I'm currently considering how to allow users to log on with different attributes as user names, e.g. with their "real" user name or their mail adress. Unfortunatly as described on http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl, though RFC 2255 allows a comma-separated list, only the first attribute is used.

Now, of course an idea would be to specify all different attributes as a new "loginas"-type one. Another solution would be to use ldap overlay modules, and just convert them "on the fly". Better ideas would be welcome.

Update: Thanks to Faidon Liambotis (again!) one can probably use mod_authn_alias to combine authentication with user name, mail adress etc.