<IfModule !mod_authnz_ldap.c>
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
</IfModule>

<IfModule mod_authnz_ldap.c>

    #     AuthLDAPURL - URL to define LDAP connection. This should be an RFC 2255 complaint URL of the form 
    #     ldap://host[:port]/basedn[?attrib[?scope[?filter]]].
    #         * Host is the name of the LDAP server. Use a space separated list of hosts to specify redundant servers.
    #         * Port is optional, and specifies the port to connect to.
    #         * basedn specifies the base DN to start searches from
    #         * Attrib specifies what attribute to search for in the directory. If not provided, it defaults to uid.
    #         * Scope is the scope of the search, and can be either sub or one. If not provided, the default is sub.
    #         * Filter is a filter to use in the search. If not provided, defaults to (objectClass=*). 
    #
    #AuthLDAPURL "ldaps://localhost/dc=example,dc=com?uid"
    #AuthLDAPURL ldaps://127.0.0.1:636/dc=example,dc=com?uid?one
    #AuthLDAPURL ...

    # Searches are performed using the attribute and the filter combined. For example, assume that the LDAP URL is 
    # ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*). Searches will be done using the filter 
    # (&((posixid=*))(uid=username)), where username is the user name passed by the HTTP client. The search will be 
    # a subtree search on the branch ou=People, o=Airius.

    # AuthLDAPBindDN - DN to use to bind to LDAP server. If not provided, will do an anonymous bind.
    #AuthLDAPBindDN ...

    # AuthLDAPBindPassword - Password to use to bind to LDAP server. If not provided, will do an anonymous bind.
    #AuthLDAPBindPassword ...

    # AuthLDAPRemoteUserIsDN - Set to 'on' to set the REMOTE_USER environment variable to be the full DN of the 
    # remote user. By default, this is set to off, meaning that the REMOTE_USER variable will contain whatever value 
    # the remote user sent.
    #AuthLDAPRemoteUserIsDN off

    # AuthzLDAPAuthoritative - Set to 'off' to allow access control to be passed along to lower modules if the UserID 
    # and/or group is not known to this module
    #AuthzLDAPAuthoritative on

    # AuthLDAPCompareDNOnServer - Set to 'on' to force auth_ldap to do DN compares (for the "require dn" directive) 
    # using the server, and set it 'off' to do the compares locally (at the expense of possible false matches). See 
    # the documentation for a complete description of this option.
    #AuthLDAPCompareDNOnServer on

    # AuthLDAPGroupAttribute - A list of attributes used to define group membership - defaults to member and 
    # uniquemember
    #AuthLDAPGroupAttribute ...

    # AuthLDAPGroupAttributeIsDN - If set to 'on', auth_ldap uses the DN that is retrieved from the server 
    # forsubsequent group comparisons. If set to 'off', auth_ldap uses the stringprovided by the client directly. 
    # Defaults to 'on'.
    #AuthLDAPGroupAttributeIsDN on

    # AuthLDAPDereferenceAliases - Determines how aliases are handled during a search. Can bo one of thevalues 
    # "never", "searching", "finding", or "always". Defaults to always.
    #AuthLDAPDereferenceAliases Always

    # AuthLDAPCharsetConfig - Character set conversion configuration file. If omitted, character setconversion is
    # disabled.
    #AuthLDAPCharsetConfig ...

</IfModule>