I have written previously about enabling custom authentication on SharePoint 2007.
Most of the articles online, including mine, talk about using a membership provider that is something on the lines of the AspNetSqlmembership provider. In a rare circumstance however, you may have to end up using the ActiveDirectoryMembershipProvider, and that is where you are in for some (hopefully not) major pain. This is so, because the ActiveDirectoryMembershipProvider needs more rights than god himself to work properly, seriously, IMO it is a peice of crap. Not only that, using it in SharePoint gives you weird cryptic error messages like "Something bad happened!", which are really no that useful.
But if you had to use it with SharePoint, here are the recommended ways.
1. Create your own provider that inherits from System.Web.Security.ActiveDirectoryMembershipProvider, and throw that assembly in GAC (full-trust), and use that instead.
2. Create your own provider that inherits from System.Web.Security.ActiveDirectoryMembershipProvider, and throw that assembly in bin and give it full trust or DirectoryServices permission, and then use that instead.
3. Screw AD Provider, and write your own membership provider using this code here. Frankly, option #3 is the best because the ADProvider, even on a good day, needs a username/password with more rights than god himself.