[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap mysql backend authentication discussion

It looks like you are trying to use LDAP server as a DBMS server. Instead of writing your own utility, you might want to simply use one of the three options shown below to fulfill your purpose.

1. Use SQL Directory Browser
* Free download from Octet String: http://www.octetstring.com/products/BridgeDriver.php
This is a Windows-based tool that you can connect to a LDAP server (OpenLDAP or other commercial LDAP servers), and issue SQL-like statements for the LDAP queries. Underneath the SQL Directory Browser, I believe, is based on the JDBC-LDAP bridge driver (see below).

2. JDBC-LDAP Bridge Driver
* Free download (binary) from Octet String: http://www.octetstring.com/products/BridgeDriver.php
* Free download (source) from OpenLDAP: http://www.openldap.org/devel/cvsweb.cgi?hideattic=1&cvsroot=JDBCLDAP
Basically, you would write your own code in "SQL-like query statements" to access the LDAP server as you would do in the DBMS server.

3. JLDAP (LDAP Classes for Java) Library
* Free download (binary) from Novell: http://developer.novell.com/ndk/jldap.htm
* Free download (source) from OpenLDAP: http://www.openldap.org/jldap/
This is similar to the JDBC-LDAP Bridge driver where you basically write your own code to access the LDAP server. However, instead of using "SQL-like query statements", you would use the real "LDAP query statements" to access the LDAP server.

Therefore, if you need to create an objectClass, you would either use the standard OpenLDAP commands such as ldapadd, ldapsearch, etc. to do that, or use one of the above methods to achieve the same thing. If you need to use the SQL-like syntax for your LDAP queries, then use one of the first two methods.

Best Regards,
Shuh Chang
Sr. Systems Architect
schang@axalto.com


----- Original Message ----- From: "Ryan E. Helfter" <rhelfter@datapipe.com>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, December 28, 2005 4:57 PM
Subject: RE: openldap mysql backend authentication discussion


I have read and googled as much information as I can think of so I shall
start out with what I have and hopefully someone can fill in the blanks:

I have a table with 3 columns called users in the ldap database that I
have configured to use.

id, username and password (stored in md5).

I have created the ldap table, and followed most of
http://www.section6.net/help/openldap.php

bash-2.05b# iodbctest
iODBC Demonstration program
This program shows an interactive SQL processor
Driver Manager: 03.52.0305.1107

Enter ODBC connect string (? shows list): ?

DSN                              | Driver

------------------------------------------------------------------------
------
ldap                             | MySQL LDAP DSN


Enter ODBC connect string (? shows list): DSN=ldap
Driver: 03.51.11 (libmyodbc3.so)

SQL>show tables;

Tables_in_ldap
---------------------
authors_docs
documents
institutes
ldap_attr_mappings
ldap_entries
ldap_entry_objclasses
ldap_oc_mappings
persons
phones
referrals
users

result set 1 returned 11 rows.


SQL>


What I believe I need to do going forward:

1) I believe I need to create an objectClass but not sure how to do
that.
2) I need to somehow map the id, username and password in the
ldap_oc_mappings

3) somehow I want to have an ldap call do something like what would be
equivalent to this in mysql:

(pseudo code)
Sql> select username from users where username='$username' and password
= md5('$password');

Can someone point me to any documentation or explain to me the next
steps I need to take?  I am totally sure I missed some steps and have
holes in my path to completion and am all eyes to read.

I really appreciate the help anyone and thanks in advance if you can
help me.

Regards,

--
Ryan E. Helfter
UNIX Security Engineer

DataPipe Managed Hosting Services

- What It Means To Be Sure -

rhelfter@datapipe.com | http://www.datapipe.com
Tel: 201.792.1918 x300 | Fax: 201-792-3090