On Thu, Apr 3, 2008 at 4:10 PM, pobox@xxxxxxxxxxxxx <pobox@xxxxxxxxxxxxx> wrote: > Nathan Nobbe schrieb: > > and its a little more > > complicated to map to sql than one might initially suspect > > http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS > > Yes, that's why I decided to try a php LDAP read-only (for Thunderbird) > "implementation" - I could not see how I can map the LDAP to our SQL (which > implements object-relational mapping defined in XML text files and could not > be done without the php logic). unfortunately, i dont think youll be able to escape this. suppose thunderbird asks your php app a question in ldap; suppose it wants to authenticate a user (one of the most prominent uses of ldap). so it will be giving you something (roughly) like cn=someDude,dc=urDomain,dc=com (also, somewhere in there ldap would specify this is a bind request and hand you a password [but this is just a simple example for illustration]). lets assume you have a simple user table in your database (again grossly simplified) create table USER ( id integer not null auto_increment, name varchar(50) not null, password varchar(25) not null, primary key(id) ) so you would turn around and do something like function authUser($cn, $pass) { $qry = "SELECT password FROM USER WHERE name = '$cn'"; $resultSet = doQuery ... if($resultSet['password'] == $pass) { return true; } else { return false; } } which means you will be mapping ldap queries to sql queries; ergo, 'you cant escape a mapping of some sort if your data is in a relational database and your trying to get it in the hands of ldap' setting up an ldap server like openldap involves mapping your relational database schema to one of the openldap directory structure (which is descended [roughly i believe] from x509 back in the day). its kind of a pain in the ass, especially if youre new to it (trust me on this one ;)) but you won't have to know anything about the ldap protocol. imho this would be far easier and it would have the advantage that you wouldnt be reinventing the wheel so to speak. this is a common practice that many people have done and would be able to help you w/ whereas building a 'read-only' ldap server in php is something i dont think many, if any have ever done.. youre likely to have your hands full w/ that and be mostly on your own... but it would be cool if you got it working ;) if i were you i would consider building a custom backend for openldap, perhaps a shell one, that turned around and called php. http://www.openldap.org/doc/admin24/backends.html#Perl/Shell or perhaps just doing w/e it takes to get the sql backend working; i however found it quite vexing and to boot its marked as experimental.. but still you wouldnt have to write your own server. openldap would esentially be speaking ldap for you and giving you something somewhat deluded to work w/ on the backend. good luck, -nathan
