LDAP is best suited for large networks that have security requirements, general access control and directory look up features. As mentioned before, LDAP can utilize Kerberos for secure user-to-service authentication.
LDAP is very flexible, and it can be used for many applications. However, setting up LDAP is a bit more complex than the other authentication mechanisms (due to the flexible nature of LDAP). In fact, LDAP deserves its own 2-unit course!
Like Kerberos, LDAP cannot be directly used for log in, FTP and other applications. PAM should be installed to permit the use of LDAP for application level authentication.
At the end of the day, an LDAP+Kerberos network (realm) is complex and difficult to set up initially. However, such a system is also very scaleable, and it serves many purposes in addition to authentication. This is the choice for any enterprise level environment.