the top level error message is "ORA-20987: APEX - Error processing edit LDAP user function". This means that the error occurred when APEX called the username edit function that you specified in the authentication scheme. That function only gets called when you have a %LDAP_USER% substitution string in the DN or in the search string. That's the reason why the error did not occur anymore, after you replaced %LDAP_USER% with a hard coded username. You mentioned that the edit function in your authentication scheme is not set, but then APEX would not execute the edit function. Can you please check that attribute again?