From time to time following things will happen:
* old employees go away,
* new people arrive,
* some folks change name (or other data)
Thus, I need to practically check all the LDAP user entries every night,
find the differences between "now" and "before", add new users, delete
(or at least somehow disable) old users, and possibly change some info
for others. The question is: "what is the best way to do this":
1) keep the "old" SAP export, do a "diff" over old and new one, and do
the LDAP stuff only on the difference.
2) Go with "brute force", and do a sweep over the SAP list, controlling
every LDAP entry, followed by another sweep to find the folks that aren't
in SAP list anymore. (OK, i could add "last updated" field, and then
disable all the entries that weren't updated)
3) Do the "diff" as in 1, check that the diff isn't too big and then
proceed with brute force as in 2.