posted 21 years ago
Hi Tom,
There are really two ways to go about this depending on whether you're looking ONLY at managing LDAP directories or if you plan to manage LDAP along-side other identity repositories.
In the first case, there are a number of free web-based administration tools, many PHP-based and easy to change. There are also commercial tools for this from vendors like Calendra and Oblix that specialize in LDAP administration and offer better workflow capabilities than some of the free stuff out there.
In the later case, you might be able to script the integration you need, but for more complex environments I'd certainly look into full-blown provisioning software. This may be overkill in a 2,500 user environment unless those users have access to a lot of different systems that don't use the same identity repository. Vendors like Business Layers and Waveset do a good job of giving you centralized control over the hire/retire process, have good workflow, and are very directory-centric in their architecture.
If you're just looking to import users, it certainly would be possible using Perl or other scripting languages to convert a table of users from a spreadsheet or other similar data file into an "LDIF" (LDAP Data Interchange Format) file that can be fed into a server via standard LDAP tools that come with most distributions. My book actually has a chapter that covers exactly such a process.
Clayton
[ March 17, 2003: Message edited by: Clayton Donley ]