NAME

MyDB::LDAP - implement the CIToolkit ``persistant object store'' with LDAP


MODULE

base


SYNOPSIS

  use MyDB::LDAP;
  $db = MyDB::LDAP->new(@dbopts,@args);


DESCRIPTION

This package provides the LDAP specific database interface methods. Several generic methods are inherited from MyDB.

Currently there is only limited access control implemented in this module, and there is no real difference between connecting to the database with read or write access. However, it has been written with such possibilites in mind, so adding them should be fairly trivial.

Several steps must be taken to set up an LDAP server for use, before the new create capability can be used to instantiate a new ``persistant object store'' on the LDAP server. See the INSTALLING LDAP section below for details.


METHODS

new - connect to the LDAP server
  $db = MyDB::LDAP->new(@dbopts,@args);
  $db = MyDB::LDAP->new($host,$port,$dbname,$rw_opt,%args);

This method examines the datasource connection info to determine where and how to connect to an LDAP server and then initiates the connection, returning the connected database object. Returns undef on failure.

The %args parameter is optional, but may contain extra connection information such as username and password to use to connect to the LDAP server.

The $host parameter is used to specify the hostname or IP address of the LDAP server. A keyword may also be used to tell new to determine the LDAP server as follows:

LOCALHOST - connect to 127.0.0.1

BOOTHOST - look at /proc/mounts to determine where my root filesystem is mounted and connect to the LDAP server on the same host

DBHOST - get the hostname from the $CConf::config{'dbhost'} variable

FILE - read the hostname from a specified file. In this case, the $host param would look like ``FILE/path/to/hostname.file''. The hostname will be the first non-blank line in the file that doesn't start with a ``#'' comment character.

If the $host param is left blank, MyDB::LDAP::new will try to locate an LDAP server by trying keywords in the following order:

  LOCALHOST, BOOTHOST, DBHOST

The $port parameter is used to specify what port on the server to connect on. If it is left blank, the default LDAP port (389) is used.

The $dbname parameter specifies the name of the persistant object store to use. In this way, a single LDAP server can support multiple CIToolkit databases. $dbname is a required parameter.

The $rw_opt parameter determines whether the database is opened for read or write access, or if a new object store should be initialized. Although there is not yet a difference between connecting to the LDAP server with read or write access, ``r'' should be used for read access, ``w'' for write access, and ``c'' for create. Write access implies read access, and creating the database implies both read and write.

other methods -
See MyDB documentation for other db access methods


INSTALLING LDAP

Before creating an instance of the CIToolkit persistant object store, the LDAP server must be installed and have some minimal configuration done.

Install LDAP server
Install OpenLDAP. Either get it from openldap.org, or use a package provided by your linux distribution. If LDAP is already installed, it may be set up to use SASL bind by default, in which case you may get ``ldap_sasl_interactive_bind'' errors, and should try adding ``-x'' to the ldap commands listed below.

Edit /etc/openldap/slapd.conf - to include the following lines:
  allow update_anon
  suffix      "ou=configdb, dc=CIT"
  rootdn      "o=root, ou=configdb, dc=CIT"
  access to dn.sub="ou=configdb,dc=CIT" by * write

The access line gives anonymous users write access to our section of the LDAP database. It could be changed (along with the LDAP module) to use stricter authentication.

Depending on your cluster size and how many clients will be accessing this LDAP server, you may want to add the following lines as well:

  # maximum number of entries to return from a search operation
  sizelimit 2000
  # size of the in-memory cache, in bytes.
  dbcachesize 2000000
Start/Restart the LDAP server
  # /etc/rc.d/init.d/ldap restart
Verify Directory Access
  # ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

This should return:

  dn:
  namingContexts: ou=configdb,dc=CIT
Create a domain in the LDAP server for CIT stuff
Create an LDIF file (init_configdb.ldif) that looks like: dn: ou=configdb,dc=CIT objectclass: dcObject objectclass: organizationalUnit ou: configdb dc: CIT
  dn: o=root,ou=configdb,dc=CIT
  objectclass: organization
  o: root

Then insert it and check it with the commands:

  # ldapadd -D "o=root,ou=configdb,dc=CIT" -W -f init_configdb.ldif
    (enter the password defined in slapd.conf when prompted)
  # ldapsearch -x -b 'ou=configdb,dc=CIT' '(objectclass=*)'

Get the Perl access modules
  # perl -MCPAN -e 'install Bundle::Net::LDAP'
  Or, just install the "perl-ldap" package provided by your linux distro.


SEE ALSO

MyDB documentation for other db access methods

OpenLDAP documentation

http://www.openldap.org/doc/admin/quickstart.html

http://perl-ldap.sourceforge.net/doc/