@kris It's not that bad I would say, but yep, initial setup and learning curve is steep and experience is ovewhelming.
It's a very flexible db and it's supported by a lot (really a lot) of services. It can be used as a user/groups provider for keycloak, so it's relatively easy to setup OpenIDC, SAML on top of it.
The flexibility and unopinionated defaults is what makes it hard to grasp I guess.
Many services support OpenIDC and SAML, but not all of them, so it will be hard to avoid LDAP.