Disclaimer: I only work with SSO/SSPI on Node.JS, so my info might not be 100% accurate.
When using LDAP, you need the credentials object from the browser and then test it against the AD via LDAP. You can get it using NTLM, Negotiate or Kerberos. Usually, you want to use some SSPI plugin which already implements one or several of the mentioned protocols with authentication for your webserver, though only Apache has one which seems to work (well, IIS has authentication integrated). The module for Apache does everything you need, when run on a Windows server which is part of the domain group. If you want to use a different web server, you will have to put Apache or IIS in front of it to handle authentication.