Are you using a Deployment Server, Cluster Master (for index cluster, or Deployer (for search head cluster)?
If so, you can set it up as an app there and distribute it from one of those. The method will vary depending on which one you use.
For instance on our search head cluster, we have an app called orgallauthentication in the etc/shcluster/apps on the Cluster Master server. Inside that file we have an authentication.conf which sets up the LDAP binding and maps the LDAP groups to the Splunk roles.
This app is then applied to the cluster and now we have LDAP authentication.
Also, remember that only the search heads need to have LDAP authentication set up, because those are the only servers where users should be allowed to login.
Users should not be logging into the indexers and so user credentials are not needed on these machines. I generally turn off the GUI on indexers. In an indexer cluster, I definitely turn off the GUI on the indexer peers - even Splunk admins should not be routinely logging-in on indexer peers.