Nothing to do with Networking. Moved to Server.
OpenLDAP is not usable? How do you work that out? it's been stable and very very heavily used for many years. I think that your problem is likely to be that you are trying to frame it as an domain controller, which it is absolutely not, and in no way ever intended to be. Minecraft and ripe French Camembert are also excellent in their own fields, but I wouldn't recommend those for AD replacements either
Active Directory is a hotch potch of all sorts of unrelated and tenuously related services. An LDAP server can provide *SOME* of these - user information storage, user password storage, user verification, group memberships, but it has nothing to do with domain membership, group policy etc.
SaMBa would be the service which provides domain membership, and the latest versions of SaMBa contain a built in LDAP service, so you would not need to use OpenLDAP with it. You would, as you observe, use kerberos with it though, as that's a system that provides user authentication through KRB5 tickets, another thing that is bundled into the vague concept of an AD DC. These are separate products as they really just have nothing in common. they need to be aware of each other and interact in some ways, but not to the extent where they are part of the same thing.