e-circ's mysql driven ldap server

2006-05-03myldap

myldap for dummies

If you have contact information stored in a MySQL database, myldap can most likely export it to your favourite e-mail application. The way you have them stored in the database must be told to myldap, but myldap supports quite complex schemes.

The problem

LDAP as described in RFC2251 and others, is widely used for accessing e-mail addresses of contacts. Any decent e-mail application has an interface for accessing these kind of resources. Besides e-mail addresses, LDAP can be used to retrieve other contact information as well, like postal addresses, ... Note that LDAP defines a communication, rather than the backend storage, although most LDAP servers come with their own, optimized storage solution.
MySQL on the other hand is a good database server, widely used on internet. A MySQL client can be easily written in C, C++, Java, PHP. This makes it an ideal database to easily implement different kind of contact information.
The big problem is that MySQL, as any database, requires a rather fixed table layout with columns, whereas LDAP implies a rather ad-hoc collection of items with attributes. The LDAP structures do not map easily on a database layout. Some implementations exist, but they touch the simplicity of database storage in favor of flexibility. As a result, very few people have their LDAP data stored in a database, and very few people enjoy the simplicity of a database for storing e-mail contacts.
To merge LDAP with MySQL, e-circ has created myldap. It allows to create easy database layouts, which are then published over LDAP. Because of the database storage, it does not allow different LDAP schemes. It's most important use is the retrieval of contact information by any e-mail client. Accessing the MySQL data with other MySQL clients, or with web services using PHP, makes it possible to integrate the contact information into larger server applications.
The MySQL coverage provided with openldap might satisfy the need for pure LDAP serving, but certainly does not allow for integration with other database applications. Therefore, the idea of one single place for data storage is lost.

The use

A lot of MySQL driven applications/web services exist today. Chances are real you already have some kind of contact information stored in a database. myldap can publish them over LDAP.
In case you're looking for some contact database, just proceed, myldap will be able to publish it too. You might want to examine the capabilities, but they're mostly limited to your MySQL syntax knowledge, rather than myldap's.

How it works

myldap is a program designed to run from any inetd alike server. Incoming connections to a specified port will trigger inetd to execute myldap, stdin & stdout redirected to your TCP/IP connection.
myldap uses a file holding it's configuration.

Access restriction.
Currently, there's only support for plain-text authentication, and only 1 single master username/password combination. Or it may be left empty.
MySQL
You can serve several database configurations, each having it's own hostname, database, ..., and surely its base DN.
Within a database configuration, you can combine different tables, which are joined, and map each column on a LDAP field. For performance optimization, not all tables must be joined necessarily to serve a request. The configuration file lets you define required fields, and optional fields.

myldap in action

myldap is tested with these LDAP clients

openldap commandline client
Mozilla e-mail/addressbook programs, such as thunderbird, Mozilla suite, SeaMonkey
Sylpheed-Claws
Outlook works fine, but refuses to do automated lookups on non Active Directory LDAP servers. It'll do lookup only when strictly necessary.

I have a screenshot here of Mozilla's address book. It shows a company "A Company", with an employee linked to it (MySQL joins), John Doe. He has a phone number within the company. If he wouldn't, the company's number would show, as does now the company's fax number.

The price

myldap runs well when properly configured. This configuration is not well documented in detail, as it requires good MySQL knowledge and basic LDAP knowledge. Therefore, myldap comes with installation support, which is not free of charge.

The linux or any recent unix-alike takes 400 EUR.
windows version 800 EUR
myldap clearly depends on inetd. Most platforms have some kind of this. But myldap itself is by no means platform dependant. To serve the windows market, e-circ has written a win32 replacement, win-inetd. The implementation is written as native win32 service program. It does not do as much as a typical inetd, it allows for a single service per instance.
Note that myldap is a server program, win-inetd is only necessary when your server is running windows.