The previous version of this HOWTO need some patches to OpenLDAP, thank to the OpenLDAP devel team patches are no more needed and PostgreSQL backend is now fully supported at least on openldap v2.1.x.
So in this new version I will try to give all installation and configuration requirement to have OpenLDAP running with a PostgreSQL backend and a complete live example to let you see how is the work that should be done on a medium directory. This is what I have in production state in my company with a master Bekerley db backend replicated to a remote LDAP directory using PostgreSQL as backend.
When you start using LDAP, Bekerley DB (back-bdb) is enougth to have a powerfull directory. But when you want to link your LDAP server with some application you may need to retrieved thousand of LDAP entries as listing and you will find very poor performance using standard OpenLDAP backend.
That's what I was doing when I want to load 2500 email addresses into an address book webmail application. Loading these addresses with standard LDAP take a minute, loading the same data directly from a postgreSQL database with an SQL query takes 2 seconds. My choice was done...
Also a database is more easy to manage than a bdb file but if you plan to use LDAP SQL backend in a complete replacement to bdb and do all your queries on the LDAP server with this type of backend you will experienced very poor performance du to the LDAP data model port to RDBMS.
For example querying localy some user on a high speed server:
ldapsearch -b "ou=people,dc=samse,dc=fr" "uid=*" Query of 2930 users in LDAP/DBD-Backend takes 1.7 seconds Query of 2930 users in LDAP/PostgreSQL-Backend takes 10 seconds psql pg_ldap -c "select * from people;" Query of 2930 users in PostgreSQL takes 0.5 seconds |
An other interest to do that is when you already have all information into an existing database and you want to keep only one referential. So building LDAP on your existing database is the best way to not have to create a heavy replication process between your database and the LDAP server.
Implementing an OpenLDAP SQL backend is not so difficult, the only painfull is on the LDAP schema mapping to your database. It can really takes hours depending on your schema...
So in resume you can plan to have a SQL backend in this tree conditions:
- You want to base your LDAP server to an existing RDBMS. - You need to load thousand of entries at a time. - You have time to map you database and develop your own tools. |
But remember that if you just want to improve performances of your LDAP directory you're on the wrong way...
There a better description of the difference between LDAP back-dbd and a SQL backend at :
Directories vs. Relational Database Management
How do I setup/configure back-sql?
You may also take a look at the servers/slapd/back-sql/docs where you can find documents about the concept of the implementation of a SQL backend into OpenLDAP. I suppose you already done that.