Talvez AuthLDAPInitialBindAsUser (Apache 2.3.6) possa ajudar:
Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server
Em combinação com o AuthLDAPInitialBindPattern , algo assim pode funcionar (não testado) :
AuthType Basic AuthBasicProvider ldap AuthName "Active Directory" AuthzLDAPAuthoritative off AuthLDAPInitialBindAsUser on AuthLDAPInitialBindPattern (.+) cn=$1,dc=com AuthLDAPURL ldap://xxx.xxx.64.71/DC=xxx,DC=com?samaccountname?sub require valid-user