[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: posixAccount & Back-SQL

> Hello,
> I'm trying to figure out the best way to go about linking our
> authentication
> databases (currently in MySQL) with the OpenLDAP server.
> We have in place a pretty large MySQL cluster and one of the tasks it
> handles is our Email authentication.  A table is dedicated to the user
> information, very much like what would be stored in posixAccount (plus a
> few
> other attributes, like the users domain name.)
> My theory is I can just have the LDAP system query the existing MySQL
> databases and create a nice happy LDAP interface for some upcoming tools
> that will require such.  If we have to merge the data from the existing DB
> to another that's fine too.
> I've been messing with integrating this using versions 2.1, 2.2, and HEAD.
> I've seen several improvements in the HEAD installation, but would like to
> know if anyone else has attempted to do this.  My experience with LDAP in
> general is pretty small, but i've picked up a lot very quickly, i'm just
> having issues with how the backend SQL tables should be layed out and
> linked.
> I've done a lot of searching on the web and found a few references to this
> information, but does anyone know of a document that might help me in my
> venture --- or know of an example for with account data?  I'm kind of
> limited at this point to the address book information included with the
> rdbms samples :)

I didn't answer your message from the beginning in the hope that someone
with a more complete answer could step in, but apparently no-one has,
neither here nor on other lists :=).

First of all, if you intend to use nis-like info within back-sql for nis
over LDAP it might not be a good choice because of performance issues with
back-sql, but this is another topic.

In any case, the way you map these info within back-sql is essentially
dictated by the schema of your RDBMS; this is why there's no complete
example or no out of the box solution is provided.

However, the examples in the rdbms_depend/ directory cover most of the
common approaches, so all you need to do is read and understand them, and
apply them to your case.

As a rough guideline, you need to decide what entities you intend to map. 
If the typical entity for, say, a person implies the objectClasses
"inetOrgPerson" and "posixAccount", use the structuralObjectClass, i.e.
"inetOrgPerson", to define the ldap_oc_mappings entry for each type of
entity, and place "posixAccount" in ldap_entry_objclasses for each
identity mapped in the rdbms; in the "inetOrgPerson"-related
ldap_attr_mappings you need to map the attributeTypes that belong to both
objectClasses, because your rdbms entity is the merging of two distinct
LDAP classes.  See the examples to understand how to map attributeTypes,
and beware that you may have troubles in mapping writes to MySQL.

Or, you can hire some back-sql expert to do the work for you...


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497