[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mysql as a backend for LDAP

Another reason to use an RDBM backend is that there can be tighter data
constraints an referential integrity.  For example, we're experimenting
with back-sql here at CMU, and we have LDAP objects that represent people
and LDAP objects that represent computer accounts. An account entry has an
"owner" attribute with the DN of a person, and a Person entry has an
"account" attribute with an account DN.  LDAP and OpenLDAP offer no strong
way to make sure these "pointers" are accurate, but if I put the data in
Oracle I can set CONSTRAINTS and TRIGGERS to make sure the data is always
referentially correct.  It also means I can look up a person entry and get
the person's account username as an attribute of the person entry without
even having the usernames stored directly under the person object;  it is
in the linked account object and SQL allows me to do a JOIN and fetch the
username from there.  (thus my earlier post about using "uid" :)

-Mark Adamson
 Carnegie Mellon