[Date Prev][Date Next] [Chronological] [Thread] [Top]

Questions about back-sql

To: openldap-software@OpenLDAP.org
Subject: Questions about back-sql
From: "Nels Lindquist" <nlindq@maei.ca>
Date: Fri, 23 May 2003 17:07:38 -0600
Content-description: Mail message body
Organization: Morningstar Air Express Inc.

Hi there.

I've successfully gotten OpenLDAP 2.1.19 working with back-sql using 
MySQL, but I have a couple of questions/comments:

1.  It looks like the sample data included with the OpenLDAP is out 
of date, insofar as some of the data doesn't conform to standard 
schema, and OpenLDAP appears to now be quite strict about schema 
compliance, to the point that it won't even start with the sample 
data.

2.  The documentation in slapd-sql.5 appears to be out of date in a 
couple of respects.  For one thing, the default at_query appears to 
include the sel_expr_u column.  I wasn't able to determine what that 
column might be for (it doesn't appear in the examples or 
documentation anywhere) and explicitly setting at_query to the 
default as outlined in the manpage got everything going.  Debug 
output indicates that "sel_expr_u='(null)'", but everything appears 
to work anyway.  What's sel_expr_u for?

3.  Although I'm using MySQL, it was necessary to add the 
"has_ldapinfo_dn_ru  no" directive in order to get things working.  
The manpage indicates that the directive is necessary to override 
automatic checking with PostgreSQL/unixODBC, neither of which I'm 
using, and there's no hint about how one might determine whether or 
not this directive should be necessary for a given configuration.

4.  I mapped the userPassword attribute to a column in my 
authentication table which contains encrypted passwords by using 
'CONCAT"{crypt}",auth.password' in the attribute mapping metadata.  
While browsing the directory with third-party LDAP browsers which 
allow password verification, I am able to successfully do so.  
However, I can't perform a simple bind as any user other than the 
rootdn/rootpw defined in slapd.conf.  Is this a known limitation of 
back-sql, or have I misconfigured something?

5.  The purpose of several of the metadata columns, such as 
param_order and expect_return doesn't appear to be documented 
anywhere.  Everything's working, but do these columns have a purpose? 
Optimization, maybe?

6.  The manpage talks about making use of the ldap_entry_objclasses 
table in order to add additional objectClass attributes to each entry 
as desired.  I've tried to do this (my default objectClass is 
inetOrgPerson, and I've added a couple of objectClasses including 
person and organizationalPerson) but, although the extra objectClass 
attributes are included with a given entry returned by ldapsearch, I 
am unable to filter on the extra attributes as the documentation 
seems to suggest is possible.  Is there some way to rectify this?

Wow, this got a little long.  Thanks for any thoughts!  I very much 
appreciate the effort that's gone into developing the SQL backend--
it's working very well and solving some major difficulties we were 
having.

----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

Prev by Date: Re: Samba+LDAP+PDC
Next by Date: Re: Courier-IMAP -> OpenLDAP authentication problems
Index(es):
- Chronological
- Thread