Well, now that you've solved your problem, by correctly using the built-in authentication.... here's how we've implemented LDAP authentication to AD in several places.
Do a null LDAP query...that is, a query which will ALWAYS return a known valid response. Code your application to treat this response as a "Successful Logon", and go on your merry way. Anything else, and you fail the logon.
The trick is:
Make the LDAP query an authenticated- bind, using the credentrials submitted by the end user the credentials you pass as the LDAP credentials to do the query, not as the subject of the query.
Pros:
Easy to code
Easy to test
Cons:
Will not capture different types of authentication failures (password expired, password needs to be changed, restricted logons, etc...)
(for clarity)
Old way: LDAP query (AD-Domain Controller, UserID, Password) - To the Domain Controller, is the password for the UserID the same as Password?
New way: LDAP query (AD-Domain Controller, Group, Users) <USERID,Password> - To the Domain Controller, Logon with USERID,Password, and tell me if the Group "Users" exists.