====== Configure other things to auth against your LDAP server ======

===== Apache http auth =====
For apache2, you need the authnz_ldap module installed, and the config looks something like this:
<code>
       <directory /data/web/some/secret/place>
        AuthType Basic
        AuthBasicProvider ldap
        AuthName "Secret Place for Opers Only"
        AuthLDAPGroupAttribute memberUid
        AuthLDAPGroupAttributeIsDN off
        AuthLDAPURL ldaps://your.ldapserver.com/ou=Users,dc=afternet,dc=org?uid?sub?(objectclass=*)
        require ldap-group cn=Opers,ou=Groups,dc=afternet,dc=org
       </directory>
</code>

Note this uses ldaps, which is ssl. You should use this for any non-localhost usage, but it requires valid ssl certificates configured in the ldap server. We do this by running our own ssl certificate authority (CA). We created a signed key for the ldap server, and added our CA's public key to /etc/ssl/certs/ on all the machines that need to talk to ldap. Its non-trivial to convince libldap to connect over ldaps without proper certs.