I think OpenACS for 4 will support for LDAP authentication. Not sure though check it out. Although I think using LDAP is the best way to go, especially if you are using W2k AD since AD is just LDAP, DNS, Kerberos and MS lock-in tech.
Jun