Michael W. Lucas has put together a script for pulling a user’s authorized_keys file for SSH out of LDAP. It’s a very good idea, though he hints pretty clearly that he could use feedback/feedback – there’s already some in the comments.
Updates: from discussion in IRC about this sort of distributed authentication (maybe ‘authentication distribution’ is a better phrase): Tools like puppet or FreeIPA may also be useful. From seeing other conversations about this, it looks like there’s a lot of solutions to pick from, of varying difficulty, and none canonical. That’s both good and bad.