On Monday 10 December 2007 18:44:05 Daniel Gibby wrote:
Let me narrow the focus of my question a bit more. This isn't a general LDAP question. This is a question specific to OpenLDAP, since I'm looking for people with experience in OpenLDAP and for ways they solved the same problem I'm having with OpenLDAP and MySQL.
I understand why what you are saying is better to migrate to an LDAP back-end. I understand why it is faster, more light-weight and elegant. Yet, the solution to move completely to LDAP and get away from a DB back-end always ignores the fact that our business already has everything working with MySQL.
Which was probably a lot of work. A lot of which would probably have been unnecessary on LDAP (IMHO).
You may want to give examples of the software that you have integrated. You may find they already support LDAP.
We already have many applications setup to use the DB. We already have what we need except for an LDAP lookup on it. We just need advice on setting up OpenLDAP with a super-simple-schema, and suggestions on how to best interface OpenLDAP with MySQL for that schema. I would think that having support for this in OpenLDAP would help the community to grow.
IMHO, fewer "experts" who put everything in MySQL because they don't know of anything else would probably build the community more :-P.
Adoption would happen at a much higher rate, since many businesses have a need for such a use of OpenLDAP. That can only be mostly good news for LDAP and OpenLDAP.
So let me narrow the focus of this question more. I don't want to move away from a MySQL database. I'm open to exporting it to LDIF or to using back-sql, or to some other solution I don't know of that uses MySQL and OpenLDAP. I want someone who has experience using one of those methods to comment on resources they know of on how to get it to work, or with gotchas they found along the way.
If we only had the time, we'd look into X.500 server commands and LDAP protocol and build a server that solely runs a ODBC back end and would only support a few limited LDAP commands. It wouldn't really be a full LDAP server, and would only support the Bind and Search commands. No Update, TLS, etc. is needed. It would only be used for this limited purpose.
Then use back-sql, as I doubt you would be able to have a better implementation for your purposes. It still wouldn't be great. While it's not as well supported as other backends, it will probably be the lesser of all the evils.
I do appreciate your input. I should have been more clear as to what I'm looking for with OpenLDAP, as I could have anticipated that my first response would have been to just move solely to an LDAP backend.
And your second, and maybe your third and fourth.
We're running > 1 million mailboxes on OpenLDAP.
Regards, Buchan