I created a patch for Apache httpd for ldap-authentication (reported upstream as bug #646646). In my scenario I used
require ldap-group cn=Domain Admins,ou=Group, dc=DOMAIN,dc=de
We always used lowercased usernames in memberUid. Some users tended to enter their usernames with a leading uppercase char. Password authentication worked, however, memberUid (from posixGroup, which is also used by samba domain groups) is case sensitive – so group authorization failed.
In order to fix this issue I created a patch for Apache httpd which allows to configure that the username Apache httpd uses is replaced by the “AuthLDAPRemoteUserAttribute”-field value of the ldap-result. This also helps to canonicalize usernames (in logs and REQUEST_USER environ variable) in the way that always the same casing and also for (ldap-)aliases the same username is used.