Thanks a lot for the info - though unfortunately I don't really have the choice of not using LDAP alone since I need several webapps to do LDAP authentication on that system anyways. And since the strength of a chain is the strength of its weakest link...

Also, I could ask the domain administrator to perform the join, but - apart from the guy having enough to do without me pestering him - this brings along a host of other problems, such as the free version of NX refusing to work with ssh authentication against AD.
So, the question stands: Since I already have webapps authenticating against AD, how do I do this for ssh? Or at least for svn (what I'm trying to do is automatic svn repository creation through redmine, which works fine, but it would be great if those people actually could also access the repositories through svn+ssh)?