I would just say that you ought to go ahead and use LDAP for what it was designed for, because it is able to “solve the authentication and authorization problem” for all purposes (Perl and otherwise, web-sites and otherwise), while having just one single point of management.   In a corporate setting of any size, management of the “auth/auth dataset” becomes a very significant problem as well as sometimes a very exploitable security hole.   If everything, everywhere, refers to a single secure source of authority (be it LDAP or Kerberos or what have you...), then you have “One Ring to Rule Them All,” and that becomes a very big win, if only from the day-to-day management perspective.   I would go down that pathway at the earliest opportunity, and stick with it in lieu of any home-grown system.

I didn’t always feel this way, but when I saw how well it worked in a corporate setting I became very easily persuaded.   “Overhead” should not be a decision-factor.   Also, be sure to treat authentication and authorization as separate problems throughout.   Once the user has established his identity (authentication), this remains the same, even as he obtains authorization to do different things on the same and/or on different systems from time to time.   Where standardized mechanisms can be used to do this, as here they certainly can, use them.