IMO, This is because of Apple's legacy holdover from Next - NetInfo. They never truly integrated their underlying Users & Groups with the guts of the operating system. It's kind of an early 90's concept tack-on.
They held that piece of junk (NetInfo) over and never converted everything over to the BSD security (probably due to the demands of producing consumer level "friendliness"). Permissions are a mess all over the OS.
This is what happens when the marketing/management suits ignore engineering. Now that it is public, I'm sure they have a crack team of Indians working on the problem as we speak.
Signed - Bitter Ex-Apple Guy That Knows LDAP Intimitely. ;-)))
All that said, I'm still gonna use my Mac laptop with airport in public places. Better than using Windows.
Actually you just need to disable the "Use DHCP-supplied server" options for LDAP and NetInfo. You can still use DHCP to get an IP address. This is really just a problem with default settings; auto-configuration from remote LDAP or NetInfo servers can be quite useful in controlled environments, but it should *not* be the default behavior.