With unixODBC or libiodbc you have to configuration file: odbc.ini and odbcinst.ini. Here are samples configuration files I use for this HOWTO:
Just copy this file into the /usr/local/etc or /etc directory following your installation.
; ; odbc.ini ; [ODBC Data Sources] PgSQL=PostgreSQL [PgSQL] ; WARNING: The old psql odbc driver psqlodbc.so is now renamed psqlodbcw.so ; in version 08.x. Note that the library can also be installed under an other ; path than /usr/local/lib/ following your installation. Driver=/usr/local/lib/psqlodbcw.so Description=Connection to LDAP/POSTGRESQL Servername=localhost Port=5432 Protocol=6.4 FetchBufferSize=99 Username=test Password=test Database=pg_ldap ReadOnly=no Debug=1 CommLog=1 [ODBC] InstallDir=/usr/local/lib |
Normally the installation of psqlodbc library has already created this file, if not just copy this file into the /usr/local/etc or /etc directory, following your installation.
; ; odbcinst.ini ; [PostgreSQL] Description=ODBC for PostgreSQL ; WARNING: The old psql odbc driver psqlodbc.so is now renamed psqlodbcw.so ; in version 08.x. Note that the library can also be installed under an other ; path than /usr/local/lib/ following your installation. Driver=/usr/local/lib/psqlodbcw.so [ODBC] Trace=1 Debug=1 Pooling=No |
You have to configure OpenLDAP to use the SQL backend, which database and some other SQL related specific option. See below:
Just copy the file openldap-2.X.XX/servers/slapd/back-sql/rdbms_depend/pgsql/slapd.conf into the /usr/local/etc/openldap/ directory and change the dbname, dbuser, dbpasswd values as follow:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
# Define global ACLs to disable default read access.
access to *
by self write
by * read
access to * by dn="cn=root,dc=example,dc=com" write
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
#######################################################################
# sql database definitions
#######################################################################
database sql
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
rootpw secret
dbname PgSQL
dbuser test
dbpasswd test
insentry_stmt "insert into ldap_entries (id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from ldap_entries),?,?,?,?)"
upper_func "upper"
strcast_func "text"
concat_pattern "?||?"
has_ldapinfo_dn_ru no
lastmod off
|
See "man slapd-sql" if you want to know more about the SQL related options. Also if you never take a look to the slapd.conf file begining with "man slapd.conf" should be a good choice.
There's no special configuration options to give to PostgreSQL. We just need to create the test database and the test user.
You must su to user postgres or any other PostgreSQL superuser to perform the following task.
Just run the following command to create the test database:
createdb pg_ldap |
createuser --no-createdb --no-createrole --no-adduser --password test |
To have OpenLDAP working with a SQL backend you must create the database structure and fill some information in it. All you need is to change directory to openldap-2.X.XX/servers/slapd/back-sql/rdbms_depend/pgsql/ and run the following command as PostgreSQL superuser:
psql pg_ldap < backsql_create.sql Don't worry if you have SQL errors, the script is trying to drop table that doesn't exists |
We have now to create a schema with table representing our test LDAP objects. This can be done by using the rdbms_depend/testdb_*.sql files and running the following commands:
psql -d pg_ldap < testdb_create.sql Don't worry if you have SQL errors, the script is trying to drop table that doesn't exists |
This part generate all links between the SQL backend and the stored object for the test database. Theses metainformation are used to translate LDAP queries to SQL queries. This part also generate all SQL function used by the metadata definition to create links between the SQL backend and the stored object for the test database and to store all attributes value.
psql -d pg_ldap < testdb_metadata.sql |
This part insert some data into the test database. This can be done by saving the following SQL code into a file named testdb_data.sql and running the following command:
psql -d pg_ldap < testdb_data.sql |
To be able to run SQL queries onto the test database we must give the grant to user 'test'. This can be done by saving the following SQL code into a file named testdb_grant.sql and running the following command:
psql -d pg_ldap -c "GRANT ALL ON ldap_attr_mappings,ldap_entries,ldap_entry_objclasses,ldap_oc_mappings,referrals,certs TO test;" psql -d pg_ldap -c "GRANT ALL ON ldap_attr_mappings_id_seq,ldap_entries_id_seq,ldap_oc_mappings_id_seq,referrals_id_seq TO test;" psql -d pg_ldap -c "GRANT ALL ON authors_docs,documents,institutes,persons,phones TO test;" psql -d pg_ldap -c "GRANT ALL ON documents_id_seq,institutes_id_seq,persons_id_seq,phones_id_seq TO test;" |
On old OpenLDAP releases the table "referrals" was called "ldap_referrals" and the "certs" table doesn't exists so if your psql complain about table referrals doesn't exists, it must be replaced by ldap_referrals and the "certs" table call removed.