I may be missing something obvious in your specs, but why start from scratch?

Win2K uses Kerberos and LDAP for encryption and communication. If you used the same open standards used by Win2K, wouldn't that make life easier? You could still get your information on the front end using http and SSL for encryption, and use Kerberos and LDAP on the back end to authenticate to the Win2K domain. You might even be able to avoid writing ASP.

I don't have any code samples, because although I have read a little bit about it, I have not had the need or the opportunity to actually attempt it.

LDAP on CPAN
Kerberos on CPAN

Please let us know how it works out,
digger