I have been working with several LDAP implementations for last three month, particulary with OpenLDAP, Oracle Internet Directory and Active Directory. My main goal was to define a structure and a schema to be used as the authentication backend for about 50K users. It should be extensible, flexible and of course rock-solid. I start looking for recomendations in the Internet. The first annoying fact was people avoid the native directory hierarchy implementing that hierarchy with attribute values in each entry. So people use an hierarchized data base but without using hierarchy at all. That force me to think ¿Why?.
After a few weeks I had realized that nowaday the LDAP importance is NOT the database but the standard itself. LDAP provide a way to auth people in any applications using well-known steps and with security (the real password is not readable by application, I can use a SSL connection, …). The real trouble with LDAP is not ease of manage. In my opinion it would be great to have a authentication standard based in modern technologies like web services. You could do whatever you want to achieve user manage if you export the proper web services. Of course you could even manage the data using LDAP.
I know LDAP is much more than authentication and user manage but, on my view, it should be used in a 98% just for authentication. LDAP is highly optimized too; but, as the computer performance increase and hardware prize decrease, I wonder if the manageability, performance relation has sense in real applications nowaday.