Apache reverse proxy with LDAP authentication against multiple Active Directory domains

apache-multi-ad-reverse-proxy.conf

<AuthnProviderAlias ldap auth1>
        AuthLDAPURL "ldaps://auth1.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
        AuthLDAPBindDN "ldap_query"
        AuthLDAPBindPassword "password"
</AuthnProviderAlias>

<AuthnProviderAlias ldap auth2>
        AuthLDAPURL "ldaps://auth2.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
        AuthLDAPBindDN "ldap_query"
        AuthLDAPBindPassword "password"
</AuthnProviderAlias>

<AuthnProviderAlias ldap auth3>
        AuthLDAPURL "ldaps://auth3.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
        AuthLDAPBindDN "ldap_query"
        AuthLDAPBindPassword "password"
</AuthnProviderAlias>

<VirtualHost *:80>
	ServerName proxy.example.com
	ServerAdmin webmaster@example.com
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	Redirect permanent / https://proxy.example.com
</VirtualHost>

<VirtualHost _default_:443>
	ServerName proxy.example.com
	ServerAdmin webmaster@example.com

	SSLProxyEngine On
	ProxyRequests Off

	#SSLProxyVerify none
	#SSLProxyCheckPeerCN off
	#SSLProxyCheckPeerName off
	#SSLProxyCheckPeerExpire off

	<Location />
		ProxyPreserveHost On
		ProxyPass https://backend.example.com:443/ nocanon
		ProxyPassReverse https://backend.example.com:443/
		SSLRequireSSL
		AuthType Basic
		AuthBasicProvider auth1 auth2 auth3
		AuthName "Example"
		Require valid-user
	</Location>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLEngine on
	SSLCertificateFile	/etc/ssl/certs/proxy_example_com.pem
	SSLCertificateKeyFile /etc/ssl/private/proxy_example_com.key
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet