A few days ago, I wrote a simple wiki page on how to Authenticate to a web site using LDAP backend.
There is a cool (and very simple way) to use Web Roles by matching your user’s ldap attributes to your web app.
A RFC 2255 from 1997 exists on how to implement (and use) the LDAP URL Format. The authldapurl syntax from mod_authnz_ldap explains that the “attribute” field can be used with comma to separate different attributes. Every attribute would be passed to your webserver as an AUTHENTICATED_attribute variable.
In my example:
AUTHENTICATE_MYWEBACCESS MyWebApp_Level_1 AUTHENTICATE_UID myusername