server config, <VirtualHost>, <Global>
mod_ldap v2.9.0 and later
Activates LDAP authentication and UID to name mappings in directory listings.
The first argument is the LDAP base DN to use for user lookups. During authentication, %u will be replaced with the username that is being authenticated. When looking up users by UID number, %u will not be replaced. Usually, %u in the base DN is only useful in "virtual user" environments, since mod_ldap won't be able to look up other users.
The second argument is the search filter template for looking up users by username; %u will be replaced with the username that is being authenticated.
The third argument is the search filter template for looking up users by UID number; %u will be replaced with the UID number that is being looked up.
The default search filter templates are:
username-filter-template: "(uid=%u)(objectclass=posixAccount))", uid-number-filter-template: "(uidNumber=%u)(objectclass=posixAccount))",
The attribute names used in the default search filters are taken from the LDAPAttr directive, so if you re-map an attribute, the default search filter reflects that re-mapping.