Re: Intranet project, LDAP+MySQL - whats the best way ??

[Adam Williams <awilliam@whitemice.org>]

>we want to build a central system where are all user dependent informations 
>are stored.
>The base should be a SuSE Linux 7.3 and LDAP. The informations (user account 
>with phone number, photo, access rights, services, ...) are all entered with 
>a self build PHP frontend. Some informations should be accessible from the 
>http intranet (phone numbers etc.).

We have much the same thing - RH/OpenLDAP/Apache/PHP/Intranet-front-end

>All the other service dependent informations should be accessed from the 
>services itself. We are running here HP UX, Windows and SAP on the Windows 
>Systems (and squid, nis, samba, dhcp, dns, nfs). It would be grate to have 
>the SAP access rights in the LDAP database and that SAP will get it from 
>there.
>Whats the best way to do this ? Should i use a MySQL Database as backed for 
>LDAP ? 

Probably not.

>Or should i use LDBM for the Logon informations only and put all the 
>other informations (phone numbers, photos,...) in a MySQL Database and bring 
>them all together with PHP to view/administrate them ???

Why not put phone number, photos, etc... in OpenLDAP(ldbm)?  Adding
back-sql (unless really required) is just another layer.  Schema is
defined for all the attributes you mention.  LDAP programming for things
like "BLOBS" (jpeg photo, etc...) in PHP is easier with LDAP than
DB/ODBC.  Also these things 'fit' in LDAP better.  With an RDBMS the
schema is a limitation unless you go normalization crazy.  What if a
person has five phone numbers and two photos?  LDAP says "OK, phone
number is a valid attribute"  SQL says "Mmm, no, you only defined a
field for one phone number, sorry".  back-sql (IMHO) is for integration
with true CRM systems or legacy datastores.  Creating both an LDBM and a
DB means 2n number of process, more places to backup,  more complicated
configuration (making upgrades trickier), more places for bugs to live,
etc...