[Date Prev][Date Next]
Re: "static" dbuser and dbpassword in back-sql ?
While I didn't write the code in OpenLDAP, I've done it for other
software. I would imagine that the reason for using a static user is so
that incoming LDAP connections can share a pool of database
connections. Database connections tend to be considerably heavier to
create than LDAP connections and reconnecting each time a new user
comes in using their own credentials would tend to be
As far as virtual directories, they tend to default to the same
behavior for the same reasons when it comes to databases, though in
many cases you can map certain users to more privileged connections
than others, though in this case you're depending as much on the VD to
manage privileges as if you just kept a single pool of connections and
depended on the ACL system inherent in the VD or OpenLDAP software.
On Sep 22, 2003, at 11:55 AM, Jochen Laser wrote:
As I understand from man slapd-sql, the RDBMs username and password
must be explicitely be specified in slapd.conf or odbc.ini.
Therefore these credentials are static. i.e, regardless of who
connects to the LDAP Server, it's always the same user/password
combination that is passed to the RDBMs via ODBC.
First question: did I get this right, or did I miss something
For use in some kind of "virtual directory" it seems to be
a nice feature, if username an password to be passed to the
RDBMs could be derived from Bind-DN and password that were
originally passed to the LDAP Server.
Second and third question (only valid if I was right with my
guess in qustion #1):
Are there good reasons why these credentials should be static?
How do other virual/metadirectory products handle this?