A structure LDAP approach is a pretty good one. I wrote some tools to take a stylized input file and generate LDAP branches for our various equivalent systems. with the text files, try creating aliases for the functional roles then at most the files vary with in which IDs get assigned to which role.