Eddie C wrote:
I don't know if there is a database schema for this. I think each database vendor comes up with their own, or even each application that uses the database for authentication.This is an interesting topic.Is there even a suggested database schema for this? Or the person who designs the c-code would desgn the schema as well?
On a related note, I notice that there are PAM SQL modules which allow you to use PAM to authenticate against credentials stored in an RDBMS. Google shows that there are PAM modules for mysql, postgres, informix, db2, and oracle. With the Fedora DS PAM passthru plugin, you should be able to pass authentication through to the database, with the appropriate PAM SQL module and configuration. That would at least solve the case where you want to use the RDBMS as the authoritative store for passwords.
EdwardOn 3/13/07, *Richard Megginson* <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>> wrote:Bill Bailey wrote: > > Hi, > > I noticed on the list of features an item indicating that data > interoperability plug-ins are available to allow the use of an RDBMS > as a data source, but I'm having trouble locating the specifics (e.g. > which databases, what sort of integration, etc.) in the documentation. > Anyone have any pointers on where I can find more information on this? > http://directory.fedora.redhat.com/wiki/FAQ#Can_I_replace_Sleepycat_with_Oracle.2C_or_Postgres.2C_etc..3F <http://directory.fedora.redhat.com/wiki/FAQ#Can_I_replace_Sleepycat_with_Oracle.2C_or_Postgres.2C_etc..3F> There are no plug-ins available. The plug-in architecture will allow this, but someone must write some C code in order to be able to do this. > > In particular, I'm struggling with whether to use a directory server > for user management or a database. If I store users in my LDAP > directory (e.g. username, password, name, address, phone, etc.), there > is still user data that I need to store in a database (e.g. > transaction data or other frequently modified data) … and I need to be > able to correlate the two. For example, for reporting I may need to > display both the basic user info and demographic information that is > so well suited for a directory alongside data that comes from a > database. This seems to me problematic since the data models and query > languages are different. And even if I could make the LDAP data look > like something I could query with SQL … and join with real RDBMS > tables … it would seem likely that performance might be less than great. > > My thinking is that if I could get the LDAP server to use e.g. MySQL > under the covers for storage, but I could still get access (read-only) > to the underlying tables, I might be able to have the best of both > worlds (assuming the underlying table structure was amenable to being > joined to my tables without to many contortions). I'm guessing my > dilemma isn't new … has anyone else struggled with this and, if so, > how did you resolve it? And have been satisfied with the solution you > selected? > > > Thanks for any input or comments. > > Bill Bailey > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx> > https://www.redhat.com/mailman/listinfo/fedora-directory-users <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx <mailto:Fedora-directory-users@xxxxxxxxxx> https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
