Hi Vishal,
I am not sure whether you are able to solve this issue or not.
I had worked for solution for similar setup. AD and LDAP as user directories
and most of applications use form authentication.
For seamless authentication with IWA and applications with LDAP user
directories.
You need to protect new IIS resource with IWA authentication and configure
LDAP as user directroy (instead of AD).
But catch here is you need synch user id and password between AD and LDAP. So
SAMaccountname in AD is same as uid in LDAP.
So that IWA authentication scheme can search user in LDAP also by using
credentials passed from windows machine.
Regarding no change to Authentication scheme for most of your applications
which are using form based.
You may have to put redirection in your login page code(form html URL) and redirect
to IWA authentication scheme URL with target as IWA resource.
In IWA resource again have logic to redirect to origin TARGET URls.
This would be lot of customization. But feasible. And also you would be
using IWA auth scheme against LDAP.
LDAP and AD users are synched in such way that user id and passwords match..
Regards,
Srinivas Meganath, CISSP.