The fine manual claims that the "base dn" part of an LDAP URL
is meaningful:
The server will bind to the distinguished name specified as basedn using the user name supplied by the client. If
prefixandsuffix is specified, it will be prepended and appended to theuser name before the bind.
But looking at CheckLDAPAuth() just now, it doesn't do anything at all
with the basedn part of the string. Seems to me this is either a code
bug or a docs bug.
regards, tom lane