[Date Prev][Date Next] [Chronological] [Thread] [Top]

Schema for a sql->ldap server

To: openldap-technical@openldap.org
Subject: Schema for a sql->ldap server
From: James Cloos <cloos@jhcloos.com>
Date: Mon, 14 May 2018 16:26:38 -0400
Copyright: Copyright 2018 James Cloos
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore17; t=1526329604; bh=SLZz6gf8grDi7JNgA0ofuqbf5tmxjnFn2Qtl7CIGCl0=; h=From:To:Subject:Date:From; b=SpQ/bBnYohSFLm9PBYujJQYvlxc7G2o2EvSSxo7NW2LbC0UbTQWMWb+mbxKHmgNYj 1t4mi2yEFsyOv+oFB4LybJaqSLMGqQF97W4Dp919Ke+2lj9L5ACNZnnqhN9j4LDkZ5 TbP0qVk5dTdEIpG3poTfD0wUg75+IlmQtF2LcQiVOzXMawaF8efUnPZ0cRzrfWiEtE G1Z4isM3RmL3RRK1kp3olpQZuUuTWC1ReWL6WwgzMvtY+mdzAsljHMcFVahF1qND7m c7pxxQbwcMAtySVNrPMEITKW8TP87+GufxHdgWCmZtFkFhDxFDqstvhbXpuZrPCjHk hzX4pYN3CR4Gw==
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Openpgp: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc
Openpgp-fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

I wonder if anyone can offer some tips on how the ldap schema should
look for the setup below.

The docs for how to use openldap's sql backend are good; it is only the
schema I'm unsure of.

The data currently resides in a sql db, and some users have devices
which can access data via ldap.

One table has data similar to what would work for inetOrgPerson,
except that email addresses and inet domains are not guaranteed.

Another table has data specific to each device; we'd want the devices to
use that name/pw tuple to access the ldap data.  Not the person-specific
name/pw tuple.

The end-users will primarily be interested in contact details for people
from the first table.

Also, the sql covers multiple customers, and each device should only see
the data from the customer with which it is associated.

Generating a dn for each company is the first issue.

Does it work to just use the company name w/o any hierarchy?

I presume that the device's will also need a dn, to use their name/pw
tuples for access, yes?  I'm also unsure how to define those DNs.

Is there any good references for doing ldap w/o using internet concepts
for the naming?

-JimC
-- 
James Cloos <cloos@jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

Prev by Date: ldapdelete: Invalid DN on an Accesslog generated DN
Next by Date: ldapdelete: Invalid DN on an Accesslog generated DN
Index(es):
- Chronological
- Thread