Microsoft AD makes sense here (Score 1)

Large user groups should have a role model. For managing roles a spreadsheet is usually used. For managing the allowed roles of a large number of users and roles MS AD seems to be the default choice for a large number of corporations. And for managing groups, roles and users you should make your ldap a subset of MS AD.