We're going to LDAP to solve some of the same issues (we used to use DCE, but I think we were the only people on the planet, so it's going away). LDAP is nice because it is widely used, very stable, and has multiple perl modules that hook into it, both for query and update.

There are also apache hooks as I was recently informed: Persistent LDAP connections in Apache.