OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/7516
Full headers

From: povilas@Daukas.lt
Subject: Mysql backend is readonly with included metadata sql files
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Fri, 01 Feb 2013 12:56:02 +0000
From: povilas@Daukas.lt
To: openldap-its@OpenLDAP.org
Subject: Mysql backend is readonly with included metadata sql files
Full_Name: Povilas Daukas
Version: any
OS: Ubuntu
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (78.63.107.40)



Hi, 

While trying to setup mysql as backend to the openldap server i noticed that it
only allowed reading from the database but not updating as the metadata was not
there to handle the updates.  

So I adopted the functions and sql from PostgreSQL to make it read write.  the
file to modify is below.

Hope you and others will find it useful.

Kind regards

Paul


----------------------------------------------------------------------
File:  servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql
----------------------------------------------------------------------
-- mappings 

-- objectClass mappings: these may be viewed as structuralObjectClass, the ones
that are used to decide how to build an entry
--	id		a unique number identifying the objectClass
--	name		the name of the objectClass; it MUST match the name of an objectClass
that is loaded in slapd's schema
--	keytbl		the name of the table that is referenced for the primary key of an
entry
--	keycol		the name of the column in "keytbl" that contains the primary key of
an entry; the pair "keytbl.keycol" uniquely identifies an entry of objectClass
"id"
--	create_proc	a procedure to create the entry
--	delete_proc	a procedure to delete the entry; it takes "keytbl.keycol" of the
row to be deleted
--	expect_return	a bitmap that marks whether create_proc (1) and delete_proc (2)
return a value or not
INSERT INTO `ldap_oc_mappings`
(id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
VALUES ('1', 'inetOrgPerson', 'persons', 'id', 'SELECT create_person()', 'DELETE
FROM persons WHERE id=?', 0);
INSERT INTO `ldap_oc_mappings`
(id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
VALUES ('2', 'document', 'documents', 'id', 'SELECT create_doc()', 'DELETE FROM
documents WHERE id=?', 0);
INSERT INTO `ldap_oc_mappings`
(id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
VALUES ('3', 'organization', 'institutes', 'id', 'SELECT create_o()', 'DELETE
FROM institutes WHERE id=?', 0);
INSERT INTO `ldap_oc_mappings`
(id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
VALUES ('4', 'referral', 'referrals', 'id', 'SELECT create_referral()', 'DELETE
FROM referrals WHERE id=?', 0);
-- attributeType mappings: describe how an attributeType for a certain
objectClass maps to the SQL data.
--	id		a unique number identifying the attribute	
--	oc_map_id	the value of "ldap_oc_mappings.id" that identifies the objectClass
this attributeType is defined for
--	name		the name of the attributeType; it MUST match the name of an
attributeType that is loaded in slapd's schema
--	sel_expr	the expression that is used to select this attribute (the "select
<sel_expr> from ..." portion)
--	from_tbls	the expression that defines the table(s) this attribute is taken
from (the "select ... from <from_tbls> where ..." portion)
--	join_where	the expression that defines the condition to select this attribute
(the "select ... where <join_where> ..." portion)
--	add_proc	a procedure to insert the attribute; it takes the value of the
attribute that is added, and the "keytbl.keycol" of the entry it is associated
to
--	delete_proc	a procedure to delete the attribute; it takes the value of the
attribute that is added, and the "keytbl.keycol" of the entry it is associated
to
--	param_order	a mask that marks if the "keytbl.keycol" value comes before or
after the value in add_proc (1) and delete_proc (2)
--	expect_return	a mask that marks whether add_proc (1) and delete_proc(2) are
expected to return a value or not
INSERT INTO `ldap_attr_mappings` into ldap_attr_mappings
(id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
VALUES ('1', '1', 'cn', 'concat(persons.name,\' \',persons.surname)', null,
'persons', null, 
	'SELECT update_person_cn(?,?)', 'SELECT 1 FROM persons WHERE persons.name=? AND
persons.id=? AND 1=0', '3', '0');
INSERT INTO `ldap_attr_mappings` into ldap_attr_mappings
(id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
VALUES ('2', '1', 'telephoneNumber', 'phones.phone', null, 'persons,phones',
'phones.pers_id=persons.id', 
	'SELECT add_phone(?,?)', 'DELETE FROM phones WHERE phone=? AND pers_id=?', '3',
'0');
INSERT INTO `ldap_attr_mappings` into ldap_attr_mappings
(id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
VALUES ('3', '1', 'givenName', 'persons.name', null, 'persons', null, 
	'UPDATE persons SET name=? WHERE id=?', 'UPDATE persons SET name=\'\' WHERE
(name=? OR name=\'\') AND id=?', '3', '0');
INSERT INTO `ldap_attr_mappings` into ldap_attr_mappings
(id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
VALUES ('4', '1', 'sn', 'persons.surname', null, 'persons', null, 
	'UPDATE

Message of length 14658 truncated

Followup 1

Download message
Date: Fri, 01 Feb 2013 14:19:31 +0100
From: Pierangelo Masarati <masarati@aero.polimi.it>
To: povilas@Daukas.lt
CC: openldap-its@openldap.org
Subject: Re: (ITS#7516) Mysql backend is readonly with included metadata sql
 files
On 02/01/2013 01:56 PM, povilas@Daukas.lt wrote:
> Full_Name: Povilas Daukas
> Version: any
> OS: Ubuntu
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (78.63.107.40)
>
>
>
> Hi,
>
> While trying to setup mysql as backend to the openldap server i noticed
that it
> only allowed reading from the database but not updating as the metadata was
not
> there to handle the updates.
>
> So I adopted the functions and sql from PostgreSQL to make it read write. 
the
> file to modify is below.

Thank you, but please follow guidelines for contributions here 
<http://www.openldap.org/devel/contributing.html> to ease review and 
integration.

Thanks, p.


-- 
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org