Active Directory as ldap backend

[Gary Faulkner <garyf@netbotz.com>]

I search the list archive, and I did find alot of good information about 
  openldap and active directory.  But, it doesn't appear as if anyone 
is trying to accomplish exactly what I am trying to accomplish.

I have an openldap server that I will be authenticating against.  There 
are a set of users who will be ONLY in the openldap server.

I also have an Active Directory server (on my domain controller) that I 
want to authenticate against.  For many reasons, using referrals will 
not work for my setup, so I figured I'd use the proxy approach (ala the 
ldap backend).

As a part of this authentication, I also need to be able to get entries 
(so that I can display certain information to the user).

So, not only do I need to be able to bind against it (to authenticate), 
but I also need to be able to search against it.

So, I compiled in ldap support, and added the appropriate entries to my 
slapd.conf file.

First problem I have is that I cannot do a search successfully, because 
you must authenticate against Active Directory before you can search 
users.  And, I do not see any way for the ldap backend config to specify 
the bind DN/password to use.  How does one do that?  I know you can 
specify the BINDDN as a part of the uri, but I've never seen a really 
good example of doing that, either.  Plus, ideally, you'd need to be 
able to specify the bind password, too.  Is there a syntax for this?

Secondarily, I need to be able to bind against it.  My question is this: 
 I'v seen alot of information about how you must use kerb5 in order to 
authenticate against the Active Directory server.  Is this true?? Or is 
this just *recommended* for (obvious) security reasons?

Any help is greatly appreciated.

Thanks..

-garyf