I had the same feelings about using ldap until I ran across a little known FREE app called Penrose, it's a virtual LDAP server that maps to fields in a backend database. It's Open Source and based on the ApacheDB, 100% java so it works on multiple platforms, and very easy on the cpu. They also provide a GUI based application for mapping the feilds in your database to the LDAP feilds. It also includes a configurable cache so it doesn't have to hit the db as much.
Penrose - Virtual Directory Server
http://penrose.safehaus.org/
For those of you with content management systems like Mambo or DotNetNuke....
I'm using Penrose to allow users who signup to our portal and after we approve their access to have an account in Zimbra. So their account is really in the portal user database. They can change their password and profile in the portal as much as they want and Zimbra stays updated. If we remove there account for whatever reason they can't access Zimbra anymore. We also provide GAL via LDAP based on the information in the database.
The only issue I'm still working on is single logon, so when they log into the portal the are automatically logged into Zimbra. Maybe one of the Zimbra guys can help me with that one....?
hope this helps....