Apache LDAP authentication against Active Directory

If you set the AuthLDAPURL in the apache config to the AD global catalogue - which runs on port 3286 as opposed to 389, you can query the whole of AD from root. We tried it on an old site and it works perfectly, it even did the lookup bind with the standard user account.

AuthLDAPURL "ldap://domaincontroller.example.com:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=user)"