[Fedora-directory-users] LDAP and RDBMS Integration

Richard Megginson rmeggins at redhat.com
Thu Mar 15 15:32:22 UTC 2007 

Eddie C wrote:
> This is an interesting topic.
>  
> Is there even a suggested database schema for this? Or the person who 
> designs the c-code would desgn the schema as well?
I don't know if there is a database schema for this.  I think each 
database vendor comes up with their own, or even each application that 
uses the database for authentication.

On a related note, I notice that there are PAM SQL modules which allow 
you to use PAM to authenticate against credentials stored in an RDBMS.  
Google shows that there are PAM modules for mysql, postgres, informix, 
db2, and oracle.  With the Fedora DS PAM passthru plugin, you should be 
able to pass authentication through to the database, with the 
appropriate PAM SQL module and configuration.  That would at least solve 
the case where you want to use the RDBMS as the authoritative store for 
passwords.
>  
>  
> Edward
>
>  
> On 3/13/07, *Richard Megginson* <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     Bill Bailey wrote:
>     >
>     > Hi,
>     >
>     > I noticed on the list of features an item indicating that data
>     > interoperability plug-ins are available to allow the use of an RDBMS
>     > as a data source, but I'm having trouble locating the specifics
>     (e.g.
>     > which databases, what sort of integration, etc.) in the
>     documentation.
>     > Anyone have any pointers on where I can find more information on
>     this?
>     >
>     http://directory.fedora.redhat.com/wiki/FAQ#Can_I_replace_Sleepycat_with_Oracle.2C_or_Postgres.2C_etc..3F
>     <http://directory.fedora.redhat.com/wiki/FAQ#Can_I_replace_Sleepycat_with_Oracle.2C_or_Postgres.2C_etc..3F>
>
>     There are no plug-ins available. The plug-in architecture will allow
>     this, but someone must write some C code in order to be able to do
>     this.
>     >
>     > In particular, I'm struggling with whether to use a directory
>     server
>     > for user management or a database. If I store users in my LDAP
>     > directory (e.g. username, password, name, address, phone, etc.),
>     there
>     > is still user data that I need to store in a database (e.g.
>     > transaction data or other frequently modified data) … and I need
>     to be
>     > able to correlate the two. For example, for reporting I may need to
>     > display both the basic user info and demographic information
>     that is
>     > so well suited for a directory alongside data that comes from a
>     > database. This seems to me problematic since the data models and
>     query
>     > languages are different. And even if I could make the LDAP data
>     look
>     > like something I could query with SQL … and join with real RDBMS
>     > tables … it would seem likely that performance might be less
>     than great.
>     >
>     > My thinking is that if I could get the LDAP server to use e.g. MySQL
>     > under the covers for storage, but I could still get access
>     (read-only)
>     > to the underlying tables, I might be able to have the best of both
>     > worlds (assuming the underlying table structure was amenable to
>     being
>     > joined to my tables without to many contortions). I'm guessing my
>     > dilemma isn't new … has anyone else struggled with this and, if so,
>     > how did you resolve it? And have been satisfied with the
>     solution you
>     > selected?
>     >
>     >
>     > Thanks for any input or comments.
>     >
>     > Bill Bailey
>     >
>     >
>     ------------------------------------------------------------------------
>     >
>     > --
>     > Fedora-directory-users mailing list
>     > Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     <https://www.redhat.com/mailman/listinfo/fedora-directory-users>
>     >
>
>     --
>     Fedora-directory-users mailing list
>     Fedora-directory-users at redhat.com
>     <mailto:Fedora-directory-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070315/e8f9909e/attachment.bin>

More information about the Fedora-directory-users mailing list