...it won't work. You'll get a weird error:
[warn] [client 10.10.10.1]  auth_ldap authenticate: user my-ldap-acct authentication failed; URI /repo-path [ldap_search_ext_s() for user failed][Operations error]
...and yet, binding or searching from the root works from openldap, Apache Directory Studio, and myriad other tools.
Appears to be a bug with mod_authnz_ldap.
The workaround? Make sure your DC's all have the Global Catalog role, and then search on port 3268 instead of port 389! ..or 3269 for SSL/TLS.
Works. (tested on mod_authnz_ldap v 2.2....)