ldap auth from external application

Hi,

I'd like to ask why is auth from external applications like eg. ftp server done via proxy user, and not straight with user provided credentials. The only thing I came up with is that there is possible risk with hi-jacking session due to flaw in application, still- I'm missing the big picture here. Or return code 49 is not enough for failed auth?

Could somebody, please, clarify this for me? I'm sure there are really good reasons no to so (straight auth), still I've "found" pros in not having additional user which is capable to read others (even hashed) passwords, and probably no need to be password hash dependent as whole auth would be LDAPs domain.

Thanks, Zdenek