[Date Prev][Date Next]
Re: OpenLDAP and MySQL
On Wed, May 24, 2006 at 09:45:30AM -0400, Russell Handorf wrote:
>Just as a quick bit of history, MySQL support is necessary because of
>our MTA. All the user accounts and related settings are currently being
>stored in this system for email auth. Currently, users have to maintain
>2 passwords (fugly), and I'd like to centralize this. Unfortunately, to
>move the mail server to LDAP auth would be far more of a complicated
>project than testing out a MySQL auth'd back end. Maybe i'm trying to
>use the wrong tool for the job, but this is the approach I was looking
>to use (MySQL for back end to keep mail services uninterrupted, yet
Maybe this would be a better solution for you:
1) Add an action or status field in your user table. I'll assume action
field and valid values of 'active', 'change', 'disable', 'deleted'.
2) Write a perl daemon. It should:
a) Read in all rows with action='change' and add/modify the entry in
b) Set their action to 'active' in the database.
c) Read in all rows with action='disable' and remove the entry from
d) Set their action to 'deleted' in the database.
In reality this is mixing an action field with a status field,
but you can add the status field as well to get the desired
full view without having to read between the lines.
e) sleep 5 or 10 seconds.
f) loop back up to the beginning.
3) Have your user provisioning utils populate that action field with
the value 'change' when a user is created or modified.
4) Have your user provisioning utils populate that action field with
the value 'delete' when a user is deleted.
5) Have a housecleaning script that you run once per $INTERVAL to catch
inconsistencies. A good interval is a day/week/month (in other
words, whatever works for you).
I've visited conferences where the wireless LAN was deemed "secure" by
the organisation because they had outlawed sniffers. --Neils Bakker
Linux kernel 2.6.12-18mdksmp 2 users, load average: 0.13, 0.04, 0.02