I am currently working on a project to integrate the LDAP service (Win 2000) with a third-party web application. The goal is that end user need only login once to Active Directory Serives, and then will be authenticated automatically to my web application based on that.

My questions are:
1) Does the web server has to be on the Win2000 Directory Server?
2) What is the specific API I should use for this purpose? Is that something similar with getting a cookie, then mapping it to actual web application uid and pwd? Should I use the Active Directory Services Interfaces(ADSI) / LDAP API or should be one level down to Win2000 OS API?

Any comments are welcome. Thanks

Gang