Following a discussion on the pgsql-admin list <http://archives.postgresql.org/pgsql-admin/2009-09/msg00075.php>, I have created a patch to (optionally) allow PostgreSQL to do a LDAP search to determine the user's DN (as is done in Apache, MediaWiki, Bugzilla, et al.) instead of building the DN from a prefix and suffix.
This is necessary for schemas where the login attribute is not in the DN, such as is described here <http://www.ldapman.org/articles/intro_to_ldap.html#individual> (look for "name-based"). This patch is against PostgreSQL 8.4.0 from Debian Lenny-backports. If this would be a welcome addition, I can port it forward to the latest from postgresql.org.