Well then, so be it.

Is there any other existing authentication infrastructure that is already employed elsewhere, that you can cabbage onto? Is it likely that one day there might be a dozen or so other applications out there, all of them needing the “do it just one way” capability that you described for the existing two apps?

One thing that can be said about companies that have adopted LDAP:   they almost-uniformly didn't start out that way. They started from a cacaphony of “individually home-grown” applications and, at very-considerable expense mind you, imposed LDAP upon all of them... wishing sorely that they had done so much sooner. Perhaps this observation truly does not apply to you...

I hope it doesn't. I've run LDAP servers before for various purposes. If I had something beyond the 5 people or so who will actually have a meaningful role, I'd do it.