One really shitty thing is that people keep inventing those badly-though protocols like OAuth, and yet nobody (as in no browser) ever implemented LDAP over the web.
Windows has that stupid rule where LDAP runs all over the OS or nowhere at all, and Linux has that idea that LDAP is some add-on you assemble by connecting a jigsaw of pieces. Nothing makes it reasonable to publish a domain on the web, where people can authenticate on many of them, and send the tokens where needed.
(Well, actually Firefox does most of it, and you can use it and assemble the Linux pieces so it works. It just doesn't work in practice.)
The thing is MS LDAP pretty much sucks all the air out of the room in the LDAP world. If you're going to write anything that supports LDAP you pretty much are going to write it to support Windows then most people just suggest to use Windows in the first place
