[Date Prev][Date Next] [Chronological] [Thread] [Top]

synchronisation of LDAP with non-ldap data

Hi again! :-)

I have a bunch of data about employees that is produced by SAP (plus some more data from other sides), and exported to me on a daily basis. At first, an LDAP tree is built from the SAP exported data, then some aditional data is generated on LDAP itself, so I can't simply throw all away every night and rebuild from scratch.

From time to time following things will happen:

* old employees go away,
* new people arrive,
* some folks change name (or other data)

Thus, I need to practically check all the LDAP user entries every night, find the differences between "now" and "before", add new users, delete (or at least somehow disable) old users, and possibly change some info for others. The question is: "what is the best way to do this":

1) keep the "old" SAP export, do a "diff" over old and new one, and do the LDAP stuff only on the difference.
2) Go with "brute force", and do a sweep over the SAP list, controlling every LDAP entry, followed by another sweep to find the folks that aren't in SAP list anymore. (OK, i could add "last updated" field, and then disable all the entries that weren't updated)
3) Do the "diff" as in 1, check that the diff isn't too big and then proceed with brute force as in 2.
3) Something more inteligent?

At this moment, I have 2000 users to worry about. If/when someone decides that they need such a system in the whole company this number might grow by factor of 10-20, and the whole rebuild should not take more than a few minutes. Alternatively, a longer update time (up to 1h) withouth service disruption would do.

Personally, I would prefer to do something "elegant" to "brute force" aproach, but I'm worried about the possibility of failing to update some entries (whatever the reason) one day, and thus causing a complete desaster the next day. Since LDAP does not offer transactions support, the whole logic must be

What is considered a "best practice" here?

PS: I can't do a "push" action that would update LDAP entry whenever an SAP entry changes yet, because that could take forever to set up.

T-Mobile Austria GmbH,
Information Technologies / Services
Knowledge Management & Process Automation

Dr. Denis Havlik,                             eMail: denis.havlik@t-mobile.at
Rennweg 12, Zi. 444                       Phone: +43-1-79-585/6237          
A-1030 Vienna                                  Fax: +43-1-795-85/6584