First the field of information to append to a login attempt needs to be moved to the individual LDAP server definition, since that could be different for each ldap tree.
Second, the LDAP authentication portion needs to be made generic to support LDAP servers other than ActiveDirectory.
Next, Add the capability to have a master ldap account for each server that can verify accounts that use SSH shared keys instead of passwords, so that ALL users can be defined in the LDAP trees and not in the local Serv-U domains or global areas.
Features mentioned by others that need to be added:
Allow Secure LDAP so that the authentication requests are not transmited in the clear.
Allow multiple SSH shared keys per account.