I'm afraid to say that in my opinion the best way to manage Windows workstations is with Windows servers, particularly when it comes to authentication and group policy. If you really want to authenticate via LDAP you will need to extend the Windows XP login mechanism to support it (i.e. replace MSGINA with something like
pGina or a commercial alternative).