So why aren't you just authenticating and authorizing against the LDAP backend that's containing all this information? Why the synchronization process?
My criteria for good software:
- Does it work?
- Can someone else come in, make a change, and be reasonably certain no bugs were introduced?