In my extremely limited experience with LDAP, it seem that the problem is not "LDAP" itself, but how to structure it. Most howtos walk you through installing whatever software, and then say "OK, now you have LDAP!"
Agreed.
The problem is that LDAP is useless without a structure and data inside of it. You are usually left with a blank canvas after the install is complete. It's a very daunting task to start sticking things in there without any guidance on the best way to structure it, especially since this is supposed you be the be-all end-all directory of everything and anything you do wrong now you need to live with for your entire life.
Yes, this is a problem if you have a very large organization with LDAP needs that go beyond the simple authentication and phone/email stores. My needs are relatively minor though. I need central authentication for anywhere from 10 to 100 servers and the ability to control logins and monitor logins from one location. Using RedHat/FedoraDS in close to the default configuration works wonderfully for these environments.
One argument is that everyone has different requirements, but there's got to be some kind of reasonable default that could be used for setting up something like distributed password auth. As you mention, Active Directory does this, and maybe a structure like that is a reasonable default to recommend/include for people who don't need to fully architect a directory structure for a global company.
Please do take a look at the RedHat DS offering (now the 389 project). It's *extremely* simple to configure as an authentication server with replication. You can configure the server/replication in under an hour.