LDAP from Mysql

[Robin Reumers]

Hi,

I was wondering if I can set up and LDAP server to serve usernames and passwords which are stored in a MySql database?

Thanks

Robin

[jerkyjerk]

What are you using plain OpenLDAP, Open Directory or something else? If you are using plain OpenLDAP then I think you should be able to.

article in spanish might be able to glean something from the example configs.
[url]http://www.ecualug.org/?q=2006/07/21/forums/openldap_con_mysql_backend[/url]

A pdf HOWTO
[url]http://www.noofs.org/doc/ldap_sql.pdf[/url]

[Robin Reumers]

Hi,

At the moment, I’m not using an LDAP for that, what the plan is to use http://actualtechnologies.com/ ODBC to import usernames / passwords from Filemaker into MySQL and then to authenticate from there through some LDAP application, what do you think would be the easiest for that?

Thanks for the link.

Robin

[jerkyjerk]

Is your goal some kind of single sign on? You have an application that uses mysql for authentication and you want some workstations to use LDAP for authentication? and by using MySQL as your back-end instead of bdb you get to drive both from the same username/passwords? is the ODBC export to mysql one time or are you going to use the ODBC from filemaker to drive only the username passwords while you contiue to use you filemaker app and the logic is it would be easier to use MySQL with some kind of LDAP instead of filemaker. I’m just trying to figure out what’s the motivation for using MySQL instead the the default bdb backend with LDAP. What kind of clients are you using? Mac, Windows, *NIX? a mix?

[Robin Reumers]

I’m using multipe platforms. Indeed filemaker server advanced offers what an ODBC can do, but that’s another 1500 dollar, what I want to do is to have my clients use our ftp server (which is Rumpus), I want to verify them with their password being their jobnumber (stored in filemaker), that way I can only add the clients that I want to give access for my ftp by using a command trough the ODBC to store their username / password in the database, there usernames will change, and most users only exist for about 30 days.

Robin

[jerkyjerk]

I wasn’t familar with Rumpus so I took a look and see it’s an FTP daemon with a nice admin front end on it. Looking though the GUI though I don’t see any alterative forms of authentication like LDAP or MySQL. But reading though the technical details document it stores all it’s info in /usr/Rumpus and the file of interest is rumpus.users. Excerpted from the Technical Details pdf:

Rumpus.users
This text file contains the user account definitions for all Rumpus user accounts. The file is maintained
in tabs-delimited ASCII format and includes the following fields, in order:
Field Comment
Account Name login name
Password user account password, encrypted or plain text
Home Folder “ROOT” or a full path to user home folder
Permissions “Y” or “N” for specific privileges, see below
Max Folder Size in MB
Folder Set ID a numeric ID, see the “Rumpus.fsets” file
Upload Notice Name must exactly match a defined notice name
Max Simultaneous Connections “Y” or “N” enables the option, followed by value
Max Upload Rate use “Y” or “N”, followed by value in KBps
Max Upload/Download Ratio use “Y” or “N”, followed by value
Custom File Permission Settings “Y” or “N”, plus “N” (none), “R” (read) or “B” (read & write)
Account Expiration Info use “P” (permanent), “D” (disable) or “R” (remove)
Max Download Rate use “Y” or “N”, followed by value in KBps

Using this info I was able to manually manipulate the the file into adding in a user without using the GUI

testuser mcrypt:-284218835,254703885,756252252,-2063730403 ROOT YYYYYYYYNNN 0 0 N4 N16 N100 NBRR P N16 N-
testuser2 testuser2 ROOT YYYYYYYYNNN 0 0 N4 N16 N100 NBRR P N16 N-

Without spending much time figuring out how to do it as a crypted string, I just stored a clear text password as you can see by the testuser2 entry. I restarted the daemon and was able to login as testuser2.

Where I’m going with all this is you could probably do without ODBC, mysql and LDAP to support the storing username/password info in Filemaker while using that same username/password combo to allow clients to log into Rumpus. Depending on what your strong points are you could probably use anything from Applescript to perl to a shell script to make this work. I haven’t used FileMaker in a long time(I think 4 or 5 was the last version I touched) but if you can schedule a daily export of your records to a text file. You should be able to use any of the three lanugaues to execute an import into the rumpus.users file via cron.

[Author]

Posts