LDAP is built on top of something like shadow passwords to provide a unified portable authentication mechanism that many would recognize as being similar to what a Windows Domain provides.

TCB, on the other hand, is a replacement for shadow passwords, on top of which LDAP could be implemented as it can be implemented atop shadow passwords.