I didn't implement direct changelog reading, because there are multiple approaches to changelogs: OpenLDAP uses a changelog file, whereas SunOne/iPlanet & various others implement 'cn=changelog' objects in directory root, although their formats vary.

As far as I know, the recommended approach to change detection in LDAP these days (since no two directory vendors ever managed to agree on a changelog standard) is persistent searching.

There are two ways of doing this using Data::Sync as it stands:

• Run a persistent search against your source DSA, detecting those changes you're interested in and flowing them.
• Run a periodic search of all the objects you are interested in, and hash them for changes within Data::Sync.

The latter approach has been tested, but is a hefty search overhead. The former works in theory, but hasn't been tested (I have only very recently got a fully v3 compliant DS set up for testing).

An alternative approach (and the one I would favour for simplicity I think) would be to read LDIF as if it were an LDAP server - the code extensions to do that are fairly simple. That way your code could read the changelog file to pick up changes, perform the remapping, and write them direct to the target DS.

The code changes for that are fairly straightforward, and would be very useful in any case - thanks for the suggestion.