|OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Configuration : SLAPD Configuration : Backends : The SQL backend (How do I setup/configure back-sql?)
IntroductionThis note was written at the time OpenLDAP 2.2 became ready for release; back-sql was first released with OpenLDAP 2.0; when moving from 2.0 to 2.1, it was entirely rewritten. When the original author wrote it, he provided support for many RDBMSes; however, the current maintainers could actively preserve only part of them, due to lack of resources.
SQL itself should be a standard language. Since different implementors result in different behavior and supported features, unixODBC has been used in back-sql to provide a neutral interface to the RDBMSes. Unfortunately, this was not enough; as a consequence some work might be required to have a working back-sql.
Supported RDBMSesback-sql, in OpenLDAP 2.2, is actively supported only for (in alphabetical order) IBM db2/udb, MySQL, and Postgres. There used to be provisions also for mssql, oracle and timesten, but they haven't been officially tested after transition from OpenLDAP 2.0 to 2.1, so it's up to the final user to take care of issues that may arise. If you succeed in using any of the currently unsupported RDBMSes, or any other RDBMS not listed here, please let us know, and you'll do a favor to the Open Source community if you send us any detail or changes required by the software distribution. The preferred means is by opening an ITS.
How to Use ItTo use back-sql, one needs to:
Useful LinksThe internet is full of hints on how to setup OpenLDAP with back-sql and different RDBMS; although the quality of these documents is not always homogeneous, or they refer to outdated versions of the software, they can still be of help. Just google for back-sql, or follow any of these links:
Meta-DataMeta-data is the most important and difficult part of setting up back-sql; basically, it consists in:
Test DataIf you already have a working database, filled with data, you only need to add the metadata; otherwise, you may want to try the test data that is available in $SRC/servers/slapd/back-sql/rdbms_depend/$SUPPORTED_RDBMS. You need to load:
In $SRC/servers/slapd/back-sql/rdbms_depend/$SUPPORTED_RDBMS there is also a sample slapd.conf file set up for use with that RDBMS (see for instance the one for Postgres).
Multiple objectClass definitions are allowed for an entry; however, only one can be "structural" in a back-sql sense. This means that each entry must refer to only one row of ldap_oc_mappings. This parallels with the fact that each LDAP entry has only one structuralObjectClass, which will correspond to that objectClass. Auxiliary objectClasses can be added on a per-entry basis by means of the ldap_entry_objclasses.
Multiple attributeType definitions are allowed for an entry; that is, multiple ldap_attr_mappings rows can refer to the same ldap_oc_mappings row with the same name; the resulting attribute values are honored for multivalued attributes in search filters, in search results, in compare AVAs. However, only rules according to the first instance of that attributeType are followed in add, modify and delete operations. This limitation, under certain circumstances, may be removed in the future.
New Featuresback-sql, from 2.2.5, honors objectClass inheritance in search filters; so, for instance, a search for (objectClass=person) is honored also if an entry has a structuralObjectClass of inetOrgPerson (as the entries in the test data); no objectClass inheritance is supported for auxiliary objectClasses yet. From 2.2.5, also attributeType inheritance is honored in search filters.
Filter equality matches on attributeType with DN syntax can be honored by back-sql if those attributes are defined appropriately. Take the steps:
TestingOpenLDAP 2.3 provides a test suite for back-sql which is separate from the test suite for regular storage backends. By default back-sql tests are disabled; they must be explicitly enabled, because they require some user interaction in setting up the RDBMS and feeding it with the appropriate data. To run the tests:
|"Supported" RDBMSes (routinely tested during development):
mssql oracle timesten
|[New Answer in "The SQL backend (How do I setup/configure back-sql?)"]
|The passwd backend (How do I setup/configure back-passwd?)
|config backend configuration