You could right a script to interrogate the LDAP server and then create the user based on the information in the LDAP server. You could then assign it role rights based on an LDAP setting.
Someone may have already written this.
Tony Wood : twitter.com/tonywood
Vision with Technology
Experts in eZ Publish consulting & development
The ldap handler will create non-existing users, the same is true with the texthandler. I've used both (the texthandler can be used to transfer users easily from another system, sometimes with passwords)