in fact ,just only use OpenLdap can not replace windows AD.
OpenLdap just stores user's information what your want.
the most benefit using AD is signin-onsite.so OpenLdap can not do it.
I have do some solution to replace window AD using Linux.
I use OpenLdap+Kerberos+System PAM authorization.
I write some tips about how to work.But it's chinese.
url is
http://mlsx.xplore.cn/read.php/30.htm
hope it's some helpful for you