[ This is CC'd to the modules list so they can see some more of the
background behind the requests.]
I am trying to put together a set of modules that can give a meta-view of
LDAP. This would remove intimate knowledge of the LDAP structure from the
scripts and place it in these modules.
For example, here at Texas A&M University, we have our LDAP with three
primary branches:
ou={People, Mailusers, Roles and Organizations}, dc=tamu, dc=edu.
The entries in ou=People are a super-set of ou=Mailusers. People (real,
breathing, human beings) can be members of both branches due to the
political history of the service. Entries in ou=Roles and Organizations
are role and organizational accounts and do not represent actual people.
We try to ensure that information between branches that should be the same
is indeed the same. In addition, we maintain an ou=Administrative branch
to track ownership of usernames, since usernames are not part of the dn and
customers can change them at will.
All this is written in PHP at the moment, but I am trying to rewrite
everything in Perl. PHP has too many constraints I have to work around
(imho). I'd like to make as much of the code as general as possible.
The meta-LDAP modules would be able to look at a configuration file to
gather any policy information and, together with a set of callbacks
(perhaps by using a custom derivitive class), enforce those policies
without having to put that logic in all the scripts that might make use of
the LDAP. This works for both reading and writing.
Part of the configuration that is needed is the attribute type and object
class configuration of the server. This can be supplied in an RFC 2252
specified format or in a server-specific format. I currently have a module
that can read at least the attribute types and object classes from an RFC
2252 complient file.
The big question comes down to: what should be the name of the module that
reads the server (schema) configuration?
I have requested the LDAP::* namespace for the meta-LDAP modules. I have
also requested Config::LDAP for the module that reads the LDAP server
configuration. If the LDAP::* namespace is approved, LDAP::ReadSchema or
something similar might work.
This last request resulted in a `counter-request' that I contact the
authors of some of the various LDAP modules on CPAN and see if anyone has a
better idea for where to put things. :)
--
James Smith <[EMAIL PROTECTED]>, 979-862-3725
Texas A&M CIS Operating Systems Group, Unix
