LDAP ==== LDAP is working. This page is mainly preserved for historical reasons, and to contain some of the sources of troubles we encountered. Current state of getting LDAP with the SQL-backend to run. The major complication is that all sources (see :ref:`sec-ldap-references`) work with the old-style slapd.conf mechanism whereas newer ldap has switched to the new-style cn=config mechanism. First we install odbc:: sudo apt-get install unixodbc odbc-postgresql And configure it via /etc/odbc.ini:: [DATABASE_NAME] Description = DATABASE_NAME connector for OpenLDAP's back-sql Driver = PostgreSQL Unicode Trace = No Database = DATABASE_NAME Servername = DATABASE_HOST UserName = cdb_admin Password = DATABASE_CDB_ADMIN_PASSWORD Port = 5432 ReadOnly = No RowVersioning = No ShowSystemTables = No ShowOidColumn = No FakeOidIndex = No ConnSettings = The ``Driver`` must be as specified in /etc/odbcinst.ini (which should be prefilled by the Debian package). To check odbc functionality we use the following command:: isql cdb We need some additional info inside the SQL database. The ldap specific additions reside in ``cdedb/database/cdedb-ldap.sql``. All data which is prefilled here is static and needed for ldap to work. We use sql query views to 'insert' data from other existent tables in the needed format into the ldap tables. Currently, there is only one table (``ldap.duas``) which is filled with test specific sample data. We now configure the SQL-backend for LDAP via two corresponding LDIF files (as is necessary according to the cn=config mechanism). The first file at ``related/auto-build/files/stage3/ldap-config.ldif`` contains all adjustments for the ldap setup process, which are mainly loading ldap modules like the sql-backend. The second file at ``ldap/cdedb-ldap.ldif`` contains the actual definition of the cdedb ldap interface. To apply the LDIF configuration file we issue the following command:: sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f /path/to/file Now, one can apply the database schemas as usual by calling:: make sample-data If the database schema is modified, ldaps ``slapd`` service needs to be stopped before and restarted afterwards. This is done in all relevant make targets automatically. We can retrieve the data from LDAP with the following command:: sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b "dc=cde-ev,dc=de" which lists the contents of our LDAP-directory backed by the SQL-DB. An alternative to ``ldapsearch`` should be ``slapcat`` like the following:: sudo slapcat -n 2 However this gives the barely helpful error ``slapcat: database doesn't support necessary operations.``. This [StackOverflow Comment[(https://serverfault.com/a/584609) suggest that ``slapcat`` is not compatible with the ``sql-backend``. Development ----------- To access the ldap in a local vm, the respective port needs to be mapped to localhost. Add something similar to this to your vm setup:: hostfwd=tcp:127.0.0.1:20389-:389 To view and query the ldap tree, ``Apache Directory Studio`` is a handsome tool. Troubleshooting --------------- To receive more information from LDAP in case anything goes wrong the log level can be increased with the following:: sudo ldapmodify -Y EXTERNAL -H ldapi:/// <