Yeah, I don't see what this is going to different. I mean at the end of the day, we have LDAP then you just package all the other fun bits around it kerberos, sssd, dns, cert management etc.
And after that, an information security auditor from a cyber insurance company comes and says: "sorry, you have to delete all of that, our automation that checks for insecure settings only supports the real AD".