Versions Compared

Old Version 4

changes.mady.by.user Jeff Turner

Saved on

compared with

New Version Current

changes.mady.by.user Jeff Turner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

OpenLDAP is typically backed by a BerkeleyDB LMDB database (bdbmdb). However it's backing datastore is actually pluggable. One of the most intriguing backends is back-sql, which allows LDAP data to be fetched from an ODBC (SQL) datasource. This lets us add a LDAP facade on top of database-backed applications, like JIRA and Confluence.

This guide is specifically for getting OpenLDAP connecting to PostgreSQL on Ubuntu (20.04). Following these instructions should leave you with an OpenLDAP directory whose tree members are read directly from equivalent database tables.

...

Now let's add a SQL backend. OpenLDAP can have multiple backends - we'll leave our dc=test,dc=com  backend configured, and add a new SQL backend rooted at dc=example,dc=com :

Code Block
catsed -e 's/^ //g' - <<EOF >> /etc/ldap/slapd.conf

# SQL Backend
database        sql
suffix          "dc=example,dc=com"
rootdn          "cn=admin,dc=example,dc=com"
rootpw          secret
dbname          ldapsql
dbuser          ldapsql
dbpasswd        ldapsql
insentry_stmt   "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
upper_func      "upper"
strcast_func    "text"
concat_pattern  "?||?"
#subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"
has_ldapinfo_dn_ru      no
EOF
systemctl restart slapd                      # If unsuccessful, 'journalctl -fu slapd &' and try again


Note

The sed  command is to trip the blank space ' ' that Confluence is adding when this block is copied and pasted :/


Tell AppArmor to let slapd access odbc.ini

...