OpenLDAP is one of the best LDAP database and protocol implementations. There are three major components of this project which have found their use in many of today's LDAP-based systems. Those include the OpenLDAP databaser server (slapd), library for performing various LDAP-related actions (for which there's a multitude of different language wrappers), and terminal-based utilities for performing searches and making changes to running LDAP databases. OpenLDAP is especially interesting for coming with a plethora of different authentication mechanisms, providing support for host-based authentication, usernames and passwords, Kerberos SSO, and even use of client X.509 certificates. Many of these mechanisms are possible thanks to use of SASL framework. It has very powerful access control mechanisms coupled with powerful user-mapping capabilities. It's also capable of replicating its content towards multiple nodes. It also has amazingly thorough and up-to-date documentation.

There's not many flaws in OpenLDAP implementation. The only real annoyance in current implementation is that after the switch to LDAP-based configuration backend the access control configuration has been made a bit harder to update.