[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and MySQL

I was hoping to avoid a plugin script, but something like that is what I've just started. I am coming across a constant core dump right now from slapd with mysql support. As far as I can tell, the support can only *read* from mysql. Whenever any of the other tests happen, they fail. Only read passes.

Thanks all; still plugging at it.

Todd Lyons wrote:
On Wed, May 24, 2006 at 09:45:30AM -0400, Russell Handorf wrote:

Just as a quick bit of history, MySQL support is necessary because of our MTA. All the user accounts and related settings are currently being stored in this system for email auth. Currently, users have to maintain 2 passwords (fugly), and I'd like to centralize this. Unfortunately, to move the mail server to LDAP auth would be far more of a complicated project than testing out a MySQL auth'd back end. Maybe i'm trying to use the wrong tool for the job, but this is the approach I was looking to use (MySQL for back end to keep mail services uninterrupted, yet passwords synced).

Maybe this would be a better solution for you:
1) Add an action or status field in your user table. I'll assume action
field and valid values of 'active', 'change', 'disable', 'deleted'.
2) Write a perl daemon. It should:
a) Read in all rows with action='change' and add/modify the entry in
the directory.
b) Set their action to 'active' in the database.
c) Read in all rows with action='disable' and remove the entry from
the directory.
d) Set their action to 'deleted' in the database.
In reality this is mixing an action field with a status field,
but you can add the status field as well to get the desired
full view without having to read between the lines.
e) sleep 5 or 10 seconds.
f) loop back up to the beginning.
3) Have your user provisioning utils populate that action field with the value 'change' when a user is created or modified.
4) Have your user provisioning utils populate that action field with
the value 'delete' when a user is deleted.
5) Have a housecleaning script that you run once per $INTERVAL to catch
inconsistencies. A good interval is a day/week/month (in other
words, whatever works for you).