http://qs1969.pair.com?node_id=340231

l3nz has asked for the wisdom of the Perl Monks concerning the following question:

Fellow monks,
I have lately had the problem of replicating a mySQL database of emails and phone numbers into an LDAP server so that they can be accessed by IP phones and Outlook mail clients (seems like any decent virus these days does prefer an LDAP directory to find possible email address to infect, but I'm digressing).

Instead of periodically rebuilding the LDAP server contents using a client that will query my database, determine what's new and import it into OpenLDAP and having a moderate load for the machine I'm using, I decided to avoid the updating client altogether and use the database directly from LDAP. I discovered that OpenLDAP offers a CGI-like method of invoking a shell script that reads call parameters from STDIN and which output is then parsed and sent to the LDAP client. And this works just fine, apart from the fact that I don't understand how I can bind() users to my emulated LDAP.

I wonder if there is any better way to do it - I have seen that OpenLDAP offers a Perl interface, but I could not find references on the net. Anybody ever tried something like this before? Anybody knows how to bind users in such an environment?

If anybody is interested, as there is almost nothing available on the net, I was thinking of adding a small tutorial on how to use the shellouts from OpenLDAp in Perl. Lemme know if you'd like to see it.

Replies are listed 'Best First'.
Re: Perl in an OpenLDAP server
by astroboy (Chaplain) on Mar 27, 2004 at 10:02 UTC
    What about DBD::LDAP? You can issue SQL inserts/updates/deletes to your LDAP database.
[reply]
      Seems interesting, but I'd rather not mantain two different independent databases that could go out of sync. :-)
[reply]
Re: Perl in an OpenLDAP server
by biosysadmin (Deacon) on Mar 27, 2004 at 11:49 UTC
    If you have total control over the method of adding an entry to your MySQL database, why not add a procedure to that method that adds an entry to your OpenLDAP database at the same time? That way you only have to select the entire set of records from the MySQL database once, solving your data concurrency issues with pretty low overhead. If you were to use the DBI for connecting to both databases you could even use the same SQL statements to insert data into both places. (I'm using the term "database" loosely, LDAP is technically a directory service).

    If you're really worried about someone adding entries to the MySQL database and bypassing the corresponding OpenLDAP data addition, you can easily run a script on a regular basis to verify that the all of the data is synchronized.

    As far as modules for connecting to the two databases, the DBI is the obvious choice for the MySQL database. Perl-LDAP is a nice module for doing LDAP interation, and I also like DBD::LDAP.

[reply]

Back to Seekers of Perl Wisdom