Re: synchronisation of LDAP with non-ldap data

[Adam Williams <awilliam@whitemice.org>]

> > I have a bunch of data about employees that is produced by SAP (plus 
> > some more data from other sides), and exported to me on a daily basis. 
> > At first, an LDAP tree is built from the SAP exported data, then some 
> > aditional data is generated on LDAP itself, so I can't simply throw all 
> > away every night and rebuild from scratch.
> How long do you need to import 2000 users into LDAP?

Depends upon the hardware, but as a guideline we can load a branch of
our Dit into our 2.1.2x OpenLDAP box (BDB) in a few minutes (2,392
objects; 1.2Ghz something-or-other, 512Mb of RAM).

> >  From time to time following things will happen:
> > * old employees go away,
> > * new people arrive,
> > * some folks change name (or other data)
> We've solved this via an Perl-LDAP-Script which runs a "diff" between
> the export (talking about a CSV file with user data). This script needs
> some time to execute, since it always compares all users (we're talking
> about 2700 users). In fact it would be better if we run a diff between
> the latest and the actual export and only check the differences via LDAP
> which would be faster (especially since there usually are not very much
> changes). We have about 300 new users each year, and 300 will be deleted
> and during the year there is not much that changes.

DSML can be handy too, as you can then use the bevy of XML tools to
examine & compare entries.