[ This is CC'd to the modules list so they can see some more of the background behind the requests.]
I am trying to put together a set of modules that can give a meta-view of LDAP. This would remove intimate knowledge of the LDAP structure from the scripts and place it in these modules. For example, here at Texas A&M University, we have our LDAP with three primary branches: ou={People, Mailusers, Roles and Organizations}, dc=tamu, dc=edu. The entries in ou=People are a super-set of ou=Mailusers. People (real, breathing, human beings) can be members of both branches due to the political history of the service. Entries in ou=Roles and Organizations are role and organizational accounts and do not represent actual people. We try to ensure that information between branches that should be the same is indeed the same. In addition, we maintain an ou=Administrative branch to track ownership of usernames, since usernames are not part of the dn and customers can change them at will. All this is written in PHP at the moment, but I am trying to rewrite everything in Perl. PHP has too many constraints I have to work around (imho). I'd like to make as much of the code as general as possible. The meta-LDAP modules would be able to look at a configuration file to gather any policy information and, together with a set of callbacks (perhaps by using a custom derivitive class), enforce those policies without having to put that logic in all the scripts that might make use of the LDAP. This works for both reading and writing. Part of the configuration that is needed is the attribute type and object class configuration of the server. This can be supplied in an RFC 2252 specified format or in a server-specific format. I currently have a module that can read at least the attribute types and object classes from an RFC 2252 complient file. The big question comes down to: what should be the name of the module that reads the server (schema) configuration? I have requested the LDAP::* namespace for the meta-LDAP modules. I have also requested Config::LDAP for the module that reads the LDAP server configuration. If the LDAP::* namespace is approved, LDAP::ReadSchema or something similar might work. This last request resulted in a `counter-request' that I contact the authors of some of the various LDAP modules on CPAN and see if anyone has a better idea for where to put things. :) -- James Smith <[EMAIL PROTECTED]>, 979-862-3725 Texas A&M CIS Operating Systems Group, Unix