From c85dc62591ab2ce9eec3fd93004ba474f7b1fb19 Mon Sep 17 00:00:00 2001
From: Andrew Branson <andrew.branson@cern.ch>
Date: Wed, 9 Apr 2014 23:17:03 +0200
Subject: Expanded server predefined steps to include server and agent
 maintenance steps. Fixes #174

---
 .../instance/predefined/server/RemoveAgent.java    | 61 ++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java

(limited to 'src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java')

diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java
new file mode 100644
index 0000000..75fe80b
--- /dev/null
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java
@@ -0,0 +1,61 @@
+package com.c2kernel.lifecycle.instance.predefined.server;
+
+import com.c2kernel.common.InvalidDataException;
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.lifecycle.instance.predefined.PredefinedStep;
+import com.c2kernel.lookup.AgentPath;
+import com.c2kernel.lookup.RolePath;
+import com.c2kernel.persistency.ClusterStorageException;
+import com.c2kernel.process.Gateway;
+import com.c2kernel.utils.Logger;
+
+public class RemoveAgent extends PredefinedStep {
+
+	public RemoveAgent() {
+        super();
+	}
+	
+	@Override
+	protected String runActivityLogic(AgentPath agent, int itemSysKey,
+			int transitionID, String requestData) throws InvalidDataException {
+	
+		Logger.msg(1, "RemoveAgent::request() - Starting.");
+		
+		String[] params = getDataList(requestData);
+		AgentPath targetAgent;
+		try {
+			targetAgent = Gateway.getLDAPLookup().getRoleManager().getAgentPath(params[0]);
+		} catch (ObjectNotFoundException e) {
+			throw new InvalidDataException("Agent "+params[0]+" not found", "");
+		}
+		//remove from roles
+		for (RolePath role: targetAgent.getRoles()) {
+			try {
+				role.removeAgent(targetAgent);
+			} catch (ObjectCannotBeUpdated e) {
+				Logger.error(e);
+				throw new InvalidDataException("Error removing "+params[0]+" from Role "+role.getName(), "");
+			} catch (ObjectNotFoundException e) {
+				Logger.error(e);
+				throw new InvalidDataException("Tried to remove "+params[0]+" from Role "+role.getName()+" that doesn't exist.", "");
+			}
+		}
+		//clear out all storages
+        try {
+			Gateway.getStorage().removeCluster(targetAgent.getSysKey(), "", null);
+		} catch (ClusterStorageException e) {
+			Logger.error(e);
+			throw new InvalidDataException("Error deleting storage for  "+params[0], "");
+		}
+        //remove entity path
+        try {
+			Gateway.getLDAPLookup().delete(targetAgent);
+		} catch (ObjectCannotBeUpdated e) {
+			throw new InvalidDataException("Error deleting AgentPath for  "+params[0], "");
+		}
+        return requestData;
+
+	}
+
+}
-- 
cgit v1.2.3


From d4fa3bd9dd48f4d5e26850a23f5ba48a9c10ad64 Mon Sep 17 00:00:00 2001
From: Andrew Branson <andrew.branson@cern.ch>
Date: Thu, 5 Jun 2014 15:02:07 +0200
Subject: LDAP refactored behind interfaces. All functions of LDAP now hidden
 behind interfaces: Authenticator, Lookup and NextKeyManager (LDAP property
 storage was already a ClusterStorage). Gateway holds additional objects, and
 Fixes #26 #191. Refs #27 (needs additional work for read perms and auth
 tokens)

---
 .../com/c2kernel/entity/AgentImplementation.java   |   4 +-
 src/main/java/com/c2kernel/entity/CorbaServer.java |   6 +-
 src/main/java/com/c2kernel/entity/agent/Job.java   |   2 +-
 .../java/com/c2kernel/entity/proxy/AgentProxy.java |  22 +-
 .../com/c2kernel/entity/proxy/ProxyManager.java    |  31 +-
 .../com/c2kernel/entity/transfer/TransferItem.java |  14 +-
 .../com/c2kernel/entity/transfer/TransferSet.java  |   4 +-
 .../com/c2kernel/lifecycle/instance/Activity.java  |   4 +-
 .../com/c2kernel/lifecycle/instance/JobPusher.java |   7 +-
 .../com/c2kernel/lifecycle/instance/WfVertex.java  |   2 +-
 .../instance/predefined/AddDomainPath.java         |   6 +-
 .../predefined/CreateItemFromDescription.java      |   8 +-
 .../lifecycle/instance/predefined/Erase.java       |  12 +-
 .../instance/predefined/RemoveDomainPath.java      |   4 +-
 .../predefined/entitycreation/NewAgent.java        |   6 +-
 .../predefined/entitycreation/NewItem.java         |   6 +-
 .../predefined/entitycreation/NewRole.java         |   2 +-
 .../predefined/server/AddDomainContext.java        |   2 +-
 .../instance/predefined/server/RemoveAgent.java    |   4 +-
 .../predefined/server/RemoveDomainContext.java     |   4 +-
 .../predefined/server/SetAgentPassword.java        |   4 +-
 .../instance/predefined/server/SetAgentRoles.java  |   6 +-
 .../instance/stateMachine/Transition.java          |   4 +-
 src/main/java/com/c2kernel/lookup/AgentPath.java   |  42 +-
 src/main/java/com/c2kernel/lookup/DomainPath.java  |  21 +-
 .../c2kernel/lookup/InvalidItemPathException.java  |   2 +-
 .../com/c2kernel/lookup/InvalidPathException.java  |  13 +
 src/main/java/com/c2kernel/lookup/ItemPath.java    |  16 -
 src/main/java/com/c2kernel/lookup/LDAPLookup.java  | 496 -------------
 .../java/com/c2kernel/lookup/LDAPLookupUtils.java  | 340 ---------
 src/main/java/com/c2kernel/lookup/LDAPPathSet.java |  72 --
 .../java/com/c2kernel/lookup/LDAPProperties.java   |  54 --
 .../com/c2kernel/lookup/LDAPPropertyManager.java   | 138 ----
 .../java/com/c2kernel/lookup/LDAPRoleManager.java  | 224 ------
 src/main/java/com/c2kernel/lookup/Lookup.java      |  77 ++
 .../java/com/c2kernel/lookup/NextKeyManager.java   |  84 ---
 src/main/java/com/c2kernel/lookup/Path.java        |  87 +--
 src/main/java/com/c2kernel/lookup/RolePath.java    |  35 +-
 .../com/c2kernel/lookup/ldap/LDAPAuthManager.java  |  95 +++
 .../java/com/c2kernel/lookup/ldap/LDAPLookup.java  | 775 +++++++++++++++++++++
 .../com/c2kernel/lookup/ldap/LDAPLookupUtils.java  | 365 ++++++++++
 .../c2kernel/lookup/ldap/LDAPNextKeyManager.java   |  92 +++
 .../java/com/c2kernel/lookup/ldap/LDAPPathSet.java |  81 +++
 .../com/c2kernel/lookup/ldap/LDAPProperties.java   |  38 +
 .../c2kernel/lookup/ldap/LDAPPropertyManager.java  | 141 ++++
 .../c2kernel/persistency/LDAPClusterStorage.java   |  12 +-
 .../com/c2kernel/persistency/NextKeyManager.java   |  19 +
 .../java/com/c2kernel/persistency/ProxyLoader.java |   8 +-
 src/main/java/com/c2kernel/process/Bootstrap.java  |  45 +-
 .../java/com/c2kernel/process/ClientShell.java     |   4 +-
 src/main/java/com/c2kernel/process/Gateway.java    | 192 ++---
 .../java/com/c2kernel/process/UserCodeProcess.java |   8 +-
 .../com/c2kernel/process/auth/Authenticator.java   |  14 +-
 .../com/c2kernel/process/auth/ConsoleAuth.java     |   4 +-
 .../java/com/c2kernel/process/auth/ProxyLogin.java |  12 +
 .../java/com/c2kernel/process/module/Module.java   |  13 +-
 .../com/c2kernel/process/module/ModuleManager.java |  12 +-
 .../com/c2kernel/process/module/ModuleScript.java  |  11 +-
 src/main/java/com/c2kernel/scripting/Script.java   |   2 +-
 .../java/com/c2kernel/scripting/ScriptConsole.java |  10 +-
 .../java/com/c2kernel/utils/LocalObjectLoader.java |   8 +-
 61 files changed, 1956 insertions(+), 1870 deletions(-)
 create mode 100644 src/main/java/com/c2kernel/lookup/InvalidPathException.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/LDAPLookup.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/LDAPPathSet.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/LDAPProperties.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/LDAPPropertyManager.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/LDAPRoleManager.java
 create mode 100644 src/main/java/com/c2kernel/lookup/Lookup.java
 delete mode 100644 src/main/java/com/c2kernel/lookup/NextKeyManager.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPAuthManager.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPLookupUtils.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPNextKeyManager.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPPathSet.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java
 create mode 100644 src/main/java/com/c2kernel/lookup/ldap/LDAPPropertyManager.java
 create mode 100644 src/main/java/com/c2kernel/persistency/NextKeyManager.java
 create mode 100644 src/main/java/com/c2kernel/process/auth/ProxyLogin.java

(limited to 'src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java')

diff --git a/src/main/java/com/c2kernel/entity/AgentImplementation.java b/src/main/java/com/c2kernel/entity/AgentImplementation.java
index d31b94a..8010114 100644
--- a/src/main/java/com/c2kernel/entity/AgentImplementation.java
+++ b/src/main/java/com/c2kernel/entity/AgentImplementation.java
@@ -53,7 +53,7 @@ public class AgentImplementation extends ItemImplementation implements
 
     @Override
 	public void addRole(String roleName) throws CannotManageException, ObjectNotFoundException {
-        RolePath newRole = Gateway.getLDAPLookup().getRoleManager().getRolePath(roleName);
+        RolePath newRole = Gateway.getLookup().getRolePath(roleName);
         try {
             newRole.addAgent(new AgentPath(mSystemKey));
         } catch (InvalidItemPathException ex) {
@@ -65,7 +65,7 @@ public class AgentImplementation extends ItemImplementation implements
 
     @Override
 	public void removeRole(String roleName) throws CannotManageException, ObjectNotFoundException {
-        RolePath rolePath = Gateway.getLDAPLookup().getRoleManager().getRolePath(roleName);
+        RolePath rolePath = Gateway.getLookup().getRolePath(roleName);
         try {
             rolePath.removeAgent(new AgentPath(mSystemKey));
         } catch (InvalidItemPathException e) {
diff --git a/src/main/java/com/c2kernel/entity/CorbaServer.java b/src/main/java/com/c2kernel/entity/CorbaServer.java
index 4a129ae..3a01ed7 100644
--- a/src/main/java/com/c2kernel/entity/CorbaServer.java
+++ b/src/main/java/com/c2kernel/entity/CorbaServer.java
@@ -14,8 +14,8 @@ import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.entity.agent.ActiveEntity;
 import com.c2kernel.entity.agent.ActiveLocator;
 import com.c2kernel.lookup.AgentPath;
-import com.c2kernel.lookup.ItemPath;
 import com.c2kernel.lookup.InvalidItemPathException;
+import com.c2kernel.lookup.ItemPath;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
 import com.c2kernel.utils.SoftCache;
@@ -126,7 +126,7 @@ public class CorbaServer {
                 if (entity == null) {
                     Logger.msg(7, "Creating new servant for "+sysKey);
 
-                    Class<?> entityClass = Gateway.getLDAPLookup().getEntityClass(entityPath);
+                    Class<?> entityClass = Gateway.getLookup().getItemClass(entityPath);
 
                     if (entityClass == TraceableEntity.class) {
                         if (poa == null) poa = mItemPOA;
@@ -167,7 +167,7 @@ public class CorbaServer {
     public Servant createEntity(ItemPath entityPath) throws CannotManageException, ObjectAlreadyExistsException {
         try {
             if (entityPath == null)
-                entityPath = Gateway.getLDAPLookup().getNextKeyManager().generateNextEntityKey();
+                entityPath = Gateway.getNextKeyManager().generateNextEntityKey();
         } catch (Exception ex) {
             Logger.error(ex);
             throw new CannotManageException("Cannot generate next entity key");
diff --git a/src/main/java/com/c2kernel/entity/agent/Job.java b/src/main/java/com/c2kernel/entity/agent/Job.java
index efbd5fb..cef35ef 100644
--- a/src/main/java/com/c2kernel/entity/agent/Job.java
+++ b/src/main/java/com/c2kernel/entity/agent/Job.java
@@ -164,7 +164,7 @@ public class Job implements C2KLocalObject
 
     public int getAgentId() throws ObjectNotFoundException {
         if (agentId == -1)
-            agentId = Gateway.getLDAPLookup().getRoleManager().getAgentPath(getAgentName()).getSysKey();
+            agentId = Gateway.getLookup().getAgentPath(getAgentName()).getSysKey();
         return agentId;
     }
 
diff --git a/src/main/java/com/c2kernel/entity/proxy/AgentProxy.java b/src/main/java/com/c2kernel/entity/proxy/AgentProxy.java
index b6566a8..e5a52f0 100644
--- a/src/main/java/com/c2kernel/entity/proxy/AgentProxy.java
+++ b/src/main/java/com/c2kernel/entity/proxy/AgentProxy.java
@@ -11,7 +11,7 @@
 package com.c2kernel.entity.proxy;
 
 import java.util.Date;
-import java.util.Enumeration;
+import java.util.Iterator;
 
 import com.c2kernel.common.AccessRightsException;
 import com.c2kernel.common.InvalidDataException;
@@ -32,6 +32,7 @@ import com.c2kernel.lookup.Path;
 import com.c2kernel.persistency.outcome.OutcomeValidator;
 import com.c2kernel.persistency.outcome.Schema;
 import com.c2kernel.process.Gateway;
+import com.c2kernel.process.auth.Authenticator;
 import com.c2kernel.scripting.ErrorInfo;
 import com.c2kernel.scripting.Script;
 import com.c2kernel.scripting.ScriptErrorException;
@@ -50,6 +51,7 @@ public class AgentProxy extends ItemProxy
 {
 
 	AgentPath agentPath;
+	Authenticator auth;
    /**************************************************************************
     * Creates an AgentProxy without cache and change notification
     **************************************************************************/
@@ -66,7 +68,15 @@ public class AgentProxy extends ItemProxy
         }
     }
 
-    @Override
+    public Authenticator getAuthObj() {
+    	return auth;
+    }
+
+    public void setAuthObj(Authenticator auth) {
+    	this.auth = auth;
+    }
+
+	@Override
 	public Agent narrow() throws ObjectNotFoundException
     {
         try {
@@ -237,14 +247,14 @@ public class AgentProxy extends ItemProxy
 
     /** Let scripts resolve items */
     public ItemProxy searchItem(String name) throws ObjectNotFoundException {
-        Enumeration<Path> results = Gateway.getLDAPLookup().search(new DomainPath(""),name);
+        Iterator<Path> results = Gateway.getLookup().search(new DomainPath(""),name);
 
         Path returnPath = null;
-        if (!results.hasMoreElements())
+        if (!results.hasNext())
             throw new ObjectNotFoundException(name, "");
 
-        while(results.hasMoreElements()) {
-            Path nextMatch = results.nextElement();
+        while(results.hasNext()) {
+            Path nextMatch = results.next();
             if (returnPath != null && nextMatch.getSysKey() != -1 && returnPath.getSysKey() != nextMatch.getSysKey())
                 throw new ObjectNotFoundException("Too many items with that name");
             returnPath = nextMatch;
diff --git a/src/main/java/com/c2kernel/entity/proxy/ProxyManager.java b/src/main/java/com/c2kernel/entity/proxy/ProxyManager.java
index b217f3e..2b2e0e9 100644
--- a/src/main/java/com/c2kernel/entity/proxy/ProxyManager.java
+++ b/src/main/java/com/c2kernel/entity/proxy/ProxyManager.java
@@ -12,7 +12,6 @@ package com.c2kernel.entity.proxy;
 
 import java.util.ArrayList;
 import java.util.ConcurrentModificationException;
-import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Iterator;
 
@@ -41,9 +40,9 @@ public class ProxyManager
     {
         Logger.msg(5, "ProxyManager - Starting.....");
 
-        Enumeration<Path> servers = Gateway.getLDAPLookup().searchEntities(new DomainPath("/servers"));
-        while(servers.hasMoreElements()) {
-            Path thisServerPath = servers.nextElement();
+        Iterator<Path> servers = Gateway.getLookup().searchEntities(new DomainPath("/servers"));
+        while(servers.hasNext()) {
+            Path thisServerPath = servers.next();
             try {
                 int syskey = thisServerPath.getSysKey();
                 String remoteServer = ((Property)Gateway.getStorage().get(syskey, ClusterStorage.PROPERTY+"/Name", null)).getValue();
@@ -157,7 +156,7 @@ public class ProxyManager
     **************************************************************************/
     private ItemProxy createProxy( org.omg.CORBA.Object ior,
                                               int systemKey,
-                                              boolean isItem )
+                                              boolean isAgent )
         throws ObjectNotFoundException
     {
 
@@ -165,13 +164,13 @@ public class ProxyManager
 
         Logger.msg(5, "ProxyManager::creating proxy on Item " + systemKey);
 
-        if( isItem )
+        if( isAgent )
         {
-            newProxy = new ItemProxy(ior, systemKey);
+            newProxy = new AgentProxy(ior, systemKey);
         }
         else
         {
-            newProxy = new AgentProxy(ior, systemKey);
+            newProxy = new ItemProxy(ior, systemKey);
         }
 
         // subscribe to changes from server
@@ -195,7 +194,7 @@ public class ProxyManager
     **************************************************************************/
     private ItemProxy getProxy( org.omg.CORBA.Object ior,
                                            int systemKey,
-                                           boolean isItem )
+                                           boolean isAgent )
         throws ObjectNotFoundException
     {
         Integer key = new Integer(systemKey);
@@ -206,7 +205,7 @@ public class ProxyManager
             newProxy = proxyPool.get(key);
             if (newProxy == null) {
                 // create a new one
-                newProxy = createProxy(ior, systemKey, isItem );
+                newProxy = createProxy(ior, systemKey, isAgent );
                 proxyPool.put(key, newProxy);
             }
             return newProxy;
@@ -225,12 +224,18 @@ public class ProxyManager
 
         //convert namePath to dn format
         Logger.msg(8,"ProxyManager::getProxy(" + path.toString() + ")");
-        boolean isItem = !(path.getEntity() instanceof AgentPath);
-        return getProxy( Gateway.getLDAPLookup().getIOR(path),
+        boolean isAgent = (path.getEntity() instanceof AgentPath);
+        return getProxy( Gateway.getLookup().resolve(path),
                             path.getSysKey(),
-                            isItem );
+                            isAgent );
 
     }
+    
+    public AgentProxy getAgentProxy( AgentPath path )
+    	throws ObjectNotFoundException
+    {
+    	return (AgentProxy) getProxy(path);
+    }
 
    /**************************************************************************
     * void reportCurrentProxies()
diff --git a/src/main/java/com/c2kernel/entity/transfer/TransferItem.java b/src/main/java/com/c2kernel/entity/transfer/TransferItem.java
index df81721..9a4cfc5 100644
--- a/src/main/java/com/c2kernel/entity/transfer/TransferItem.java
+++ b/src/main/java/com/c2kernel/entity/transfer/TransferItem.java
@@ -2,7 +2,7 @@ package com.c2kernel.entity.transfer;
 
 import java.io.File;
 import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.Iterator;
 
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.entity.C2KLocalObject;
@@ -26,7 +26,7 @@ public class TransferItem {
 
     public TransferItem() throws Exception {
         try {
-            importAgentId = Gateway.getLDAPLookup().getRoleManager().getAgentPath("system").getSysKey();
+            importAgentId = Gateway.getLookup().getAgentPath("system").getSysKey();
         } catch (ObjectNotFoundException e) {
             Logger.error("TransferItem - System user not found!");
             throw e;
@@ -37,9 +37,9 @@ public class TransferItem {
         this.sysKey = sysKey;
         domainPaths = new ArrayList<String>();
         Property name = (Property)Gateway.getStorage().get(sysKey, ClusterStorage.PROPERTY + "/Name", null);
-        Enumeration<Path> paths = Gateway.getLDAPLookup().search(new DomainPath(), name.getValue());
-        while (paths.hasMoreElements()) {
-            DomainPath thisPath = (DomainPath)paths.nextElement();
+        Iterator<Path> paths = Gateway.getLookup().search(new DomainPath(), name.getValue());
+        while (paths.hasNext()) {
+            DomainPath thisPath = (DomainPath)paths.next();
             domainPaths.add(thisPath.toString());
         }
     }
@@ -91,7 +91,7 @@ public class TransferItem {
         // create item
         ItemPath entityPath = new ItemPath(sysKey);
         TraceableEntity newItem = (TraceableEntity)Gateway.getCorbaServer().createEntity(entityPath);
-        Gateway.getLDAPLookup().add(entityPath);
+        Gateway.getLookup().add(entityPath);
 
         PropertyArrayList props = new PropertyArrayList();
         Workflow wf = null;
@@ -121,7 +121,7 @@ public class TransferItem {
         // add domPaths
         for (String element : domainPaths) {
             DomainPath newPath = new DomainPath(element, entityPath);
-            Gateway.getLDAPLookup().add(newPath);
+            Gateway.getLookup().add(newPath);
         }
     }
 
diff --git a/src/main/java/com/c2kernel/entity/transfer/TransferSet.java b/src/main/java/com/c2kernel/entity/transfer/TransferSet.java
index a7d81b6..7a5833f 100644
--- a/src/main/java/com/c2kernel/entity/transfer/TransferSet.java
+++ b/src/main/java/com/c2kernel/entity/transfer/TransferSet.java
@@ -4,7 +4,7 @@ import java.io.File;
 import java.util.ArrayList;
 
 import com.c2kernel.lookup.ItemPath;
-import com.c2kernel.lookup.NextKeyManager;
+import com.c2kernel.persistency.NextKeyManager;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.FileStringUtility;
 import com.c2kernel.utils.Logger;
@@ -84,7 +84,7 @@ public class TransferSet {
 
         try
         {   // find the current last key
-            NextKeyManager nextKeyMan = Gateway.getLDAPLookup().getNextKeyManager();
+            NextKeyManager nextKeyMan = Gateway.getNextKeyManager();
             ItemPath lastKey = nextKeyMan.getLastEntityPath();
             Logger.msg(1, "Last key imported was "+packageLastKey+". LDAP lastkey was "+lastKey.getSysKey());
 
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/Activity.java b/src/main/java/com/c2kernel/lifecycle/instance/Activity.java
index b86e200..88cbeb6 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/Activity.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/Activity.java
@@ -19,7 +19,6 @@ import com.c2kernel.lifecycle.instance.stateMachine.State;
 import com.c2kernel.lifecycle.instance.stateMachine.StateMachine;
 import com.c2kernel.lifecycle.instance.stateMachine.Transition;
 import com.c2kernel.lookup.AgentPath;
-import com.c2kernel.lookup.LDAPRoleManager;
 import com.c2kernel.lookup.RolePath;
 import com.c2kernel.persistency.ClusterStorageException;
 import com.c2kernel.persistency.outcome.Outcome;
@@ -455,10 +454,9 @@ public class Activity extends WfVertex
 		String agentRole = getCurrentAgentRole();
 		if (agentRole == null || agentRole.length()==0) return;
 
-		LDAPRoleManager roleMan = Gateway.getLDAPLookup().getRoleManager();
     	RolePath myRole;
         try {
-            myRole = roleMan.getRolePath(agentRole);
+            myRole = Gateway.getLookup().getRolePath(agentRole);
         } catch (ObjectNotFoundException ex) { // non-existent role
     		Logger.msg(7, "Activity.pushJobsToAgents() - Activity role '"+agentRole+" not found.");
     		return;
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/JobPusher.java b/src/main/java/com/c2kernel/lifecycle/instance/JobPusher.java
index a0a51d0..89e7708 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/JobPusher.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/JobPusher.java
@@ -1,11 +1,12 @@
 package com.c2kernel.lifecycle.instance;
 
-import java.util.Enumeration;
+import java.util.Iterator;
 
 import com.c2kernel.entity.Agent;
 import com.c2kernel.entity.AgentHelper;
 import com.c2kernel.entity.agent.JobArrayList;
 import com.c2kernel.lookup.AgentPath;
+import com.c2kernel.lookup.Path;
 import com.c2kernel.lookup.RolePath;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
@@ -25,9 +26,9 @@ final class JobPusher extends Thread {
 	public void run()
     {
         Thread.currentThread().setName("Agent job pusher for "+itemSysKey+":"+activity.getName()+" to role "+myRole);
-    	for (Enumeration<AgentPath> e = myRole.getChildren(); e.hasMoreElements();)
+    	for (Iterator<Path> e = myRole.getChildren(); e.hasNext();)
     	{
-            AgentPath nextAgent = e.nextElement();
+            AgentPath nextAgent = (AgentPath)e.next();
     		Logger.msg(7, "Activity.pushJobsToAgents() - Calculating jobs for " + nextAgent.getAgentName());
     		try
     		{
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/WfVertex.java b/src/main/java/com/c2kernel/lifecycle/instance/WfVertex.java
index 0fc9bf9..2f0ef0d 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/WfVertex.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/WfVertex.java
@@ -157,7 +157,7 @@ public abstract class WfVertex extends GraphableVertex
                 script.setInputParamValue("item", Gateway.getProxyManager().getProxy(new ItemPath(itemSysKey)));
             }
             if (requiredInput.containsKey("agent")) {
-                AgentPath systemAgent = Gateway.getLDAPLookup().getRoleManager().getAgentPath("system");
+                AgentPath systemAgent = Gateway.getLookup().getAgentPath("system");
                 script.setInputParamValue("agent", Gateway.getProxyManager().getProxy(systemAgent));
             }
             Object retVal = script.execute();
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java
index 9eb15f2..3da17e9 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/AddDomainPath.java
@@ -13,9 +13,9 @@ package com.c2kernel.lifecycle.instance.predefined;
 import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.lookup.AgentPath;
 import com.c2kernel.lookup.DomainPath;
-import com.c2kernel.lookup.ItemPath;
 import com.c2kernel.lookup.InvalidItemPathException;
-import com.c2kernel.lookup.LDAPLookup;
+import com.c2kernel.lookup.ItemPath;
+import com.c2kernel.lookup.Lookup;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
 
@@ -32,7 +32,7 @@ public class AddDomainPath extends PredefinedStep
 			int transitionID, String requestData) throws InvalidDataException {
     	
         Logger.msg(8,"AddAlias::request()");
-        LDAPLookup lookupManager = Gateway.getLDAPLookup();
+        Lookup lookupManager = Gateway.getLookup();
 
         Logger.msg(1,"AddAlias::request() - Starting.");
 
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/CreateItemFromDescription.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/CreateItemFromDescription.java
index e6da64a..e16a92c 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/CreateItemFromDescription.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/CreateItemFromDescription.java
@@ -27,7 +27,6 @@ import com.c2kernel.lifecycle.CompositeActivityDef;
 import com.c2kernel.lookup.AgentPath;
 import com.c2kernel.lookup.DomainPath;
 import com.c2kernel.lookup.ItemPath;
-import com.c2kernel.lookup.LDAPLookup;
 import com.c2kernel.persistency.ClusterStorage;
 import com.c2kernel.persistency.TransactionManager;
 import com.c2kernel.process.Gateway;
@@ -67,7 +66,6 @@ public class CreateItemFromDescription extends PredefinedStep
 		PropertyArrayList props = new PropertyArrayList();
 		Logger.msg(1, "AddNewItem::request() - Starting.");
 		TransactionManager storage = Gateway.getStorage();
-		LDAPLookup lookup = Gateway.getLDAPLookup();
 
         try {
             // check if the path is already taken
@@ -134,7 +132,7 @@ public class CreateItemFromDescription extends PredefinedStep
 
             // generate new entity key
             Logger.msg(6, "CreateItemFromDescription - Requesting new sysKey");
-            ItemPath entityPath = lookup.getNextKeyManager().generateNextEntityKey();
+            ItemPath entityPath = Gateway.getNextKeyManager().generateNextEntityKey();
 
             // resolve the item factory
             Logger.msg(6, "CreateItemFromDescription - Resolving item factory");
@@ -144,7 +142,7 @@ public class CreateItemFromDescription extends PredefinedStep
             CorbaServer factory = Gateway.getCorbaServer();
             if (factory == null) throw new AccessRightsException("This process cannot create new Items", "");
             TraceableEntity newItem = (TraceableEntity)factory.createEntity(entityPath);
-            Gateway.getLDAPLookup().add(entityPath);
+            Gateway.getLookup().add(entityPath);
 
 
             // initialise it with its properties and workflow
@@ -161,7 +159,7 @@ public class CreateItemFromDescription extends PredefinedStep
             // add its domain path
             Logger.msg(3, "CreateItemFromDescription - Creating "+context);
             context.setEntity(entityPath);
-            Gateway.getLDAPLookup().add(context);
+            Gateway.getLookup().add(context);
             return requestData;
         } catch (Exception e) {
             Logger.error(e);
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/Erase.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/Erase.java
index 412fe52..3c4a6a7 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/Erase.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/Erase.java
@@ -13,7 +13,7 @@ package com.c2kernel.lifecycle.instance.predefined;
 
 
 
-import java.util.Enumeration;
+import java.util.Iterator;
 
 import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.lookup.AgentPath;
@@ -47,19 +47,19 @@ public class Erase extends PredefinedStep
         try
         {
             // get all domain paths
-            Enumeration<Path> domPaths = Gateway.getLDAPLookup().searchAliases(new ItemPath(itemSysKey));
-            while (domPaths.hasMoreElements()) {
-                DomainPath path = (DomainPath)domPaths.nextElement();
+            Iterator<Path> domPaths = Gateway.getLookup().searchAliases(new ItemPath(itemSysKey));
+            while (domPaths.hasNext()) {
+                DomainPath path = (DomainPath)domPaths.next();
                 // delete them
                 if (path.getSysKey() == itemSysKey)
-                    Gateway.getLDAPLookup().delete(path);
+                    Gateway.getLookup().delete(path);
             }
 
             //clear out all storages
             Gateway.getStorage().removeCluster(itemSysKey, "", null);
 
             //remove entity path
-            Gateway.getLDAPLookup().delete(new ItemPath(itemSysKey));
+            Gateway.getLookup().delete(new ItemPath(itemSysKey));
         }
         catch( Exception ex )
         {
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java
index e33f722..1ee5e8c 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/RemoveDomainPath.java
@@ -15,7 +15,7 @@ import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.lookup.AgentPath;
 import com.c2kernel.lookup.DomainPath;
-import com.c2kernel.lookup.LDAPLookup;
+import com.c2kernel.lookup.Lookup;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
 
@@ -32,7 +32,7 @@ public class RemoveDomainPath extends PredefinedStep
 			int transitionID, String requestData) throws InvalidDataException {
 
         Logger.msg(8,"RemoveDomainPath::request()");
-        LDAPLookup lookupManager = Gateway.getLDAPLookup();
+        Lookup lookupManager = Gateway.getLookup();
 
         Logger.msg(1,"RemoveDomainPath::request() - Starting.");
 
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewAgent.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewAgent.java
index baea8dd..10e5e6f 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewAgent.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewAgent.java
@@ -32,11 +32,11 @@ public class NewAgent extends ModuleImport implements java.io.Serializable {
     }
 
 	public void create(int agentId) throws ObjectNotFoundException, ObjectCannotBeUpdated, NoSuchAlgorithmException, CannotManageException, ObjectAlreadyExistsException {
-        AgentPath newAgent = Gateway.getLDAPLookup().getNextKeyManager().generateNextAgentKey();
+        AgentPath newAgent = Gateway.getNextKeyManager().generateNextAgentKey();
         newAgent.setAgentName(name);
         newAgent.setPassword(password);
         ActiveEntity newAgentEnt = (ActiveEntity)Gateway.getCorbaServer().createEntity(newAgent);
-        Gateway.getLDAPLookup().add(newAgent);
+        Gateway.getLookup().add(newAgent);
         // assemble properties
         properties.add(new com.c2kernel.property.Property("Name", name, true));
         properties.add(new com.c2kernel.property.Property("Type", "Agent", false));
@@ -49,7 +49,7 @@ public class NewAgent extends ModuleImport implements java.io.Serializable {
         for (String role : roles) {
             RolePath thisRole;
             try {
-                thisRole = Gateway.getLDAPLookup().getRoleManager().getRolePath(role);
+                thisRole = Gateway.getLookup().getRolePath(role);
             } catch (ObjectNotFoundException ex) {
                 throw new ObjectNotFoundException("Role "+role+" does not exist.");
             }
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java
index c0197db..b1ef0e4 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewItem.java
@@ -77,9 +77,9 @@ public class NewItem extends ModuleImport {
         } 
         else {
 	        // create item
-	        entPath = Gateway.getLDAPLookup().getNextKeyManager().generateNextEntityKey();
+	        entPath = Gateway.getNextKeyManager().generateNextEntityKey();
 	        newItem = (TraceableEntity)Gateway.getCorbaServer().createEntity(entPath);
-	        Gateway.getLDAPLookup().add(entPath);
+	        Gateway.getLookup().add(entPath);
         }
         
         // set the name property
@@ -181,7 +181,7 @@ public class NewItem extends ModuleImport {
         // register domain path (before collections in case of recursive collections)
         if (!domPath.exists()) {
         	domPath.setEntity(entPath);
-        	Gateway.getLDAPLookup().add(domPath);
+        	Gateway.getLookup().add(domPath);
         }
     }
 }
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewRole.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewRole.java
index 003b7f7..74415a5 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewRole.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/entitycreation/NewRole.java
@@ -13,7 +13,7 @@ public class NewRole extends ModuleImport {
 	}
 	
 	public void create(int agentId) throws ObjectAlreadyExistsException, ObjectCannotBeUpdated {
-		Gateway.getLDAPLookup().getRoleManager().createRole(name, jobList);
+		Gateway.getLookup().createRole(name, jobList);
 	}
 
 }
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java
index 7595711..a931143 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/AddDomainContext.java
@@ -35,7 +35,7 @@ public class AddDomainContext extends PredefinedStep {
 		while(!pathsToAdd.empty()) {
 			pathToAdd = pathsToAdd.pop();
 			try {
-				Gateway.getLDAPLookup().add(pathToAdd);
+				Gateway.getLookup().add(pathToAdd);
 			} catch (ObjectAlreadyExistsException e) {
 				Logger.error("Context "+pathToAdd+" inconsistently exists.");
 			} catch (ObjectCannotBeUpdated e) {
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java
index 75fe80b..19641fe 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveAgent.java
@@ -25,7 +25,7 @@ public class RemoveAgent extends PredefinedStep {
 		String[] params = getDataList(requestData);
 		AgentPath targetAgent;
 		try {
-			targetAgent = Gateway.getLDAPLookup().getRoleManager().getAgentPath(params[0]);
+			targetAgent = Gateway.getLookup().getAgentPath(params[0]);
 		} catch (ObjectNotFoundException e) {
 			throw new InvalidDataException("Agent "+params[0]+" not found", "");
 		}
@@ -50,7 +50,7 @@ public class RemoveAgent extends PredefinedStep {
 		}
         //remove entity path
         try {
-			Gateway.getLDAPLookup().delete(targetAgent);
+			Gateway.getLookup().delete(targetAgent);
 		} catch (ObjectCannotBeUpdated e) {
 			throw new InvalidDataException("Error deleting AgentPath for  "+params[0], "");
 		}
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java
index 77a7545..a55f7dd 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/RemoveDomainContext.java
@@ -27,11 +27,11 @@ public class RemoveDomainContext extends PredefinedStep {
 			pathToDelete.getEntity();
 			throw new InvalidDataException("Path "+pathToDelete+" is an Entity. Use its own Erase step instead, or RemoveAgent.", "");
 		} catch (ObjectNotFoundException ex) { }
-		if (pathToDelete.getChildren().hasMoreElements())
+		if (Gateway.getLookup().getChildren(pathToDelete).hasNext())
 			throw new InvalidDataException("Context "+pathToDelete+" is not empty. Cannot delete.", "");
 		
 		try {
-			Gateway.getLDAPLookup().delete(pathToDelete);
+			Gateway.getLookup().delete(pathToDelete);
 		} catch (ObjectCannotBeUpdated e) {
 			Logger.error(e);
 			throw new InvalidDataException("Exception deleting path"+pathToDelete+": "+e.getMessage(), "");
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentPassword.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentPassword.java
index bb19030..8a2863a 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentPassword.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentPassword.java
@@ -27,13 +27,13 @@ public class SetAgentPassword extends PredefinedStep {
 			throw new InvalidDataException("Requires 2 params: agent name and new password", "");
 		AgentPath targetAgent;
 		try {
-			targetAgent = Gateway.getLDAPLookup().getRoleManager().getAgentPath(params[0]);
+			targetAgent = Gateway.getLookup().getAgentPath(params[0]);
 		} catch (ObjectNotFoundException e) {
 			throw new InvalidDataException("Agent "+params[0]+" not found", "");
 		}
 		
 		try {
-			Gateway.getLDAPLookup().getRoleManager().setAgentPassword(targetAgent, params[1]);
+			Gateway.getLookup().setAgentPassword(targetAgent, params[1]);
 		} catch (ObjectNotFoundException e) {
 			Logger.error(e);
             throw new InvalidDataException("Agent "+params[0]+" not found.", "");
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentRoles.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentRoles.java
index 51be40a..19c6bd8 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentRoles.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/server/SetAgentRoles.java
@@ -6,7 +6,6 @@ import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.lifecycle.instance.predefined.PredefinedStep;
 import com.c2kernel.lookup.AgentPath;
-import com.c2kernel.lookup.LDAPRoleManager;
 import com.c2kernel.lookup.RolePath;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
@@ -26,18 +25,17 @@ public class SetAgentRoles extends PredefinedStep {
 		String[] params = getDataList(requestData);
 		AgentPath targetAgent;
 		try {
-			targetAgent = Gateway.getLDAPLookup().getRoleManager().getAgentPath(params[0]);
+			targetAgent = Gateway.getLookup().getAgentPath(params[0]);
 		} catch (ObjectNotFoundException e) {
 			throw new InvalidDataException("Agent "+params[0]+" not found", "");
 		}
 		
-		LDAPRoleManager roleMan = Gateway.getLDAPLookup().getRoleManager();
 		RolePath[] currentRoles = targetAgent.getRoles();
 		ArrayList<RolePath> requestedRoles = new ArrayList<RolePath>();
 		if (params.length>1)
 			for (int i=1; i<params.length; i++)
 				try {
-					requestedRoles.add(roleMan.getRolePath(params[i]));
+					requestedRoles.add(Gateway.getLookup().getRolePath(params[i]));
 				} catch (ObjectNotFoundException e) {
 					throw new InvalidDataException("Role "+params[i]+" not found", "");
 				}
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/stateMachine/Transition.java b/src/main/java/com/c2kernel/lifecycle/instance/stateMachine/Transition.java
index 455ab2d..8a82bc1 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/stateMachine/Transition.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/stateMachine/Transition.java
@@ -194,12 +194,12 @@ public class Transition implements Serializable {
 		
 		// determine transition role
 		if (override) {
-			role = Gateway.getLDAPLookup().getRoleManager().getRolePath(overridingRole);
+			role = Gateway.getLookup().getRolePath(overridingRole);
 		}
 		else {
 			String actRole = act.getCurrentAgentRole();
 			if (actRole != null && actRole.length() > 0)
-				role = Gateway.getLDAPLookup().getRoleManager().getRolePath(actRole);
+				role = Gateway.getLookup().getRolePath(actRole);
 		}
 		
 		// Decide the access
diff --git a/src/main/java/com/c2kernel/lookup/AgentPath.java b/src/main/java/com/c2kernel/lookup/AgentPath.java
index a560795..a0bb7fd 100644
--- a/src/main/java/com/c2kernel/lookup/AgentPath.java
+++ b/src/main/java/com/c2kernel/lookup/AgentPath.java
@@ -15,12 +15,8 @@ import java.security.NoSuchAlgorithmException;
 
 import org.apache.xerces.impl.dv.util.Base64;
 
-import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.process.Gateway;
-import com.novell.ldap.LDAPAttribute;
-import com.novell.ldap.LDAPAttributeSet;
-import com.novell.ldap.LDAPEntry;
 
 
 /**
@@ -70,8 +66,7 @@ public class AgentPath extends ItemPath
     	if (mAgentName==null)
     	{
             try {
-                LDAPEntry agentEntry = LDAPLookupUtils.getEntry(Gateway.getLDAPLookup().getConnection(), this.getDN() + mLocalPath);
-                mAgentName = LDAPLookupUtils.getFirstAttributeValue(agentEntry,"uid");
+                mAgentName = Gateway.getLookup().getAgentName(this);
             } catch (ObjectNotFoundException e) {
                 mAgentName = "";
             }
@@ -81,16 +76,16 @@ public class AgentPath extends ItemPath
 
     public RolePath[] getRoles()
     {
-  		return Gateway.getLDAPLookup().getRoleManager().getRoles(this);
+  		return Gateway.getLookup().getRoles(this);
     }
 
     public boolean hasRole(RolePath role) {
-        return Gateway.getLDAPLookup().getRoleManager().hasRole(this, role);
+        return Gateway.getLookup().hasRole(this, role);
     }
 
     public boolean hasRole(String role) {
         try {
-            return hasRole(Gateway.getLDAPLookup().getRoleManager().getRolePath(role));
+            return hasRole(Gateway.getLookup().getRolePath(role));
         } catch (ObjectNotFoundException ex) {
             return false;
         }
@@ -113,7 +108,7 @@ public class AgentPath extends ItemPath
                 mAgentName;
     }
 
-    static String generateUserPassword(String pass, String algo) throws NoSuchAlgorithmException {
+    public static String generateUserPassword(String pass, String algo) throws NoSuchAlgorithmException {
         MessageDigest sha = MessageDigest.getInstance(algo);
         sha.reset();
         sha.update(pass.getBytes());
@@ -123,32 +118,5 @@ public class AgentPath extends ItemPath
         return digest.toString();
     }
 
-    @Override
-	public LDAPAttributeSet createAttributeSet() throws ObjectCannotBeUpdated
-    {
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-        attrs.add(new LDAPAttribute("objectclass","cristalagent"));
-        attrs.add(new LDAPAttribute("intsyskey",Integer.toString(mSysKey)));
-        attrs.add(new LDAPAttribute("cn", getPath()[getPath().length-1]));
-        if (mIOR != null)
-            attrs.add(new LDAPAttribute("ior", Gateway.getORB().object_to_string(mIOR)));
-
-        if (mAgentName!=null && mAgentName.length()>0)
-            attrs.add(new LDAPAttribute("uid",mAgentName));
-        else
-            throw new ObjectCannotBeUpdated("Cannot create agent. No userId specified", "");
-
-        if (mPassword!=null && mPassword.length()>0)
-            try {
-                attrs.add(new LDAPAttribute("userPassword",generateUserPassword(mPassword, "SHA")));
-            } catch (NoSuchAlgorithmException ex) {
-                throw new ObjectCannotBeUpdated("Cryptographic libraries for password hashing not found.", "");
-            }
-        else
-            throw new ObjectCannotBeUpdated("Cannot create agent. No password given", "");
-
-        return attrs;
-    }
-
 }
 
diff --git a/src/main/java/com/c2kernel/lookup/DomainPath.java b/src/main/java/com/c2kernel/lookup/DomainPath.java
index b0784f9..706719e 100644
--- a/src/main/java/com/c2kernel/lookup/DomainPath.java
+++ b/src/main/java/com/c2kernel/lookup/DomainPath.java
@@ -13,8 +13,6 @@ package com.c2kernel.lookup;
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPAttribute;
-import com.novell.ldap.LDAPAttributeSet;
 
 
 /**
@@ -108,7 +106,7 @@ public class DomainPath extends Path
 
     public void checkType() {
         try {
-		    setEntity(Gateway.getLDAPLookup().resolvePath(this));
+		    setEntity(Gateway.getLookup().resolvePath(this));
         } catch (InvalidItemPathException ex) {
             Logger.error(ex);
             mType = CONTEXT;
@@ -137,22 +135,5 @@ public class DomainPath extends Path
         }
         else return INVALID;
      }
-
-    @Override
-	public LDAPAttributeSet createAttributeSet() {
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-        attrs.add(new LDAPAttribute("cn",getName()));
-        if (getType() == ENTITY) {
-            String objectclass_values[] = { "alias", "aliasObject" };
-            attrs.add(new LDAPAttribute("objectclass",objectclass_values));
-            attrs.add(new LDAPAttribute("aliasedObjectName",target.getFullDN()));
-        }
-
-        else
-        {
-            attrs.add(new LDAPAttribute("objectclass","cristalcontext"));
-        }
-        return attrs;
-    }
 }
 
diff --git a/src/main/java/com/c2kernel/lookup/InvalidItemPathException.java b/src/main/java/com/c2kernel/lookup/InvalidItemPathException.java
index 5b37cd7..58174a8 100644
--- a/src/main/java/com/c2kernel/lookup/InvalidItemPathException.java
+++ b/src/main/java/com/c2kernel/lookup/InvalidItemPathException.java
@@ -1,6 +1,6 @@
 package com.c2kernel.lookup;
 
-public class InvalidItemPathException extends Exception {
+public class InvalidItemPathException extends InvalidPathException {
 
     public InvalidItemPathException() {
         super();
diff --git a/src/main/java/com/c2kernel/lookup/InvalidPathException.java b/src/main/java/com/c2kernel/lookup/InvalidPathException.java
new file mode 100644
index 0000000..77887cf
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/InvalidPathException.java
@@ -0,0 +1,13 @@
+package com.c2kernel.lookup;
+
+public class InvalidPathException extends Exception {
+
+    public InvalidPathException() {
+        super();
+    }
+
+    public InvalidPathException(String msg) {
+        super(msg);
+    }
+
+}
diff --git a/src/main/java/com/c2kernel/lookup/ItemPath.java b/src/main/java/com/c2kernel/lookup/ItemPath.java
index 89fe5ee..17e5659 100644
--- a/src/main/java/com/c2kernel/lookup/ItemPath.java
+++ b/src/main/java/com/c2kernel/lookup/ItemPath.java
@@ -12,11 +12,7 @@ package com.c2kernel.lookup;
 
 import java.util.ArrayList;
 
-import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
-import com.c2kernel.process.Gateway;
-import com.novell.ldap.LDAPAttribute;
-import com.novell.ldap.LDAPAttributeSet;
 
 
 /**
@@ -147,7 +143,6 @@ public class ItemPath extends Path
         mPath = (newKey.toArray(mPath));
         mSysKey = sysKey;
         mStringPath = null;
-        mDN = null;
         mType = Path.ENTITY;
         checkSysPath();
     }
@@ -160,16 +155,5 @@ public class ItemPath extends Path
         else
             mType = Path.CONTEXT;
     }
-
-    @Override
-	public LDAPAttributeSet createAttributeSet() throws ObjectCannotBeUpdated {
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-        attrs.add(new LDAPAttribute("objectclass","cristalentity"));
-        attrs.add(new LDAPAttribute("intsyskey",Integer.toString(mSysKey)));
-        attrs.add(new LDAPAttribute("cn", getPath()[getPath().length-1]));
-        if (mIOR != null)
-            attrs.add(new LDAPAttribute("ior", Gateway.getORB().object_to_string(mIOR)));
-        return attrs;
-    }
 }
 
diff --git a/src/main/java/com/c2kernel/lookup/LDAPLookup.java b/src/main/java/com/c2kernel/lookup/LDAPLookup.java
deleted file mode 100644
index eae803b..0000000
--- a/src/main/java/com/c2kernel/lookup/LDAPLookup.java
+++ /dev/null
@@ -1,496 +0,0 @@
-/*
- * Directory Lookup Service *
- * author: Florida Estrella
-*/
-
-package com.c2kernel.lookup;
-
-import java.util.StringTokenizer;
-
-import com.c2kernel.common.ObjectAlreadyExistsException;
-import com.c2kernel.common.ObjectCannotBeUpdated;
-import com.c2kernel.common.ObjectNotFoundException;
-import com.c2kernel.entity.TraceableEntity;
-import com.c2kernel.entity.agent.ActiveEntity;
-import com.c2kernel.entity.proxy.ProxyMessage;
-import com.c2kernel.process.Gateway;
-import com.c2kernel.property.PropertyDescription;
-import com.c2kernel.property.PropertyDescriptionList;
-import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPAttributeSet;
-import com.novell.ldap.LDAPConnection;
-import com.novell.ldap.LDAPDN;
-import com.novell.ldap.LDAPEntry;
-import com.novell.ldap.LDAPException;
-import com.novell.ldap.LDAPSearchConstraints;
-import com.novell.ldap.LDAPSearchResults;
-
-/**
- * The LDAPLookup object, statically accessible through the Gateway, manages
- * the LDAP connection for the cristal process. It provides:
- * <ul>
- * <li>Authentication - returning an AgentProxy object if a user has logged in
- * <li>System key generation - through the NextKeyManager
- * <li>Agent and Role lookup/modification - through the RoleManager
- * <li>
- * @version $Revision: 1.113 $ $Date: 2006/03/03 13:52:21 $
- * @author  $Author: abranson $
- */
-
-public class LDAPLookup
-
-{
-    private LDAPConnection mLDAPConn;
-    private final LDAPProperties mLDAPProps;
-    private final NextKeyManager mNextKeyManager;
-    private final LDAPPropertyManager mPropManager;
-    private final LDAPRoleManager mRoleManager;
-
-
-
-    /**
-     * Creates a new LDAPLookup manager with the properties supplied.
-     * This should be only done by the Gateway during initialisation.
-     *
-     * @param props The LDAP properties object that extracts LDAP connection properties from the global c2kprops
-     */
-    public LDAPLookup(LDAPProperties props) throws LDAPException
-    {
-        Logger.msg(8,"LDAPLookup - initialising.");
-
-        mLDAPProps = props;
-
-        mLDAPConn = createConnection(mLDAPProps);
-
-        Path.mGlobalPath=props.mGlobalPath;
-        Path.mRootPath=props.mRootPath;
-        Path.mLocalPath=props.mLocalPath;
-
-        ItemPath.mTypeRoot = "cn=entity,"+props.mLocalPath;
-        DomainPath.mTypeRoot = "cn=domain,"+props.mLocalPath;
-
-        mNextKeyManager = new NextKeyManager(this, "cn=last,"+ItemPath.mTypeRoot);
-        Logger.msg(7, "LDAP.useOldProps="+Gateway.getProperties().getBoolean("LDAP.useOldProps", false));
-      	mPropManager = new LDAPPropertyManager(this);
-        mRoleManager = new LDAPRoleManager(this, "cn=agent,"+DomainPath.mTypeRoot, ItemPath.mTypeRoot);
-
-    }
-
-    /**
-     * Utility method to connect to an LDAP server
-     * @param lp LDAP properties to connect with
-     * @return a novell LDAPConnection object
-     * @throws LDAPException when the connection was unsuccessful
-     */
-    public static LDAPConnection createConnection(LDAPProperties lp) throws LDAPException {
-        LDAPConnection ld = new LDAPConnection();
-
-        Logger.msg(3, "LDAPLookup - connecting to " + lp.mHost);
-        ld.connect(lp.mHost, Integer.valueOf(lp.mPort).intValue());
-
-        Logger.msg(3, "LDAPLookup - authenticating user:" + lp.mUser);
-        ld.bind( LDAPConnection.LDAP_V3, lp.mUser,
-                 String.valueOf(lp.mPassword).getBytes());
-
-        Logger.msg(3, "LDAPLookup - authentication successful");
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setMaxResults(0);
-        ld.setConstraints(searchCons);
-
-        return ld;
-    }
-
-    /**
-     * Gets the entity key generator, used to get a unique system key for new entities.
-     * @return the global NextKeyManager
-     */
-    public NextKeyManager getNextKeyManager()
-    {
-        return mNextKeyManager;
-    }
-
-    /**
-     * Gets the property manager, that is used to read and write cristal properties to the LDAP store.
-     * @return Returns the global LDAPPropertyManager.
-     */
-    public LDAPPropertyManager getPropManager() {
-        return mPropManager;
-    }
-    /**
-     * Gets the role manager, that is used to add and remove roles and agents.
-     * @return Returns the mRoleManager.
-     */
-    public LDAPRoleManager getRoleManager() {
-        return mRoleManager;
-    }
-
-    /**
-     * Returns the current LDAP connection, and attempts to reconnect if it has been closed.
-     * @return
-     */
-    protected LDAPConnection getConnection()
-    {
-        if (!mLDAPConn.isConnected()) {
-            Logger.warning("LDAPLookup - lost connection to LDAP server. Attempting to reconnect.");
-            try {
-                mLDAPConn = createConnection(mLDAPProps);
-            } catch (LDAPException ex) { }
-        }
-        return mLDAPConn;
-    }
-
-    /**
-     * Disconnects the connection with the LDAP server during shutdown
-     */
-    public void disconnect() {
-        Logger.msg(1, "LDAP Lookup: Shutting down LDAP connection.");
-        if (mLDAPConn != null) {
-            try {
-                mLDAPConn.disconnect();
-            } catch (LDAPException e) {
-                Logger.error(e);
-            }
-            mLDAPConn = null;
-        }
-    }
-
-   /**
-    * Attempts to resolve the CORBA object for a Path, either directly or through an alias.
-    * @param path the path to resolve
-    * @return the CORBA object
-    * @throws ObjectNotFoundException When the path does not exist
-    */
-    public org.omg.CORBA.Object getIOR(Path path)
-    throws ObjectNotFoundException
-    {
-        return resolveObject(path.getFullDN());
-    }
-
-    /**
-     * Attempts to resolve the CORBA object from the IOR attribute of a DN, either directly or through an alias
-     * @param dn The String dn
-     * @throws ObjectNotFoundException when the dn or aliased dn does not exist
-     */
-    private org.omg.CORBA.Object resolveObject(String dn)
-        throws ObjectNotFoundException
-    {
-        Logger.msg(8,"LDAPLookup.resolveObject("+dn+")");
-        LDAPEntry anEntry = LDAPLookupUtils.getEntry(getConnection(),dn,LDAPSearchConstraints.DEREF_NEVER);
-        if (anEntry != null)
-        {
-            String iorString;
-            try {
-                iorString = LDAPLookupUtils.getFirstAttributeValue(anEntry, "ior");
-                org.omg.CORBA.Object ior=Gateway.getORB().string_to_object(iorString);
-                if (ior!=null)
-                    return ior;
-                else
-                    throw new ObjectNotFoundException("LDAPLookup.resolveObject() - " + dn + " has no IOR", "");
-            } catch (ObjectNotFoundException ex) {
-                return resolveObject(LDAPLookupUtils.getFirstAttributeValue(anEntry,"aliasedObjectName"));
-            }
-        }
-        else
-            throw new ObjectNotFoundException("LDAPLookup.resolveObject() LDAP node " + dn + " is not in LDAP or has no IOR.", "");
-    }
-
-    /**
-     *
-     * @param domPath
-     * @return
-     * @throws InvalidItemPathException
-     * @throws ObjectNotFoundException
-     */
-    protected ItemPath resolvePath(DomainPath domPath)
-        throws InvalidItemPathException, ObjectNotFoundException {
-        ItemPath referencedPath = null;
-        LDAPEntry domEntry = LDAPLookupUtils.getEntry(getConnection(), domPath
-                .getFullDN(), LDAPSearchConstraints.DEREF_ALWAYS);
-        String entityKey = LDAPLookupUtils.getFirstAttributeValue(domEntry,
-                "intsyskey");
-        Logger.msg(7, "DomainPath " + domPath + " is a reference to "
-                + entityKey);
-        String objClass = LDAPLookupUtils.getFirstAttributeValue(domEntry,
-                "objectClass");
-        if (objClass.equals("cristalagent"))
-            referencedPath = new AgentPath(Integer.parseInt(entityKey));
-        else
-            referencedPath = new ItemPath(Integer.parseInt(entityKey));
-
-        return referencedPath;
-    }
-
-
-    public LDAPEntry add(Path path)
-        throws ObjectCannotBeUpdated, ObjectAlreadyExistsException
-    {
-        try {
-            checkLDAPContext(path);
-            LDAPAttributeSet attrSet = path.createAttributeSet();
-            LDAPEntry newEntry = new LDAPEntry(path.getFullDN(),attrSet);
-            LDAPLookupUtils.addEntry(getConnection(),newEntry);
-            if (path instanceof DomainPath)
-            	Gateway.getProxyServer().sendProxyEvent(new ProxyMessage(ProxyMessage.NA, path.toString(), ProxyMessage.ADDED));
-            return newEntry;
-        } catch (LDAPException ex) {
-            if (ex.getResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)
-                throw new ObjectAlreadyExistsException(ex.getLDAPErrorMessage(), "");
-            else
-                throw new ObjectCannotBeUpdated(ex.getLDAPErrorMessage(), "");
-        }
-     }
-
-    //deletes a node
-    //throws LDAPexception if node cannot be deleted (eg node is not a leaf)
-    public void delete(Path path) throws ObjectCannotBeUpdated
-    {
-        try {
-            LDAPLookupUtils.delete(getConnection(),path.getDN()+Path.mLocalPath);
-        } catch (LDAPException ex) {
-            throw new ObjectCannotBeUpdated(ex.getLDAPErrorMessage(), "");
-        }
-        if (path instanceof DomainPath) {
-        	Gateway.getProxyServer().sendProxyEvent(new ProxyMessage(ProxyMessage.NA, path.toString(), ProxyMessage.DELETED));
-        }
-    }
-
-	//change specs, add boolean alias leaf context
-    protected void checkLDAPContext(Path path)
-    {
-        String dn = path.getFullDN();
-        if (!LDAPLookupUtils.exists(getConnection(),dn))
-        {
-            String listDN[] = path.getPath();
-            String name = "cn="+ path.getRoot() + "," + Path.mLocalPath;
-            int i=0;
-            while (i<listDN.length-1)
-            {
-                name= "cn="+LDAPLookupUtils.escapeDN(listDN[i])+","+name;
-                if (!LDAPLookupUtils.exists(getConnection(),name))
-                {
-                    try
-                    {
-                        //create cristalcontext
-                        Logger.msg(8,"LDAPLookup::addLDAPContext() context added " + name);
-                        LDAPLookupUtils.createCristalContext(getConnection(), name);
-                    }
-                    catch (Exception ex)
-                    {
-                        Logger.error("LDAPLookup::addContext() " + ex);
-                    }
-                }
-                i++;
-            }
-        }
-    }
-    public void createBootTree()
-    {
-        Logger.msg(8,"Initializing LDAP Boot tree");
-
-        //create org
-        LDAPLookupUtils.createOrganizationContext(getConnection(), Path.mGlobalPath);
-        //create root
-        LDAPLookupUtils.createCristalContext(getConnection(), Path.mRootPath);
-        //create local
-        LDAPLookupUtils.createCristalContext(getConnection(), Path.mLocalPath);
-    }
-
-    public void install() throws ObjectNotFoundException
-    {
-        createBootTree();
-        initTree( Gateway.getResource().getTextResource(null, "boot/LDAPboot.txt"));
-    }
-
-    public void initTree(String bootFile)
-    {
-        Logger.msg(8,"Verifying Cristal LDAP roots");
-        StringTokenizer strTokenizer = new StringTokenizer(bootFile, "\n\r");
-        while (strTokenizer.hasMoreTokens())
-        {
-            String line = strTokenizer.nextToken();
-            Logger.msg(8,"Checking " + line+Path.mLocalPath);
-            LDAPLookupUtils.createCristalContext(getConnection(), line+Path.mLocalPath);
-        }
-
-    }
-
- 	//typically search for cn=barcode
-    public LDAPPathSet search(Path start, String filter)
-    {
-    	Logger.msg(8,"LDAPLookup::search() From " + start.getDN() + " for cn=" + filter );
-        return search(start.getFullDN(),"cn="+LDAPLookupUtils.escapeSearchFilter(filter));
-    }
-    
-    public LDAPPathSet search(Path start, String propname, String propvalue)
-    {
-    	String val = propname+":"+propvalue;
-    	Logger.msg(8,"LDAPLookup::search() From " + start.getDN() + " for cristalprop=" + val );
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_SEARCHING);
-        return search(start.getFullDN(),LDAPConnection.SCOPE_SUB,"cristalprop="+LDAPLookupUtils.escapeSearchFilter(val),searchCons);
-    }
-    
-    public LDAPPathSet search(Path start, PropertyDescriptionList props) {
-    	StringBuffer query = new StringBuffer();
-    	int propCount = 0;
-    	for (PropertyDescription propDesc: props.list) {
-    		if (propDesc.getIsClassIdentifier()) {
-    			String thisProp = LDAPLookupUtils.escapeSearchFilter(propDesc.getName()+(":")+propDesc.getDefaultValue());
-    			query.append("(cristalprop=").append(thisProp).append(")");
-    			propCount++;
-    		}
-    	}
-    	LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_SEARCHING);
-        if (propCount == 0)
-        	return search(start.getFullDN(),LDAPConnection.SCOPE_SUB,"objectClass=cristalentity",searchCons);
-        else if (propCount == 1)
-        	return search(start.getFullDN(),LDAPConnection.SCOPE_SUB,query.toString(),searchCons);
-        else
-        	return search(start.getFullDN(),LDAPConnection.SCOPE_SUB,"(&"+query.toString()+")",searchCons);
-    }
-    
-    protected LDAPPathSet search(String startDN, int scope, String filter, LDAPSearchConstraints searchCons)
-    {
-        Logger.msg(8,"Searching for "+filter+" in "+startDN);
-        searchCons.setMaxResults(0);
-        String[] attr = { LDAPConnection.ALL_USER_ATTRS };
-        try
-        {
-            LDAPSearchResults res = getConnection().search(startDN, scope,
-            		filter,attr,false,searchCons);
-            return new LDAPPathSet(res);
-        }
-        catch (LDAPException ex)
-        {
-            Logger.error("LDAPException::LDAPLookup::search() " + ex.toString());
-            return new LDAPPathSet();
-        }
-    }
-    //typically search for (any filter combination)
-    public LDAPPathSet search(String startDN,String filter)
-    {
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
-        return search(startDN,LDAPConnection.SCOPE_SUB,filter,searchCons);
-    }
-
-    public LDAPPathSet searchEntities(Path start) {
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_SEARCHING);
-        return search(start.getFullDN(), LDAPConnection.SCOPE_SUB, "objectClass=cristalentity", searchCons);
-    }
-
-    public LDAPPathSet searchAliases(DomainPath start) {
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
-        return search(start.getFullDN(), LDAPConnection.SCOPE_SUB, "objectClass=aliasObject", searchCons);
-    }
-    
-    public LDAPPathSet searchAliases(ItemPath entity) {
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
-        return search(new DomainPath().getFullDN(), LDAPConnection.SCOPE_SUB, "(&(objectClass=aliasObject)(aliasedObjectName="+
-        LDAPLookupUtils.escapeDN(entity.getFullDN())+"))", searchCons);
-    }
-
-    public boolean exists(Path path) {
-        return LDAPLookupUtils.exists(getConnection(), path.getFullDN());
-    }
-
-    public Class<?> getEntityClass(Path path) throws ObjectNotFoundException {
-        String[] attr = { LDAPConnection.ALL_USER_ATTRS };
-        try {
-            LDAPEntry anEntry=getConnection().read(path.getDN()+Path.mLocalPath,attr);
-            String type = LDAPLookupUtils.getFirstAttributeValue(anEntry, "objectClass");
-            if (type.equals("cristalentity"))
-                return TraceableEntity.class;
-            else if (type.equals("cristalagent"))
-                return ActiveEntity.class;
-            else
-                throw new ObjectNotFoundException("Not an entity", "");
-
-        } catch (LDAPException ex) {
-            if (ex.getResultCode() == LDAPException.NO_SUCH_OBJECT)
-                throw new ObjectNotFoundException("Entity does not exist", "");
-            Logger.error(ex);
-            throw new ObjectNotFoundException("Error getting entity class", "");
-        }
-    }
-
-    /** converts an LDAPentry to a Path object
-     *  Note that the search producing the entry should have retrieved the attrs
-     *  'ior' and 'uniquemember'
-     * @throws ObjectNotFoundException
-     * @throws ObjectNotFoundException
-     */
-    protected Path nodeToPath(LDAPEntry entry) throws InvalidItemPathException, ObjectNotFoundException
-    {
-        String dn = entry.getDN();
-
-        // extract syskey
-        int entityKey = -1;
-        try {
-            String entityKeyStr = LDAPLookupUtils.getFirstAttributeValue(entry,"intsyskey");
-            entityKey = Integer.parseInt(entityKeyStr);
-        } catch (Exception e) { }
-
-        // extract IOR
-        org.omg.CORBA.Object ior = null;
-        try {
-            String stringIOR = LDAPLookupUtils.getFirstAttributeValue(entry,"ior");
-            ior = Gateway.getORB().string_to_object(stringIOR);
-        } catch (ObjectNotFoundException e2) { }
-
-        /* Find the right path class */
-        Path thisPath;
-        if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalagent"))
-        { //cristalagent
-            String agentID = LDAPLookupUtils.getFirstAttributeValue(entry,"uid");
-            thisPath = new AgentPath(entityKey, agentID);
-        }
-
-        else if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalrole"))
-        { //cristalrole
-            thisPath = new RolePath(LDAPDN.explodeDN(dn,true)[0],
-                    LDAPLookupUtils.getFirstAttributeValue(entry, "jobList").equals("TRUE"));
-        }
-        else if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","aliasObject") ||
-                (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalcontext") && dn.endsWith(DomainPath.mTypeRoot)))
-        {
-            DomainPath domainPath = new DomainPath();
-            domainPath.setDN(dn);
-            thisPath = domainPath;
-        }
-        else if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalentity") ||
-                (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalcontext") && dn.endsWith(ItemPath.mTypeRoot)))
-        {
-            if(dn.endsWith(ItemPath.mTypeRoot)) {
-                ItemPath entityPath;
-                if (entityKey != -1)
-                    entityPath = new ItemPath(entityKey);
-                else {
-                    entityPath = new ItemPath();
-                    entityPath.setDN(dn);
-                }
-                thisPath = entityPath;
-            }
-            else
-                throw new ObjectNotFoundException("Entity found outside entity tree");
-        }
-        else
-        {
-			throw new ObjectNotFoundException("Unrecognised LDAP entry. Not a cristal entry");
-        }
-
-        //set IOR if we have one
-        if (ior!=null) thisPath.setIOR(ior);
-        return thisPath;
-    }
-}
diff --git a/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java b/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java
deleted file mode 100644
index 0964565..0000000
--- a/src/main/java/com/c2kernel/lookup/LDAPLookupUtils.java
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Lookup helper class.
- */
-
-package com.c2kernel.lookup;
-
-//import netscape.ldap.*;
-//import netscape.ldap.util.*;
-import com.c2kernel.common.ObjectAlreadyExistsException;
-import com.c2kernel.common.ObjectCannotBeUpdated;
-import com.c2kernel.common.ObjectNotFoundException;
-import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPAttribute;
-import com.novell.ldap.LDAPAttributeSet;
-import com.novell.ldap.LDAPConnection;
-import com.novell.ldap.LDAPDN;
-import com.novell.ldap.LDAPEntry;
-import com.novell.ldap.LDAPException;
-import com.novell.ldap.LDAPModification;
-import com.novell.ldap.LDAPSearchConstraints;
-import com.novell.ldap.LDAPSearchResults;
-
-/**
- * @version $Revision: 1.74 $ $Date: 2006/03/03 13:52:21 $
- * @author  $Author: abranson $
- */
-
-final public class LDAPLookupUtils
-{
-    static final char[] META_CHARS = {'+', '=', '"', ',', '<', '>', ';', '/'};
-    static final String[] META_ESCAPED = {"2B", "3D", "22", "2C", "3C", "3E", "3B", "2F"};
-    static public LDAPEntry getEntry(LDAPConnection ld, String dn,int dereference)
-        throws ObjectNotFoundException
-    {
-        try {
-			LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-	        searchCons.setBatchSize(0);
-    	    searchCons.setDereference(dereference);
-            LDAPEntry thisEntry = ld.read(dn,searchCons);
-            if (thisEntry != null) return thisEntry;
-        } catch (LDAPException ex) {
-            throw new ObjectNotFoundException("LDAP Exception: "+ex.getMessage(), "");
-        }
-        throw new ObjectNotFoundException(dn+" does not exist", "");
-
-    }
-
-    //Given a DN, return an LDAP Entry
-    static public LDAPEntry getEntry(LDAPConnection ld, String dn)
-        throws ObjectNotFoundException
-    {
-        return getEntry(ld, dn, LDAPSearchConstraints.DEREF_NEVER);
-    }
-
-    static public String getFirstAttributeValue(LDAPEntry anEntry, String attribute) throws ObjectNotFoundException
-    {
-        LDAPAttribute attr = anEntry.getAttribute(attribute);
-        if (attr==null)
-            throw new ObjectNotFoundException("No attributes named '"+attribute+"'", "");
-        return (String)attr.getStringValues().nextElement();
-    }
-
-    static public String[] getAllAttributeValues(LDAPEntry anEntry, String attribute) throws ObjectNotFoundException
-    {
-        LDAPAttribute attr = anEntry.getAttribute(attribute);
-        if (attr!=null)
-            return attr.getStringValueArray();
-
-        throw new ObjectNotFoundException("No attributes named '"+attribute+"'", "");
-
-    }
-
-    static public boolean existsAttributeValue(LDAPEntry anEntry, String attribute, String value)
-    {
-        LDAPAttribute attr = anEntry.getAttribute(attribute);
-        if (attr!=null)
-        {
-            String[] attrValues = new String[attr.size()];
-            attrValues = attr.getStringValueArray();
-            for (int i=0;i<attr.size();i++)
-                if (attrValues[i].equalsIgnoreCase(value))
-                    return true;
-        }
-        return false;
-    }
-	static public boolean hasOneAttributeValue(LDAPEntry anEntry, String attribute) throws ObjectNotFoundException
-	{
-		int j =0;
-		LDAPAttribute attr = anEntry.getAttribute(attribute);
-		if (attr==null)
-            throw new ObjectNotFoundException("No attributes named '"+attribute+"'", "");
-		j=attr.size();
-		return j==1;
-	}
-
-	//this is for a single-valued attribute
-    static public void setAttributeValue(LDAPConnection ld, LDAPEntry anEntry, String attribute, String newValue)
-    throws ObjectNotFoundException, ObjectCannotBeUpdated
-    {
-        try {
-            if (!hasOneAttributeValue(anEntry, attribute))
-                throw new ObjectCannotBeUpdated("Attribute "+attribute + " of entry " + anEntry.getDN()+" has more than one value", "");
-        } catch (ObjectNotFoundException ex) {
-            addAttributeValue(ld, anEntry, attribute, newValue);
-        }
-        try
-        {
-       		ld.modify(anEntry.getDN(),new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute(attribute,newValue)));
-        }
-        catch (LDAPException ex)
-        {
-            Logger.error(ex);
-            throw new ObjectCannotBeUpdated("Attribute " + attribute + " of entry " + anEntry.getDN() + " could not be modified", "");
-        }
-    }
-
-
-	//this is for a multi-valued attribute eg uniqueMember
-    static public void addAttributeValue(LDAPConnection ld, LDAPEntry anEntry, String attribute, String value)
-    throws ObjectCannotBeUpdated
-    {
-        try
-        {
-            ld.modify(anEntry.getDN(),new LDAPModification(LDAPModification.ADD, new LDAPAttribute(attribute,value)));
-        }
-        catch (LDAPException ex)
-        {
-            Logger.error(ex);
-            throw new ObjectCannotBeUpdated("Attribute " + attribute + " of entry " + anEntry.getDN() + " could not be added.", "");
-        }
-    }
-
-    //this is for a multi-valued attribute eg uniqueMember
-    static public void removeAttributeValue(LDAPConnection ld, LDAPEntry anEntry, String attribute, String value)
-    throws ObjectCannotBeUpdated
-    {
-            try
-            {
-       			ld.modify(anEntry.getDN(),new LDAPModification(LDAPModification.DELETE,new LDAPAttribute(attribute,value)));
-			}
-            catch (LDAPException ex)
-            {
-                Logger.error(ex);
-                throw new ObjectCannotBeUpdated("Attribute " + attribute + " of entry " + anEntry.getDN() + " could not be deleted", "");
-            }
-    }
-
-    static public boolean exists(LDAPConnection ld, String name)
-    {
-        try {
-            String[] attr = { LDAPConnection.NO_ATTRS };
-            LDAPEntry anEntry=ld.read(name,attr);
-            if (anEntry!=null)
-                return true;
-        } catch (LDAPException ex)
-        {
-            Logger.debug(9, "LDAPLookupUtils.exists("+name+": "+ex.getMessage());
-            return false;
-        }
-        return false;
-    }
-
-    static public void addEntry(LDAPConnection ld,LDAPEntry myEntry)
-    throws ObjectAlreadyExistsException, LDAPException
-    {
-        try
-        {
-            ld.add( myEntry );
-        }
-        catch( LDAPException ex ) {
-            if (ex.getResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)
-                throw new ObjectAlreadyExistsException("Entry already present." + myEntry.getDN(), "");
-            throw ex;
-        }
-    }
-
-    static public boolean hasChildren(LDAPConnection ld, String dn, String filter)
-    {
-        String[] attr = { LDAPConnection.NO_ATTRS };
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
-
-        try
-        {
-            LDAPSearchResults res = ld.search(dn,LDAPConnection.SCOPE_ONE,filter,attr,false,searchCons);
-            if (res.hasMore())
-                return true;
-        }
-        catch (LDAPException ex)
-        {
-            Logger.error(ex);
-        }
-        return false;
-    }
-
-    //returns list of dns
-    static public String[] getChildrenDNs(LDAPConnection ld, String dn, String filter)
-    {
-        String[] result = null;
-        String[] attr = { LDAPConnection.NO_ATTRS };
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
-
-        try
-        {
-            LDAPSearchResults res = ld.search(dn,LDAPConnection.SCOPE_ONE,filter,attr,false,searchCons);
-            result = new String[res.getCount()];
-            int i=0;
-            while (res.hasMore())
-            {
-                LDAPEntry findEntry=res.next();
-                if (findEntry!=null)
-                {
-                    result[i++] = new String(findEntry.getDN());
-                }
-            }
-        }
-        catch (Exception ex)
-        {
-            Logger.error(ex);
-        }
-        return result;
-    }
-
-    static public void delete(LDAPConnection ld, String dn)
-    throws LDAPException
-    {
-        try
-        {
-            Logger.msg(7, "LDAPLookupUtils.delete() - "+dn);
-            ld.delete(dn);
-        }
-        catch (LDAPException ex)
-        {
-            Logger.error("LDAPLookupUtils.remove() - Cannot remove "+dn+": " + ex.getMessage());
-            throw ex;
-        }
-    }
-
-    //param dn is the DN of the name
-    //param name is the name of the node (also the RDN)
-    //example: cn=lab27,o=cern.ch  lab27
-    //example: cn=product, cn=domain, cn=lab27, cn= cristal2, o=cern.ch  product
-    static public void createCristalContext(LDAPConnection ld, String dn)
-    {
-    	if (LDAPLookupUtils.exists(ld,dn))
-    		return;
-        try
-        {
-            String name = LDAPDN.explodeDN(dn,true)[0];
-            LDAPAttributeSet attrs = new LDAPAttributeSet();
-            attrs.add(new LDAPAttribute("cn",name));
-            String objectclass_values[] = new String[1];
-            objectclass_values[0] = "cristalcontext";
-            if (name.equals("last"))
-            	attrs.add(new LDAPAttribute("intsyskey", "0"));
-
-    		attrs.add(new LDAPAttribute("objectclass",objectclass_values));
-
-            LDAPLookupUtils.addEntry(ld,new LDAPEntry(dn,attrs));
-        }
-        catch (Exception ex)
-        {
-            Logger.error("LDAPLookupUtils.createCristalContext() " + ex.toString());
-        }
-    }
-
-    static public void createOrganizationContext(LDAPConnection ld, String dn)
-    {
-    	if (LDAPLookupUtils.exists(ld,dn))
-    		return;
-
-        try
-        {
-            String name = LDAPDN.explodeDN(dn,true)[0];
-            LDAPAttributeSet attrs = new LDAPAttributeSet();
-            //No idea why this worked, or why it suddenly stopped working when we moved to maven
-            //attrs.add(new LDAPAttribute("objectclass","top"));
-            attrs.add(new LDAPAttribute("objectclass","organization"));
-            attrs.add(new LDAPAttribute("o",name));
-            LDAPLookupUtils.addEntry(ld,new LDAPEntry(dn,attrs));
-        }
-        catch (Exception ex)
-        {
-            Logger.msg(ex.toString());
-        }
-    }
-    
-    public static String escapeDN (String name) {
-        //From RFC 2253 and the / character for JNDI
-        
-        String escapedStr = new String(name);
-
-        //Backslash is both a Java and an LDAP escape character, so escape it first
-        escapedStr = escapedStr.replaceAll("\\\\","\\\\");
-
-        //Positional characters - see RFC 2253
-        escapedStr = escapedStr.replaceAll("^#","\\\\23");  // TODO: active directory requires hash to be escaped everywhere
-        escapedStr = escapedStr.replaceAll("^ | $","\\\\20");
-
-        for (int i=0; i<META_CHARS.length; i++) {
-            escapedStr = escapedStr.replaceAll("\\"+META_CHARS[i],"\\\\"+ META_ESCAPED[i]);
-        }
-        if (!name.equals(escapedStr)) Logger.msg(3, "LDAP DN "+name+" escaped to "+escapedStr);
-        return escapedStr;
-    }
-    
-    public static String unescapeDN (String dn) {
-        //From RFC 2253 and the / character for JNDI
-        String unescapedStr = new String(dn);
-
-        //Positional characters - see RFC 2253
-        unescapedStr = unescapedStr.replaceAll("^\\\\23", "#");  // TODO: active directory requires hash to be escaped everywhere
-        unescapedStr = unescapedStr.replaceAll("^\\\\20|\\\\20$", " ");
-
-        for (int i=0; i<META_CHARS.length; i++) {
-        	unescapedStr = unescapedStr.replaceAll("\\\\" + META_ESCAPED[i], ""+META_CHARS[i]);
-        }
-
-        //Any remaining escaped backslashes
-        unescapedStr = unescapedStr.replaceAll("\\\\","\\");
-        
-        if (!dn.equals(unescapedStr)) Logger.msg(3, "LDAP DN "+dn+" unescaped to "+unescapedStr);
-        return unescapedStr;
-    }
-
-    public static String escapeSearchFilter (String filter) {
-        //From RFC 2254
-        String escapedStr = new String(filter);
-
-        escapedStr = escapedStr.replaceAll("\\\\","\\\\5c");
-        //escapedStr = escapedStr.replaceAll("\\*","\\\\2a"); // we need stars for searching
-        escapedStr = escapedStr.replaceAll("\\(","\\\\28");
-        escapedStr = escapedStr.replaceAll("\\)","\\\\29");
-        if (!filter.equals(escapedStr)) Logger.msg(3, "LDAP Search Filter "+filter+" escaped to "+escapedStr);
-        return escapedStr;
-    }
-}
diff --git a/src/main/java/com/c2kernel/lookup/LDAPPathSet.java b/src/main/java/com/c2kernel/lookup/LDAPPathSet.java
deleted file mode 100644
index d3cf7d9..0000000
--- a/src/main/java/com/c2kernel/lookup/LDAPPathSet.java
+++ /dev/null
@@ -1,72 +0,0 @@
-package com.c2kernel.lookup;
-
-import java.util.Enumeration;
-
-import com.c2kernel.process.Gateway;
-import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPEntry;
-import com.novell.ldap.LDAPException;
-import com.novell.ldap.LDAPSearchResults;
-
-/**************************************************************************
- *
- * $Revision: 1.6 $
- * $Date: 2005/12/01 14:23:14 $
- *
- * Copyright (C) 2003 CERN - European Organization for Nuclear Research
- * All rights reserved.
- **************************************************************************/
-
-
-
-public class LDAPPathSet implements Enumeration<Path> {
-    LDAPSearchResults results;
-    LDAPEntry nextEntry;
-
-    public LDAPPathSet() { // empty
-        results = null;
-    }
-
-    public LDAPPathSet(LDAPSearchResults results) {
-        this.results = results;
-    }
-
-    @Override
-	public boolean hasMoreElements() {
-        if (results == null) return false;
-        if (nextEntry != null) return true;
-        if (results.hasMore())
-        try {
-            nextEntry = results.next();
-            return true;
-        } catch (LDAPException ex) {
-        	if (ex.getResultCode()!=32) {// no results
-        		Logger.error(ex);
-        		Logger.error("Error loading LDAP result set: "+ex.getMessage());
-        	}
-        }
-        return false;
-    }
-
-    @Override
-	public Path nextElement() {
-        if (results == null) return null;
-        try {
-            if (nextEntry == null)
-                nextEntry = results.next();
-            Path nextPath = Gateway.getLDAPLookup().nodeToPath(nextEntry);
-            nextEntry = null;
-            return nextPath;
-        } catch (Exception ex) {
-            Logger.error("Error loading next path");
-            Logger.error(ex);
-            nextEntry = null;
-            if (hasMoreElements()) {
-                Logger.error("Skipping to next entry");
-                return nextElement();
-            }
-            else
-                return null;
-        }
-    }
-}
diff --git a/src/main/java/com/c2kernel/lookup/LDAPProperties.java b/src/main/java/com/c2kernel/lookup/LDAPProperties.java
deleted file mode 100644
index df0b85d..0000000
--- a/src/main/java/com/c2kernel/lookup/LDAPProperties.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Directory Lookup Service
-*/
-
-package com.c2kernel.lookup;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import com.c2kernel.process.Gateway;
-
-/**
- * @version $Revision: 1.16 $ $Date: 2005/10/12 12:51:54 $
- * @author  $Author: abranson $
- */
-public class LDAPProperties
-{
-    public String mGlobalPath = null;     //o=cern.ch
-    public String mRootPath = null;     //cn=cristal2
-    public String mLocalPath = null;    //cn=lab27
-    public Integer mPort = null;
-    public String mHost = null;
-    public String mUser = null;
-    public String mPassword = null;
-    public static String mGeneratedPassword = null;
-    public String mDbPath = null;
-
-    public LDAPProperties()
-    {
-        mGlobalPath   = Gateway.getProperties().getProperty( "LDAP.GlobalPath" );
-        mRootPath     = Gateway.getProperties().getProperty( "LDAP.RootPath" );
-        mLocalPath    = Gateway.getProperties().getProperty( "LDAP.LocalPath" );
-        mPort         = Gateway.getProperties().getInt( "LDAP.port", 389 );
-        mHost         = Gateway.getProperties().getProperty( "LDAP.host" );
-        mUser         = Gateway.getProperties().getProperty( "LDAP.user" );
-        mPassword     = Gateway.getProperties().getProperty( "LDAP.password" );
-
-        mRootPath    += "," + mGlobalPath;
-        mLocalPath   += "," + mRootPath;
-
-    }
-    
-
-    public void generateRootPassword() {
-    	if (mPassword == null) {
-    		if (mGeneratedPassword == null) {
-    	    	SecureRandom random = new SecureRandom();
-    	    	mGeneratedPassword = new BigInteger(130, random).toString(32);
-    		}
-    		mPassword = mGeneratedPassword;
-    	}
-    }
-}
-
diff --git a/src/main/java/com/c2kernel/lookup/LDAPPropertyManager.java b/src/main/java/com/c2kernel/lookup/LDAPPropertyManager.java
deleted file mode 100644
index 51b9ded..0000000
--- a/src/main/java/com/c2kernel/lookup/LDAPPropertyManager.java
+++ /dev/null
@@ -1,138 +0,0 @@
-package com.c2kernel.lookup;
-
-import java.util.ArrayList;
-import java.util.Enumeration;
-
-import com.c2kernel.common.ObjectCannotBeUpdated;
-import com.c2kernel.common.ObjectNotFoundException;
-import com.c2kernel.property.Property;
-import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPAttribute;
-import com.novell.ldap.LDAPEntry;
-
-/**************************************************************************
- *
- * $Revision: 1.3 $
- * $Date: 2006/03/03 13:52:21 $
- *
- * Copyright (C) 2003 CERN - European Organization for Nuclear Research
- * All rights reserved.
- **************************************************************************/
-
-public class LDAPPropertyManager {
-    /**
-     *
-     */
-    protected LDAPLookup ldap;
-
-    public LDAPPropertyManager(LDAPLookup ldap) {
-        super();
-        this.ldap = ldap;
-    }
-
-    /**
-     * @param thisEntity - EntityPath of the subject entity
-     * @return
-     * @throws ObjectNotFoundException
-     */
-    public boolean hasProperties(ItemPath thisEntity) throws ObjectNotFoundException {
-    	LDAPEntry entityEntry = LDAPLookupUtils.getEntry(ldap.getConnection(), thisEntity.getFullDN());
-    	return entityEntry.getAttribute("cristalprop") != null;
-    }
-
-    /**
-     * @param thisEntity - EntityPath of the subject entity
-     * @return array of Property
-     * @throws ObjectNotFoundException
-     */
-    public String[] getPropertyNames(ItemPath thisEntity) throws ObjectNotFoundException {
-        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(ldap.getConnection(), thisEntity.getFullDN());
-        ArrayList<String> propbag = new ArrayList<String>();
-        LDAPAttribute props = entityEntry.getAttribute("cristalprop");
-        for (Enumeration<?> e = props.getStringValues(); e.hasMoreElements();) {
-            String thisProp = (String)e.nextElement();
-            String thisName = thisProp.substring(0, thisProp.indexOf(':'));
-            if (thisName.startsWith("!") && thisName.length()>1) thisName = thisName.substring(1);
-            propbag.add(thisName);
-        }
-
-        String[] retArr = new String[props.size()];
-        return propbag.toArray(retArr);
-    }
-
-    /**
-     * @param thisEntity - EntityPath of the subject entity
-     * @param propName - the name of the property to retrieve
-     * @return The Property object
-     * @throws ObjectNotFoundException
-     */
-    public Property getProperty(ItemPath thisEntity, String name) throws ObjectNotFoundException {
-        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(ldap.getConnection(), thisEntity.getFullDN());
-        return getProperty(entityEntry, name);
-    }
-
-    /**
-     * @param thisEntity - EntityPath of the subject entity
-     * @param name - the property name to delete
-     * @throws ObjectNotFoundException
-     * @throws ObjectCannotBeUpdated
-     */
-    public void deleteProperty(ItemPath thisEntity, String name) throws ObjectNotFoundException, ObjectCannotBeUpdated {
-        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(ldap.getConnection(), thisEntity.getFullDN());
-        Property prop = getProperty(entityEntry, name);
-        Logger.msg(6, "LDAPLookupUtils.deleteProperty("+name+") - Deleting property");
-        LDAPLookupUtils.removeAttributeValue(ldap.getConnection(), entityEntry, "cristalprop", getPropertyAttrValue(prop));
-    }
-    
-    private static String getPropertyAttrValue(Property prop) {
-    	return (prop.isMutable()?"":"!")+prop.getName()+":"+prop.getValue();
-    }
-
-    /**
-     * @param thisEntity - EntityPath of the subject entity
-     * @param prop - the property to store
-     * @throws ObjectNotFoundException
-     * @throws ObjectCannotBeUpdated
-     */
-    public void setProperty(ItemPath thisEntity, Property prop) throws ObjectNotFoundException, ObjectCannotBeUpdated {
-        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(ldap.getConnection(), thisEntity.getFullDN());
-        try {
-        	Property oldProp = getProperty(entityEntry, prop.getName());
-            Logger.msg(6, "LDAPLookupUtils.setProperty("+prop.getName()+") - Removing old value '"+oldProp.getValue()+"'");
-            LDAPLookupUtils.removeAttributeValue(ldap.getConnection(), entityEntry, "cristalprop", getPropertyAttrValue(oldProp));
-        } catch (ObjectNotFoundException ex) {
-            Logger.msg(6, "LDAPLookupUtils.setProperty("+prop.getName()+") - creating new property.");
-        }
-        Logger.msg(6, "LDAPLookupUtils.setProperty("+prop.getName()+") - setting to '"+prop.getValue()+"'");
-        LDAPLookupUtils.addAttributeValue(ldap.getConnection(), entityEntry, "cristalprop", getPropertyAttrValue(prop));
-    }
-
-    public static Property getProperty(LDAPEntry myEntry, String propName) throws ObjectNotFoundException {
-        // delete existing props
-        LDAPAttribute props = myEntry.getAttribute("cristalprop");
-        if (props == null)
-            throw new ObjectNotFoundException("Property "+propName+" does not exist", "");
-        String propPrefix = propName+":";
-        String roPropPrefix = "!"+propPrefix;
-        String val = null, name = null; boolean mutable = false;
-        for (Enumeration<?> e = props.getStringValues(); name==null && e.hasMoreElements();) {
-            String attrVal = (String)e.nextElement();
-            if (attrVal.toLowerCase().startsWith(propPrefix.toLowerCase())) {
-            	name = attrVal.substring(0, propPrefix.length()-1);
-                val = attrVal.substring(propPrefix.length());
-                mutable = true; break;
-            }
-            
-            if (attrVal.toLowerCase().startsWith(roPropPrefix.toLowerCase())) {
-            	name = attrVal.substring(1, roPropPrefix.length()-1);
-                val = attrVal.substring(roPropPrefix.length());
-                mutable = false; break;
-            }
-        }
-        if (name == null) 
-        	throw new ObjectNotFoundException("Property "+propName+" does not exist", "");
-        Logger.msg(6, "Loaded "+(mutable?"":"Non-")+"Mutable Property: "+name+"="+val);
-        return new Property(name, val, mutable);
-    }
-
-}
diff --git a/src/main/java/com/c2kernel/lookup/LDAPRoleManager.java b/src/main/java/com/c2kernel/lookup/LDAPRoleManager.java
deleted file mode 100644
index 091f6d7..0000000
--- a/src/main/java/com/c2kernel/lookup/LDAPRoleManager.java
+++ /dev/null
@@ -1,224 +0,0 @@
-package com.c2kernel.lookup;
-
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-
-import com.c2kernel.common.ObjectAlreadyExistsException;
-import com.c2kernel.common.ObjectCannotBeUpdated;
-import com.c2kernel.common.ObjectNotFoundException;
-import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPConnection;
-import com.novell.ldap.LDAPEntry;
-import com.novell.ldap.LDAPException;
-import com.novell.ldap.LDAPSearchConstraints;
-
-/**************************************************************************
- *
- * $Revision: 1.1 $
- * $Date: 2005/04/26 06:48:12 $
- *
- * Copyright (C) 2003 CERN - European Organization for Nuclear Research
- * All rights reserved.
- **************************************************************************/
-
-//    public static final String codeRevision = "$Revision: 1.1 $ $Date: 2005/04/26 06:48:12 $ $Author: abranson $";
-public class LDAPRoleManager {
-
-    /**
-     *
-     */
-    LDAPLookup mLdap;
-    private final String mRolePath;
-    private final String mEntityPath;
-
-    public LDAPRoleManager(LDAPLookup ldap, String rolePath, String entityPath) {
-        super();
-        this.mLdap = ldap;
-        this.mRolePath = rolePath;
-        this.mEntityPath = entityPath;
-    }
-
-    //NOTE: A role must have at LEAST 1 userDN, cannot be empty...
-    //Creates a cristalRole
-    //CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
-    public RolePath createRole(String roleName, boolean jobList)
-        throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
-    {
-
-        // create the role
-    	RolePath rolePath = new RolePath(roleName, jobList);
-    	String roleDN = rolePath.getFullDN();
-        LDAPEntry roleNode;
-        try
-        {
-        	roleNode = LDAPLookupUtils.getEntry(mLdap.getConnection(), rolePath.getFullDN());
-            throw new ObjectAlreadyExistsException();
-        } catch (ObjectNotFoundException ex) { }
-
-        //create CristalRole if it does not exist
-        roleNode = new LDAPEntry(roleDN, rolePath.createAttributeSet());
-        try {
-            LDAPLookupUtils.addEntry(mLdap.getConnection(),roleNode);
-        } catch (LDAPException e) {
-            throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
-        }
-        return rolePath;
-
-
-    }
-    public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
-        try {
-            LDAPLookupUtils.delete(mLdap.getConnection(), role.getFullDN());
-        } catch (LDAPException ex) {
-            throw new ObjectCannotBeUpdated("Could not remove role");
-        }
-    }
-
-    protected void addRole(AgentPath agent, RolePath role)
-            throws ObjectCannotBeUpdated, ObjectNotFoundException
-    {
-        LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
-        //add memberDN to uniqueMember if it is not yet a member
-        if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
-            LDAPLookupUtils.addAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
-        else
-            throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
-    }
-
-    protected void removeRole(AgentPath agent, RolePath role)
-        throws ObjectCannotBeUpdated, ObjectNotFoundException
-    {
-    	LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
-    	if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
-   			LDAPLookupUtils.removeAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
-    	else
-    		throw new ObjectCannotBeUpdated("Agent did not have that role");
-    }
-
-    protected boolean hasRole(AgentPath agent, RolePath role) {
-        String filter = "(&(objectclass=cristalrole)(uniqueMember="+agent.getFullDN()+")(cn="+role.getName()+"))";
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
-        return mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons).hasMoreElements();
-    }
-
-    protected AgentPath[] getAgents(RolePath role)
-        throws ObjectNotFoundException
-    {
-    	//get the roleDN entry, and its uniqueMember entry pointing to
-    	LDAPEntry roleEntry;
-        try {
-            roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
-        } catch (ObjectNotFoundException e) {
-            throw new ObjectNotFoundException("Role does not exist", "");
-        }
-
-    	String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
-    	ArrayList<AgentPath> agents = new ArrayList<AgentPath>();
-    	for (String userDN : res) {
-    		try {
-    			LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), userDN);
-    		    AgentPath path = (AgentPath)mLdap.nodeToPath(userEntry);
-                agents.add(path);
-    		} catch (ObjectNotFoundException ex) {
-                Logger.error("Agent "+userDN+" does not exist");
-    		} catch (InvalidItemPathException ex) {
-                Logger.error("Agent "+userDN+" is not a valid entity");
-    		}
-    	}
-        AgentPath[] usersList = new AgentPath[0];
-        usersList = agents.toArray(usersList);
-    	return usersList;
-    }
-
-    //returns the role/s of a user
-    protected RolePath[] getRoles(AgentPath agentPath)
-    {
-    	//search the mDomainPath tree uniqueMember=userDN
-    	//filter = objectclass=cristalrole AND uniqueMember=userDN
-        String filter = "(&(objectclass=cristalrole)(uniqueMember="+agentPath.getFullDN()+"))";
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
-    	Enumeration<?> roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
-        ArrayList<RolePath> roleList = new ArrayList<RolePath>();
-
-    	while(roles.hasMoreElements())
-    	{
-            RolePath path = (RolePath) roles.nextElement();
-   			roleList.add(path);
-    	}
-        RolePath[] roleArr = new RolePath[roleList.size()];
-        roleArr = roleList.toArray(roleArr);
-        return roleArr;
-    }
-
-    /**
-     * Utility for looking up a login name
-     *
-     * @param ld
-     * @param agentName
-     * @param baseDN
-     * @return
-     * @throws ObjectNotFoundException
-     */
-    public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
-    {
-        //search to get the userDN equivalent of the userID
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
-        String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";
-        Enumeration<Path> res = mLdap.search(mEntityPath,LDAPConnection.SCOPE_SUB,filter,searchCons);
-        if (!res.hasMoreElements())
-            throw new ObjectNotFoundException("Agent not found");
-        Path result = res.nextElement();
-        if (result instanceof AgentPath)
-            return (AgentPath)result;
-        else
-            throw new ObjectNotFoundException("Entry was not an Agent");
-    }
-
-    public RolePath getRolePath(String roleName) throws ObjectNotFoundException
-    {
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(0);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
-        String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";
-		Enumeration<Path> res = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
-		if (!res.hasMoreElements())
-            throw new ObjectNotFoundException("Role not found");
-        Path result = res.nextElement();
-        if (result instanceof RolePath)
-            return (RolePath)result;
-        else
-            throw new ObjectNotFoundException("Entry was not a Role");
-    }
-
-	public void setHasJobList(RolePath role, boolean hasJobList) throws ObjectNotFoundException, ObjectCannotBeUpdated {
-		// get entry
-		LDAPEntry roleEntry;
-        try {
-            roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
-        } catch (ObjectNotFoundException e) {
-            throw new ObjectNotFoundException("Role does not exist", "");
-        }
-		// set attribute
-        LDAPLookupUtils.setAttributeValue(mLdap.getConnection(), roleEntry, "jobList", hasJobList?"TRUE":"FALSE");
-	}
-	
-	public void setAgentPassword(AgentPath agent, String newPassword) throws ObjectNotFoundException, ObjectCannotBeUpdated, NoSuchAlgorithmException {
-		String encPasswd = AgentPath.generateUserPassword(newPassword, "SHA");
-		LDAPEntry agentEntry;
-        try {
-        	agentEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), agent.getFullDN());
-        } catch (ObjectNotFoundException e) {
-            throw new ObjectNotFoundException("Agent "+agent.getAgentName()+" does not exist", "");
-        }
-		LDAPLookupUtils.setAttributeValue(mLdap.getConnection(), agentEntry, "userPassword", encPasswd);
-		
-	}
-
-}
diff --git a/src/main/java/com/c2kernel/lookup/Lookup.java b/src/main/java/com/c2kernel/lookup/Lookup.java
new file mode 100644
index 0000000..026ad19
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/Lookup.java
@@ -0,0 +1,77 @@
+package com.c2kernel.lookup;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.Iterator;
+
+import com.c2kernel.common.ObjectAlreadyExistsException;
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.process.auth.Authenticator;
+import com.c2kernel.property.PropertyDescriptionList;
+
+public interface Lookup {
+	
+	public void initializeDirectory() throws ObjectNotFoundException;
+	
+	public void open(Authenticator user);
+
+	public void close();
+
+	// Path resolution
+	
+	public Class<?> getItemClass(Path path) throws ObjectNotFoundException;
+
+	public ItemPath resolvePath(DomainPath domainPath) throws InvalidItemPathException, ObjectNotFoundException;	
+
+	public org.omg.CORBA.Object resolve(Path path) throws ObjectNotFoundException;
+
+	// Path management
+	
+	public void add(Path newPath) throws ObjectCannotBeUpdated, ObjectAlreadyExistsException;
+
+	public void delete(Path path) throws ObjectCannotBeUpdated;
+
+	// Path finding and searching
+	
+	public boolean exists(Path path);
+	
+	public Iterator<Path> getChildren(Path path);
+
+	public Iterator<Path> search(Path path, String name);
+
+	public Iterator<Path> search(Path start, String propname, String propvalue);
+	
+	public Iterator<Path> search(Path start, PropertyDescriptionList props);
+	
+	public Iterator<Path> searchEntities(Path path);
+	
+	public Iterator<Path> searchAliases(DomainPath start);
+
+	public Iterator<Path> searchAliases(ItemPath itemPath);
+	
+	// Role and agent management
+	
+	public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException;
+
+	public RolePath getRolePath(String roleName) throws ObjectNotFoundException;
+	
+	public RolePath createRole(String role, boolean b) throws ObjectAlreadyExistsException, ObjectCannotBeUpdated;
+
+	public void addRole(AgentPath agent, RolePath rolePath) throws ObjectCannotBeUpdated, ObjectNotFoundException;
+
+	public AgentPath[] getAgents(RolePath rolePath) throws ObjectNotFoundException;
+
+	public RolePath[] getRoles(AgentPath agentPath);
+
+	public boolean hasRole(AgentPath agentPath, RolePath role);
+
+	public void removeRole(AgentPath agent, RolePath role) throws ObjectCannotBeUpdated, ObjectNotFoundException;
+
+	public String getAgentName(AgentPath agentPath) throws ObjectNotFoundException;
+	
+	public void setAgentPassword(AgentPath agent, String newPassword) throws ObjectNotFoundException, ObjectCannotBeUpdated, NoSuchAlgorithmException;
+	
+	public void setHasJobList(RolePath role, boolean hasJobList) throws ObjectNotFoundException, ObjectCannotBeUpdated;
+
+
+}
diff --git a/src/main/java/com/c2kernel/lookup/NextKeyManager.java b/src/main/java/com/c2kernel/lookup/NextKeyManager.java
deleted file mode 100644
index 9aea50d..0000000
--- a/src/main/java/com/c2kernel/lookup/NextKeyManager.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package com.c2kernel.lookup;
-
-import com.c2kernel.common.ObjectCannotBeUpdated;
-import com.c2kernel.common.ObjectNotFoundException;
-import com.c2kernel.persistency.ClusterStorageException;
-import com.c2kernel.process.Gateway;
-import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPEntry;
-
-/**************************************************************************
- *
- * $Revision: 1.2 $
- * $Date: 2005/04/27 13:47:24 $
- *
- * Copyright (C) 2003 CERN - European Organization for Nuclear Research
- * All rights reserved.
- **************************************************************************/
-
-//    public static final String codeRevision = "$Revision: 1.2 $ $Date: 2005/04/27 13:47:24 $ $Author: abranson $";
-public class NextKeyManager {
-
-    LDAPLookup ldap;
-    String lastKeyPath;
-
-    public NextKeyManager(LDAPLookup ldap, String lastKeyPath) {
-        super();
-        this.ldap = ldap;
-        this.lastKeyPath = lastKeyPath;
-    }
-
-    public synchronized ItemPath generateNextEntityKey()
-    throws ObjectCannotBeUpdated, ObjectNotFoundException
-    {
-        ItemPath lastKey = getLastEntityPath();
-
-        try {
-            lastKey.setSysKey(lastKey.getSysKey()+1);
-        } catch (InvalidItemPathException ex) {
-            throw new ObjectCannotBeUpdated("Invalid syskey "+(lastKey.getSysKey()+1)+". Maybe centre is full.");
-        }
-        //test that storage is empty for that key
-        try {
-			if (Gateway.getStorage().getClusterContents(lastKey.getSysKey(), "").length > 0)
-				throw new ObjectCannotBeUpdated("NextKeyManager: Storage already contains data for syskey "+lastKey.getSysKey()+
-						". Storage is out of sync with nextkey. Please contact an administrator", "");
-		} catch (ClusterStorageException e) {
-			Logger.error(e);
-			throw new ObjectCannotBeUpdated("Could not check storage for prior data for the next generated systemKey: "+e.getMessage());
-		}
-        
-        //set the last key
-        writeLastEntityKey(lastKey.getSysKey());
-
-        return lastKey;
-    }
-
-    public synchronized AgentPath generateNextAgentKey()
-    throws ObjectCannotBeUpdated, ObjectNotFoundException {
-        ItemPath newEntity = generateNextEntityKey();
-        return new AgentPath(newEntity);
-    }
-
-    public void writeLastEntityKey(int sysKey) throws ObjectCannotBeUpdated, ObjectNotFoundException {
-        LDAPEntry lastKeyEntry = LDAPLookupUtils.getEntry(ldap.getConnection(),lastKeyPath);
-        LDAPLookupUtils.setAttributeValue(ldap.getConnection(), lastKeyEntry,"intsyskey",Integer.toString(sysKey));
-    }
-
-    public ItemPath getLastEntityPath() throws ObjectNotFoundException
-    {
-        LDAPEntry lastKeyEntry = LDAPLookupUtils.getEntry(ldap.getConnection(),lastKeyPath);
-        String lastKey = LDAPLookupUtils.getFirstAttributeValue(lastKeyEntry,"intsyskey");
-        try {
-            int sysKey = Integer.parseInt(lastKey);
-            ItemPath sysPath = new ItemPath(sysKey);
-            return sysPath;
-        } catch (InvalidItemPathException ex) {
-            throw new ObjectNotFoundException("Invalid syskey. Maybe centre is full.");
-        } catch (NumberFormatException ex) {
-            throw new ObjectNotFoundException("Invalid syskey in lastkey.");
-        }
-
-    }
-
-}
diff --git a/src/main/java/com/c2kernel/lookup/Path.java b/src/main/java/com/c2kernel/lookup/Path.java
index 16f3e5d..f9fd15d 100644
--- a/src/main/java/com/c2kernel/lookup/Path.java
+++ b/src/main/java/com/c2kernel/lookup/Path.java
@@ -12,15 +12,11 @@ package com.c2kernel.lookup;
 
 import java.io.Serializable;
 import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.Iterator;
 import java.util.StringTokenizer;
 
-import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.process.Gateway;
-import com.novell.ldap.LDAPAttributeSet;
-import com.novell.ldap.LDAPConnection;
-import com.novell.ldap.LDAPSearchConstraints;
 
 
 /**
@@ -45,19 +41,11 @@ public abstract class Path implements Serializable
     protected String   mStringPath = null;
     // entity or context
     protected short    mType      = CONTEXT;
-    // LDAP dn
-    protected String   mDN        = null;
     // int syskey (only valid for entity SystemPaths)
     protected int      mSysKey    = INVALID;
 
     // ior is stored in here when it is resolved
     protected org.omg.CORBA.Object   mIOR         = null;
-    //
-    // needed for unusual subclass constructors
-
-    protected static String mGlobalPath; //cern.ch
-    protected static String mRootPath;   //cristal2
-    protected static String mLocalPath;  //lab27
 
     public Path() {
     }
@@ -114,7 +102,6 @@ public abstract class Path implements Serializable
     public void setPath(String[] path)
     {
         mStringPath = null;
-        mDN = null;
         mPath = path.clone();
         mSysKey = INVALID;
     }
@@ -136,7 +123,6 @@ public abstract class Path implements Serializable
 
         mPath = (newPath.toArray(mPath));
         mStringPath = null;
-        mDN = null;
         mSysKey = INVALID;
     }
 
@@ -152,40 +138,10 @@ public abstract class Path implements Serializable
     public void setPath(Path path)
     {
         mStringPath = null;
-        mDN = null;
         mPath = (path.getPath().clone());
         mSysKey = INVALID;
     }
 
-    /* LDAP dn e.g. cn=6L,cn=Barrel,cn=Crystal,cn=Product,cn=domain,
-     * system/domain node PRESENT
-     * trailing comma
-    */
-    public void setDN(String dn)
-    {
-        // strip off root path components
-        String root = "cn="+getRoot()+",";
-        if (dn.endsWith(mLocalPath))
-        	dn = dn.substring(0, dn.lastIndexOf(mLocalPath));
-
-        if (dn.endsWith(root))
-        	dn = dn.substring(0, dn.lastIndexOf(root));
-
-        ArrayList<String> newPath = new ArrayList<String>();
-        StringTokenizer tok = new StringTokenizer(dn, ",");
-        while (tok.hasMoreTokens()) {
-            String nextPath = tok.nextToken();
-            if (nextPath.indexOf("cn=") == 0)
-                newPath.add(0, LDAPLookupUtils.unescapeDN(nextPath.substring(3)));
-            else
-                break;
-        }
-        mPath = (newPath.toArray(mPath));
-        mSysKey = INVALID;
-        mStringPath = null;
-        mDN = dn+root;
-    }
-
     /*************************************************************************/
 
 
@@ -212,23 +168,8 @@ public abstract class Path implements Serializable
         return mStringPath;
     }
 
-    public String getDN() {
-        if (mDN == null) {
-            StringBuffer dnBuffer = new StringBuffer();
-            for (int i=mPath.length-1; i>=0; i--)
-                dnBuffer.append("cn=").append(LDAPLookupUtils.escapeDN(mPath[i])).append(",");
-            dnBuffer.append("cn="+getRoot()+",");
-            mDN = dnBuffer.toString();
-        }
-        return mDN;
-    }
-
-    public String getFullDN() {
-        return getDN()+mLocalPath;
-    }
-
     public boolean exists() {
-        return Gateway.getLDAPLookup().exists(this);
+        return Gateway.getLookup().exists(this);
     }
 
     /** Queries the lookup for the IOR
@@ -237,9 +178,9 @@ public abstract class Path implements Serializable
     public org.omg.CORBA.Object getIOR() {
         org.omg.CORBA.Object newIOR = null;
         if (mIOR==null) { // if not cached try to resolve
-            LDAPLookup myLookup = Gateway.getLDAPLookup();
+            Lookup myLookup = Gateway.getLookup();
             try {
-                newIOR = myLookup.getIOR(this);
+                newIOR = myLookup.resolve(this);
             } catch (ObjectNotFoundException ex) {
             }
             setIOR(newIOR);
@@ -260,19 +201,11 @@ public abstract class Path implements Serializable
         return mSysKey;
     }
 
-    public Enumeration<? extends Path> getChildren() {
-        String filter = "objectclass=*";
-        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
-        searchCons.setBatchSize(10);
-        searchCons.setDereference(LDAPSearchConstraints.DEREF_FINDING );
-        return Gateway.getLDAPLookup().search(getFullDN(), LDAPConnection.SCOPE_ONE,filter,searchCons);
-    }
-
     public Path find(String name) throws ObjectNotFoundException {
-    	Enumeration<Path> e = Gateway.getLDAPLookup().search(this, name);
-    	if (e.hasMoreElements()) {
-    		Path thisPath = e.nextElement();
-    		if (e.hasMoreElements())
+    	Iterator<Path> e = Gateway.getLookup().search(this, name);
+    	if (e.hasNext()) {
+    		Path thisPath = e.next();
+    		if (e.hasNext())
     			throw new ObjectNotFoundException("More than one match for "+name, "");
     		return thisPath;
     	}
@@ -281,8 +214,6 @@ public abstract class Path implements Serializable
 
     public abstract ItemPath getEntity() throws ObjectNotFoundException;
 
-    public abstract LDAPAttributeSet createAttributeSet() throws ObjectCannotBeUpdated;
-
     @Override
 	public boolean equals( Object path )
     {
@@ -298,7 +229,7 @@ public abstract class Path implements Serializable
         StringBuffer comp = new StringBuffer("Components: { ");
         for (String element : mPath)
 			comp.append("'").append(element).append("' ");
-        return "Path - dump(): "+comp.toString()+"}\n        dn="+getDN()+"\n        string="+toString()+"\n        int="+getSysKey()+"\n        type="+mType;
+        return "Path - dump(): "+comp.toString()+"}\n        string="+toString()+"\n        int="+getSysKey()+"\n        type="+mType;
     }
 }
 
diff --git a/src/main/java/com/c2kernel/lookup/RolePath.java b/src/main/java/com/c2kernel/lookup/RolePath.java
index 0e07012..bd23991 100644
--- a/src/main/java/com/c2kernel/lookup/RolePath.java
+++ b/src/main/java/com/c2kernel/lookup/RolePath.java
@@ -10,15 +10,13 @@
 
 package com.c2kernel.lookup;
 
-import java.util.Enumeration;
-import java.util.Vector;
+import java.util.ArrayList;
+import java.util.Iterator;
 
 import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
-import com.novell.ldap.LDAPAttribute;
-import com.novell.ldap.LDAPAttributeSet;
 
 
 
@@ -56,7 +54,7 @@ public class RolePath extends DomainPath
      */
     public void setHasJobList(boolean hasJobList) throws ObjectNotFoundException, ObjectCannotBeUpdated {
         this.hasJobList = hasJobList;
-        Gateway.getLDAPLookup().getRoleManager().setHasJobList(this, hasJobList);
+        Gateway.getLookup().setHasJobList(this, hasJobList);
     }
 
 
@@ -65,18 +63,17 @@ public class RolePath extends DomainPath
         mType = CONTEXT;
     }
 
-    @Override
-	public Enumeration<AgentPath> getChildren() {
+	public Iterator<Path> getChildren() {
         AgentPath[] agents = getAgentsWithRole();
-        Vector<AgentPath> children = new Vector<AgentPath>(agents.length);
+        ArrayList<Path> children = new ArrayList<Path>(agents.length);
         for (int i = 0; i < agents.length; i++)
             children.add(i, agents[i]);
-        return children.elements();
+        return children.iterator();
     }
 
     public AgentPath[] getAgentsWithRole() {
         try {
-            return Gateway.getLDAPLookup().getRoleManager().getAgents(this);
+            return Gateway.getLookup().getAgents(this);
         } catch (ObjectNotFoundException ex) {
             Logger.error("Cannot retrieve agent list. Role "+getName()+" does not exist in LDAP");
             return new AgentPath[0];
@@ -84,11 +81,11 @@ public class RolePath extends DomainPath
     }
 
     public void addAgent(AgentPath agent) throws ObjectCannotBeUpdated, ObjectNotFoundException {
-        Gateway.getLDAPLookup().getRoleManager().addRole(agent, this);
+        Gateway.getLookup().addRole(agent, this);
     }
 
     public void removeAgent(AgentPath agent) throws ObjectCannotBeUpdated, ObjectNotFoundException {
-        Gateway.getLDAPLookup().getRoleManager().removeRole(agent, this);
+        Gateway.getLookup().removeRole(agent, this);
     }
 
     @Override
@@ -99,9 +96,7 @@ public class RolePath extends DomainPath
 
         return "Path - dump(): "+
                 comp.toString()+
-                "}\n        dn="+
-                getDN()+
-                "\n        string="+
+                "}\n        string="+
                 toString()+
                 "\n        type="+
                 mType+
@@ -110,15 +105,5 @@ public class RolePath extends DomainPath
                 "\n        ";
     }
 
-    @Override
-	public LDAPAttributeSet createAttributeSet()
-    {
-        LDAPAttributeSet attrs = new LDAPAttributeSet();
-        attrs.add(new LDAPAttribute("objectclass","cristalrole"));
-        String jobListString = hasJobList?"TRUE":"FALSE";
-        attrs.add(new LDAPAttribute("jobList",jobListString));
-        attrs.add(new LDAPAttribute("cn", getName()));
-        return attrs;
-    }
 }
 
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPAuthManager.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPAuthManager.java
new file mode 100644
index 0000000..4c26de6
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPAuthManager.java
@@ -0,0 +1,95 @@
+package com.c2kernel.lookup.ldap;
+
+import com.c2kernel.common.InvalidDataException;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.process.Gateway;
+import com.c2kernel.process.auth.Authenticator;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPConnection;
+import com.novell.ldap.LDAPException;
+
+public class LDAPAuthManager implements Authenticator {
+
+    private LDAPConnection mLDAPConn;
+    private LDAPProperties ldapProps;
+    
+
+	@Override
+	public boolean authenticate(String agentName,
+			String password, String resource) throws InvalidDataException, ObjectNotFoundException {
+		
+		ldapProps = new LDAPProperties(Gateway.getProperties());
+		
+        if (ldapProps.mHost!=null && ldapProps.mPort!= null && ldapProps.mLocalPath!=null )
+        {
+            try { // anonymously bind to LDAP and find the agent entry for the username
+                ldapProps.mUser = "";
+                ldapProps.mPassword = "";
+                mLDAPConn = LDAPLookupUtils.createConnection(ldapProps);
+                LDAPLookup anonLookup = new LDAPLookup(ldapProps);
+                anonLookup.open(this);
+                String agentDN = anonLookup.getFullDN(anonLookup.getAgentPath(agentName));
+
+                //found agentDN, try to log in with it
+                ldapProps.mUser = agentDN;
+                ldapProps.mPassword = password;
+                mLDAPConn = LDAPLookupUtils.createConnection(ldapProps);
+                return true;
+            } catch (LDAPException e) {
+                return false;
+            }
+        }
+        else
+        {
+            throw new InvalidDataException("Cannot log in. Some connection properties are not set.", "");
+        }
+
+	}
+	
+	@Override
+	public boolean authenticate(String resource) throws InvalidDataException, ObjectNotFoundException {
+		ldapProps = new LDAPProperties(Gateway.getProperties());
+		
+		if (ldapProps.mUser == null || ldapProps.mUser.length()==0 ||
+			ldapProps.mPassword == null || ldapProps.mPassword.length()==0)
+			throw new InvalidDataException("LDAP root user properties not found in config.");
+		try {
+			mLDAPConn = LDAPLookupUtils.createConnection(ldapProps);
+			return true;
+		} catch (LDAPException e) {
+            return false;
+        }
+	}
+
+	@Override
+	public LDAPConnection getAuthObject() {
+        
+		if (!mLDAPConn.isConnected()) {
+            Logger.warning("LDAPAuthManager - lost connection to LDAP server. Attempting to reconnect.");
+            try {
+                mLDAPConn = LDAPLookupUtils.createConnection(ldapProps);
+            } catch (LDAPException ex) { }
+        }
+        return mLDAPConn;
+	}
+
+	@Override
+	public void disconnect() {
+        Logger.msg(1, "LDAP Lookup: Shutting down LDAP connection.");
+        if (mLDAPConn != null) {
+            try {
+                mLDAPConn.disconnect();
+            } catch (LDAPException e) {
+                Logger.error(e);
+            }
+            mLDAPConn = null;
+        }
+		
+	}
+
+	public LDAPAuthManager() {
+		// TODO Auto-generated constructor stub
+	}
+
+
+}
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java
new file mode 100644
index 0000000..a96a46b
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPLookup.java
@@ -0,0 +1,775 @@
+/*
+ * Directory Lookup Service *
+ * author: Florida Estrella
+*/
+
+package com.c2kernel.lookup.ldap;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.StringTokenizer;
+
+import org.omg.CORBA.Object;
+
+import com.c2kernel.common.ObjectAlreadyExistsException;
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.entity.TraceableEntity;
+import com.c2kernel.entity.agent.ActiveEntity;
+import com.c2kernel.entity.proxy.ProxyMessage;
+import com.c2kernel.lookup.AgentPath;
+import com.c2kernel.lookup.DomainPath;
+import com.c2kernel.lookup.InvalidItemPathException;
+import com.c2kernel.lookup.ItemPath;
+import com.c2kernel.lookup.Lookup;
+import com.c2kernel.lookup.Path;
+import com.c2kernel.lookup.RolePath;
+import com.c2kernel.process.Gateway;
+import com.c2kernel.process.auth.Authenticator;
+import com.c2kernel.property.PropertyDescription;
+import com.c2kernel.property.PropertyDescriptionList;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPAttribute;
+import com.novell.ldap.LDAPAttributeSet;
+import com.novell.ldap.LDAPConnection;
+import com.novell.ldap.LDAPDN;
+import com.novell.ldap.LDAPEntry;
+import com.novell.ldap.LDAPException;
+import com.novell.ldap.LDAPSearchConstraints;
+import com.novell.ldap.LDAPSearchResults;
+
+/**
+ * The LDAPLookup object, statically accessible through the Gateway, manages
+ * the LDAP connection for the cristal process. It provides:
+ * <ul>
+ * <li>Authentication - returning an AgentProxy object if a user has logged in
+ * <li>System key generation - through the NextKeyManager
+ * <li>Agent and Role lookup/modification - through the RoleManager
+ * <li>
+ * @version $Revision: 1.113 $ $Date: 2006/03/03 13:52:21 $
+ * @author  $Author: abranson $
+ */
+
+public class LDAPLookup implements Lookup
+
+{
+	private LDAPAuthManager mLDAPAuth;
+    private LDAPNextKeyManager mNextKeyManager;
+    private LDAPPropertyManager mPropManager;
+    
+    final String mItemTypeRoot, mDomainTypeRoot, mGlobalPath, mRootPath, mLocalPath, mRolePath;
+
+    /**
+     * Creates a new LDAPLookup manager with the properties supplied.
+     * This should be only done by the Gateway during initialisation.
+     *
+     * @param props The LDAP properties object that extracts LDAP connection properties from the global c2kprops
+     */
+    public LDAPLookup(LDAPProperties props)
+    {
+        Logger.msg(8,"LDAPLookup - initialising.");
+
+        mGlobalPath=props.mGlobalPath;
+        mRootPath=props.mRootPath;
+        mLocalPath=props.mLocalPath;
+
+        mItemTypeRoot = "cn=entity,"+props.mLocalPath;
+        mDomainTypeRoot = "cn=domain,"+props.mLocalPath;
+        mRolePath = "cn=agent,"+mDomainTypeRoot; 
+
+    }
+    
+    public LDAPLookup() {
+    	this(new LDAPProperties(Gateway.getProperties())); 
+    }
+    
+    @Override
+	public void open(Authenticator auth) {
+    	mLDAPAuth = (LDAPAuthManager)auth;
+    	mNextKeyManager = new LDAPNextKeyManager(mLDAPAuth, "cn=last,"+mItemTypeRoot);
+    	Gateway.getProperties().setProperty("NextKeyManager", mNextKeyManager);
+        Logger.msg(7, "LDAP.useOldProps="+Gateway.getProperties().getBoolean("LDAP.useOldProps", false));
+      	mPropManager = new LDAPPropertyManager(this, mLDAPAuth);
+    }
+
+    /**
+     * Gets the entity key generator, used to get a unique system key for new entities.
+     * @return the global NextKeyManager
+     */
+    public LDAPNextKeyManager getNextKeyManager()
+    {
+        return mNextKeyManager;
+    }
+
+    /**
+     * Gets the property manager, that is used to read and write cristal properties to the LDAP store.
+     * @return Returns the global LDAPPropertyManager.
+     */
+    public LDAPPropertyManager getPropManager() {
+        return mPropManager;
+    }
+
+    /**
+     * Disconnects the connection with the LDAP server during shutdown
+     */
+	@Override
+	public void close() {
+        Logger.msg(1, "LDAP Lookup: Shutting down LDAP connection.");
+        if (mLDAPAuth != null) {
+           	mLDAPAuth.disconnect();
+            mLDAPAuth = null;
+        }
+    }
+
+   /**
+    * Attempts to resolve the CORBA object for a Path, either directly or through an alias.
+    * @param path the path to resolve
+    * @return the CORBA object
+    * @throws ObjectNotFoundException When the path does not exist
+    */
+    public org.omg.CORBA.Object getIOR(Path path)
+    throws ObjectNotFoundException
+    {
+        return resolveObject(getFullDN(path));
+    }
+
+    /**
+     * Attempts to resolve the CORBA object from the IOR attribute of a DN, either directly or through an alias
+     * @param dn The String dn
+     * @throws ObjectNotFoundException when the dn or aliased dn does not exist
+     */
+    private org.omg.CORBA.Object resolveObject(String dn)
+        throws ObjectNotFoundException
+    {
+        Logger.msg(8,"LDAPLookup.resolveObject("+dn+")");
+        LDAPEntry anEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(),dn,LDAPSearchConstraints.DEREF_NEVER);
+        if (anEntry != null)
+        {
+            String iorString;
+            try {
+                iorString = LDAPLookupUtils.getFirstAttributeValue(anEntry, "ior");
+                org.omg.CORBA.Object ior=Gateway.getORB().string_to_object(iorString);
+                if (ior!=null)
+                    return ior;
+                else
+                    throw new ObjectNotFoundException("LDAPLookup.resolveObject() - " + dn + " has no IOR", "");
+            } catch (ObjectNotFoundException ex) {
+                return resolveObject(LDAPLookupUtils.getFirstAttributeValue(anEntry,"aliasedObjectName"));
+            }
+        }
+        else
+            throw new ObjectNotFoundException("LDAPLookup.resolveObject() LDAP node " + dn + " is not in LDAP or has no IOR.", "");
+    }
+
+    /**
+     *
+     * @param domPath
+     * @return
+     * @throws InvalidItemPathException
+     * @throws ObjectNotFoundException
+     */
+    @Override
+	public ItemPath resolvePath(DomainPath domPath)
+        throws InvalidItemPathException, ObjectNotFoundException {
+        ItemPath referencedPath = null;
+        LDAPEntry domEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), 
+                getFullDN(domPath), LDAPSearchConstraints.DEREF_ALWAYS);
+        String entityKey = LDAPLookupUtils.getFirstAttributeValue(domEntry,
+                "intsyskey");
+        Logger.msg(7, "DomainPath " + domPath + " is a reference to "
+                + entityKey);
+        String objClass = LDAPLookupUtils.getFirstAttributeValue(domEntry,
+                "objectClass");
+        if (objClass.equals("cristalagent"))
+            referencedPath = new AgentPath(Integer.parseInt(entityKey));
+        else
+            referencedPath = new ItemPath(Integer.parseInt(entityKey));
+
+        return referencedPath;
+    }
+
+
+    @Override
+	public void add(Path path)
+        throws ObjectCannotBeUpdated, ObjectAlreadyExistsException
+    {
+        try {
+            checkLDAPContext(path);
+            LDAPAttributeSet attrSet = createAttributeSet(path);
+            LDAPEntry newEntry = new LDAPEntry(getFullDN(path),attrSet);
+            LDAPLookupUtils.addEntry(mLDAPAuth.getAuthObject(),newEntry);
+            if (path instanceof DomainPath)
+            	Gateway.getProxyServer().sendProxyEvent(new ProxyMessage(ProxyMessage.NA, path.toString(), ProxyMessage.ADDED));
+        } catch (LDAPException ex) {
+            if (ex.getResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)
+                throw new ObjectAlreadyExistsException(ex.getLDAPErrorMessage(), "");
+            else
+                throw new ObjectCannotBeUpdated(ex.getLDAPErrorMessage(), "");
+        }
+     }
+
+    //deletes a node
+    //throws LDAPexception if node cannot be deleted (eg node is not a leaf)
+    @Override
+	public void delete(Path path) throws ObjectCannotBeUpdated
+    {
+        try {
+            LDAPLookupUtils.delete(mLDAPAuth.getAuthObject(),getDN(path)+mLocalPath);
+        } catch (LDAPException ex) {
+            throw new ObjectCannotBeUpdated(ex.getLDAPErrorMessage(), "");
+        }
+        if (path instanceof DomainPath) {
+        	Gateway.getProxyServer().sendProxyEvent(new ProxyMessage(ProxyMessage.NA, path.toString(), ProxyMessage.DELETED));
+        }
+    }
+
+	//change specs, add boolean alias leaf context
+    protected void checkLDAPContext(Path path)
+    {
+        String dn = getFullDN(path);
+        if (!LDAPLookupUtils.exists(mLDAPAuth.getAuthObject(),dn))
+        {
+            String listDN[] = path.getPath();
+            String name = "cn="+ path.getRoot() + "," + mLocalPath;
+            int i=0;
+            while (i<listDN.length-1)
+            {
+                name= "cn="+LDAPLookupUtils.escapeDN(listDN[i])+","+name;
+                if (!LDAPLookupUtils.exists(mLDAPAuth.getAuthObject(),name))
+                {
+                    try
+                    {
+                        //create cristalcontext
+                        Logger.msg(8,"LDAPLookup::addLDAPContext() context added " + name);
+                        LDAPLookupUtils.createCristalContext(mLDAPAuth.getAuthObject(), name);
+                    }
+                    catch (Exception ex)
+                    {
+                        Logger.error("LDAPLookup::addContext() " + ex);
+                    }
+                }
+                i++;
+            }
+        }
+    }
+    public void createBootTree()
+    {
+        Logger.msg(8,"Initializing LDAP Boot tree");
+
+        //create org
+        LDAPLookupUtils.createOrganizationContext(mLDAPAuth.getAuthObject(), mGlobalPath);
+        //create root
+        LDAPLookupUtils.createCristalContext(mLDAPAuth.getAuthObject(), mRootPath);
+        //create local
+        LDAPLookupUtils.createCristalContext(mLDAPAuth.getAuthObject(), mLocalPath);
+    }
+
+    @Override
+	public void initializeDirectory() throws ObjectNotFoundException
+    {
+        createBootTree();
+        initTree( Gateway.getResource().getTextResource(null, "boot/LDAPboot.txt"));
+    }
+
+    public void initTree(String bootFile)
+    {
+        Logger.msg(8,"Verifying Cristal LDAP roots");
+        StringTokenizer strTokenizer = new StringTokenizer(bootFile, "\n\r");
+        while (strTokenizer.hasMoreTokens())
+        {
+            String line = strTokenizer.nextToken();
+            Logger.msg(8,"Checking " + line+mLocalPath);
+            LDAPLookupUtils.createCristalContext(mLDAPAuth.getAuthObject(), line+mLocalPath);
+        }
+
+    }
+
+ 	//typically search for cn=barcode
+    @Override
+	public LDAPPathSet search(Path start, String filter)
+    {
+    	Logger.msg(8,"LDAPLookup::search() From " + getDN(start) + " for cn=" + filter );
+        return search(getFullDN(start),"cn="+LDAPLookupUtils.escapeSearchFilter(filter));
+    }
+    
+    @Override
+	public LDAPPathSet search(Path start, String propname, String propvalue)
+    {
+    	String val = propname+":"+propvalue;
+    	Logger.msg(8,"LDAPLookup::search() From " + getDN(start) + " for cristalprop=" + val );
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_SEARCHING);
+        return search(getFullDN(start),LDAPConnection.SCOPE_SUB,"cristalprop="+LDAPLookupUtils.escapeSearchFilter(val),searchCons);
+    }
+    
+    @Override
+	public LDAPPathSet search(Path start, PropertyDescriptionList props) {
+    	StringBuffer query = new StringBuffer();
+    	int propCount = 0;
+    	for (PropertyDescription propDesc: props.list) {
+    		if (propDesc.getIsClassIdentifier()) {
+    			String thisProp = LDAPLookupUtils.escapeSearchFilter(propDesc.getName()+(":")+propDesc.getDefaultValue());
+    			query.append("(cristalprop=").append(thisProp).append(")");
+    			propCount++;
+    		}
+    	}
+    	LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_SEARCHING);
+        if (propCount == 0)
+        	return search(getFullDN(start),LDAPConnection.SCOPE_SUB,"objectClass=cristalentity",searchCons);
+        else if (propCount == 1)
+        	return search(getFullDN(start),LDAPConnection.SCOPE_SUB,query.toString(),searchCons);
+        else
+        	return search(getFullDN(start),LDAPConnection.SCOPE_SUB,"(&"+query.toString()+")",searchCons);
+    }
+    
+    protected LDAPPathSet search(String startDN, int scope, String filter, LDAPSearchConstraints searchCons)
+    {
+        Logger.msg(8,"Searching for "+filter+" in "+startDN);
+        searchCons.setMaxResults(0);
+        String[] attr = { LDAPConnection.ALL_USER_ATTRS };
+        try
+        {
+            LDAPSearchResults res = mLDAPAuth.getAuthObject().search(startDN, scope,
+            		filter,attr,false,searchCons);
+            return new LDAPPathSet(res, this);
+        }
+        catch (LDAPException ex)
+        {
+            Logger.error("LDAPException::LDAPLookup::search() " + ex.toString());
+            return new LDAPPathSet(this);
+        }
+    }
+    //typically search for (any filter combination)
+    public LDAPPathSet search(String startDN,String filter)
+    {
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
+        return search(startDN,LDAPConnection.SCOPE_SUB,filter,searchCons);
+    }
+
+    @Override
+	public LDAPPathSet searchEntities(Path start) {
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_SEARCHING);
+        return search(getFullDN(start), LDAPConnection.SCOPE_SUB, "objectClass=cristalentity", searchCons);
+    }
+
+    @Override
+	public LDAPPathSet searchAliases(DomainPath start) {
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
+        return search(getFullDN(start), LDAPConnection.SCOPE_SUB, "objectClass=aliasObject", searchCons);
+    }
+    
+    @Override
+	public LDAPPathSet searchAliases(ItemPath entity) {
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
+        return search(getFullDN(new DomainPath()), LDAPConnection.SCOPE_SUB, "(&(objectClass=aliasObject)(aliasedObjectName="+
+        LDAPLookupUtils.escapeDN(getFullDN(entity))+"))", searchCons);
+    }
+
+    @Override
+	public boolean exists(Path path) {
+        return LDAPLookupUtils.exists(mLDAPAuth.getAuthObject(), getFullDN(path));
+    }
+
+    @Override
+	public Class<?> getItemClass(Path path) throws ObjectNotFoundException {
+        String[] attr = { LDAPConnection.ALL_USER_ATTRS };
+        try {
+            LDAPEntry anEntry=mLDAPAuth.getAuthObject().read(getDN(path)+mLocalPath,attr);
+            String type = LDAPLookupUtils.getFirstAttributeValue(anEntry, "objectClass");
+            if (type.equals("cristalentity"))
+                return TraceableEntity.class;
+            else if (type.equals("cristalagent"))
+                return ActiveEntity.class;
+            else
+                throw new ObjectNotFoundException("Not an entity", "");
+
+        } catch (LDAPException ex) {
+            if (ex.getResultCode() == LDAPException.NO_SUCH_OBJECT)
+                throw new ObjectNotFoundException("Entity does not exist", "");
+            Logger.error(ex);
+            throw new ObjectNotFoundException("Error getting entity class", "");
+        }
+    }
+
+    /** converts an LDAPentry to a Path object
+     *  Note that the search producing the entry should have retrieved the attrs
+     *  'ior' and 'uniquemember'
+     * @throws ObjectNotFoundException
+     * @throws ObjectNotFoundException
+     */
+    protected Path nodeToPath(LDAPEntry entry) throws InvalidItemPathException, ObjectNotFoundException
+    {
+        String dn = entry.getDN();
+
+        // extract syskey
+        int entityKey = -1;
+        try {
+            String entityKeyStr = LDAPLookupUtils.getFirstAttributeValue(entry,"intsyskey");
+            entityKey = Integer.parseInt(entityKeyStr);
+        } catch (Exception e) { }
+
+        // extract IOR
+        org.omg.CORBA.Object ior = null;
+        try {
+            String stringIOR = LDAPLookupUtils.getFirstAttributeValue(entry,"ior");
+            ior = Gateway.getORB().string_to_object(stringIOR);
+        } catch (ObjectNotFoundException e2) { }
+
+        /* Find the right path class */
+        Path thisPath;
+        if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalagent"))
+        { //cristalagent
+            String agentID = LDAPLookupUtils.getFirstAttributeValue(entry,"uid");
+            thisPath = new AgentPath(entityKey, agentID);
+        }
+
+        else if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalrole"))
+        { //cristalrole
+            thisPath = new RolePath(LDAPDN.explodeDN(dn,true)[0],
+                    LDAPLookupUtils.getFirstAttributeValue(entry, "jobList").equals("TRUE"));
+        }
+        else if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","aliasObject") ||
+                (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalcontext") && dn.endsWith(mDomainTypeRoot)))
+        {
+            DomainPath domainPath = new DomainPath();
+            domainPath.setPath(getPathComponents(dn.substring(0, dn.lastIndexOf(mDomainTypeRoot))));
+            thisPath = domainPath;
+        }
+        else if (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalentity") ||
+                (LDAPLookupUtils.existsAttributeValue(entry,"objectclass","cristalcontext") && dn.endsWith(mItemTypeRoot)))
+        {
+            if(dn.endsWith(mItemTypeRoot)) {
+                ItemPath entityPath;
+                if (entityKey != -1)
+                    entityPath = new ItemPath(entityKey);
+                else {
+                    entityPath = new ItemPath();
+                    entityPath.setPath(getPathComponents(dn.substring(0, dn.lastIndexOf(mItemTypeRoot))));
+                }
+                thisPath = entityPath;
+            }
+            else
+                throw new ObjectNotFoundException("Entity found outside entity tree");
+        }
+        else
+        {
+			throw new ObjectNotFoundException("Unrecognised LDAP entry. Not a cristal entry");
+        }
+
+        //set IOR if we have one
+        if (ior!=null) thisPath.setIOR(ior);
+        return thisPath;
+    }
+
+	public String getDN(Path path) {
+            StringBuffer dnBuffer = new StringBuffer();
+            String[] pathComp = path.getPath();
+            for (int i=pathComp.length-1; i>=0; i--)
+                dnBuffer.append("cn=").append(LDAPLookupUtils.escapeDN(pathComp[i])).append(",");
+            dnBuffer.append("cn="+path.getRoot()+",");
+            return dnBuffer.toString();
+    }
+
+    public String getFullDN(Path path) {
+        return getDN(path)+mLocalPath;
+    }
+    
+    public String[] getPathComponents(String dnFragment) {
+    	ArrayList<String> newPath = new ArrayList<String>();
+        StringTokenizer tok = new StringTokenizer(dnFragment, ",");
+        String[] path = new String[tok.countTokens()];
+        while (tok.hasMoreTokens()) {
+            String nextPath = tok.nextToken();
+            if (nextPath.indexOf("cn=") == 0)
+                newPath.add(0, LDAPLookupUtils.unescapeDN(nextPath.substring(3)));
+            else
+                break;
+        }
+        return newPath.toArray(path);
+    }
+
+	@Override
+	public Object resolve(Path path) throws ObjectNotFoundException {
+		return resolveObject(getFullDN(path));
+	}
+
+	@Override
+	public Iterator<Path> getChildren(Path path) {
+		if (path instanceof RolePath) return ((RolePath)path).getChildren();
+        String filter = "objectclass=*";
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(10);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_FINDING );
+        return search(getFullDN(path), LDAPConnection.SCOPE_ONE,filter,searchCons);
+	}    
+	
+	public LDAPAttributeSet createAttributeSet(Path path) throws ObjectCannotBeUpdated {
+        LDAPAttributeSet attrs = new LDAPAttributeSet();
+		
+		if (path instanceof RolePath) {
+			RolePath rolePath = (RolePath)path;
+	        attrs.add(new LDAPAttribute("objectclass","cristalrole"));
+	        String jobListString = rolePath.hasJobList()?"TRUE":"FALSE";
+	        attrs.add(new LDAPAttribute("jobList",jobListString));
+	        attrs.add(new LDAPAttribute("cn", rolePath.getName()));
+		}
+		else if (path instanceof DomainPath) {
+			DomainPath domPath = (DomainPath)path;
+	        attrs.add(new LDAPAttribute("cn",domPath.getName()));
+            try {
+				attrs.add(new LDAPAttribute("aliasedObjectName",getFullDN(domPath.getEntity())));
+	            String objectclass_values[] = { "alias", "aliasObject" };
+	            attrs.add(new LDAPAttribute("objectclass",objectclass_values));
+			} catch (ObjectNotFoundException e) { // no entity - is a context
+				attrs.add(new LDAPAttribute("objectclass","cristalcontext"));
+			}
+		}
+		
+		else if (path instanceof ItemPath) {
+			ItemPath itemPath = (ItemPath)path;
+	        attrs.add(new LDAPAttribute("intsyskey",Integer.toString(itemPath.getSysKey())));
+	        attrs.add(new LDAPAttribute("cn", itemPath.getPath()[itemPath.getPath().length-1]));
+	        if (itemPath.getIOR() != null)
+	            attrs.add(new LDAPAttribute("ior", Gateway.getORB().object_to_string(itemPath.getIOR())));
+		
+	        if (path instanceof AgentPath) {
+	        	AgentPath agentPath = (AgentPath)path;
+	        	attrs.add(new LDAPAttribute("objectclass","cristalagent"));
+
+	        	String agentName = agentPath.getAgentName();
+	        	if (agentName != null && agentName.length() > 0)
+	        		attrs.add(new LDAPAttribute("uid", agentName));
+	        	else
+	        		throw new ObjectCannotBeUpdated("Cannot create agent. No userId specified", "");
+
+	        	String agentPass = agentPath.getPassword();
+	        	if (agentPass != null && agentPass.length() > 0)
+	        		try {
+	        			attrs.add(new LDAPAttribute("userPassword", AgentPath.generateUserPassword(agentPass, "SHA")));
+	        		} catch (NoSuchAlgorithmException ex) {
+	        			throw new ObjectCannotBeUpdated("Cryptographic libraries for password hashing not found.", "");
+	        		}
+	        	else
+	        		throw new ObjectCannotBeUpdated("Cannot create agent. No password given", "");
+	        }
+	        else {
+	        	attrs.add(new LDAPAttribute("objectclass","cristalentity"));
+	        }
+		}
+
+        return attrs;
+
+	}
+	
+	 //NOTE: A role must have at LEAST 1 userDN, cannot be empty...
+    //Creates a cristalRole
+    //CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
+    @Override
+	public RolePath createRole(String roleName, boolean jobList)
+        throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
+    {
+
+        // create the role
+    	RolePath rolePath = new RolePath(roleName, jobList);
+    	String roleDN = getFullDN(rolePath);
+        LDAPEntry roleNode;
+        try
+        {
+        	roleNode = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(rolePath));
+            throw new ObjectAlreadyExistsException();
+        } catch (ObjectNotFoundException ex) { }
+
+        //create CristalRole if it does not exist
+        roleNode = new LDAPEntry(roleDN, createAttributeSet(rolePath));
+        try {
+            LDAPLookupUtils.addEntry(mLDAPAuth.getAuthObject(),roleNode);
+        } catch (LDAPException e) {
+            throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
+        }
+        return rolePath;
+
+
+    }
+    public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
+        try {
+            LDAPLookupUtils.delete(mLDAPAuth.getAuthObject(), getFullDN(role));
+        } catch (LDAPException ex) {
+            throw new ObjectCannotBeUpdated("Could not remove role");
+        }
+    }
+
+    @Override
+	public void addRole(AgentPath agent, RolePath role)
+            throws ObjectCannotBeUpdated, ObjectNotFoundException
+    {
+        LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(role));
+        //add memberDN to uniqueMember if it is not yet a member
+        if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", getFullDN(agent)))
+            LDAPLookupUtils.addAttributeValue(mLDAPAuth.getAuthObject(), roleEntry, "uniqueMember", getFullDN(agent));
+        else
+            throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
+    }
+
+    @Override
+	public void removeRole(AgentPath agent, RolePath role)
+        throws ObjectCannotBeUpdated, ObjectNotFoundException
+    {
+    	LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(role));
+    	if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", getFullDN(agent)))
+   			LDAPLookupUtils.removeAttributeValue(mLDAPAuth.getAuthObject(), roleEntry, "uniqueMember", getFullDN(agent));
+    	else
+    		throw new ObjectCannotBeUpdated("Agent did not have that role");
+    }
+
+    @Override
+	public boolean hasRole(AgentPath agent, RolePath role) {
+        String filter = "(&(objectclass=cristalrole)(uniqueMember="+getFullDN(agent)+")(cn="+role.getName()+"))";
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+        return search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons).hasNext();
+    }
+
+    @Override
+	public AgentPath[] getAgents(RolePath role)
+        throws ObjectNotFoundException
+    {
+    	//get the roleDN entry, and its uniqueMember entry pointing to
+    	LDAPEntry roleEntry;
+        try {
+            roleEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(role));
+        } catch (ObjectNotFoundException e) {
+            throw new ObjectNotFoundException("Role does not exist", "");
+        }
+
+    	String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
+    	ArrayList<AgentPath> agents = new ArrayList<AgentPath>();
+    	for (String userDN : res) {
+    		try {
+    			LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), userDN);
+    		    AgentPath path = (AgentPath)nodeToPath(userEntry);
+                agents.add(path);
+    		} catch (ObjectNotFoundException ex) {
+                Logger.error("Agent "+userDN+" does not exist");
+    		} catch (InvalidItemPathException ex) {
+                Logger.error("Agent "+userDN+" is not a valid entity");
+    		}
+    	}
+        AgentPath[] usersList = new AgentPath[0];
+        usersList = agents.toArray(usersList);
+    	return usersList;
+    }
+
+    //returns the role/s of a user
+    @Override
+	public RolePath[] getRoles(AgentPath agentPath)
+    {
+    	//search the mDomainPath tree uniqueMember=userDN
+    	//filter = objectclass=cristalrole AND uniqueMember=userDN
+        String filter = "(&(objectclass=cristalrole)(uniqueMember="+getFullDN(agentPath)+"))";
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+    	Iterator<?> roles = search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+        ArrayList<RolePath> roleList = new ArrayList<RolePath>();
+
+    	while(roles.hasNext())
+    	{
+            RolePath path = (RolePath) roles.next();
+   			roleList.add(path);
+    	}
+        RolePath[] roleArr = new RolePath[roleList.size()];
+        roleArr = roleList.toArray(roleArr);
+        return roleArr;
+    }
+
+    /**
+     * Utility for looking up a login name
+     *
+     * @param ld
+     * @param agentName
+     * @param baseDN
+     * @return
+     * @throws ObjectNotFoundException
+     */
+    @Override
+	public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
+    {
+        //search to get the userDN equivalent of the userID
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+        String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";
+        Iterator<Path> res = search(mItemTypeRoot,LDAPConnection.SCOPE_SUB,filter,searchCons);
+        if (!res.hasNext())
+            throw new ObjectNotFoundException("Agent not found: "+agentName, "");
+        Path result = res.next();
+        if (result instanceof AgentPath)
+            return (AgentPath)result;
+        else
+            throw new ObjectNotFoundException("Entry was not an Agent");
+    }
+
+    @Override
+	public RolePath getRolePath(String roleName) throws ObjectNotFoundException
+    {
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+        String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";
+		Iterator<Path> res = search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+		if (!res.hasNext())
+            throw new ObjectNotFoundException("Role not found");
+        Path result = res.next();
+        if (result instanceof RolePath)
+            return (RolePath)result;
+        else
+            throw new ObjectNotFoundException("Entry was not a Role");
+    }
+
+	@Override
+	public void setHasJobList(RolePath role, boolean hasJobList) throws ObjectNotFoundException, ObjectCannotBeUpdated {
+		// get entry
+		LDAPEntry roleEntry;
+        try {
+            roleEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(role));
+        } catch (ObjectNotFoundException e) {
+            throw new ObjectNotFoundException("Role does not exist", "");
+        }
+		// set attribute
+        LDAPLookupUtils.setAttributeValue(mLDAPAuth.getAuthObject(), roleEntry, "jobList", hasJobList?"TRUE":"FALSE");
+	}
+	
+	@Override
+	public void setAgentPassword(AgentPath agent, String newPassword) throws ObjectNotFoundException, ObjectCannotBeUpdated, NoSuchAlgorithmException {
+		String encPasswd = AgentPath.generateUserPassword(newPassword, "SHA");
+		LDAPEntry agentEntry;
+        try {
+        	agentEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(agent));
+        } catch (ObjectNotFoundException e) {
+            throw new ObjectNotFoundException("Agent "+agent.getAgentName()+" does not exist", "");
+        }
+		LDAPLookupUtils.setAttributeValue(mLDAPAuth.getAuthObject(), agentEntry, "userPassword", encPasswd);
+		
+	}
+
+	@Override
+	public String getAgentName(AgentPath agentPath)
+			throws ObjectNotFoundException {
+        LDAPEntry agentEntry = LDAPLookupUtils.getEntry(mLDAPAuth.getAuthObject(), getFullDN(agentPath));
+        return LDAPLookupUtils.getFirstAttributeValue(agentEntry,"uid");
+	}
+
+}
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPLookupUtils.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPLookupUtils.java
new file mode 100644
index 0000000..e1c8ac4
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPLookupUtils.java
@@ -0,0 +1,365 @@
+/*
+ * Lookup helper class.
+ */
+
+package com.c2kernel.lookup.ldap;
+
+//import netscape.ldap.*;
+//import netscape.ldap.util.*;
+import com.c2kernel.common.ObjectAlreadyExistsException;
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPAttribute;
+import com.novell.ldap.LDAPAttributeSet;
+import com.novell.ldap.LDAPConnection;
+import com.novell.ldap.LDAPDN;
+import com.novell.ldap.LDAPEntry;
+import com.novell.ldap.LDAPException;
+import com.novell.ldap.LDAPModification;
+import com.novell.ldap.LDAPSearchConstraints;
+import com.novell.ldap.LDAPSearchResults;
+
+/**
+ * @version $Revision: 1.74 $ $Date: 2006/03/03 13:52:21 $
+ * @author  $Author: abranson $
+ */
+
+final public class LDAPLookupUtils
+{
+    static final char[] META_CHARS = {'+', '=', '"', ',', '<', '>', ';', '/'};
+    static final String[] META_ESCAPED = {"2B", "3D", "22", "2C", "3C", "3E", "3B", "2F"};
+    static public LDAPEntry getEntry(LDAPConnection ld, String dn,int dereference)
+        throws ObjectNotFoundException
+    {
+        try {
+			LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+	        searchCons.setBatchSize(0);
+    	    searchCons.setDereference(dereference);
+            LDAPEntry thisEntry = ld.read(dn,searchCons);
+            if (thisEntry != null) return thisEntry;
+        } catch (LDAPException ex) {
+            throw new ObjectNotFoundException("LDAP Exception for dn:"+dn+": \n"+ex.getMessage(), "");
+        }
+        throw new ObjectNotFoundException(dn+" does not exist", "");
+
+    }
+    
+
+    /**
+     * Utility method to connect to an LDAP server
+     * @param lp LDAP properties to connect with
+     * @return a novell LDAPConnection object
+     * @throws LDAPException when the connection was unsuccessful
+     */
+    public static LDAPConnection createConnection(LDAPProperties lp) throws LDAPException {
+        LDAPConnection ld = new LDAPConnection();
+
+        Logger.msg(3, "LDAPLookup - connecting to " + lp.mHost);
+        ld.connect(lp.mHost, Integer.valueOf(lp.mPort).intValue());
+
+        Logger.msg(3, "LDAPLookup - authenticating user:" + lp.mUser);
+        ld.bind( LDAPConnection.LDAP_V3, lp.mUser,
+                 String.valueOf(lp.mPassword).getBytes());
+
+        Logger.msg(3, "LDAPLookup - authentication successful");
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setMaxResults(0);
+        ld.setConstraints(searchCons);
+
+        return ld;
+    }
+
+    //Given a DN, return an LDAP Entry
+    static public LDAPEntry getEntry(LDAPConnection ld, String dn)
+        throws ObjectNotFoundException
+    {
+        return getEntry(ld, dn, LDAPSearchConstraints.DEREF_NEVER);
+    }
+
+    static public String getFirstAttributeValue(LDAPEntry anEntry, String attribute) throws ObjectNotFoundException
+    {
+        LDAPAttribute attr = anEntry.getAttribute(attribute);
+        if (attr==null)
+            throw new ObjectNotFoundException("No attributes named '"+attribute+"'", "");
+        return (String)attr.getStringValues().nextElement();
+    }
+
+    static public String[] getAllAttributeValues(LDAPEntry anEntry, String attribute) throws ObjectNotFoundException
+    {
+        LDAPAttribute attr = anEntry.getAttribute(attribute);
+        if (attr!=null)
+            return attr.getStringValueArray();
+
+        throw new ObjectNotFoundException("No attributes named '"+attribute+"'", "");
+
+    }
+
+    static public boolean existsAttributeValue(LDAPEntry anEntry, String attribute, String value)
+    {
+        LDAPAttribute attr = anEntry.getAttribute(attribute);
+        if (attr!=null)
+        {
+            String[] attrValues = new String[attr.size()];
+            attrValues = attr.getStringValueArray();
+            for (int i=0;i<attr.size();i++)
+                if (attrValues[i].equalsIgnoreCase(value))
+                    return true;
+        }
+        return false;
+    }
+	static public boolean hasOneAttributeValue(LDAPEntry anEntry, String attribute) throws ObjectNotFoundException
+	{
+		int j =0;
+		LDAPAttribute attr = anEntry.getAttribute(attribute);
+		if (attr==null)
+            throw new ObjectNotFoundException("No attributes named '"+attribute+"'", "");
+		j=attr.size();
+		return j==1;
+	}
+
+	//this is for a single-valued attribute
+    static public void setAttributeValue(LDAPConnection ld, LDAPEntry anEntry, String attribute, String newValue)
+    throws ObjectNotFoundException, ObjectCannotBeUpdated
+    {
+        try {
+            if (!hasOneAttributeValue(anEntry, attribute))
+                throw new ObjectCannotBeUpdated("Attribute "+attribute + " of entry " + anEntry.getDN()+" has more than one value", "");
+        } catch (ObjectNotFoundException ex) {
+            addAttributeValue(ld, anEntry, attribute, newValue);
+        }
+        try
+        {
+       		ld.modify(anEntry.getDN(),new LDAPModification(LDAPModification.REPLACE,new LDAPAttribute(attribute,newValue)));
+        }
+        catch (LDAPException ex)
+        {
+            Logger.error(ex);
+            throw new ObjectCannotBeUpdated("Attribute " + attribute + " of entry " + anEntry.getDN() + " could not be modified", "");
+        }
+    }
+
+
+	//this is for a multi-valued attribute eg uniqueMember
+    static public void addAttributeValue(LDAPConnection ld, LDAPEntry anEntry, String attribute, String value)
+    throws ObjectCannotBeUpdated
+    {
+        try
+        {
+            ld.modify(anEntry.getDN(),new LDAPModification(LDAPModification.ADD, new LDAPAttribute(attribute,value)));
+        }
+        catch (LDAPException ex)
+        {
+            Logger.error(ex);
+            throw new ObjectCannotBeUpdated("Attribute " + attribute + " of entry " + anEntry.getDN() + " could not be added.", "");
+        }
+    }
+
+    //this is for a multi-valued attribute eg uniqueMember
+    static public void removeAttributeValue(LDAPConnection ld, LDAPEntry anEntry, String attribute, String value)
+    throws ObjectCannotBeUpdated
+    {
+            try
+            {
+       			ld.modify(anEntry.getDN(),new LDAPModification(LDAPModification.DELETE,new LDAPAttribute(attribute,value)));
+			}
+            catch (LDAPException ex)
+            {
+                Logger.error(ex);
+                throw new ObjectCannotBeUpdated("Attribute " + attribute + " of entry " + anEntry.getDN() + " could not be deleted", "");
+            }
+    }
+
+    static public boolean exists(LDAPConnection ld, String name)
+    {
+        try {
+            String[] attr = { LDAPConnection.NO_ATTRS };
+            LDAPEntry anEntry=ld.read(name,attr);
+            if (anEntry!=null)
+                return true;
+        } catch (LDAPException ex)
+        {
+            Logger.debug(9, "LDAPLookupUtils.exists("+name+": "+ex.getMessage());
+            return false;
+        }
+        return false;
+    }
+
+    static public void addEntry(LDAPConnection ld,LDAPEntry myEntry)
+    throws ObjectAlreadyExistsException, LDAPException
+    {
+        try
+        {
+            ld.add( myEntry );
+        }
+        catch( LDAPException ex ) {
+            if (ex.getResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)
+                throw new ObjectAlreadyExistsException("Entry already present." + myEntry.getDN(), "");
+            throw ex;
+        }
+    }
+
+    static public boolean hasChildren(LDAPConnection ld, String dn, String filter)
+    {
+        String[] attr = { LDAPConnection.NO_ATTRS };
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
+
+        try
+        {
+            LDAPSearchResults res = ld.search(dn,LDAPConnection.SCOPE_ONE,filter,attr,false,searchCons);
+            if (res.hasMore())
+                return true;
+        }
+        catch (LDAPException ex)
+        {
+            Logger.error(ex);
+        }
+        return false;
+    }
+
+    //returns list of dns
+    static public String[] getChildrenDNs(LDAPConnection ld, String dn, String filter)
+    {
+        String[] result = null;
+        String[] attr = { LDAPConnection.NO_ATTRS };
+        LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+        searchCons.setBatchSize(0);
+        searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER);
+
+        try
+        {
+            LDAPSearchResults res = ld.search(dn,LDAPConnection.SCOPE_ONE,filter,attr,false,searchCons);
+            result = new String[res.getCount()];
+            int i=0;
+            while (res.hasMore())
+            {
+                LDAPEntry findEntry=res.next();
+                if (findEntry!=null)
+                {
+                    result[i++] = new String(findEntry.getDN());
+                }
+            }
+        }
+        catch (Exception ex)
+        {
+            Logger.error(ex);
+        }
+        return result;
+    }
+
+    static public void delete(LDAPConnection ld, String dn)
+    throws LDAPException
+    {
+        try
+        {
+            Logger.msg(7, "LDAPLookupUtils.delete() - "+dn);
+            ld.delete(dn);
+        }
+        catch (LDAPException ex)
+        {
+            Logger.error("LDAPLookupUtils.remove() - Cannot remove "+dn+": " + ex.getMessage());
+            throw ex;
+        }
+    }
+
+    //param dn is the DN of the name
+    //param name is the name of the node (also the RDN)
+    //example: cn=lab27,o=cern.ch  lab27
+    //example: cn=product, cn=domain, cn=lab27, cn= cristal2, o=cern.ch  product
+    static public void createCristalContext(LDAPConnection ld, String dn)
+    {
+    	if (LDAPLookupUtils.exists(ld,dn))
+    		return;
+        try
+        {
+            String name = LDAPDN.explodeDN(dn,true)[0];
+            LDAPAttributeSet attrs = new LDAPAttributeSet();
+            attrs.add(new LDAPAttribute("cn",name));
+            String objectclass_values[] = new String[1];
+            objectclass_values[0] = "cristalcontext";
+            if (name.equals("last"))
+            	attrs.add(new LDAPAttribute("intsyskey", "0"));
+
+    		attrs.add(new LDAPAttribute("objectclass",objectclass_values));
+
+            LDAPLookupUtils.addEntry(ld,new LDAPEntry(dn,attrs));
+        }
+        catch (Exception ex)
+        {
+            Logger.error("LDAPLookupUtils.createCristalContext() " + ex.toString());
+        }
+    }
+
+    static public void createOrganizationContext(LDAPConnection ld, String dn)
+    {
+    	if (LDAPLookupUtils.exists(ld,dn))
+    		return;
+
+        try
+        {
+            String name = LDAPDN.explodeDN(dn,true)[0];
+            LDAPAttributeSet attrs = new LDAPAttributeSet();
+            //No idea why this worked, or why it suddenly stopped working when we moved to maven
+            //attrs.add(new LDAPAttribute("objectclass","top"));
+            attrs.add(new LDAPAttribute("objectclass","organization"));
+            attrs.add(new LDAPAttribute("o",name));
+            LDAPLookupUtils.addEntry(ld,new LDAPEntry(dn,attrs));
+        }
+        catch (Exception ex)
+        {
+            Logger.msg(ex.toString());
+        }
+    }
+    
+    public static String escapeDN (String name) {
+        //From RFC 2253 and the / character for JNDI
+        if (name == null) return null;
+        String escapedStr = new String(name);
+
+        //Backslash is both a Java and an LDAP escape character, so escape it first
+        escapedStr = escapedStr.replaceAll("\\\\","\\\\");
+
+        //Positional characters - see RFC 2253
+        escapedStr = escapedStr.replaceAll("^#","\\\\23");  // TODO: active directory requires hash to be escaped everywhere
+        escapedStr = escapedStr.replaceAll("^ | $","\\\\20");
+
+        for (int i=0; i<META_CHARS.length; i++) {
+            escapedStr = escapedStr.replaceAll("\\"+META_CHARS[i],"\\\\"+ META_ESCAPED[i]);
+        }
+        if (!name.equals(escapedStr)) Logger.msg(3, "LDAP DN "+name+" escaped to "+escapedStr);
+        return escapedStr;
+    }
+    
+    public static String unescapeDN (String dn) {
+        //From RFC 2253 and the / character for JNDI
+        String unescapedStr = new String(dn);
+
+        //Positional characters - see RFC 2253
+        unescapedStr = unescapedStr.replaceAll("^\\\\23", "#");  // TODO: active directory requires hash to be escaped everywhere
+        unescapedStr = unescapedStr.replaceAll("^\\\\20|\\\\20$", " ");
+
+        for (int i=0; i<META_CHARS.length; i++) {
+        	unescapedStr = unescapedStr.replaceAll("\\\\" + META_ESCAPED[i], ""+META_CHARS[i]);
+        }
+
+        //Any remaining escaped backslashes
+        unescapedStr = unescapedStr.replaceAll("\\\\","\\");
+        
+        if (!dn.equals(unescapedStr)) Logger.msg(3, "LDAP DN "+dn+" unescaped to "+unescapedStr);
+        return unescapedStr;
+    }
+
+    public static String escapeSearchFilter (String filter) {
+        //From RFC 2254
+        String escapedStr = new String(filter);
+
+        escapedStr = escapedStr.replaceAll("\\\\","\\\\5c");
+        //escapedStr = escapedStr.replaceAll("\\*","\\\\2a"); // we need stars for searching
+        escapedStr = escapedStr.replaceAll("\\(","\\\\28");
+        escapedStr = escapedStr.replaceAll("\\)","\\\\29");
+        if (!filter.equals(escapedStr)) Logger.msg(3, "LDAP Search Filter "+filter+" escaped to "+escapedStr);
+        return escapedStr;
+    }
+}
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPNextKeyManager.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPNextKeyManager.java
new file mode 100644
index 0000000..4db8a49
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPNextKeyManager.java
@@ -0,0 +1,92 @@
+package com.c2kernel.lookup.ldap;
+
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.lookup.AgentPath;
+import com.c2kernel.lookup.InvalidItemPathException;
+import com.c2kernel.lookup.ItemPath;
+import com.c2kernel.persistency.ClusterStorageException;
+import com.c2kernel.persistency.NextKeyManager;
+import com.c2kernel.process.Gateway;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPEntry;
+
+/**************************************************************************
+ *
+ * $Revision: 1.2 $
+ * $Date: 2005/04/27 13:47:24 $
+ *
+ * Copyright (C) 2003 CERN - European Organization for Nuclear Research
+ * All rights reserved.
+ **************************************************************************/
+
+//    public static final String codeRevision = "$Revision: 1.2 $ $Date: 2005/04/27 13:47:24 $ $Author: abranson $";
+public class LDAPNextKeyManager implements NextKeyManager {
+
+    LDAPAuthManager ldap;
+    String lastKeyPath;
+
+    public LDAPNextKeyManager(LDAPAuthManager ldap, String lastKeyPath) {
+        super();
+        this.ldap = ldap;
+        this.lastKeyPath = lastKeyPath;
+    }
+
+    @Override
+	public synchronized ItemPath generateNextEntityKey()
+    throws ObjectCannotBeUpdated, ObjectNotFoundException
+    {
+        ItemPath lastKey = getLastEntityPath();
+
+        try {
+            lastKey.setSysKey(lastKey.getSysKey()+1);
+        } catch (InvalidItemPathException ex) {
+            throw new ObjectCannotBeUpdated("Invalid syskey "+(lastKey.getSysKey()+1)+". Maybe centre is full.");
+        }
+        //test that storage is empty for that key
+        try {
+			if (Gateway.getStorage().getClusterContents(lastKey.getSysKey(), "").length > 0)
+				throw new ObjectCannotBeUpdated("NextKeyManager: Storage already contains data for syskey "+lastKey.getSysKey()+
+						". Storage is out of sync with nextkey. Please contact an administrator", "");
+		} catch (ClusterStorageException e) {
+			Logger.error(e);
+			throw new ObjectCannotBeUpdated("Could not check storage for prior data for the next generated systemKey: "+e.getMessage());
+		}
+        
+        //set the last key
+        writeLastEntityKey(lastKey.getSysKey());
+
+        return lastKey;
+    }
+
+    @Override
+	public synchronized AgentPath generateNextAgentKey()
+    throws ObjectCannotBeUpdated, ObjectNotFoundException {
+        ItemPath newEntity = generateNextEntityKey();
+        return new AgentPath(newEntity);
+    }
+
+    @Override
+	public void writeLastEntityKey(int sysKey) throws ObjectCannotBeUpdated, ObjectNotFoundException {
+        LDAPEntry lastKeyEntry = LDAPLookupUtils.getEntry(ldap.getAuthObject(),lastKeyPath);
+        LDAPLookupUtils.setAttributeValue(ldap.getAuthObject(), lastKeyEntry,"intsyskey",Integer.toString(sysKey));
+    }
+
+    @Override
+	public ItemPath getLastEntityPath() throws ObjectNotFoundException
+    {
+        LDAPEntry lastKeyEntry = LDAPLookupUtils.getEntry(ldap.getAuthObject(),lastKeyPath);
+        String lastKey = LDAPLookupUtils.getFirstAttributeValue(lastKeyEntry,"intsyskey");
+        try {
+            int sysKey = Integer.parseInt(lastKey);
+            ItemPath sysPath = new ItemPath(sysKey);
+            return sysPath;
+        } catch (InvalidItemPathException ex) {
+            throw new ObjectNotFoundException("Invalid syskey. Maybe centre is full.");
+        } catch (NumberFormatException ex) {
+            throw new ObjectNotFoundException("Invalid syskey in lastkey.");
+        }
+
+    }
+
+}
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPPathSet.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPPathSet.java
new file mode 100644
index 0000000..806976d
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPPathSet.java
@@ -0,0 +1,81 @@
+package com.c2kernel.lookup.ldap;
+
+import java.util.Iterator;
+
+import com.c2kernel.lookup.Path;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPEntry;
+import com.novell.ldap.LDAPException;
+import com.novell.ldap.LDAPSearchResults;
+
+/**************************************************************************
+ *
+ * $Revision: 1.6 $
+ * $Date: 2005/12/01 14:23:14 $
+ *
+ * Copyright (C) 2003 CERN - European Organization for Nuclear Research
+ * All rights reserved.
+ **************************************************************************/
+
+
+
+public class LDAPPathSet implements Iterator<Path> {
+    LDAPSearchResults results;
+    LDAPEntry nextEntry;
+    LDAPLookup ldap;
+
+    public LDAPPathSet(LDAPLookup ldap) { // empty
+    	this.ldap = ldap;
+        results = null;
+    } 
+
+    public LDAPPathSet(LDAPSearchResults results, LDAPLookup ldap) {
+    	this.ldap = ldap;
+        this.results = results;
+    }
+
+    @Override
+	public boolean hasNext() {
+        if (results == null) return false;
+        if (nextEntry != null) return true;
+        if (results.hasMore())
+        try {
+            nextEntry = results.next();
+            return true;
+        } catch (LDAPException ex) {
+        	if (ex.getResultCode()!=32) {// no results
+        		Logger.error(ex);
+        		Logger.error("Error loading LDAP result set: "+ex.getMessage());
+        	}
+        }
+        return false;
+    }
+
+    @Override
+	public Path next() {
+        if (results == null) return null;
+        try {
+            if (nextEntry == null)
+                nextEntry = results.next();
+            Path nextPath = ldap.nodeToPath(nextEntry);
+            nextEntry = null;
+            return nextPath;
+        } catch (Exception ex) {
+            Logger.error("Error loading next path");
+            Logger.error(ex);
+            nextEntry = null;
+            if (hasNext()) {
+                Logger.error("Skipping to next entry");
+                return next();
+            }
+            else
+                return null;
+        }
+    }
+
+	@Override
+	public void remove() {
+		// do nothing
+		
+	}
+}
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java
new file mode 100644
index 0000000..1e9f971
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPProperties.java
@@ -0,0 +1,38 @@
+/*
+ * Directory Lookup Service
+*/
+
+package com.c2kernel.lookup.ldap;
+
+import com.c2kernel.utils.ObjectProperties;
+
+/**
+ * @version $Revision: 1.16 $ $Date: 2005/10/12 12:51:54 $
+ * @author  $Author: abranson $
+ */
+public class LDAPProperties
+{
+    public String mGlobalPath = null;     //o=cern.ch
+    public String mRootPath = null;     //cn=cristal2
+    public String mLocalPath = null;    //cn=lab27
+    public Integer mPort = null;
+    public String mHost = null;
+    public String mUser = null;
+    public String mPassword = null;
+
+    public LDAPProperties(ObjectProperties obj)
+    {
+        mGlobalPath   = obj.getProperty( "LDAP.GlobalPath" );
+        mRootPath     = obj.getProperty( "LDAP.RootPath" );
+        mLocalPath    = obj.getProperty( "LDAP.LocalPath" );
+        mPort         = obj.getInt( "LDAP.port", 389 );
+        mHost         = obj.getProperty( "LDAP.host" );
+        mUser         = obj.getProperty( "LDAP.user" );
+        mPassword     = obj.getProperty( "LDAP.password" );
+
+        mRootPath    += "," + mGlobalPath;
+        mLocalPath   += "," + mRootPath;
+
+    }
+}
+
diff --git a/src/main/java/com/c2kernel/lookup/ldap/LDAPPropertyManager.java b/src/main/java/com/c2kernel/lookup/ldap/LDAPPropertyManager.java
new file mode 100644
index 0000000..1b6e906
--- /dev/null
+++ b/src/main/java/com/c2kernel/lookup/ldap/LDAPPropertyManager.java
@@ -0,0 +1,141 @@
+package com.c2kernel.lookup.ldap;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.lookup.ItemPath;
+import com.c2kernel.property.Property;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.LDAPAttribute;
+import com.novell.ldap.LDAPEntry;
+
+/**************************************************************************
+ *
+ * $Revision: 1.3 $
+ * $Date: 2006/03/03 13:52:21 $
+ *
+ * Copyright (C) 2003 CERN - European Organization for Nuclear Research
+ * All rights reserved.
+ **************************************************************************/
+
+public class LDAPPropertyManager {
+    /**
+     *
+     */
+    protected LDAPLookup ldap;
+    private final LDAPAuthManager auth;
+
+    public LDAPPropertyManager(LDAPLookup ldap, LDAPAuthManager auth) {
+        super();
+        this.ldap = ldap;
+        this.auth = auth;
+    }
+
+    /**
+     * @param thisItem - EntityPath of the subject entity
+     * @return
+     * @throws ObjectNotFoundException
+     */
+    public boolean hasProperties(ItemPath thisItem) throws ObjectNotFoundException {
+    	LDAPEntry entityEntry = LDAPLookupUtils.getEntry(auth.getAuthObject(), ldap.getFullDN(thisItem));
+    	return entityEntry.getAttribute("cristalprop") != null;
+    }
+
+    /**
+     * @param thisItem - EntityPath of the subject entity
+     * @return array of Property
+     * @throws ObjectNotFoundException
+     */
+    public String[] getPropertyNames(ItemPath thisItem) throws ObjectNotFoundException {
+        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(auth.getAuthObject(), ldap.getFullDN(thisItem));
+        ArrayList<String> propbag = new ArrayList<String>();
+        LDAPAttribute props = entityEntry.getAttribute("cristalprop");
+        for (Enumeration<?> e = props.getStringValues(); e.hasMoreElements();) {
+            String thisProp = (String)e.nextElement();
+            String thisName = thisProp.substring(0, thisProp.indexOf(':'));
+            if (thisName.startsWith("!") && thisName.length()>1) thisName = thisName.substring(1);
+            propbag.add(thisName);
+        }
+
+        String[] retArr = new String[props.size()];
+        return propbag.toArray(retArr);
+    }
+
+    /**
+     * @param thisItem - EntityPath of the subject entity
+     * @param propName - the name of the property to retrieve
+     * @return The Property object
+     * @throws ObjectNotFoundException
+     */
+    public Property getProperty(ItemPath thisItem, String name) throws ObjectNotFoundException {
+        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(auth.getAuthObject(), ldap.getFullDN(thisItem));
+        return getProperty(entityEntry, name);
+    }
+
+    /**
+     * @param thisItem - EntityPath of the subject entity
+     * @param name - the property name to delete
+     * @throws ObjectNotFoundException
+     * @throws ObjectCannotBeUpdated
+     */
+    public void deleteProperty(ItemPath thisItem, String name) throws ObjectNotFoundException, ObjectCannotBeUpdated {
+        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(auth.getAuthObject(), ldap.getFullDN(thisItem));
+        Property prop = getProperty(entityEntry, name);
+        Logger.msg(6, "LDAPLookupUtils.deleteProperty("+name+") - Deleting property");
+        LDAPLookupUtils.removeAttributeValue(auth.getAuthObject(), entityEntry, "cristalprop", getPropertyAttrValue(prop));
+    }
+    
+    private static String getPropertyAttrValue(Property prop) {
+    	return (prop.isMutable()?"":"!")+prop.getName()+":"+prop.getValue();
+    }
+
+    /**
+     * @param thisItem - EntityPath of the subject entity
+     * @param prop - the property to store
+     * @throws ObjectNotFoundException
+     * @throws ObjectCannotBeUpdated
+     */
+    public void setProperty(ItemPath thisItem, Property prop) throws ObjectNotFoundException, ObjectCannotBeUpdated {
+        LDAPEntry entityEntry = LDAPLookupUtils.getEntry(auth.getAuthObject(), ldap.getFullDN(thisItem));
+        try {
+        	Property oldProp = getProperty(entityEntry, prop.getName());
+            Logger.msg(6, "LDAPLookupUtils.setProperty("+prop.getName()+") - Removing old value '"+oldProp.getValue()+"'");
+            LDAPLookupUtils.removeAttributeValue(auth.getAuthObject(), entityEntry, "cristalprop", getPropertyAttrValue(oldProp));
+        } catch (ObjectNotFoundException ex) {
+            Logger.msg(6, "LDAPLookupUtils.setProperty("+prop.getName()+") - creating new property.");
+        }
+        Logger.msg(6, "LDAPLookupUtils.setProperty("+prop.getName()+") - setting to '"+prop.getValue()+"'");
+        LDAPLookupUtils.addAttributeValue(auth.getAuthObject(), entityEntry, "cristalprop", getPropertyAttrValue(prop));
+    }
+
+    public static Property getProperty(LDAPEntry myEntry, String propName) throws ObjectNotFoundException {
+        // delete existing props
+        LDAPAttribute props = myEntry.getAttribute("cristalprop");
+        if (props == null)
+            throw new ObjectNotFoundException("Property "+propName+" does not exist", "");
+        String propPrefix = propName+":";
+        String roPropPrefix = "!"+propPrefix;
+        String val = null, name = null; boolean mutable = false;
+        for (Enumeration<?> e = props.getStringValues(); name==null && e.hasMoreElements();) {
+            String attrVal = (String)e.nextElement();
+            if (attrVal.toLowerCase().startsWith(propPrefix.toLowerCase())) {
+            	name = attrVal.substring(0, propPrefix.length()-1);
+                val = attrVal.substring(propPrefix.length());
+                mutable = true; break;
+            }
+            
+            if (attrVal.toLowerCase().startsWith(roPropPrefix.toLowerCase())) {
+            	name = attrVal.substring(1, roPropPrefix.length()-1);
+                val = attrVal.substring(roPropPrefix.length());
+                mutable = false; break;
+            }
+        }
+        if (name == null) 
+        	throw new ObjectNotFoundException("Property "+propName+" does not exist", "");
+        Logger.msg(6, "Loaded "+(mutable?"":"Non-")+"Mutable Property: "+name+"="+val);
+        return new Property(name, val, mutable);
+    }
+
+}
diff --git a/src/main/java/com/c2kernel/persistency/LDAPClusterStorage.java b/src/main/java/com/c2kernel/persistency/LDAPClusterStorage.java
index 2c10bbf..cc65805 100644
--- a/src/main/java/com/c2kernel/persistency/LDAPClusterStorage.java
+++ b/src/main/java/com/c2kernel/persistency/LDAPClusterStorage.java
@@ -4,9 +4,11 @@ import java.util.StringTokenizer;
 
 import com.c2kernel.common.ObjectNotFoundException;
 import com.c2kernel.entity.C2KLocalObject;
-import com.c2kernel.lookup.ItemPath;
 import com.c2kernel.lookup.InvalidItemPathException;
-import com.c2kernel.lookup.LDAPPropertyManager;
+import com.c2kernel.lookup.ItemPath;
+import com.c2kernel.lookup.Lookup;
+import com.c2kernel.lookup.ldap.LDAPLookup;
+import com.c2kernel.lookup.ldap.LDAPPropertyManager;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.property.Property;
 import com.c2kernel.utils.Logger;
@@ -16,7 +18,11 @@ public class LDAPClusterStorage extends ClusterStorage {
 
     @Override
 	public void open() throws ClusterStorageException {
-	    ldapStore = Gateway.getLDAPLookup().getPropManager();
+    	Lookup lookup = Gateway.getLookup();
+    	if (lookup instanceof LDAPLookup)
+    		ldapStore = ((LDAPLookup)lookup).getPropManager();
+    	else
+    		throw new ClusterStorageException("Cannot use LDAP cluster storage without LDAP Lookup");
 
     }
 
diff --git a/src/main/java/com/c2kernel/persistency/NextKeyManager.java b/src/main/java/com/c2kernel/persistency/NextKeyManager.java
new file mode 100644
index 0000000..e0d0013
--- /dev/null
+++ b/src/main/java/com/c2kernel/persistency/NextKeyManager.java
@@ -0,0 +1,19 @@
+package com.c2kernel.persistency;
+
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.lookup.AgentPath;
+import com.c2kernel.lookup.ItemPath;
+
+public interface NextKeyManager {
+
+	public ItemPath generateNextEntityKey()
+		    throws ObjectCannotBeUpdated, ObjectNotFoundException;
+	
+	public AgentPath generateNextAgentKey()
+		    throws ObjectCannotBeUpdated, ObjectNotFoundException;
+	
+	public void writeLastEntityKey(int sysKey) throws ObjectCannotBeUpdated, ObjectNotFoundException;
+	
+	public ItemPath getLastEntityPath() throws ObjectNotFoundException;
+}
diff --git a/src/main/java/com/c2kernel/persistency/ProxyLoader.java b/src/main/java/com/c2kernel/persistency/ProxyLoader.java
index 9c14df5..fe48966 100644
--- a/src/main/java/com/c2kernel/persistency/ProxyLoader.java
+++ b/src/main/java/com/c2kernel/persistency/ProxyLoader.java
@@ -8,7 +8,7 @@ import com.c2kernel.entity.C2KLocalObject;
 import com.c2kernel.entity.Item;
 import com.c2kernel.entity.ItemHelper;
 import com.c2kernel.lookup.ItemPath;
-import com.c2kernel.lookup.LDAPLookup;
+import com.c2kernel.lookup.Lookup;
 import com.c2kernel.persistency.outcome.Outcome;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
@@ -19,11 +19,11 @@ import com.c2kernel.utils.Logger;
 
 public class ProxyLoader extends ClusterStorage {
     HashMap<Integer, Item> entities = new HashMap<Integer, Item>();
-    LDAPLookup lookup;
+    Lookup lookup;
 
     @Override
 	public void open() throws ClusterStorageException {
-        lookup = Gateway.getLDAPLookup();
+        lookup = Gateway.getLookup();
     }
 
     @Override
@@ -113,7 +113,7 @@ public class ProxyLoader extends ClusterStorage {
 
         try {
             Logger.msg(7, "ProxyLoader.getIOR() - Resolving "+sysKey+".");
-            org.omg.CORBA.Object ior = lookup.getIOR(new ItemPath(sysKey.intValue()));
+            org.omg.CORBA.Object ior = lookup.resolve(new ItemPath(sysKey.intValue()));
 
             Item thisItem = null;
             try {
diff --git a/src/main/java/com/c2kernel/process/Bootstrap.java b/src/main/java/com/c2kernel/process/Bootstrap.java
index f273c5d..bcc5e68 100644
--- a/src/main/java/com/c2kernel/process/Bootstrap.java
+++ b/src/main/java/com/c2kernel/process/Bootstrap.java
@@ -1,8 +1,8 @@
 package com.c2kernel.process;
 
 import java.net.InetAddress;
-import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.Set;
 import java.util.StringTokenizer;
 
@@ -10,6 +10,7 @@ import org.custommonkey.xmlunit.Diff;
 import org.custommonkey.xmlunit.XMLUnit;
 
 import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.entity.proxy.AgentProxy;
 import com.c2kernel.entity.proxy.ItemProxy;
 import com.c2kernel.events.Event;
 import com.c2kernel.events.History;
@@ -22,7 +23,7 @@ import com.c2kernel.lifecycle.instance.stateMachine.Transition;
 import com.c2kernel.lookup.AgentPath;
 import com.c2kernel.lookup.DomainPath;
 import com.c2kernel.lookup.ItemPath;
-import com.c2kernel.lookup.LDAPLookup;
+import com.c2kernel.lookup.Lookup;
 import com.c2kernel.lookup.Path;
 import com.c2kernel.lookup.RolePath;
 import com.c2kernel.persistency.ClusterStorage;
@@ -47,6 +48,7 @@ public class Bootstrap
 {
     static DomainPath thisServerPath;
     static HashMap<String, ResourceImportHandler> resHandlerCache = new HashMap<String, ResourceImportHandler>();
+    static HashMap<String, AgentProxy> systemAgents = new HashMap<String, AgentProxy>();
 
 	/**
 	 * Run everything without timing-out the service wrapper
@@ -71,7 +73,7 @@ public class Bootstrap
 					Logger.msg("Bootstrap.run() - Initialising Server Item Workflow");
 					initServerItemWf();
 					
-		            // register modules
+					Gateway.getModuleManager().setUser(systemAgents.get("system"));
 		            Gateway.getModuleManager().registerModules();
 
 					Logger.msg("Bootstrap.run() - Bootstrapping complete");
@@ -120,13 +122,13 @@ public class Bootstrap
             // Find or create Item for Resource
     	 	DomainPath modDomPath = typeImpHandler.getPath(itemName, ns);
             ItemProxy thisProxy;
-            Enumeration<Path> en = Gateway.getLDAPLookup().search(typeImpHandler.getTypeRoot(), itemName);
-            if (!en.hasMoreElements()) {
+            Iterator<Path> en = Gateway.getLookup().search(typeImpHandler.getTypeRoot(), itemName);
+            if (!en.hasNext()) {
                 Logger.msg("Bootstrap.verifyResource() - "+typeImpHandler.getName()+" "+itemName+" not found. Creating new.");
                 thisProxy = createResourceItem(typeImpHandler, itemName, layer, ns);
             }
             else {
-                DomainPath path = (DomainPath)en.nextElement();
+                DomainPath path = (DomainPath)en.next();
                 thisProxy = Gateway.getProxyManager().getProxy(path);
 
 	            // Verify module property and location
@@ -160,8 +162,8 @@ public class Bootstrap
 	            	Logger.msg("Module item "+itemName+" found with path "+path.toString()+". Moving to "+modDomPath.toString());
 	            	modDomPath.setEntity(new ItemPath(thisProxy.getSystemKey()));
 	            	if (!modDomPath.exists())
-	            		Gateway.getLDAPLookup().add(modDomPath);
-	            	Gateway.getLDAPLookup().delete(path);
+	            		Gateway.getLookup().add(modDomPath);
+	            	Gateway.getLookup().delete(path);
 	            }
             }
             
@@ -261,12 +263,12 @@ public class Bootstrap
         	}
 
 
-        ItemPath entityPath = Gateway.getLDAPLookup().getNextKeyManager().generateNextEntityKey();
+        ItemPath entityPath = Gateway.getNextKeyManager().generateNextEntityKey();
         Gateway.getCorbaServer().createEntity(entityPath);
-        Gateway.getLDAPLookup().add(entityPath);
+        Gateway.getLookup().add(entityPath);
         DomainPath newDomPath = impHandler.getPath(itemName, ns);
         newDomPath.setEntity(entityPath);
-        Gateway.getLDAPLookup().add(newDomPath);
+        Gateway.getLookup().add(newDomPath);
         ItemProxy newItemProxy = Gateway.getProxyManager().getProxy(entityPath);
         newItemProxy.initialise( 1, props, ca, null);
         return newItemProxy;
@@ -277,9 +279,9 @@ public class Bootstrap
      **************************************************************************/
      private static void checkAgent(String name, String pass, String role, boolean joblist) throws Exception {
          Logger.msg(1, "Bootstrap.checkAgent() - Checking for existence of '"+name+"' user.");
-         LDAPLookup lookup = Gateway.getLDAPLookup();
+         Lookup lookup = Gateway.getLookup();
          try {
-             lookup.getRoleManager().getAgentPath(name);
+             systemAgents.put(name, Gateway.getProxyManager().getAgentProxy(lookup.getAgentPath(name)));
              Logger.msg(3, "Bootstrap.checkAgent() - User '"+name+"' found.");
              return;
          } catch (ObjectNotFoundException ex) { }
@@ -287,23 +289,24 @@ public class Bootstrap
 
          RolePath rolePath;
          try {
-            rolePath = lookup.getRoleManager().getRolePath(role);
+            rolePath = lookup.getRolePath(role);
         } catch (ObjectNotFoundException ex) {
-            rolePath = lookup.getRoleManager().createRole(role, joblist);
+            rolePath = lookup.createRole(role, joblist);
         }
 
          try {
-             ItemPath entityPath = lookup.getNextKeyManager().generateNextEntityKey();
+             ItemPath entityPath = Gateway.getNextKeyManager().generateNextEntityKey();
              AgentPath agentPath = new AgentPath(entityPath.getSysKey(), name);
              agentPath.setPassword(pass);
              Gateway.getCorbaServer().createEntity(agentPath);
-             Gateway.getLDAPLookup().add(agentPath);
+             Gateway.getLookup().add(agentPath);
 
              // assign admin role
              Logger.msg("Bootstrap.checkAgent() - Assigning role '"+role+"'");
              rolePath.addAgent(agentPath);
              Gateway.getStorage().put(agentPath.getSysKey(), new Property("Name", name, true), null);
              Gateway.getStorage().put(agentPath.getSysKey(), new Property("Type", "Agent", false), null);
+             systemAgents.put(name, Gateway.getProxyManager().getAgentProxy(agentPath));
              Logger.msg("Bootstrap.checkAgent() - Done");
          } catch (Exception ex) {
              Logger.error("Unable to create "+name+" user.");
@@ -335,11 +338,11 @@ public class Bootstrap
             serverEntity = thisServerPath.getEntity();
         } catch (ObjectNotFoundException ex) {
             Logger.msg("Creating server item "+thisServerPath);
-            serverEntity = Gateway.getLDAPLookup().getNextKeyManager().generateNextEntityKey();
+            serverEntity = Gateway.getNextKeyManager().generateNextEntityKey();
             Gateway.getCorbaServer().createEntity(serverEntity);
-            Gateway.getLDAPLookup().add(serverEntity);
+            Gateway.getLookup().add(serverEntity);
             thisServerPath.setEntity(serverEntity);
-            Gateway.getLDAPLookup().add(thisServerPath);
+            Gateway.getLookup().add(thisServerPath);
         }
         Gateway.getStorage().put(serverEntity.getSysKey(), new Property("Name", serverName, false), null);
         Gateway.getStorage().put(serverEntity.getSysKey(), new Property("Type", "Server", false), null);
@@ -359,7 +362,7 @@ public class Bootstrap
         PredefinedStepContainer predef = (PredefinedStepContainer)wf.search("workflow/predefined");
         wf.getChildGraphModel().removeVertex(predef);
         wf.addChild(new ServerPredefinedStepContainer(), predef.getCentrePoint());
-        wf.initialise(thisServerPath.getSysKey(), Gateway.getLDAPLookup().getRoleManager().getAgentPath("system"));
+        wf.initialise(thisServerPath.getSysKey(), systemAgents.get("system").getPath());
         Gateway.getStorage().put(thisServerPath.getSysKey(), wf, null);
     }
 }
diff --git a/src/main/java/com/c2kernel/process/ClientShell.java b/src/main/java/com/c2kernel/process/ClientShell.java
index 6a620d8..b6afb2c 100644
--- a/src/main/java/com/c2kernel/process/ClientShell.java
+++ b/src/main/java/com/c2kernel/process/ClientShell.java
@@ -3,7 +3,7 @@ package com.c2kernel.process;
 import java.util.Scanner;
 
 import com.c2kernel.entity.proxy.AgentProxy;
-import com.c2kernel.process.auth.Authenticator;
+import com.c2kernel.process.auth.ProxyLogin;
 import com.c2kernel.scripting.Script;
 
 public class ClientShell extends StandardClient {
@@ -40,7 +40,7 @@ public class ClientShell extends StandardClient {
 		Gateway.init(readC2KArgs(args));
 		String authClassName = Gateway.getProperties().getProperty("cli.auth");
 		Class<?> authClass = Gateway.getResource().getClassForName(authClassName);
-		Authenticator auth = (Authenticator)authClass.newInstance();
+		ProxyLogin auth = (ProxyLogin)authClass.newInstance();
 		AgentProxy user = auth.authenticate(Gateway.getProperties().getProperty("Name"));
 		ClientShell shell = new ClientShell(user);
 		shell.run();
diff --git a/src/main/java/com/c2kernel/process/Gateway.java b/src/main/java/com/c2kernel/process/Gateway.java
index 01cc202..836b34b 100644
--- a/src/main/java/com/c2kernel/process/Gateway.java
+++ b/src/main/java/com/c2kernel/process/Gateway.java
@@ -16,10 +16,11 @@ import com.c2kernel.entity.proxy.AgentProxy;
 import com.c2kernel.entity.proxy.ProxyManager;
 import com.c2kernel.entity.proxy.ProxyServer;
 import com.c2kernel.lookup.AgentPath;
-import com.c2kernel.lookup.LDAPLookup;
-import com.c2kernel.lookup.LDAPProperties;
+import com.c2kernel.lookup.Lookup;
 import com.c2kernel.persistency.ClusterStorageException;
+import com.c2kernel.persistency.NextKeyManager;
 import com.c2kernel.persistency.TransactionManager;
+import com.c2kernel.process.auth.Authenticator;
 import com.c2kernel.process.module.ModuleManager;
 import com.c2kernel.process.resource.Resource;
 import com.c2kernel.process.resource.ResourceLoader;
@@ -37,7 +38,7 @@ import com.c2kernel.utils.ObjectProperties;
  *
  * Child objects:
  * <ul>
- * <li>LDAPLookup - Provides access to the CRISTAL directory. Find or
+ * <li>Lookup - Provides access to the CRISTAL directory. Find or
  * search for Items or Agents.
  * <li>EntityProxyManager - Gives a local proxy object for Entities found
  * in LDAP. Execute activities in Items, query or subscribe to Entity data.
@@ -56,13 +57,13 @@ public class Gateway
     static private ModuleManager   		mModules;
     static private org.omg.CORBA.ORB    mORB;
     static private boolean				orbDestroyed = false;
-    static private LDAPLookup           mLDAPLookup;
+    static private Lookup               mLookup;
+    static private NextKeyManager		mNextKeyManager;
     static private TransactionManager   mStorage;
     static private ProxyManager   		mProxyManager;
     static private ProxyServer			mProxyServer;
     static private CorbaServer          mCorbaServer;
     static private CastorXMLUtility		mMarshaller;
-    static private AgentProxy			mCurrentUser = null;
     static private ResourceLoader		mResource;
 
 
@@ -71,7 +72,7 @@ public class Gateway
 
     /**
      * Initialises the Gateway and all of the client objects it holds, with
-     * the exception of the LDAPLookup, which is initialised during connect()
+     * the exception of the Lookup, which is initialised during connect()
      *
      * @param props - java.util.Properties containing all application properties.
      * If null, the java system properties are used
@@ -83,7 +84,7 @@ public class Gateway
     
     /**
      * Initialises the Gateway and all of the client objects it holds, with
-     * the exception of the LDAPLookup, which is initialised during connect()
+     * the exception of the Lookup, which is initialised during connect()
      *
      * @param props - java.util.Properties containing all application properties.
      * If null, the java system properties are used
@@ -135,9 +136,6 @@ public class Gateway
             Language.isTranlated=true;
             Language.mTableOfTranslation = FileStringUtility.loadLanguageFile(languageFile);
         }
-        
-        // if client, run module startup scripts. Otherwise bootstrap will do it after all imports
-        if (!AbstractMain.runningAsWrapper) mModules.runScripts("startup");
     }
 
     /**
@@ -149,9 +147,12 @@ public class Gateway
      */
     static public void startServer() throws InvalidDataException {
         try {
-            // check top level LDAP contexts
-            mLDAPLookup.install();
+            // check top level directory contexts
+            mLookup.initializeDirectory();
 
+            // init next key manager
+            mNextKeyManager = (NextKeyManager)mC2KProps.getInstance("NextKeyManager");
+            		
             // start entity proxy server
             mProxyServer = new ProxyServer(mC2KProps.getProperty("ItemServer.name"));
 
@@ -199,140 +200,59 @@ public class Gateway
         throws InvalidDataException,
                ClusterStorageException
     {
-        LDAPProperties ldapProps = new LDAPProperties();
-
-        if( ldapProps.mHost != null && ldapProps.mPort     != null &&
-            ldapProps.mUser != null && ldapProps.mPassword != null )
-        {
-            try
-            {
-				mLDAPLookup = new LDAPLookup(ldapProps);
-            }
-            catch (Exception ex)
-            {
-                Logger.error(ex);
-                throw new InvalidDataException("Cannot authenticate. Name and/or password invalid.", "");
-            }
-        }
-        else
-        {
-            Logger.error("LDAP properties not set for server login.");
-            throw new InvalidDataException("Cannot authenticate with LDAP.", "");
-        }
-
-        setup();
-    }
-
-    /**
-     * Authenticates a user and returns and AgentProxy on them without overriding the system LDAP context.
-     * Useful for handling multiple users in one context e.g. on a web server
-     *
-     * @param agentName - username
-     * @param agentPassword - password
-     * @return AgentProxy on that user
-     * @throws InvalidDataException
-     * @throws ObjectNotFoundException
-     */
-    static public AgentProxy login(String agentName, String agentPassword) throws InvalidDataException, ObjectNotFoundException {
-        LDAPProperties ldapProps = new LDAPProperties();
-        AgentPath agentPath;
-        try {
-            agentPath = mLDAPLookup.getRoleManager().getAgentPath(agentName);
-        } catch (Exception ex) {
+    	try {
+    		Authenticator auth = (Authenticator)mC2KProps.getInstance("Authenticator");
+    		auth.authenticate("System");
+    		
+            mLookup = (Lookup)mC2KProps.getInstance("Lookup");
+            mLookup.open(auth);
+            
+            mStorage = new TransactionManager();
+            mProxyManager = new ProxyManager();
+            
+    	} catch (Exception ex) {
             Logger.error(ex);
-            throw new ObjectNotFoundException("Could not resolve agent", "");
+            throw new InvalidDataException("Cannot connect server process. Please check config.", "");
         }
-        String agentDN = agentPath.getFullDN();
-        ldapProps.mUser = agentDN;
-        ldapProps.mPassword = agentPassword;
 
-        try {
-            LDAPLookup.createConnection(ldapProps);
-            return (AgentProxy)getProxyManager().getProxy(mLDAPLookup.getRoleManager().getAgentPath(agentName));
-        } catch (Exception ex) {
-            Logger.error(ex);
-            throw new InvalidDataException("Could not log in", "");
-        }
-    }
 
+    }
 
     /**
-     * Logs into the LDAP server with the given username and password, and initialises the lookup.
+     * Logs in with the given username and password, and initialises the lookup, storage and proxy manager.
      *
      * @param agentName - username
      * @param agentPassword - password
      * @return an AgentProxy on the requested user
      * @throws InvalidDataException
+     * @throws ClusterStorageException 
+     * @throws ClassNotFoundException 
+     * @throws IllegalAccessException 
+     * @throws InstantiationException 
      */
-    static public AgentProxy connect(String agentName, String agentPassword)
-    throws InvalidDataException, ObjectNotFoundException
-    {
-
-        LDAPProperties ldapProps = new LDAPProperties();
-        if (ldapProps.mHost!=null && ldapProps.mPort!= null && ldapProps.mLocalPath!=null )
-        {
-            try {
-                ldapProps.mUser = "";
-                ldapProps.mPassword = "";
-                mLDAPLookup = new LDAPLookup(ldapProps);
-                String agentDN = mLDAPLookup.getRoleManager().getAgentPath(agentName).getFullDN();
-
-                //found agentDN, try to log in with it
-                ldapProps.mUser = agentDN;
-                ldapProps.mPassword = agentPassword;
-                mLDAPLookup = new LDAPLookup(ldapProps);
-
-                // find agent proxy
-                AgentPath agentPath = mLDAPLookup.getRoleManager().getAgentPath(agentName);
-
-                if (agentPath!=null)
-                {
-                    setup();
-                    mCurrentUser = (AgentProxy) mProxyManager.getProxy(agentPath);
-                    return mCurrentUser;
-                }
-                else
-                {
-                    throw new InvalidDataException("The agentDN " +agentDN+ " is invalid.", "");
-                }
-            } catch (ClusterStorageException e) {
-                throw new InvalidDataException(Language.translate("Error initialising storage")+Language.translate(". See log."), "");
-            } catch (ObjectNotFoundException e) {
-                throw new ObjectNotFoundException(Language.translate("Invalid username/password"), "");
-            } catch (Exception e) {
-                throw new InvalidDataException(Language.translate("Could not log in")+": "+Language.translate(e.getMessage()), "");
-            }
-
-        }
-        else
-        {
-            throw new InvalidDataException("Cannot log in. Some connection properties are not set.", "");
-        }
-
-    }
-
-    /**
-	 * @return the mCurrentUser
-	 */
-	public static AgentProxy getCurrentUser() {
-		return mCurrentUser;
-	}
-
-	/**
-     * Initializes the storage and proxy manager, called during connect.
-     *
-     * @throws InvalidDataException
-     * @throws ClusterStorageException
-     */
-    static private void setup()
-        throws InvalidDataException,
-        ClusterStorageException
+    static public AgentProxy connect(String agentName, String agentPassword, String resource)
+    throws InvalidDataException, ObjectNotFoundException, ClusterStorageException, InstantiationException, IllegalAccessException, ClassNotFoundException
     {
+        Authenticator auth = (Authenticator)mC2KProps.getInstance("Authenticator");
+        if (!auth.authenticate(agentName, agentPassword, resource))
+        	throw new InvalidDataException("Login failed", "");
+        
+        mLookup = (Lookup)mC2KProps.getInstance("Lookup");
+        mLookup.open(auth);
 
-        // Init storages
         mStorage = new TransactionManager();
         mProxyManager = new ProxyManager();
 
+        // find agent proxy
+        AgentPath agentPath = mLookup.getAgentPath(agentName);
+        AgentProxy userProxy = (AgentProxy) mProxyManager.getProxy(agentPath);
+        userProxy.setAuthObj(auth);
+        
+        // Run module startup scripts. Server does this during bootstrap
+        mModules.setUser(userProxy);
+        mModules.runScripts("startup");
+        
+		return userProxy;
     }
 
     /**
@@ -354,9 +274,9 @@ public class Gateway
         mStorage = null;
 
         // disconnect from ldap
-        if (mLDAPLookup != null)
-            mLDAPLookup.disconnect();
-        mLDAPLookup = null;
+        if (mLookup != null)
+            mLookup.close();
+        mLookup = null;
 
         // shut down proxy manager & server
         if (mProxyServer != null)
@@ -384,9 +304,9 @@ public class Gateway
         return mORB;
     }
 
-    static public LDAPLookup getLDAPLookup()
+    static public Lookup getLookup()
     {
-        return mLDAPLookup;
+        return mLookup;
     }
 
     static public CorbaServer getCorbaServer()
@@ -461,5 +381,9 @@ public class Gateway
     	}
 
     }
+
+	public static NextKeyManager getNextKeyManager() {
+		return mNextKeyManager;
+	}
 }
 
diff --git a/src/main/java/com/c2kernel/process/UserCodeProcess.java b/src/main/java/com/c2kernel/process/UserCodeProcess.java
index 47742aa..0d35025 100644
--- a/src/main/java/com/c2kernel/process/UserCodeProcess.java
+++ b/src/main/java/com/c2kernel/process/UserCodeProcess.java
@@ -9,8 +9,8 @@ import com.c2kernel.common.InvalidTransitionException;
 import com.c2kernel.entity.C2KLocalObject;
 import com.c2kernel.entity.agent.Job;
 import com.c2kernel.entity.proxy.AgentProxy;
-import com.c2kernel.entity.proxy.ProxyObserver;
 import com.c2kernel.entity.proxy.MemberSubscription;
+import com.c2kernel.entity.proxy.ProxyObserver;
 import com.c2kernel.persistency.ClusterStorage;
 import com.c2kernel.scripting.ErrorInfo;
 import com.c2kernel.scripting.ScriptErrorException;
@@ -38,12 +38,12 @@ public class UserCodeProcess extends StandardClient implements ProxyObserver<Job
     HashMap<String, ErrorInfo> errors = new HashMap<String, ErrorInfo>();
     HashMap<String, C2KLocalObject> jobs;
 
-    public UserCodeProcess(String agentName, String agentPass) {
+    public UserCodeProcess(String agentName, String agentPass, String resource) {
         // login - try for a while in case server hasn't imported our user yet
         for (int i=1;i<6;i++) {
             try {
                 Logger.msg("Login attempt "+i+" of 5");
-                agent = Gateway.connect(agentName, agentPass);
+                agent = Gateway.connect(agentName, agentPass, resource);
                 break;
             } catch (Exception ex) {
                 Logger.error("Could not log in.");
@@ -209,7 +209,7 @@ public class UserCodeProcess extends StandardClient implements ProxyObserver<Job
     }
 
     public static UserCodeProcess getInstance() throws UnknownHostException {
-        return new UserCodeProcess(InetAddress.getLocalHost().getHostName(), "uc");
+        return new UserCodeProcess(InetAddress.getLocalHost().getHostName(), "uc", Gateway.getProperties().getProperty("AuthResource", "Cristal"));
     }
 
     static public void main(String[] args)
diff --git a/src/main/java/com/c2kernel/process/auth/Authenticator.java b/src/main/java/com/c2kernel/process/auth/Authenticator.java
index ae18474..40defc4 100644
--- a/src/main/java/com/c2kernel/process/auth/Authenticator.java
+++ b/src/main/java/com/c2kernel/process/auth/Authenticator.java
@@ -1,12 +1,16 @@
 package com.c2kernel.process.auth;
 
-import java.util.Properties;
+import com.c2kernel.common.InvalidDataException;
+import com.c2kernel.common.ObjectNotFoundException;
 
-import com.c2kernel.entity.proxy.AgentProxy;
 
 public interface Authenticator {
-
-	public void initialize(Properties props) throws Exception;
-	public AgentProxy authenticate(String resource) throws Exception;
 	
+	public boolean authenticate(String agentName, String password, String resource) throws InvalidDataException, ObjectNotFoundException;
+	
+	public boolean authenticate(String resource) throws InvalidDataException, ObjectNotFoundException;
+	
+	public Object getAuthObject();
+	
+	public void disconnect();
 }
diff --git a/src/main/java/com/c2kernel/process/auth/ConsoleAuth.java b/src/main/java/com/c2kernel/process/auth/ConsoleAuth.java
index a6af253..531540d 100644
--- a/src/main/java/com/c2kernel/process/auth/ConsoleAuth.java
+++ b/src/main/java/com/c2kernel/process/auth/ConsoleAuth.java
@@ -6,7 +6,7 @@ import java.util.Scanner;
 import com.c2kernel.entity.proxy.AgentProxy;
 import com.c2kernel.process.Gateway;
 
-public class ConsoleAuth implements Authenticator {
+public class ConsoleAuth implements ProxyLogin {
 
 	public ConsoleAuth() {
 	}
@@ -27,7 +27,7 @@ public class ConsoleAuth implements Authenticator {
 			System.out.print("Password:");
 			String pass = scan.nextLine();
 			try {
-				user = Gateway.connect(username, pass);
+				user = Gateway.connect(username, pass, resource);
 			} catch (Exception ex) {
 				System.err.println(ex.getMessage());
 			}
diff --git a/src/main/java/com/c2kernel/process/auth/ProxyLogin.java b/src/main/java/com/c2kernel/process/auth/ProxyLogin.java
new file mode 100644
index 0000000..94416cf
--- /dev/null
+++ b/src/main/java/com/c2kernel/process/auth/ProxyLogin.java
@@ -0,0 +1,12 @@
+package com.c2kernel.process.auth;
+
+import java.util.Properties;
+
+import com.c2kernel.entity.proxy.AgentProxy;
+
+public interface ProxyLogin {
+
+		public void initialize(Properties props) throws Exception;
+		public AgentProxy authenticate(String resource) throws Exception;
+		
+}
diff --git a/src/main/java/com/c2kernel/process/module/Module.java b/src/main/java/com/c2kernel/process/module/Module.java
index 2c182ea..dae5711 100644
--- a/src/main/java/com/c2kernel/process/module/Module.java
+++ b/src/main/java/com/c2kernel/process/module/Module.java
@@ -4,6 +4,7 @@ import java.util.ArrayList;
 import java.util.Properties;
 
 import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.entity.proxy.AgentProxy;
 import com.c2kernel.entity.proxy.ItemProxy;
 import com.c2kernel.lifecycle.instance.predefined.entitycreation.Dependency;
 import com.c2kernel.lifecycle.instance.predefined.entitycreation.DependencyMember;
@@ -33,11 +34,11 @@ public class Module {
 		super();
 	}
 	
-	public void runScript(String event, boolean isServer) throws ScriptingEngineException {
+	public void runScript(String event, AgentProxy user, boolean isServer) throws ScriptingEngineException {
 		for (ModuleScript script : scripts) {
 			if (script.shouldRun(event, isServer)) {
 				Logger.msg("Running "+script.event+" "+script.target+" script from "+name);
-				Object result = script.getScript(ns).execute();
+				Object result = script.getScript(ns, user).execute();
 				if (result instanceof ErrorInfo) {
 					ErrorInfo error = (ErrorInfo) result;
 					Logger.error(error.toString());
@@ -73,9 +74,9 @@ public class Module {
 		imports.list.add(moduleItem);
 	}
 	
-	public void importAll(ItemProxy serverEntity, String moduleXML, boolean reset) throws Exception {
+	public void importAll(ItemProxy serverEntity, AgentProxy systemAgent, String moduleXML, boolean reset) throws Exception {
+		int systemAgentId = systemAgent.getSystemKey();
 		addModuleItem(moduleXML);
-		int systemAgentId = Gateway.getLDAPLookup().getRoleManager().getAgentPath("system").getSysKey();
 		
 		for (ModuleResource thisRes : imports.getResources()) {
 			try {
@@ -89,7 +90,7 @@ public class Module {
 		for (NewRole thisRole : imports.getRoles()) {
 			RolePath rolePath;
 			try {
-				rolePath = Gateway.getLDAPLookup().getRoleManager().getRolePath(thisRole.name);
+				rolePath = Gateway.getLookup().getRolePath(thisRole.name);
 				if (rolePath.hasJobList() != thisRole.jobList) {
 					Logger.msg("Module.importAll() - Role '"+thisRole.name+"' has incorrect joblist settings. Correcting.");
 					rolePath.setHasJobList(thisRole.jobList);
@@ -102,7 +103,7 @@ public class Module {
 		
 		for (NewAgent thisAgent : imports.getAgents()) {
 			try {
-				Gateway.getLDAPLookup().getRoleManager().getAgentPath(thisAgent.name);
+				Gateway.getLookup().getAgentPath(thisAgent.name);
 			    Logger.msg(3, "Module.importAll() - User '"+thisAgent.name+"' found.");
 			    continue;
 			 } catch (ObjectNotFoundException ex) { }
diff --git a/src/main/java/com/c2kernel/process/module/ModuleManager.java b/src/main/java/com/c2kernel/process/module/ModuleManager.java
index 0afe3af..6a69ff8 100644
--- a/src/main/java/com/c2kernel/process/module/ModuleManager.java
+++ b/src/main/java/com/c2kernel/process/module/ModuleManager.java
@@ -9,6 +9,7 @@ import java.util.Properties;
 
 import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.entity.proxy.AgentProxy;
 import com.c2kernel.entity.proxy.ItemProxy;
 import com.c2kernel.lookup.DomainPath;
 import com.c2kernel.persistency.outcome.OutcomeValidator;
@@ -22,6 +23,7 @@ public class ModuleManager {
 	ArrayList<Module> modules = new ArrayList<Module>();
 	HashMap<String, String> modulesXML = new HashMap<String, String>();
 	Properties props = new Properties();
+	AgentProxy user;
 	boolean isServer;
 	OutcomeValidator moduleValidator;
 
@@ -110,6 +112,10 @@ public class ModuleManager {
 		if (!allDepsPresent) Logger.die("Unmet module dependencies. Cannot continue");
 	}
 
+	public void setUser(AgentProxy user) {
+		this.user = user;
+	}
+
 	public String getModuleVersions() {
 		StringBuffer ver = new StringBuffer();
 		for (Module thisMod : modules) {
@@ -127,7 +133,7 @@ public class ModuleManager {
 	public void runScripts(String event) {
 		for (Module thisMod : modules) {
 			try {
-				thisMod.runScript(event, isServer);
+				thisMod.runScript(event, user, isServer);
 			} catch (ScriptingEngineException e) {
 				Logger.error(e);
 				Logger.die(e.getMessage());
@@ -152,7 +158,7 @@ public class ModuleManager {
 			try {
 				String nsReset = Gateway.getProperties().getProperty("Module."+thisMod.ns+".reset");
 				boolean thisReset = nsReset == null?reset:nsReset.equals("true");
-				thisMod.importAll(serverEntity, modulesXML.get(thisMod.ns), thisReset);
+				thisMod.importAll(serverEntity, user, modulesXML.get(thisMod.ns), thisReset);
 			} catch (Exception e) {
 				Logger.error(e);
 				throw new ModuleException("Error importing items for module "+thisMod.getName());
@@ -160,7 +166,7 @@ public class ModuleManager {
 			Logger.msg("Module "+thisMod.getName()+" registered");
 			
 			try {
-				thisMod.runScript("startup", true);
+				thisMod.runScript("startup", user, true);
 			} catch (ScriptingEngineException e) {
 				Logger.error(e);
 				throw new ModuleException("Error in startup script for module "+thisMod.getName());
diff --git a/src/main/java/com/c2kernel/process/module/ModuleScript.java b/src/main/java/com/c2kernel/process/module/ModuleScript.java
index beed6f9..f16f390 100644
--- a/src/main/java/com/c2kernel/process/module/ModuleScript.java
+++ b/src/main/java/com/c2kernel/process/module/ModuleScript.java
@@ -1,7 +1,6 @@
 package com.c2kernel.process.module;
 
 import com.c2kernel.entity.proxy.AgentProxy;
-import com.c2kernel.process.Gateway;
 import com.c2kernel.scripting.Script;
 import com.c2kernel.scripting.ScriptingEngineException;
 
@@ -23,16 +22,8 @@ public class ModuleScript {
 		this.script = script;
 	}
 	
-	public Script getScript(String ns) throws ScriptingEngineException {
-		AgentProxy user = Gateway.getCurrentUser();
-        try {
-        	if (user == null) user = (AgentProxy)Gateway.getProxyManager().getProxy(
-        		Gateway.getLDAPLookup().getRoleManager().getAgentPath("system"));
-    		} catch (Exception ex) {
-    			throw new ScriptingEngineException("System agent unavailable");
-    		}
+	public Script getScript(String ns, AgentProxy user) throws ScriptingEngineException {
         return new Script(lang, ns+" "+target+" "+event, script, user);
-
 	}
 
 	public boolean shouldRun(String event, boolean isServer) {
diff --git a/src/main/java/com/c2kernel/scripting/Script.java b/src/main/java/com/c2kernel/scripting/Script.java
index 92a49cf..83849d9 100644
--- a/src/main/java/com/c2kernel/scripting/Script.java
+++ b/src/main/java/com/c2kernel/scripting/Script.java
@@ -151,7 +151,7 @@ public class Script
         beans.put("storage", Gateway.getStorage());
         beans.put("db", Gateway.getStorage().getDb());
         beans.put("proxy", Gateway.getProxyManager());
-        beans.put("lookup", Gateway.getLDAPLookup());
+        beans.put("lookup", Gateway.getLookup());
         beans.put("orb", Gateway.getORB());
         beans.put("agent", agent);
         beans.put("output", out);
diff --git a/src/main/java/com/c2kernel/scripting/ScriptConsole.java b/src/main/java/com/c2kernel/scripting/ScriptConsole.java
index 83e210b..a01e25f 100644
--- a/src/main/java/com/c2kernel/scripting/ScriptConsole.java
+++ b/src/main/java/com/c2kernel/scripting/ScriptConsole.java
@@ -16,7 +16,6 @@ import javax.script.ScriptEngine;
 
 import org.tanukisoftware.wrapper.WrapperManager;
 
-import com.c2kernel.entity.proxy.AgentProxy;
 import com.c2kernel.process.Gateway;
 import com.c2kernel.utils.Logger;
 import com.c2kernel.utils.server.SocketHandler;
@@ -138,16 +137,9 @@ public class ScriptConsole implements SocketHandler {
         // get system objects
         try {
             Logger.addLogStream(output, 0);
-            AgentProxy user = Gateway.getCurrentUser();
-            try {
-            	if (user == null) user = (AgentProxy)Gateway.getProxyManager().getProxy(
-            		Gateway.getLDAPLookup().getRoleManager().getAgentPath("system"));
-        		} catch (Exception ex) {
-        			output.println("System agent unavailable");
-        		}
             Script context;           
             try {
-            	context = new Script("javascript", user, output);
+            	context = new Script("javascript", null, output);
             } catch (Exception ex) {
             	output.println("Error initializing console script context");
             	ex.printStackTrace(output);
diff --git a/src/main/java/com/c2kernel/utils/LocalObjectLoader.java b/src/main/java/com/c2kernel/utils/LocalObjectLoader.java
index 307cd97..f0d8928 100644
--- a/src/main/java/com/c2kernel/utils/LocalObjectLoader.java
+++ b/src/main/java/com/c2kernel/utils/LocalObjectLoader.java
@@ -1,6 +1,6 @@
 package com.c2kernel.utils;
 
-import java.util.Enumeration;
+import java.util.Iterator;
 
 import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.common.ObjectNotFoundException;
@@ -23,10 +23,10 @@ public class LocalObjectLoader {
 		throws ObjectNotFoundException
 	{
 		DomainPath defRoot = new DomainPath(root);
-	    Enumeration<Path> e = Gateway.getLDAPLookup().search(defRoot, name);
+	    Iterator<Path> e = Gateway.getLookup().search(defRoot, name);
 	    ItemProxy defProxy = null; int currentLayer = -1;
-	    while (e.hasMoreElements()) {
-	    	DomainPath defPath = (DomainPath)e.nextElement();
+	    while (e.hasNext()) {
+	    	DomainPath defPath = (DomainPath)e.next();
 	    	ItemProxy thisProxy = Gateway.getProxyManager().getProxy(defPath);
 	    	int thisLayer;
 	    	try {
-- 
cgit v1.2.3