May I only use rlm_ldap to authenticate against Active Directory? (without samba + winbind + ntlm_auth)