I would't do periodic sync'ing. I would change the login page
to check LDAP (for auth) and then look in the db if the user
already exists. If the user exists and his password from the
db is not the same as the LDAP password I would update the db
with the LDAP password (i.e. make the LDAP authoritative). If
the user doesn't exist in the db I would create it from the
info stored in LDAP.
I would write the code to do this (I think it's fairly simple)
but I've got a lot of other stuff to do right now. I guess in
a couple of weeks I could look into this.
