| Author |
Topic |
|
aiken
Aged Yak Warrior
525 Posts |
 Posted - 2004-08-26 : 12:19:11
|
| I'm not sure where to post this, so it goes here.I'm in need of a solution to expose our user table for very basic read-only access via LDAP; basically a way for an external app to check if a user/password combo exists.I've googled a bunch, but I just can't find anything appropriate. Anyone have any leads on something like this? As always, free/cheap preferred, but we need it one way or the other (and I have a strong incentive to find one, as otherwise I get to exercise my very weak c# skills, which always makes my brain hurt).Thanks-b |
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2004-08-26 : 13:20:39
|
| could you work it the other way around? maybe with a trigger or somesuch, you could push the user/password combo out to AD or other LDAP provider from the DB.I am not aware of any way to expose the database via LDAP. I think microsoft had a product a few years back that kinda did that, site server or something like that. it was crap btw.-ec |
 |
|
|
portman
Starting Member
11 Posts |
Posted - 2004-08-26 : 13:25:33
|
| I agree with ec that you will want to push the information to a dedicated LDAP product on CREATEs and UPDATEs. Otherwise you're talking about writing an LDAP-compliant server, which is a lot of work (I've done it). [Warning, possible flame material coming...] There are only three worthwhile LDAP solutions out there, anyways: Microsoft AD (in Win2003), Sun One (formerly iPlanet), and openLDAP (open-source). Assuming that you have only a few places in your application where a username/password is created or updated, it wouldn't be hard to insert some code which updates one of the above. |
|
|
|
aiken
Aged Yak Warrior
525 Posts |
Posted - 2004-08-26 : 13:48:47
|
| Thanks for the speedy replies. The push idea is a good one. However, I'm still stuck -- how would I go about pushing the create/update changes from within a trigger/sp? I've had terrible experience with sp_oacreate on SQL server, so I'd prefer to avoid that.Is there a way to add an LDAP repository as a linked server and run SQL statements against it? Or another way that I'm missing.Portman, I hear you. I'm dreading having to write a small partial-LDAP server. Well, I'm dreading having to *support* it, anyways :)Thanks-b |
|
|
|
eyechart
Master Smack Fu Yak Hacker
3575 Posts |
Posted - 2004-08-26 : 14:06:10
|
| yes, you can use a linked server to Active Directory. I am not sure of other LDAP directories though.Are you using AD or some other directory?-ec |
|
|
|
aiken
Aged Yak Warrior
525 Posts |
Posted - 2004-08-26 : 14:16:12
|
| I'll be using OpenLDAP on linux; of course this has to be as difficult as possible :)Thanks-b |
|
|
|
portman
Starting Member
11 Posts |
Posted - 2004-08-26 : 15:58:28
|
| Gotta run for the day, but real quick: you can have SQL create a text file from a trigger, in that text file store the new username/password in LDIF [LDAP Data Interchange Format] syntax; you can then setup openLDAP to query a folder on the file systems for regular LDIF files; it polls that directory (every 30s by default I think) and that way you can have LDAP 'pull' the information. Note that this breaks transactional consistency between the system and will also introduce a lag, but it probably obeys some sort of 80/20 rule (80% of the functionality with only 20% of the effort). Best of luck; i'll check back in tomorrow. |
|
|
|
aiken
Aged Yak Warrior
525 Posts |
Posted - 2004-08-28 : 18:44:02
|
| This is definitely a real mess. I think the actual solution is going to be the OpenLDAP server using a mysql backend, and then linking the mysql server to SQL server, and using triggers to run insert/updates/deletes in the mysql database.There has to be a more elegant solution here, but I'm not finding it.Thanks for all of the help!-b |
|
|
|
|
Expose table via LDAP?