Use mysql as the background database of openldap

Setting up OpenLDAP with MySQL backend

Use mysql as the background database to install openldap

Author: TBONIUS

OpenLDAP is an X.500 Lightweight Directory Access Server used

Centralized authentication and directory lookups. this article covers indexing ing this service to utilize SQL services in order to store its data object. having these objects stored in a SQL database allow for third party applications access to manage these objects.

Openldap is a Directory Access Server Based on the x.500 protocol for centralized authentication and Directory Search. This article covers how to use SQL service to configure the server to save objects and data. Allows third-party applications to access and manage the objects stored in the SQL database.

Ports that are needed:

The required ports are:

MySQL 4.x server:/usr/ports/databases/mysql41-server

MySQL 4.x client:/usr/ports/databases/mysql41-client

LibIODBC 3.x:/usr/ports/databases/libiodbc

MyODBC 3.x:/usr/ports/databases/myodbc

OpenLDAP 2.x:/usr/ports/databases/openldap21-server WITH_ODBC = "YES"

Locking ing the MySQL server

Configure the mysql server

OpenLDAP has the option to use your different kinds of databases, in this case we will use MySQL. The first step in setting this up is to create a MySQL database for which OpenLDAP will use.

Openldap supports many different types of databases. In this case, I will use mysql. The first step to complete this task is to create a mysql database to be used by openldap.

Root @ host # mysqladmin create ldap

Next we will create a MySQL account that OpenLDAP will use for our newly created ldap database

Next I will create a mysql account that will be used by openldap to correspond to our new ldap database.

Root @ host # mysql

Welcome to the MySQL monitor. Commands end with; or g.

Your MySQL connection id is 10 to server version: 4.0.18

Type 'help; 'or 'H' for help. Type 'C' to clear the buffer.

Mysql>; grant all privileges on ldap. * to 'ldap '@ 'localhost'

->; Identified by 'Password' with grant option;

Query OK, 0 rows affected (0.13 sec)

We of course want to substitute 'Password' with the actual password we wish to use for this special user account

For specific user accounts, we certainly want to replace 'Password' with the password we really want '.

Using ing LibIODBC to use the MyODBC driver

Configure LibODBC to use the MyODBC driver.

Quite simply we need to edit two file here to get LibODBC to use the MyODBC driver in accessing the MySQL server.

In fact, we only need to modify the two files to allow LibODBC to use the MyODBC driver to access the MySQL server.

Take a look at the/usr/local/etc/libiodbc/odbcinst. ini file and make the following changes

Check the file/usr/local/etc/libiodbc/odbcinst. ini and modify the content:

[ODBC Drivers]

MySQL = Installed

[MySQL]

Description = ODBC for MySQL

Driver =/usr/local/lib/libmydbc3.so

Take a look at the/usr/local/etc/libiodbc/odbc. ini and make the following changes

Check the file/usr/local/etc/libiodbc/odbc. ini and make the following modifications:

[ODBC Data Sources]

Ldap = MySQL LDAP DSN

[Ldap]

Driver =/usr/local/lib/libmydbc3.so

Description = OpenLDAP Database

Host = localhost

ServerType = MySQL

Port = 3306

FetchBufferSize = 99

User = ldap

Password = password

Database = ldap

ReadOnly = no

Socket =/tmp/mysql. sock

[ODBC]

InstallDir =/usr/local/lib

Again, substitute password for the actual password we created for the ldap user of the MySQL database.

Again, the password for the ldap user we created in the mysql database.

We can test our current configuration before installing and inserting ing OpenLDAP. LibIODBC provides a test utility to check DSN tolerations.

Before installing and configuring openldap, we can test our current configuration. LibIODBC provides a test tool for detecting DSN configurations.

Note from darxpryte: Upon following this tutorial I 've found that iodbctest was not built automatically. this may be fixed later but if you find this to be the case you'll need to do the following:

Darxpryte prompt: in this Guide, I found that iodbctest is not automatically created and may correct this problem in the future. However, if you need to do so, follow the steps below:

Cd/usr/ports/databases/libiodbc/

Make extract

Cd work/libiodbc-3.52.2/samples

Make install

This will install iodbctest into/usr/local/bin/

This will install iodbctest to/usr/local/bin/

Once you install iodbctest, you can do the following to test your connection:

Once you have installed iodbctest, you can install the following method to test your connection:

Root @ host # iodbctest

IODBC Demonstration program

This program shows an interactive SQL processor

Driver Manager: 03.51.0001.0908

Enter ODBC connect string (? Shows list ):?

DSN | Description

---------------------------------------------------------------

Ldap | MySQL LDAP DSN

Enter ODBC connect string (? Shows list): DSN = ldap

Driver: 03.51.06

SQL>; show tables;

Tables_in_ldap

---------------------

Authors_docs

Documents

Institutes

Ldap_attr_mappings

Ldap_entries

Ldap_entry_objclasses

Ldap_oc_mappings

Ldap_referrals

Persons

Phones

Result set 1 returned 10 rows.

This shows us that the DSN is configured correctly for LibIODBC to use the MyODBC driver in order to connect to our ldap database we set up on our MySQL Server

This indicates that DSN has configured the MyODBC driver for LibIODBC to connect to the ldap database we installed on the mysql server.

If you have problems displaying the DSN names defined in the odbc. ini file via the test program, try exporting the following shell environmental variable:

If there is a problem when you pass the test program (the DSN name defined in odbc. ini is displayed), try to enter the following shell environment variable:

For csh or tcsh:

For csh or tcsh:

Setenv ODBCINI/usr/local/etc/libiodbc/odbc. ini

For sh or bash:

For sh or bash:

Export ODBCINI =/usr/local/etc/libiodbc/odbc. ini

Using ing OpenLDAP to use MySQL

Configure openldap to use mysql

During the build of OpenLDAP, we need to pass the WITH_ODBC = "YES" option so that the server build the appropriate SQL commands

When compiling openldap, We need to skip the WITH_ODBC = "YES" option. In this way, the server compiles dedicated SQL configurations.

After the make install process, we will copy over the slapd. conf file that is configured to use a SQL backend. This file is buried under the OpenLDAP ports directory in the following path:

After the installation is complete, we will copy the slapd. conf file using SQL as the background. This file is generated in the path below the ports directory of openldap:

Work/openldap-2.1.30/servers/slapd/back-SQL/rdbms_depend/mysql

Change to this directory, from the ports directory of OpenLDAP, and copy the configuration file over

>; Cp slapd. conf/usr/local/etc/openldap

Then we can import the back SQL file from this directory into our running MySQL server database

Root @ host # mysql <backsql_create. SQL ldap

Root @ host # mysql <testdb_create. SQL ldap

Optionally we can import the testdb_data and testdb_metadata files into the database so that we can have example data with which to work

Next we need to edit the/usr/local/etc/openldap/slapd. conf file and make the protper adjustments. we need to setup the slapd service to use a SQL backend under the "SQL database definitions" section

Database SQL

Suffix "o = SQL, c = RU"

Rootdn "cn = root, o = SQL, c = RU"

Rootpw secret

Dbname ldap

Dbuser ldap

Dbpasswd password

Subtree_cond "ldap_entries.dn like concat ('% ',?) "

Insentry_query "insert into ldap_entries (dn, oc_map_id, parent, keyval) VALUES (?,?,?,?) "

Go ahead and comment out or delete any other example commands for alternate SQL connectors such as S and/or MsSQL settings. (Unless of course you are using a Postgres or MsSQL server as your backend

Post installation configuration

Next, we need to edit the/etc/rc. conf and configure the OpenLDAP server to star on boot by making the following changes

Slapd_enable = "YES"

Slapd_flags = '-h "ldapi: // % 2 fvar % 2 frun % 2 fopenldap % 2 fldapi/ldap: // 0.0.0.0 /"'

Slapd_sockets = "/var/run/openldap/ldapi"

And finally we need to edit the OpenLDAP startup script and setup the ODBC path for the server to use. Edit/etc/rc. d/slapd file and add the following line:

Export ODBCINI =/usr/local/etc/libiodbc/odbc. ini

Just as we performed med the iodbctest, this variable is essential for OpenLDAP to know where the configuration file to use for ODBC connectivity

Now we are ready to try and bring up our OpenLDAP server. Let us start by running slapd manually in debug mode to see the output of startup:

Root @ host #/usr/local/libexec/slapd-d 1

We shoshould see the following at the end of the debug output:

<= Load_schema_map ()

<= Backsql_get_db_conn ()

==>; Backsql_free_db_conn ()

Backsql_free_db_conn (): closing db connection

==>; Backsql_close_db_conn ()

<= Backsql_close_db_conn ()

<= Backsql_free_db_conn ()

<= Backsql_db_open (): test succeeded, schema map loaded

Slapd starting

If this is the given output then it looks like our configuration is correct and we are ready to start up OpenLDAP normally for operation.

/Etc/rc. d/slapd start

This will startup the OpenLDAP server and we can verify it is running with the following command:

Root @ host # sockstat | grep slapd

Ldap slapd 71838 5 dgram-</var/run/log

Ldap slapd 71838 8 stream/var/run/openldap/ldapi

Ldap slapd 71838 9 tcp4 *: 389 *:*

From here, use any OpenLDAP Administration tool of your choice to add, edit and remove data