Archive for the ‘OpenLDAP’ Category

Setting up OpenLDAP for MySQL Enterprise Monitor

Октябрь 12th, 2010

The latest 2.2 release of MySQL Enterprise Monitor (MEM) has the ability to authenticate against LDAP. I decided to test this setup and for that, I had to create and populate an OpenLDAP server, including STARTTLS/SSL certificates. This guide was done on CentOS 5.5 but it shouldn’t be much different in other Linux/Unix distributions. First, start off by installing the packages with:

root@shell> yum install openldap openldap-clients openldap-servers

Then head to /etc/openldap where you can set you domain and the DN for the LDAP manager user. I’ve inserted some useful comments into the slapd.conf file. Lines without comments have not been changed from the default slapd.conf file.

shell> grep -v "^#" /etc/openldap/slapd.conf | grep -v "^$"
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
#The lines below are for SSL and STARTTLS.
#I'll show you how to generate certs later on
TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSCACertificateFile /etc/openldap/ssl/ca-cert.pem
TLSCertificateFile /etc/openldap/ssl/server-cert.pem
TLSCertificateKeyFile /etc/openldap/ssl/server-key.pem
#This allows ldapsearch command to connect without a client cert
TLSVerifyClient never
database	bdb
# this is your domain. I used example.com for my tests.
suffix		"dc=example,dc=com"
# this is the "username" of the LDAP admin for this domain
rootdn		"cn=Manager,dc=example,dc=com"
# this is the encripted password. To generate a SSHA password use slappasswd.
rootpw {SSHA}8diJsdIYFRr/wt7vqk3SGj6b/ZZZ21eno
directory	/var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

If for some reason, you need to compile your own version of OpenLDAP, see this guide:
http://www.openldap.org/doc/admin24/quickstart.html

The next step is to generate our certificates. First we generate the Certificate Authority and the LDAP Server certificates. One important thing is to set the CN attribute to your server’s hostname in both certificates. You can run the hostname command in the shell to find that out. This is the same hostname you will be using in the MEM setup or to test with the ldapsearch command line utility.

# Create CA and Server Certs
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem
shell> openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

These files should be located under /etc/openldap/ssl and the server key needs to be chmoded:

shell> chmod 600 /etc/openldap/server-key.pem

Then we create the certificate for our client utilities, and let openldap know about it:

# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
shell> cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE	dc=example, dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never
#TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/ssl/ca-cert.pem

Here are how the permissions on these files look like for me:

shell> ls -la /etc/openldap/ssl/
total 40K
drwxr-xr-x 2 root root 4.0K Jun 23 13:53 .
drwxr-xr-x 5 root root 4.0K Jun 25 20:59 ..
-rw-r--r-- 1 root root 1.5K Jun 23 13:51 ca-cert.pem
-rw-r--r-- 1 root root 1.7K Jun 23 13:51 ca-key.pem
-rw-r--r-- 1 root root 1.2K Jun 23 13:53 client-cert.pem
-rw-r--r-- 1 root root 1.7K Jun 23 13:53 client-key.pem
-rw-r--r-- 1 root root 1.1K Jun 23 13:53 client-req.pem
-rw-r--r-- 1 root root 1.2K Jun 23 13:52 server-cert.pem
-rw------- 1 ldap root 1.7K Jun 23 13:52 server-key.pem
-rw-r--r-- 1 root root 1.1K Jun 23 13:52 server-req.pem

Next enable SSL for OpenLDAP and start up the server:

shell> grep -v "^#" /etc/sysconfig/ldap | grep -v "^$"
ULIMIT_SETTINGS=
STOP_DELAY=3s
SLAPD_LDAP=yes
SLAPD_LDAPS=yes
SLAPD_LDAPI=no
shell> /etc/init.d/ldap start
Checking configuration files for slapd:  bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=example,dc=com.
config file testing succeeded                                                           [  OK  ]
Starting slapd:                                            [  OK  ]
shell> ps aux | grep slapd
ldap     25224  0.0  2.3 392036 191288 ?       Ssl  21:01   0:00 /usr/sbin/slapd -h ldap:/// ldaps:/// -u ldap

Don’t worry about the warning. Let’s try and query the LDAP directory now:

shell> ldapsearch -x -h localhost -b 'dc=example,dc=com'
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1

As we can see, there are no entries yet. So let’s populate the directory with this LDIF file. You will be prompted for your password. It’s the one used to setup /etc/openldap/slapd.conf.

shell> ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f mem-ldap.ldif.txt
Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=People,dc=example,dc=com"
adding new entry "uid=user1,ou=People,dc=example,dc=com"
adding new entry "uid=user2,ou=People,dc=example,dc=com"
adding new entry "ou=groups,dc=example,dc=com"
adding new entry "cn=admin,ou=groups,dc=example,dc=com"
adding new entry "cn=dba,ou=groups,dc=example,dc=com"

And now we can see the results with:

shell> ldapsearch -x -H ldap:///localhost -b 'dc=example,dc=com'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
objectClass: domain
objectClass: top
dc: example
# People, example.com
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People
# user1, People, example.com
dn: uid=user1,ou=People,dc=example,dc=com
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
cn: Aaren Atp
sn: Atp
description: This is the description for Aaren Atp.
employeeNumber: 1
givenName: Aaren
homePhone: +1 280 375 4325
initials: ALA
l: New Haven
mail: user.1@maildomain.net
mobile: +1 680 734 6300
ou: admin
pager: +1 850 883 8888
postalAddress: Aaren Atp$70110 Fourth Street$New Haven, OH  93694
postalCode: 936942
st: OH
street: 70110 Fourth Street
telephoneNumber: +1 390 103 6917
uid: user1
userPassword:: e1NTSEF9Z0tsZjU4cm50Wit4b045N0U4cWlldVJQK1RMOVAzTGw=
# user2, People, example.com
dn: uid=user2,ou=People,dc=example,dc=com
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
cn: Aaren Atp
sn: Atp
description: This is the description for Aaren Atp.
employeeNumber: 2
givenName: Aaren
homePhone: +1 280 375 4325
initials: ALA
l: New Haven
mail: user2@maildomain.net
mobile: +1 680 734 6300
ou: dba
pager: +1 850 883 8888
postalAddress: Aaren Atp$70110 Fourth Street$New Haven, OH  93694
postalCode: 936941
st: OH
street: 70110 Fourth Street
telephoneNumber: +1 390 103 6917
uid: user2
userPassword:: e1NTSEF9Z0tsZjU4cm50Wit4b045N0U4cWlldVJQK1RMOVAzTGw=
# groups, example.com
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
# admin, groups, example.com
dn: cn=admin,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: admin
uniqueMember: uid=user1,ou=People,dc=example,dc=com
# dba, groups, example.com
dn: cn=dba,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: dba
uniqueMember: uid=user2,ou=People,dc=example,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 8
# numEntries: 7

You should also test encrypted connections, first with STARTTLS, by adding the -ZZ option:

shell> ldapsearch -x -h localhost -ZZ -b 'dc=example,dc=com'

You can also do it with SSL (ldaps), but this has been deprecated in LDAPv3:

shell> ldapsearch -x -H ldaps:///localhost -b 'dc=example,dc=com'

If you need to look at the OpenLDAP log files, you should enable them in syslog.conf:

# Log LDAP stuff
local4.*                        /var/log/ldap.log

By default, OpenLDAP writes to the LOG_LOCAL 4 facility. You should also set the loglevel to the amount of detail needed. Either check man slapd.conf or the documentation for the available levels.

At the moment, we have a running openldap server which is populated with two test users, ready to be used by MEM. In the next post, I will discuss how to setup MEM to authenticate against our LDAP server. If you need to manipulate your LDAP directory and need a graphical tool, I found Apache Directory Studio to be very nice.


PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in *NIX, Databases, LDAP, mysql, MySQL Enterprise Monitor, OpenLDAP

Комментарии отключены

 

Charts from LDAP Con on LDAP access to MySQL Cluster

Апрель 11th, 2010

At last year’s LDAP-Con event, Ludo from OpenDS and Howard from OpenLDAP presented on the work that they’d done on using MySQL Cluster as the scalable, real-time data store for LDAP directories (going directly to the NDB API rather than using SQL). Symas now provide their implementation (back-ndb) for OpenLDAP.

You can view the charts at http://www.symas.com/ldapcon2009/papers/NDB_ldapcon2009.pdf


PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in LDAP, mysql, MySQL Cluster, OpenLDAP

Комментарии отключены

 

Accessing the same data through LDAP and SQL

Октябрь 9th, 2009

LDAP and SQL access to ClusterOpenLDAP includes a driver that allows it to store and access data held in MySQL Cluster. It uses the NDB-API to access the database and so the performance is extremely good. One of the great things about the solution is that it lets you simultaneously access the same data through both LDAP and SQL (or the NDB-API or any of the MySQL connectors). This article gives an example of how this can be done.

Prerequisites:

This article assumes that you’ve already installed MySQL Cluster  – if that isn’t the case then please first refer to “Creating a simple Cluster on a single LINUX host” or “Deploying MySQL Cluster over multiple hosts“.

Once MySQL Cluster has been installed, you need to build and configure OpenLDAP to use MySQL Cluster (alternatively, you can engage Symas to provide you pre-built binaries); Johan provides a good walkthrough of this in his Blog “OpenLDAP for MySQL Cluster“. One extra note is that slapd must be run as root due to the ports it accesses. That Blog entry also explains how to test that everything is working – do that before proceeding to the next step.

Example 1 Extending the LDAP Data Schema and reading/writing the data through LDAP and SQL:

The standard schemas that come with OpenLDAP will be suitable for lots of scenarios that have typically used directories. In this article, we’re interested in other applications where we need to store and access additional attributes.

We create a new schema file “x-clusterdb-hlr.schema” that represents some of the data that would be needed for an HLR application:

attributetype ( 1.3.6.1.4.1.33913.1.0 NAME 'clusterdbsubid'
DESC 'Represents the internal subscriber identifier'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{8})

attributetype ( 1.3.6.1.4.1.33913.1.1 NAME 'clusterdbimsi'
DESC 'Represents the IMSI associated with a subscriber'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.2 NAME 'clusterdbmsisdn'
DESC 'Represents the MSISDN associated with a subscriber'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.3 NAME 'clusterdbvlrnumber'
DESC 'Represents the visited VLR number associated with a subscriber'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.4 NAME 'clusterdbsmscnumber'
DESC 'Represents the SMS SC that handles messages for a subscriber'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.5 NAME 'clusterdbsmscount'
DESC 'Represents the number of SMS messages waiting for the subscriber'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{4})

attributetype ( 1.3.6.1.4.1.33913.1.6 NAME 'clusterdbcfu'
DESC 'Represents the Call Forwarding Unconditional number for the sub'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.7 NAME 'clusterdbcfnryt'
DESC 'Represents the CFNRY timer'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.8 NAME 'clusterdbreleasemin'
DESC 'Represents the software release (minor) of the subscriber data'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

attributetype ( 1.3.6.1.4.1.33913.1.9 NAME 'clusterdbreleasemaj'
DESC 'Represents the software release (major) of the subscriber data'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15})

objectclass ( 1.3.6.1.4.1.33913.1 NAME 'clusterdbhlrrecord'
DESC 'The HLR data record for a subscriber'
MUST (clusterdbsubid $ clusterdbimsi)
MAY (clusterdbmsisdn $ clusterdbvlrnumber $ clusterdbsmscnumber $ clusterdbsmscount $ clusterdbcfu $ clusterdbcfnryt))

One thing to note is that the identifier for each objectclass or attributetype has to be globally unique and you should apply for a unique prefix for your organization from the Internet Assigned Numbers Authority – the enterprise ID for clusterdb.com is  33913 and so any identifier starting with 1.3.6.1.4.1.33913 has been defined by clusterdb.com. This article does not attempt to explain exactly how to define your own schema; you can use this example as a starting point and then refer to the OpenLDAP chapter on extending schemas.

To use this schema, you need to copy the schema file to the ’schema’ directory in the OpenLDAP installation directory – for example “/usr/local/openldap/etc/openldap/schema”. The “slapd.conf” file also needs updating/replacing to include the new schema (and in our case, change the domain and database name to clusterdb):

include      /usr/local/openldap/etc/openldap/schema/core.schema
include     /usr/local/openldap/etc/openldap/schema/cosine.schema
include     /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
include     /usr/local/openldap/etc/openldap/schema/x-clusterdb-hlr.schema

pidfile        /usr/local/openldap/var/run/slapd.pid
argsfile    /usr/local/openldap/var/run/slapd.args

#NDB database defintions
database ndb
suffix "dc=clusterdb,dc=com"
rootdn "cn=Manager,dc=clusterdb,dc=com"
rootpw secret
directory /usr/local/openldap/var/openldap-data
dbconnect localhost:1186
dbhost localhost
dbname clusterdb
dbuser root
dbpass ""
dbconnections 2
attrset billy clusterdbreleasemaj,clusterdbreleasemin

For this to take effect, you now need to stop and restart the slapd process.

To test that everything is working as intended, we need some test data covering the new schema – create a file called “add_clusterdb_hlr.txt“:

dn: dc=clusterdb,dc=com
dc: clusterdb
objectClass: dcObject
objectClass: organization
description: HLR operator
o: GSM PlC

dn: clusterdbsubid=12,dc=clusterdb,dc=com
objectclass: clusterdbhlrrecord
clusterdbsubid: 12
clusterdbimsi: 456123123456789
clusterdbmsisdn: 611231234512345
clusterdbvlrnumber: 611230000000000
clusterdbsmscnumber: 611230000000001
clusterdbsmscount: 2

dn: clusterdbsubid=97,dc=clusterdb,dc=com
objectclass: clusterdbhlrrecord
clusterdbsubid: 97
clusterdbimsi: 456123123456788
clusterdbmsisdn: 611231234512344
clusterdbvlrnumber: 611230000000000
clusterdbsmscnumber: 611230000000001
clusterdbsmscount: 0

Use the slapadd tool to load the data:

[billy@ws1 OpenLDAP]$ slapadd -l add_clusterdb_hlr.txt
091009 11:49:26 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/OL_dn2id
091009 11:49:26 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/OL_nextid
091009 11:49:27 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/OL_opattrs
091009 11:49:28 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/billy
091009 11:49:28 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/dcObject
091009 11:49:29 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/organization
_###########           59.97% eta        elapsed                 spd 258.2  /s 091009 11:49:30 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/clusterdbhlrrecord
-#################### 100.00% eta   none elapsed             02s spd 313.5  /s
Closing DB...

Behind the scenes, OpenLDAP has now created the “clusterdb” database as well as a number of tables:

mysql> use clusterdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
[billy@ws1 OpenLDAP]$ mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.1.37-ndb-7.0.8a Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use clusterdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+---------------------+
| Tables_in_clusterdb |
+---------------------+
| OL_dn2id            |
| OL_nextid           |
| OL_opattrs          |
| billy               |
| clusterdbhlrrecord  |
| dcObject            |
| organization        |
+---------------------+
7 rows in set (0.00 sec)

Again, this article doesn’t attempt to explain all of details around all of these tables but the 2 key ones here are OL_dn2id and clusterdbhlrrecord. The OL_dn2id table is used to map from a distinguished name to an entry-id (eid) which is then used a key into the table that actually holds the data (in our example, clusterdbhlrrecord). A table is created for each objectclass in the LDDAP schema that we’ve added data to (in this example, that means organization and clusterdbhlrrecord:

mysql> select * from OL_dn2id;
+-----+-------------------------------+--------+--------------+-------------------+----+----+----+----+----+----+----+-----+-----+-----+-----+-----+-----+
| eid | object_classes                | a0     | a1           | a2                | a3 | a4 | a5 | a6 | a7 | a8 | a9 | a10 | a11 | a12 | a13 | a14 | a15 |
+-----+-------------------------------+--------+--------------+-------------------+----+----+----+----+----+----+----+-----+-----+-----+-----+-----+-----+
|   1 |  dcObject organization @ top  | dc=com | dc=clusterdb |                   |    |    |    |    |    |    |    |     |     |     |     |     |     |
|   2 |  clusterdbhlrrecord @ top     | dc=com | dc=clusterdb | clusterdbsubid=12 |    |    |    |    |    |    |    |     |     |     |     |     |     |
|   3 |  clusterdbhlrrecord @ top     | dc=com | dc=clusterdb | clusterdbsubid=97 |    |    |    |    |    |    |    |     |     |     |     |     |     |
+-----+-------------------------------+--------+--------------+-------------------+----+----+----+----+----+----+----+-----+-----+-----+-----+-----+-----+
3 rows in set (0.00 sec)

mysql> select * from clusterdbhlrrecord;
+-----+-----+----------------+-----------------+-----------------+--------------------+---------------------+-------------------+--------------+-----------------+
| eid | vid | clusterdbsubid | clusterdbimsi   | clusterdbmsisdn | clusterdbvlrnumber | clusterdbsmscnumber | clusterdbsmscount | clusterdbcfu | clusterdbcfnryt |
+-----+-----+----------------+-----------------+-----------------+--------------------+---------------------+-------------------+--------------+-----------------+
|   3 |   0 | 97             | 456123123456788 | 611231234512344 | 611230000000000    | 611230000000001     | 0                 | NULL         | NULL            |
|   2 |   0 | 12             | 456123123456789 | 611231234512345 | 611230000000000    | 611230000000001     | 2                 | NULL         | NULL            |
+-----+-----+----------------+-----------------+-----------------+--------------------+---------------------+-------------------+--------------+-----------------+
2 rows in set (0.00 sec)

Clearly, the application can now use LDAP or SQL to read and modify these same fields.

Example 2 Only exposing a subset of the data through LDAP

There are some restrictions on the schema created in MySQL Cluster by OpenLDAP – for example, all columns are varchars. It could be that your application needs a richer data schema when using SQL to access the data, including data that doesn’t need accessing through LDAP. The simplest way to do this would be to have some tables in the data base that aren’t included in the LDAP schema – OpenLDAP just won’t see them.

Another option is to have OpenLDAP only see a subset of the columns in a table (it only sees those fields that are in the LDAP schema). This is fairly straightforward to acheive as OpenLDAP only creates the database and tables if they don’t already exist and it is happy to ignore any columns that are not included. For simplicity, we assume that you’ve executed Example 1 and then we remove the database and then recreate it by hand (and then you should restart slapd):

mysql> drop database clusterdb;
Query OK, 7 rows affected (4.41 sec)

mysql> create database clusterdb;
Query OK, 1 row affected (0.00 sec)

mysql> use clusterdb;
Database changed

mysql> CREATE TABLE clusterdbhlrrecord (
-> eid bigint(20) unsigned NOT NULL,
-> vid int(10) unsigned NOT NULL,
-> clusterdbsubid varchar(8) DEFAULT NULL,
-> clusterdbimsi varchar(15) DEFAULT NULL,
-> clusterdbmsisdn varchar(15) DEFAULT NULL,
-> clusterdbvlrnumber varchar(15) DEFAULT NULL,
-> clusterdbsmscnumber varchar(15) DEFAULT NULL,
-> clusterdbsmscount varchar(4) DEFAULT NULL,
-> clusterdbcfu varchar(15) DEFAULT NULL,
-> clusterdbcfnryt varchar(15) DEFAULT NULL,
-> contractstart date default null,
-> PRIMARY KEY (eid,vid))
-> engine=ndb partition by key (eid);

and then add the same data (which doesn’t contain “contractstart”) as in Example 1 and then use LDAP to check that it has been stored correctly and can be retrieved:

[billy@ws1 OpenLDAP]$ slapadd -l add_clusterdb_hlr.txt
091009 12:41:44 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/OL_dn2id
091009 12:41:45 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/OL_nextid
091009 12:41:46 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/OL_opattrs
091009 12:41:46 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/billy
091009 12:41:47 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/dcObject
091009 12:41:48 [Note] NDB Binlog: CREATE TABLE Event: REPL$clusterdb/organization
.#################### 100.00% eta   none elapsed                 spd 627.0  /s
Closing DB...

[billy@ws1 OpenLDAP]$ ldapsearch -x -b 'dc=clusterdb,dc=com'
# extended LDIF
#
# LDAPv3
# base <dc=clusterdb,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# 97, clusterdb.com
dn: clusterdbsubid=97,dc=clusterdb,dc=com
objectClass: clusterdbhlrrecord
clusterdbsubid: 97
clusterdbimsi: 456123123456788
clusterdbmsisdn: 611231234512344
clusterdbvlrnumber: 611230000000000
clusterdbsmscnumber: 611230000000001
clusterdbsmscount: 0

# clusterdb.com
dn: dc=clusterdb,dc=com
objectClass: dcObject
objectClass: organization
dc: clusterdb
o: GSM PlC
description: HLR operator

# 12, clusterdb.com
dn: clusterdbsubid=12,dc=clusterdb,dc=com
objectClass: clusterdbhlrrecord
clusterdbsubid: 12
clusterdbimsi: 456123123456789
clusterdbmsisdn: 611231234512345
clusterdbvlrnumber: 611230000000000
clusterdbsmscnumber: 611230000000001
clusterdbsmscount: 2

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

As you can see, the ‘contractstart’ field is ignored by OpenLDAP but we can work with it through SQL:

[billy@ws1 OpenLDAP]$ mysql -u root;
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.1.37-ndb-7.0.8a Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use clusterdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> update clusterdbhlrrecord set contractstart='2009-01-04' where clusterdbsubid=12;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select * from clusterdbhlrrecord;
+-----+-----+----------------+-----------------+-----------------+--------------------+---------------------+-------------------+--------------+-----------------+---------------+
| eid | vid | clusterdbsubid | clusterdbimsi   | clusterdbmsisdn | clusterdbvlrnumber | clusterdbsmscnumber | clusterdbsmscount | clusterdbcfu | clusterdbcfnryt | contractstart |
+-----+-----+----------------+-----------------+-----------------+--------------------+---------------------+-------------------+--------------+-----------------+---------------+
|   3 |   0 | 97             | 456123123456788 | 611231234512344 | 611230000000000    | 611230000000001     | 0                 | NULL         | NULL            | NULL          |
|   2 |   0 | 12             | 456123123456789 | 611231234512345 | 611230000000000    | 611230000000001     | 2                 | NULL         | NULL            | 2009-01-04    |
+-----+-----+----------------+-----------------+-----------------+--------------------+---------------------+-------------------+--------------+-----------------+---------------+

Example 3 Making rows added through SQL visible through OpenLDAP

This example builds upon  Example 2 by showing how rows can be added to the clusterdbhlrrecord and then be accessed using LDAP.

The first step is to just add the row:

mysql> insert into clusterdbhlrrecord values (4,0,101,456231234554321,61777777777,611230000000000,
-> 611230000000000,0,NULL,NULL,'2008-01-01');
Query OK, 1 row affected (0.00 sec)

When we try to read this entry through LDAP, it can’t be found:

[billy@ws1 OpenLDAP]$ ldapsearch -x -b 'clusterdbsubid=101,dc=clusterdb,dc=com'
# extended LDIF
#
# LDAPv3
# base <clusterdbsubid=101,dc=clusterdb,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
matchedDN: dc=clusterdb,dc=com

# numResponses: 1

The reason for this is that this row doesn’t yet have a corresponding entry in the OL_dn2id table; that can now be fixed:

mysql> insert into OL_dn2id values (4,'clusterdbhlrrecord @ top','dc=com','dc=clusterdb','clusterdbsubid=101','','','','','','','','','','','','','');
Query OK, 1 row affected (0.01 sec)

[billy@ws1 OpenLDAP]$ ldapsearch -x -b 'clusterdbsubid=101,dc=clusterdb,dc=com'
# extended LDIF
#
# LDAPv3
# base <clusterdbsubid=101,dc=clusterdb,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# 101, clusterdb.com
dn: clusterdbsubid=101,dc=clusterdb,dc=com
objectClass: clusterdbhlrrecord
clusterdbsubid: 101
clusterdbimsi: 456231234554321
clusterdbmsisdn: 61777777777
clusterdbvlrnumber: 611230000000000
clusterdbsmscnumber: 611230000000000
clusterdbsmscount: 0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

If you want to hide this extra step from the application then you can of course use stored procedures to automatically add the extra row to OL_dn2id.


PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in LDAP, mysql, MySQL Cluster, MySQL Cluster CGE, OpenLDAP

Комментарии отключены