MyDB::LDAP - implement the CIToolkit ``persistant object store'' with LDAP
base
use MyDB::LDAP;
$db = MyDB::LDAP->new(@dbopts,@args);
This package provides the LDAP specific database interface methods. Several generic methods are inherited from MyDB.
Currently there is only limited access control implemented in this module, and there is no real difference between connecting to the database with read or write access. However, it has been written with such possibilites in mind, so adding them should be fairly trivial.
Several steps must be taken to set up an LDAP server for use, before the new create capability can be used to instantiate a new ``persistant object store'' on the LDAP server. See the INSTALLING LDAP section below for details.
$db = MyDB::LDAP->new(@dbopts,@args); $db = MyDB::LDAP->new($host,$port,$dbname,$rw_opt,%args);
This method examines the datasource connection info to determine where and how to connect to an LDAP server and then initiates the connection, returning the connected database object. Returns undef on failure.
The %args parameter is optional, but may contain extra connection information such as username and password to use to connect to the LDAP server.
The $host parameter is used to specify the hostname or IP address of the LDAP server. A keyword may also be used to tell new to determine the LDAP server as follows:
If the $host param is left blank, MyDB::LDAP::new will try to locate an LDAP server by trying keywords in the following order:
LOCALHOST, BOOTHOST, DBHOST
The $port parameter is used to specify what port on the server to connect on. If it is left blank, the default LDAP port (389) is used.
The $dbname parameter specifies the name of the persistant object store to use. In this way, a single LDAP server can support multiple CIToolkit databases. $dbname is a required parameter.
The $rw_opt parameter determines whether the database is opened for read or write access, or if a new object store should be initialized. Although there is not yet a difference between connecting to the LDAP server with read or write access, ``r'' should be used for read access, ``w'' for write access, and ``c'' for create. Write access implies read access, and creating the database implies both read and write.
Before creating an instance of the CIToolkit persistant object store, the LDAP server must be installed and have some minimal configuration done.
allow update_anon
suffix "ou=configdb, dc=CIT" rootdn "o=root, ou=configdb, dc=CIT" access to dn.sub="ou=configdb,dc=CIT" by * write
The access line gives anonymous users write access to our section of the LDAP database. It could be changed (along with the LDAP module) to use stricter authentication.
Depending on your cluster size and how many clients will be accessing this LDAP server, you may want to add the following lines as well:
# maximum number of entries to return from a search operation sizelimit 2000 # size of the in-memory cache, in bytes. dbcachesize 2000000
# /etc/rc.d/init.d/ldap restart
# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
This should return:
dn: namingContexts: ou=configdb,dc=CIT
dn: o=root,ou=configdb,dc=CIT objectclass: organization o: root
Then insert it and check it with the commands:
# ldapadd -D "o=root,ou=configdb,dc=CIT" -W -f init_configdb.ldif
(enter the password defined in slapd.conf when prompted)
# ldapsearch -x -b 'ou=configdb,dc=CIT' '(objectclass=*)'
# perl -MCPAN -e 'install Bundle::Net::LDAP' Or, just install the "perl-ldap" package provided by your linux distro.
MyDB documentation for other db access methods
OpenLDAP documentation