Apache 2.x Active Directory Authentication

Hi,

I've started doing research this weekend to see whether Apache (in my case
2.x) can authenticate against Microsoft Active Directory. I will be
developing an Intranet application in the coming months, and would like to
be able to limit access to resources on the Intranet based on group
memberships in the Active Directory. For instance, members of the
Accounting AD group would be able to access http://intranet/accounting,
whereas members of the sales group would not be able access it... etc, etc.

You can do this sort of thing with IIS, but I would prefer to use Apache -
this would be a great opportunity for me to roll out a major Linux box at
work. I'm sure you could do the same sort of thing with .htaccess, but that
would end up being a real pain in the arse as people leave, change groups,
etc.

From what I've read so far, auth_ldap seems to be what I'm looking for. Can
anyone tell me whether they've had success using this with Active Directory
to authenticate in the manner I wish to do?

Thank you.

(reply to group only)