login validation against Exchange server

I don't quite understand:

do you want to let users login on the Exchange Server and then automatically give them access to the Apache server ?

or the other way around ?

or even something else.

Exchange server uses NT security for login. And I would not want to interfere with the way Exchange Server does that, it seems a very complicated system, in which NT security and ASP's questioning a database are cooperating.

I have looked into the ASP's of Exchange Server and I do not want to edit it (and I am usually not really afraid of messing things up).

The web server would have something like htaccess files or cgi script but instead of looking a a password file locally it would validate the user by calling some function on the Exchange server.

If someone within the company connects to the web server, since they must have logged in to get access to the network, they would validate ok. If someone from the Internet accessed the web server they would be validated against the Exchange server and allowed access if they were valid users.

In either case I would also like to be able to get the email address for a valid user from the Exchange server from a perl script of the web server.

This may be all a bit off target and maybe I need to go away and think about it some more. Some of our web pages send data back to the viewer by email.

There's a free product named Samba which can make a Unix box look like (and authenticate from) an NT server.  I think that might be the right direction for your quest...