Customer Auth Backend

Database (default)

The default customer auth backend is the otrs database with your customer user which are created via the Admin-Interface or Customer-Interface (Create Account).
    [Kernel/Config.pm]
    # This is the auth. module againt the otrs db
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::DB';
    [...]

LDAP

If there is a LDAP tree available with your customer users then you can use the customer LDAP auth backend. This module is just read only ( means it can't write to your LDAP tree - this should just be possibe for your tree manager) so you can't create customer user via the Admin- or Customer-Interface.
    [Kernel/Config.pm]
    # This is an example configuration for an LDAP auth. backend.
    # (take care that Net::LDAP is installed!)
    $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';
    $Self->{'Customer::AuthModule::LDAP::Host'} = 'ldap.example.com';
    $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=example,dc=com';
    $Self->{'Customer::AuthModule::LDAP::UID'} = 'uid';

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group xyz to use otrs)
#    $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'cn=otrsallow,ou=posixGroups,dc=example,dc=com';
#    $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'memberUid';

    # The following is valid but would only be necessary if the
    # anonymous user do NOT have permission to read from the LDAP tree 
    $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = '';
    $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = '';
    [...]