I know your reaction was knee-jerk, but just in case you didn't know, unix machines can also be configured by policy (cfengine/puppet) and single sign ons originated in the unix world (kerberos). The freeipa project http://freeipa.org/ already has a working nice kerberos+ldap solution with integrated multimaster replication and quite easy to set-up (version 1.2, if I recall correctly). Version 2 will come shortly and it will be even easier). I know, I know, first I have to see it.
You can now join linux/solaris clients to a freeipa kerberos domain in a very similar way as to how you join a window machine to a windows domain. You have delegation of tasks for junior staff and it just works. Why has it taken so long? Good question, ask the big linux players (google, ibm) why they were not interested in this. Red Hat started it and they are actively developing it right now.
It takes time, but good stuff happens eventually.
and if you are gay you can't marry EVEN IF you find someone who wants to marry you. Have you understood that yet?
Seen the difference yet? You still have the potential of marrying the person you are in love with, and who is in love with you, when you are straight and single. Gay and single has no such potential
Well, at least in the backwards parts of hte USA.
Garbage In -- Gospel Out.