[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Planning



<quote who="Daniel Gibby">
> Let me narrow the focus of my question a bit more. This isn't a general
> LDAP question. This is a question specific to OpenLDAP, since I'm
> looking for people with experience in OpenLDAP and for ways they solved
> the same problem I'm having with OpenLDAP and MySQL.

This is better ;-)

>
> I understand why what you are saying is better to migrate to an LDAP
> back-end. I understand why it is faster, more light-weight and elegant.

As well as centralised data with standards based access, etc. etc.

> Yet, the solution to move completely to LDAP and get away from a DB
> back-end always ignores the fact that our business already has
> everything working with MySQL.

Understood.

> We already have many applications setup
> to use the DB. We already have what we need except for an LDAP lookup on
> it. We just need advice on setting up OpenLDAP with a
> super-simple-schema, and suggestions on how to best interface OpenLDAP
> with MySQL for that schema. I would think that having support for this
> in OpenLDAP would help the community to grow. Adoption would happen at a
> much higher rate, since many businesses have a need for such a use of
> OpenLDAP. That can only be mostly good news for LDAP and OpenLDAP.

Hmmm, if you are merely setting up a directory server for your appliance
because it can "do" LDAP lookups, then that seems the wrong way to go
about it. In fact, it just seems like data duplication and management
overhead to me.

> So let me narrow the focus of this question more. I don't want to move
> away from a MySQL database. I'm open to exporting it to LDIF or to using
> back-sql, or to some other solution I don't know of that uses MySQL and
> OpenLDAP. I want someone who has experience using one of those methods
> to comment on resources they know of on how to get it to work, or with
> gotchas they found along the way.

man slapd-sql is very good and should answer most questions, using a 2.4.X
release.

>
> If we only had the time, we'd look into X.500 server commands and LDAP
> protocol and build a server that solely runs a ODBC back end and would
> only support a few limited LDAP commands. It wouldn't really be a full
> LDAP server, and would only support the Bind and Search commands. No
> Update, TLS, etc. is needed. It would only be used for this limited
> purpose.
>
> I do appreciate your input. I should have been more clear as to what I'm
> looking for with OpenLDAP, as I could have anticipated that my first
> response would have been to just move solely to an LDAP backend.

There is good information at:

http://www.openldap.org/doc/admin24/backends.html#SQL
http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS

>
> Gavin Henry wrote:
>> <quote who="Daniel Gibby">
>>
>>> Hi,
>>>
>>
>> Hi,
>>
>>
>>> We are somewhat new to OpenLDAP and are planning on how we'll use it
>>> for
>>> our business.
>>>
>>
>> This thread may be more suitable for the general LDAP mailing list:
>>
>> http://www.umich.edu/~dirsvcs/ldap/mailinglist.html
>>
>> Nothing, as yet, seems directly related to OpenLDAP since you appear to
>> be
>> at the "understanding LDAP" stages.
>>
>>
>>> We have a few different uses we plan on, but one in particular that I
>>> have a question about.
>>>
>>> We already have our email server setup to run virtual domain and
>>> aliases
>>> with a MySQL backend.
>>> We have a few thousand email addresses at one domain and we pretty much
>>> won't need more meta-information related to them besides what is
>>> already
>>> in our database.
>>>
>>> A spam firewall appliance sits in front of our email server. The spam
>>> firewall supports an LDAP lookup for email addresses.
>>>
>>> Since we already use MySQL for the backend of our email addresses, what
>>> would be the ways we should consider integrating OpenLDAP to support
>>> the
>>> spam firewall appliance?
>>>
>>
>> Switch MySQL out for OpenLDAP. Put your virtual domains and aliases in
>> there and then point your Spam/Firewall appliance at it.
>>
>>
>>> I'm wary of using back-sql since all I ever see when searching through
>>> the OpenLDAP archives are somewhat old issues and lack of support.
>>>
>>
>> Not lack of support, mainly inproper use of back-sql or misunderstanding
>> its intended purpose...
>>
>>
>>> If I'm wrong about shying away from that, let me know.
>>>
>>> It seems to me that we need a very simple implementation for this part
>>> of our business. Our schema only needs to include the email address,
>>> that's it.
>>>
>>> For other areas of our business we'd want to setup something more
>>> extensive on another server, but what would you see as options for
>>> setting up what we be required for this appliance lookup?
>>>
>>> Thanks for your input! I'll post questions about our other uses or
>>> issues of OpenLDAP in another thread.
>>>
>>>
>>
>> Again, these discussion items are better suited to the general LDAP
>> list:
>>
>> http://www.umich.edu/~dirsvcs/ldap/mailinglist.html
>>
>> Thanks,
>>
>> Gavin.
>>
>>
>