Create a .bat file in the jwt/bin directory in the Journyx install directory.  This is usually C:\Program Files\Journyx\jwt\bin.  You can name it whatever you would like, but for this article I will name mine "ldap_auth.bat".  Below is the contents of the "ldap_auth.bat" file.

@echo off

rem LDAP_BIND_USER is the user that the LDAP query will bind with to query about USER.
rem LDAP_BIND_PASS is LDAP_BIND_USER's password.  These can be set in Journyx so they're
rem not sitting on your filesystem somewhere in what amounts to a plain text file.

rem USER is the user which we are looking up to see if they exist in LDAP.  It is also the
rem user who is logging in so we don't get information about everyone they can see, only
rem information about them.
set USER=%3

rem If USER isn't provided, use LDAP_BIND_USER 

rem bind with LDAP_BIND_USER with password LDAP_BIND_PASS and search for a user with the
rem samid of USER.  With the result, find the characters "CN".  We then use the exit code
rem from the find to exit this script to tell Journyx whether or not it worked.
rem Exit code 0 means the bind/lookup succeeded.  Exit code 1 means it did not.
dsquery user -u %LDAP_BIND_USER% -p %LDAP_BIND_PASS% -samid %USER% | find "CN"
exit %errorlevel%

In the LDAP tool settings for the Existence command, use the following.  Replace "ldapuser" with the name of a user in LDAP that can query LDAP.  Replace "ldappassword" with the password for that user.  These credentials are separate from the user's login.

"C:\Program Files\Journyx\jwt\bin\ldap_auth.bat" ldapuser ldappassword <user>

For Authentication use:

"C:\Program Files\Journyx\jwt\bin\ldap_auth.bat" <user> <password>