Thanks for your answer. I was afraid of this. I want to avoid doing any replication whatsoever, since there is absolutely no reason to keep copies of User/Group data locally when it's readily available in the directory, so I think even your workaround will not be optimal for me, besides involving more development work than I would have expected using an off the shelf product.
Your new approach seems interesting. Have you considered releasing your work publicly?