It's a sadly a bit true.
I like OpenLDAP a lot.... but if you don't need the *fastest* LDAP server, something as OpenDJ from Forgerock
is a lot easier to configure.
But is a problem with LDAP in general. If you only use it for authentication/authorization,
it's complex to get everything 100% right. (on the other side, it's very flexible.)
That's the reason why Red Hat created it's FreeIPA product, isn't it (and a lot of sysadmins create users using configuration management tools)
Some other (big) companies only have central SSH hosts and from those hosts use root.
AD is an exception with LDAP complexity well hidden away. But if you see the results .... there is a lot to say about the directory designs I have seen ;-)