I fought this for a long time. Our college uses an internal domain that is not simpson.edu. That took a while to figure out. Debugging why something failed required using wireshark to trace the traffic.
I got DSID-0C090334 errors until I finally got proper username/password. My login is paul.craven, and I thought that was my username for a long time. Nope. I had to use ldapsearch tool to find my real user name, which is really long.
Then I would bind to the domain, and when I ran a query it said I wasn't bound to the domain. I was doing a 'null bind' because I hadn't added OU=Simpson College to the ldap url. Finally, I've got it. Here's the file:
# Uncomment this to enable the repository,
# Set this to the path to your repository
AuthName "Simpson CS Department"
AuthLDAPURL "ldap://ice.sc.loc:389/OU=Simpson College,DC=sc,DC=loc?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=Paul Craven,OU=users,OU=Faculty,OU=Simpson College,DC=sc,DC=loc"