using ldap (openldap) to authenticate

need ability for user to update password or email from a webapp

another guy on the project wrote a DAO that connects with the root DN and updates ldap. DAO stores root DN and root password.

in the spirit of JNDI database connections, it seems to me we should be able to create a JNDI-based connection to LDAP, which his DAO can (re)use

am i totally wrong here? is there a better way?

thanks.