Skip to content

Administrator

Developer

Tools

External Tools

2. OpenLDAP#

This chapter describes how to integrate openLDAP with Altibase.

Introduction to OpenLDAP#

OpenLDAP is a Light-weight Directory Access Protocol(LDAP) as an open source implementation.

OpenLDAP supports RDBMS as a backend repository, which is called SQL Backend or back-sql. back-sql uses ODBC when linking with RDBMS.

OpenLDAP Installation#

  1. Download OpenLDAP
    http://www.openldap.org/

  2. Unpack

    $ tar xvfz name_of.tgz

  3. Configure, Make, and Install

    $ ./configure --prefix=.... --enable-sql
   ./configure --refer to help
$ make depend
$ make
$ make install (su root -c 'make install')

Altibase Installation#

We recommend users to install Altibase 6.5.1 or later.

For more detailed information on installation, please refer to the Installation Guide.


Meta Data Configuration#

In the meta table for LDAP, it is necessary to store which table and column of Altibase map objectClass and attributeType of LDAP.

Altibase can use 4 meta tables for LDAP.

  • ldap_oc_mappings

  • ldap_attr_mappings

  • ldap_entries

  • ldap_entry_objclasses

ldap_oc_mappings#

The objectClass mapping table stores the relationship between the structuralObjectClass and the table.

Column Name Description
ID The unique ID
Used when referencing another Idap_* table.
NAME The name of objectClass.
Must match the name of one of the objectClasses loaded in slapd's schema
KEYTBL The name of the table corresponding to objectClass.
In the example, inetorgPerson objectClass is mapped to the person table.
KEYCOL The name of the primary key column of the "keytbl" table.
CREATE_PROC SQL statement to execute when adding an entry.
CREATE_KEYVAL Query statement that receives the new ID value entered in the "CREATE_PROC" SQL statement.
Create_needs_select must be set to "yes" in slap.conf to use this query.
DELETE_PROC When deleting an entry, the SQL statement "keybl.keycol" to be executed is taken as a host variable.
EXPECT_RETURN An integer value of the bit string indicating whether the SQL statements of CREATE_PROC and DELECT_PROC return a value.
The first bit corresponds to ADD_PROC, and the second bit corresponds to DELETE_PROC.

Available Values:
0: Both the CREATE_PROC and DELETE_PROC SQL statements have no return value
1: SQL statement of CREATE_PROC returns a value
2: SQL statement of DELETE_PROC returns a value
3: Both the CREATE_PROC and DELETE_PROC SQL statements return values

What to observer when writing an SQL statement (procedure or function) with a return value:
- The return value of CREATE_PROC should be the new ID value entered.
- The return value of DELETE_PROC should return 0 is successful, 1 otherwise.
- The outbinding parameter that receives the return value should be placed at the beginning.

ldap_attr_mappings#

As attributeType mapping table, it stores how attributeType for specific objectClass is mapped to SQL statement.

Column Name Description
ID Unique ID
OC_MAP_ID Indicates the ID of the Idap_oc_mappings table, and indicates which objectClass the attributeType belongs to.
NAME The name of the attributeType.
Must match the name of one of the attributeTypes loaded in slapd's schema.
SEL_EXPR Expression to select the attribute below.
("select <sel_expr> from ..." part)
FROM_TBLS Table to get the below attribute:
("select ... from <from_tbls > where ..." part)
JOIN_WHERE Condition for selecting the attribute below.
("select ... where <join_where> ..." part)
ADD_PROC SQL statement to input in the corresponding attribute.
Takes the value of the attibute to be added and the "keytbl.keycol" of the entry associated with it as a host variable.
DELETE_PROC SQL statement to delete in the attribute.
Takes the value of attibute to be deleted and the "keytbl.keycol" of the entry associated with it as a host variable.
PARAM_ORDER The integer value of the bit string indicating whether the keytbl.keycol value precedes or follows the value of attibute in the SQL statements of ADD_PROC and DELETE_PROC. If the keytbl.keycol value comes before the attibute value, set 0, and if it comes after, set 1.
The first bit corresponds to ADD_PROC, and the second bit corresponds to DELETE_PROC.

Available Values:
0: In the CREATE_PROC and DELETE_PROC SQL statements, the keytbl.keycol vlaue precedes the attribute value.
1: In the SQL statement of CREATE_PROC, the keytbl.keycol value follows the value of attibute.
2: In the SQL statement of DELETE_PROC, the keytbl.keycol value follows the value of attibute.
3: Both the SQL statements of CREATE_PROC and DELTE_PROC have the keytbl.keycol value after the attibute value.
EXPECT_RETURN The integer value of the bit string indicating whether the SQL statements of ADD_PROC and DELTE_PROC return a value.

Available Values:
0: Both the SQL statements fo CREATE_PROC and DELETE_PROC have no retun value
1: SQL statement of CREATE_PROC returns a value
2: SQL statement of DELETE_PROC returns a value
3: Both the CREATE_PROC and DELETE_PROC SQL statements return values.

What to observe when writing an SQL statement (procedure or function) with a return value: <br /- The return value of CREATE_PROC and DELETE_PROC should return 0 if successful, or 1 otherwise.
- The outbinding parameter that receives the return value should be placed first.

ldap_entries#

This is an entry mapping table. It stores the DN value that identifies each entry in the LDAP tree.

Column Name Description
ID Unique ID
DN The DB of the entry is stored in "pretty" form.
OC_MAP_ID The ID of the table corresponding to the main objectClass of the entry.
Corresponds to one of the ID Values in the Idap_oc_mappings table.
PARENT The ID of the parent entry.
The "suffix" entry has a value of 0.
KEYVAL The value of the primary key column of the row in the table that holds the entry's data.
That is, the primary key column value of the table corresponding to the objectClass of this entry ("keytbl.keycol" value)

ldap_entry_objclasses#

This is an objectClass mapping table. Entry has some auxiliary objectClass.

Column ID Description
ENTRY_ID The value of ldap_entries.id
NAME The name of auxiliary objectClass.
Must match the name of one of the objectClasses loaded in slapd's schema.


Configuration#

Edit the ODBC configuration and slapd.conf file to configure the OpenLDAP environment.

.odbc.ini#

[ldap_altibase]
Description = ODBC for Altibase
Driver = /home/altibase/altibase_home/lib/libaltibase_odbc-64bit-ul64.so
server = 127.0.0.1
port = 20030

odbc trace configuration: the following configuration can be used to trace the problem when a back-end error occurs.

.odbcinst.ini#

[ODBC]
TraceFile = /home/altibase/odbc.log
Trace = Yes

slapd.conf#

Edit slapd.conf with reference to slapd.conf provided as a sample for Altibase.

# $OpenLDAP$
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

#######################################################################
# sql database definitions
#######################################################################

database        sql
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          secret
dbname          ldap_altibase --ODBC dsn name
dbuser          ldap --Altibase user name
dbpasswd        ldap --db user pw
subtree_cond    "upper(ldap_entries.dn) LIKE CONCAT('%',upper(?))"
insentry_stmt   "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values (ldap_entry_ids.nextval,?,?,?,?)"
has_ldapinfo_dn_ru  no
upper_func      UPPER


Examples#

A DIT (Directory Information Tree) is build in the Altibase as shown in the figure below.

openldap_dit

root DN is "dc=example and dc=com", ldif (LDAP Data Interchange Files, file representing tree data as text) is as follows. Please refer to the sample file except root DN "dc=exampl,dc=com". Sample file is in https://github.com/ALTIBASE/openldap/tree/master/servers/slapd/back-sql/rdbms_depend/altibase.

# Mitya Kovalev, example.com
dn: cn=Mitya Kovalev,dc=example,dc=com
objectClass: inetOrgPerson
cn: Mitya Kovalev
sn: Kovalev
seeAlso: documentTitle=book1,dc=example,dc=com
seeAlso: documentTitle=book2,dc=example,dc=com
givenName: Mitya
userPassword:: bWl0
telephoneNumber: 222-3234
telephoneNumber: 332-2334

# Akakiy Zinberstein, example.com
dn: cn=Akakiy Zinberstein,dc=example,dc=com
objectClass: inetOrgPerson
cn: Akakiy Zinberstein
sn: Zinberstein
givenName: Akakiy

# Torvlobnor Puzdoy, example.com
dn: cn=Torvlobnor Puzdoy,dc=example,dc=com
objectClass: inetOrgPerson
cn: Torvlobnor Puzdoy
sn: Puzdoy
seeAlso: documentTitle=book1,dc=example,dc=com
givenName: Torvlobnor
telephoneNumber: 545-4563

# book1, example.com
dn: documentTitle=book1,dc=example,dc=com
objectClass: document
description: abstract1
documentTitle: book1
documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
documentAuthor: cn=Torvlobnor Puzdoy,dc=example,dc=com
documentIdentifier: document 1

# book2, example.com
dn: documentTitle=book2,dc=example,dc=com
objectClass: document
description: abstract2
documentTitle: book2
documentAuthor: cn=Mitya Kovalev,dc=example,dc=com
documentIdentifier: document 2

# example.com
dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example
dc: example

These entries are structual objectClass "Organization" and auxiliary objectClass contains "dcObject", and each definition is as follows.

To map objectClass to a DB table, users must select and column among attribute members of objectClass. In this example, the "o" and "dc" attributes are selected.

objectclass ( 2.5.6.4 NAME 'organization'
    DESC 'RFC2256: an organization'
    SUP top STRUCTURAL
    MUST o
    MAY ( userPassword $ ... ) )

objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
    DESC 'RFC2247: domain component object'
    SUP top AUXILIARY MUST dc )

The following is an SQL statement that creates the "institutes" table mapping the above objectClass to the Altibase table and the meta data for inserting, searching, and modifying data.

CREATE TABLE institutes (
        id int NOT NULL,
        name varchar(255)
);
insert into institutes (id,name) values (institute_ids.nextval,'Example');

insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
  values (3,'organization','institutes','id','exec create_org(?)','exec delete_org(?)',1);

insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
  values (11,3,'o','institutes.name','institutes',NULL,'exec set_org_name(?,?)',NULL,0,0);

insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
  values (12,3,'dc','lower(institutes.name)','institutes,ldap_entries dcObject,ldap_entry_objclasses auxObjectClass',
    'institutes.id=dcObject.keyval AND dcObject.oc_map_id=3 AND dcObject.id=auxObjectClass.entry_id AND auxObjectClass.oc_name=''dcObject''',
    NULL,NULL,0,0);

insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
  values (ldap_entry_ids.nextval,'dc=example,dc=com',3,0,1);  -- id = 1

insert into ldap_entry_objclasses (entry_id,oc_name) values (1,'dcObject');

CREATE OR REPLACE PROCEDURE create_org(keyval OUT INTEGER) AS
BEGIN
INSERT INTO institutes (id,name) VALUES (institute_ids.nextval,' ');
SELECT institute_ids.currval INTO keyval FROM DUAL;
END;
/

CREATE OR REPLACE PROCEDURE delete_org(keyval IN INTEGER) AS
BEGIN
DELETE FROM institutes WHERE id=keyval;
END;
/

CREATE OR REPLACE PROCEDURE set_org_name(keyval IN INTEGER, new_name IN varchar(255)) AS
BEGIN
UPDATE institutes SET name=new_name WHERE id=keyval;
END;
/

The sample example above is provided as a script file, and sample data can be built as shown below. The script file used can be downlaoded from https://github.com/ALTIBASE/openldap/tree/master/servers/slapd/back-sql/rdbms_depend/altibase.

Creating Idap User#

After connection isql as sys user, execute the following SQL statement:

drop user ldap cascade;
create user ldap identified by ldap;

Creating Data#

$ isql -s localhost -u ldap -p ldap -f backsql_create.sql
$ isql -s localhost -u ldap -p ldap -f testdb_create.sql
$ isql -s localhost -u ldap -p ldap -f testdb_metadata.sql
$ isql -s localhost -u ldap -p ldap -f testdb_data.sql
  • backsplash_creat.sql: Create a table for storing meta data for mapping
  • testdb_create.sql: Create objectClass to use as DB table
  • testdb_metadata.sql: Enter meta data for mapping
  • Testdb_data.sql: objectClass data input