Let me narrow the focus of my question a bit more. This isn't a general LDAP question. This is a question specific to OpenLDAP, since I'm looking for people with experience in OpenLDAP and for ways they solved the same problem I'm having with OpenLDAP and MySQL.

I understand why what you are saying is better to migrate to an LDAP back-end. I understand why it is faster, more light-weight and elegant. Yet, the solution to move completely to LDAP and get away from a DB back-end always ignores the fact that our business already has everything working with MySQL. We already have many applications setup to use the DB. We already have what we need except for an LDAP lookup on it. We just need advice on setting up OpenLDAP with a super-simple-schema, and suggestions on how to best interface OpenLDAP with MySQL for that schema. I would think that having support for this in OpenLDAP would help the community to grow. Adoption would happen at a much higher rate, since many businesses have a need for such a use of OpenLDAP. That can only be mostly good news for LDAP and OpenLDAP.

So let me narrow the focus of this question more. I don't want to move away from a MySQL database. I'm open to exporting it to LDIF or to using back-sql, or to some other solution I don't know of that uses MySQL and OpenLDAP. I want someone who has experience using one of those methods to comment on resources they know of on how to get it to work, or with gotchas they found along the way.

If we only had the time, we'd look into X.500 server commands and LDAP protocol and build a server that solely runs a ODBC back end and would only support a few limited LDAP commands. It wouldn't really be a full LDAP server, and would only support the Bind and Search commands. No Update, TLS, etc. is needed. It would only be used for this limited purpose.

I do appreciate your input. I should have been more clear as to what I'm looking for with OpenLDAP, as I could have anticipated that my first response would have been to just move solely to an LDAP backend.

Gavin Henry wrote: 
<quote who="Daniel Gibby">
  
Hi,
    

Hi,

  
We are somewhat new to OpenLDAP and are planning on how we'll use it for
our business.
    

This thread may be more suitable for the general LDAP mailing list:

http://www.umich.edu/~dirsvcs/ldap/mailinglist.html

Nothing, as yet, seems directly related to OpenLDAP since you appear to be
at the "understanding LDAP" stages.

  
We have a few different uses we plan on, but one in particular that I
have a question about.

We already have our email server setup to run virtual domain and aliases
with a MySQL backend.
We have a few thousand email addresses at one domain and we pretty much
won't need more meta-information related to them besides what is already
in our database.

A spam firewall appliance sits in front of our email server. The spam
firewall supports an LDAP lookup for email addresses.

Since we already use MySQL for the backend of our email addresses, what
would be the ways we should consider integrating OpenLDAP to support the
spam firewall appliance?
    

Switch MySQL out for OpenLDAP. Put your virtual domains and aliases in
there and then point your Spam/Firewall appliance at it.

  
I'm wary of using back-sql since all I ever see when searching through
the OpenLDAP archives are somewhat old issues and lack of support.
    

Not lack of support, mainly inproper use of back-sql or misunderstanding
its intended purpose...

  
If I'm wrong about shying away from that, let me know.

It seems to me that we need a very simple implementation for this part
of our business. Our schema only needs to include the email address,
that's it.

For other areas of our business we'd want to setup something more
extensive on another server, but what would you see as options for
setting up what we be required for this appliance lookup?

Thanks for your input! I'll post questions about our other uses or
issues of OpenLDAP in another thread.

    

Again, these discussion items are better suited to the general LDAP list:

http://www.umich.edu/~dirsvcs/ldap/mailinglist.html

Thanks,

Gavin.