar with koha3. Normal koha 2 ldap interface was to retrieve the actual password from ldap, and compare it with the password to user supplied. (which is a strange and incompatible way to verify a password) Fortunately it was not difficult to change this behaviour to something else: Attempt to bind to the ldap server with the username/password to user provided. If the binds succeeds, the password is correct. If the bind fails, there could be all sorts of problems: wrong password, ldap server down, network problems, whatever, but result: NO acces. See this page I created: http://wiki.koha.org/doku.php?id=ldap&s=ldap But I agree: you do need (at least some of) the various fields.