[Date Prev][Date Next] [Chronological] [Thread] [Top]


One of the things we're currently working on is hacking together something to support automatic updates of our non-LDAP-aware tools and to implement certain business logic rules for our own directory. So, for instance, when an entry aquires an ou of FOO, we would like to add their mail attribute (if any) to the mailing list that happens to be associated with foo and also add an ou: bar attribute to their entry. We've come up with a number of approaches:

1. Have something periodically crawl the directory and notice changes.
2. Have something periodically scrape a logfile to get changes.
3. Use back-perl (with back-bdb replicas for reading).
4. Write data somewhere else first with custom tools, then sync to LDAP.
5. Write a limited back-perl and make that a replica of the main server.

Unless I have grossly misread the documentation (which is, I must admit, a possibility) there isn't an Apache-like module syntax whereby I could manipulate data and then hand it to a pre-existing backend (although some of our goals might be achievable with back-meta). We thought about just patching the code, but of course that rapidly becomes less manageable if we want to stay up-to-date (which we do).

So, we're currently leaning towards #5, but would be interested to know if there is a better way of implementing this using OpenLDAP (since other people have presumably done this kind of thing in the past).

John Klein
Database Applications Developer
Information Technology Services - Harvard Law School
Omnia Mutantur, Nihil Interit