RT, Apache, and Active Directory

I’m attempting to get RT to authenticate users from Active Directory. I’m
currently stuck on the Apache portion of the project. I’m using
Apache::AuthenLDAP and here’s the relevant portion of my httpd.conf:

<Directory /usr/local/rt2/WebRT/html>
AuthName "RT Authentication"
AuthType Basic
PerlSetVar AuthenUidAttrType sAMAccountName
PerlSetVar AuthenBaseDN DC=olchs,DC=org
PerlSetVar AuthenLDAPServer ads.olchs.org
PerlAuthenHandler Apache::AuthenLDAP
require valid-user

I supply the username ‘williams’ (DN: CN=williams,OU=IT,DC=olchs,DC=org) and
my password, Apache always returns a Referral (which I realize comes from
the Active Directory server). If I try changing the base DN to either “” or
"OU=IT,DC=olchs,DC=org" I generally just get a failure in the search portion
of the LDAP lookup and an error about the user not being found.

I’m not sure why I get the referral, if the AD server pointed to by
AuthenLDAPServer doesn’t know about an object, it won’t exist. Is there a
way, from Apache::AuthenLDAP that I can tell the AD Server to chase
referrals?

The following code using Net::LDAP works (it will also return a referral if
I get rid of the ou=IT from the basedn. Although, the results are correct
if I just ignore the return status):

use Net::LDAP;

    $ldap = Net::LDAP->new('ads.olchs.org') or die "$@";

    $ldap->bind (dn => 'cn=williams,ou=IT,dc=olchs,dc=org',
                 password => 'xxxxxx');

    $mesg = $ldap->search (  # perform a search
                           base   => "ou=IT,dc=olchs,dc=org",
                           scope => "sub",
                           filter => "sAMAccountName=williams",
                           attrs  => "*"
                          );

    print $mesg->count;

print $mesg->code;
$mesg->code && die $mesg->error;

    foreach $entry ($mesg->all_entries) { $entry->dump; }

    $ldap->unbind;   # take down session