Pulp LDAP setup with FreeIPA

etc-httpd-conf.d-pulp.conf

<Files webservices.wsgi>
    # pass everything that isn't a Basic auth request through to Pulp
    SetEnvIfNoCase ^Authorization$ "Basic.*" USE_APACHE_AUTH=1
    Order allow,deny
    Allow from env=!USE_APACHE_AUTH
    Satisfy Any 

    AuthType Basic
    AuthBasicProvider ldap
    AuthName "Pulp Login"
    AuthLDAPUrl "ldap://hostname/cn=users,cn=accounts,dc=example,dc=com?uid?sub?(memberOf=cn=group,cn=groups,cn=accounts,dc=example,dc=com)"
    AuthLDAPBindDN "uid=service-account,cn=sysaccounts,cn=etc,dc=example,dc=com"
    AuthLDAPBindPassword ""
    AuthLDAPRemoteUserAttribute uid 
    #AuthzLDAPAuthoritative On
    Require valid-user

    WSGIPassAuthorization On
    WSGIProcessGroup pulp
    WSGIApplicationGroup pulp
    SSLRenegBufferSize  1048576
    SSLRequireSSL
    SSLVerifyDepth 3
    SSLOptions +StdEnvVars +ExportCertData
    SSLVerifyClient optional
</Files>

service-user.ldif

dn: uid=service-account,cn=sysaccounts,cn=etc,dc=example,dc=com
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: service-account
userPassword: password
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0