Using MySQL as a openldap background database

Source: Internet
Author: User
Tags driver manager dsn ini ldap odbc mssql server openldap

Setting up OpenLDAP with MySQL backend

Use MySQL as background database installation OpenLDAP

Author:tbonius

OpenLDAP is a X.500 lightweight Directory Access Server used for

Centralized authentication and directory lookups. This article covers configuring the This service to utilize SQL services into the to store it data object. Having this objects stored in a SQL database allow for third party applications access to manage these objects.

OpenLDAP is a level directory access server based on the X.500 protocol for centralized authentication and directory search. This article contains the following: Use SQL Services to configure this server to hold objects and data. Allows third parties to apply access and manage these objects stored in the SQL database.

Ports that are needed:

The required ports are:

MySQL 4.x server:/usr/ports/databases/mysql41-server

MySQL 4.x client:/usr/ports/databases/mysql41-client

LIBIODBC 3.x:/USR/PORTS/DATABASES/LIBIODBC

MYODBC 3.x:/USR/PORTS/DATABASES/MYODBC

OpenLDAP 2.x:/usr/ports/databases/openldap21-server with_odbc= "YES"

Configuring the MySQL Server

Configuring the MySQL server

OpenLDAP has the option to use many different kinds of databases, in this case we'll use MySQL. The ' the ' in setting ' is ' to create a ' MySQL database for which OpenLDAP would use.

There are many different kinds of databases available for OpenLDAP. In this case, I will use MySQL. The first step in completing this task is to create a MySQL database that OpenLDAP will use

Root@host # mysqladmin Create LDAP

Next We'll create a MySQL account that OpenLDAP'll use for our newly created LDAP database

Below I will build a openldap MySQL account that corresponds to our newly established LDAP database.

Root@host # MySQL

Welcome to the MySQL Monitor. Commands End With; or G.

Your MySQL Connection ID is-to server version:4.0.18

Type ' help, ' or ' h ' for help. Type ' C ' to clear the buffer.

Mysql>;grant all privileges in ldap.* to ' ldap ' @ ' localhost '

->;identified by ' password ' with GRANT option;

Query OK, 0 rows affected (0.13 sec)

We have course want to substitute ' password ' with the actual password we wish to use for this particular user account

For a specific user account, of course we want to replace ' password ' with the password we really want to use.

Configuring LIBIODBC to use the MYODBC driver

Configure LIBODBC to use MYODBC drive.

Quite simply we need to edit two file-here-get-libodbc to-use the MYODBC-driver in accessing the MySQL server.

In fact, we simply need to modify the two files here so that LIBODBC can use the MYODBC driver to access the MySQL server.

Take a look in The/usr/local/etc/libiodbc/odbcinst.ini file and make the following changes

Look at this file/usr/local/etc/libiodbc/odbcinst.ini and modify the content:

[ODBC Drivers]

MySQL = Installed

[MySQL]

Description=odbc for MySQL

Driver=/usr/local/lib/libmyodbc3.so

Take a look in The/usr/local/etc/libiodbc/odbc.ini and make the following changes

Look at this file/usr/local/etc/libiodbc/odbc.ini and make the following modifications:

[ODBC Data Sources]

LDAP = MySQL LDAP DSN

[LDAP]

Driver =/usr/local/lib/libmyodbc3.so

Description = OpenLDAP Database

Host = localhost

ServerType = MySQL

Port = 3306

FetchBufferSize = 99

User = LDAP

Password = Password

Database = LDAP

ReadOnly = No

Socket =/tmp/mysql.sock

[ODBC]

Installdir=/usr/local/lib

Again, substitute password for the actual password we created for the LDAP user of the MySQL database.

Again, the password for the LDAP user we established in the MySQL database.

We can test our current configuration before installing and configuring OpenLDAP. LIBIODBC provides a test utility to check DSN configurations.

Before installing the configuration OpenLDAP, we can test our current configuration. LIBIODBC provides a test tool for detecting DSN configurations.

Note from darxpryte:upon following this tutorial I ' ve found that iodbctest is not built automatically. This is the May is fixed later but if you are the case for you ' ll need to do the following:

Darxpryte tip: Below this guide, I find that iodbctest is not automatically built and may fix the problem later, but if you need to do so, follow the shave:

cd/usr/ports/databases/libiodbc/

Make extract

CD Work/libiodbc-3.52.2/samples

Make install

This'll install Iodbctest into/usr/local/bin/

This will install the iodbctest to the/usr/local/bin/

Once you install Iodbctest, you can did the following to test your connection:

Once you have installed the Iodbctest, you can install the following method to test your connection:

Root@host # Iodbctest

IODBC Demonstration Program

This is shows an interactive SQL processor

Driver manager:03.51.0001.0908

Enter ODBC connect string (? Shows list):?

DSN | Description

---------------------------------------------------------------

LDAP | MySQL LDAP DSN

Enter ODBC connect string (? Shows list):D Sn=ldap

driver:03.51.06

Sql>;show tables;

Tables_in_ldap

---------------------

Authors_docs

Documents

Institutes

Ldap_attr_mappings

Ldap_entries

Ldap_entry_objclasses

Ldap_oc_mappings

Ldap_referrals

Persons

Phones

Result set 1 returned rows.

This shows us so the DSN is configured correctly for LIBIODBC to with the MYODBC driver in order to connect to our LDAP D Atabase we set up in our MySQL Server

This means that DSN has configured the LIBIODBC to use the MYODBC drive to connect to the LDAP database we installed on the MySQL server.

If you have problems displaying the DSN names defined on the Odbc.ini file via the test program, try exporting the FOLLOWI NG Shell Environmental Variable:

If you have problems with the test program (which displays the DSN name defined in Odbc.ini), try entering the following shell environment variable:

For CSH or tcsh:

For CSH or tcsh:

Setenv Odbcini/usr/local/etc/libiodbc/odbc.ini

For SH or bash:

For SH or bash:

Export Odbcini=/usr/local/etc/libiodbc/odbc.ini

Configuring OpenLDAP to use MySQL

Configure OpenLDAP to use MySQL

During the build of OpenLDAP, we need to pass the with_odbc= "YES" option so this is the server build the appropriate SQL conf Igurations

When compiling openldap, we need to skip the with_odbc= "YES" option so that the server compiles a dedicated SQL configuration.

After the ' make install process, we'll copy over the slapd.conf file ' is configured to use a SQL backend. This file is buried under the OpenLDAP ports directory in the following path:

After the installation process is complete, we will copy the slapd.conf file that uses SQL as the background, which is generated in the following path in the OpenLDAP ports directory:

Work/openldap-2.1.30/servers/slapd/back-sql/rdbms_depend/mysql

Change to this directory, from the ports directory of OpenLDAP, and copy the configuration file over

>; CP Slapd.conf/usr/local/etc/openldap

Then We can import the back SQL file to our running MySQL server database

Root@host # MySQL < backsql_create.sql LDAP

Root@host # MySQL < testdb_create.sql LDAP

Optionally we can import the Testdb_data and Testdb_metadata files into the database so, we can have example data with which to work

Next we need to edit the/usr/local/etc/openldap/slapd.conf file and make the protper adjustments. We need to setup the SLAPD service to use a SQL backend under the "SQL Database Definitions" section

Database sql

Suffix "o=sql,c=ru"

RootDN "Cn=root,o=sql,c=ru"

ROOTPW Secret

dbname LDAP

Dbuser LDAP

DBPASSWD Password

Subtree_cond "Ldap_entries.dn like CONCAT ('% ',?)"

Insentry_query "INSERT into Ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)"

Go ahead and comment out or delete no other example configurations for alternate SQL connectors such as Postgres and/or M sSQL settings. (Unless of course you are using a Postgres or MsSQL server as your backend

Post installation Configuration

Next, we need to edit the/etc/rc.conf and configure the OpenLDAP server to star on boot by making the following changes

Slapd_enable= "YES"

slapd_flags= '-h ' ldapi://%2fvar%2frun%2fopenldap%2fldapi/ldap://0.0.0.0/'

Slapd_sockets= "/var/run/openldap/ldapi"

And finally we need to edit the OpenLDAP startup script and the setup of the ODBC path for the. EDIT/ETC/RC.D/SLAPD file and add the following line:

Export Odbcini=/usr/local/etc/libiodbc/odbc.ini

Just as we performed the iodbctest, this variable are essential for OpenLDAP to know where the configuration file to use fo R ODBC Connectivity

Now we are ready to try and bring up our OpenLDAP server. Let-us start by running SLAPD manually into debug mode to the output of startup:

Root@host #/usr/local/libexec/slapd-d 1

We should the following at the debug output:

<==load_schema_map ()

<==backsql_get_db_conn ()

==>;backsql_free_db_conn ()

Backsql_free_db_conn (): Closing DB connection

==>;backsql_close_db_conn ()

<==backsql_close_db_conn ()

<==backsql_free_db_conn ()

<==backsql_db_open (): Test succeeded, schema map loaded

SLAPD starting

If This is the given output then it looks like our configuration are correct and we are ready to start up OpenLDAP normally For operation.

/ETC/RC.D/SLAPD start

This'll startup the OpenLDAP server and we can verify it's running with the following command:

Root@host # sockstat |grep SLAPD

LDAP SLAPD 71838 5 Dgram-</var/run/log

LDAP SLAPD 71838 8 Stream/var/run/openldap/ldapi

LDAP SLAPD 71838 9 TCP4 *:389 *:*

From this, use the OpenLDAP administration tool of your choice to add, edit and remove data

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.