[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Planning

On Monday 10 December 2007 18:44:05 Daniel Gibby wrote:
> Let me narrow the focus of my question a bit more. This isn't a general
> LDAP question. This is a question specific to OpenLDAP, since I'm
> looking for people with experience in OpenLDAP and for ways they solved
> the same problem I'm having with OpenLDAP and MySQL.
> I understand why what you are saying is better to migrate to an LDAP
> back-end. I understand why it is faster, more light-weight and elegant.
> Yet, the solution to move completely to LDAP and get away from a DB
> back-end always ignores the fact that our business already has
> everything working with MySQL.

Which was probably a lot of work. A lot of which would probably have been 
unnecessary on LDAP (IMHO).

You may want to give examples of the software that you have integrated. You 
may find they already support LDAP.

> We already have many applications setup 
> to use the DB. We already have what we need except for an LDAP lookup on
> it. We just need advice on setting up OpenLDAP with a
> super-simple-schema, and suggestions on how to best interface OpenLDAP
> with MySQL for that schema. I would think that having support for this
> in OpenLDAP would help the community to grow.

IMHO, fewer "experts" who put everything in MySQL because they don't know of 
anything else would probably build the community more :-P.

> Adoption would happen at a 
> much higher rate, since many businesses have a need for such a use of
> OpenLDAP. That can only be mostly good news for LDAP and OpenLDAP.
> So let me narrow the focus of this question more. I don't want to move
> away from a MySQL database. I'm open to exporting it to LDIF or to using
> back-sql, or to some other solution I don't know of that uses MySQL and
> OpenLDAP. I want someone who has experience using one of those methods
> to comment on resources they know of on how to get it to work, or with
> gotchas they found along the way.
> If we only had the time, we'd look into X.500 server commands and LDAP
> protocol and build a server that solely runs a ODBC back end and would
> only support a few limited LDAP commands. It wouldn't really be a full
> LDAP server, and would only support the Bind and Search commands. No
> Update, TLS, etc. is needed. It would only be used for this limited
> purpose.

Then use back-sql, as I doubt you would be able to have a better 
implementation for your purposes. It still wouldn't be great. While it's not 
as well supported as other backends, it will probably be the lesser of all 
the evils.

> I do appreciate your input. I should have been more clear as to what I'm
> looking for with OpenLDAP, as I could have anticipated that my first
> response would have been to just move solely to an LDAP backend.

And your second, and maybe your third and fourth.

We're running > 1 million mailboxes on OpenLDAP.