Re: [PHP] LDAP in php
On Thu, Apr 3, 2008 at 4:10 PM, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
Nathan Nobbe schrieb:
and its a little more
complicated to map to sql than one might initially suspect
http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS
Yes, that's why I decided to try a php LDAP read-only (for Thunderbird)
implementation - I could not see how I can map the LDAP to our SQL (which
implements object-relational mapping defined in XML text files and could not
be done without the php logic).
unfortunately, i dont think youll be able to escape this. suppose
thunderbird asks your php app a question in ldap; suppose it wants to
authenticate a user (one of the most prominent uses of ldap). so it will be
giving you something (roughly) like
cn=someDude,dc=urDomain,dc=com
(also, somewhere in there ldap would specify this is a bind request and hand
you a password [but this is just a simple example for illustration]).
lets assume you have a simple user table in your database (again grossly
simplified)
create table USER (
id integer not null auto_increment,
name varchar(50) not null,
password varchar(25) not null,
primary key(id)
)
so you would turn around and do something like
function authUser($cn, $pass) {
$qry = SELECT password FROM USER WHERE name = '$cn';
$resultSet = doQuery ...
if($resultSet['password'] == $pass) { return true; } else { return false;
}
}
which means you will be mapping ldap queries to sql queries; ergo, 'you cant
escape a mapping of some sort if your data is in a relational database and
your trying to get it in the hands of ldap'
setting up an ldap server like openldap involves mapping your relational
database schema to one of the openldap directory structure (which is
descended [roughly i believe] from x509 back in the day). its kind of a
pain in the ass, especially if youre new to it (trust me on this one ;))
but you won't have to know anything about the ldap protocol. imho this
would be far easier and it would have the advantage that you wouldnt be
reinventing the wheel so to speak. this is a common practice that many
people have done and would be able to help you w/ whereas building a
'read-only' ldap server in php is something i dont think many, if any have
ever done.. youre likely to have your hands full w/ that and be mostly on
your own...
but it would be cool if you got it working ;)
if i were you i would consider building a custom backend for openldap,
perhaps a shell one, that turned around and called php.
http://www.openldap.org/doc/admin24/backends.html#Perl/Shell
or perhaps just doing w/e it takes to get the sql backend working; i however
found it quite vexing and to boot its marked as experimental.. but still
you wouldnt have to write your own server. openldap would esentially be
speaking ldap for you and giving you something somewhat deluded to work w/
on the backend.
good luck,
-nathan
Re: [PHP] LDAP in php
Richard Lynch schrieb: You probably wouldn't run it through Apache, but you probably COULD run an LDAP server of sorts using http://php.net/sockets Yes... this starts to sound as a solution... Sorry, I hope I do not sound lazy, I just need a bit of a help to locate the starting point. I thought that there could be some way of php to listen to a port and accept the LDAP request. Main problem is one of performance. The reason most people choose LDAP in the first place is to get blazing fast performance, because they NEED it. I am 100% aware of the fact that LDAP is a read optimized database (though I am not sure where this optimization goes when back end is PostgreSQL, for example - the LDAP commands seem simple and re-writing them into SQL can't be so much overhead; the explanation might be that PostgreSQL powered LDAP is not as fast as... - whatever, I'm not an expert and this analysis is not my goal, not now.). PHP is probably not going to give you blazing fast performance compared to an off-the-shelf LDAP server in C. 100% aware of that. As we have this php/PostgreSQL application and intercepting LDAP requests seems easy (though I do not know how to do it yet :) - I'm tempted to write a small funny LDAP thing in php, which can power Thunderbird address book (which, I think, can only read LDAP anyway, when e-mail is composed). And if all works fine and promising (and may be slow) - I can evaluate the effort to plug a real LDAP into the whole system. So php is just for prototyping and the result is curious, anyway. You may be able to leverage from the code in http://php.net/ldap to move most of the heavy lifting into an extension, or perhaps you could expand that extension to do so, and then you just have a simple PHP wrapper to handle the sockets part. That would help some, and possibly even come close to C performance, since the socket open/close/traffic/bandwidth is probably the limiting factor there, rather than a single PHP byte-code interpreted function call... I'm not sure I understand well. Do you mean that I could use some of the C code in http://php.net/ldap ... I am afraid this is beyond what I can. But I'll play with the socket thing and see what php gets and how I can re-write it internally and return, and how fast it is, and I'll drop a line back. This is all just my expectations. Feel free to surprise me with actual test results. :-) I'll try :) Thanks for the extensive ideas :) - was encouraging indeed. Iv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP in php
On Thu, Apr 3, 2008 at 2:22 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I am 100% aware of the fact that LDAP is a read optimized database (though I am not sure where this optimization goes when back end is PostgreSQL, for example - the LDAP commands seem simple and re-writing them into SQL can't be so much overhead; the explanation might be that PostgreSQL powered LDAP is not as fast as... - whatever, I'm not an expert and this analysis is not my goal, not now.). afaik, the performance degrades severly; and its a little more complicated to map to sql than one might initially suspect http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS PHP is probably not going to give you blazing fast performance compared to an off-the-shelf LDAP server in C. 100% aware of that. the other key facet of the open ldap (assume this implementation is what were discussing [sorry if its an oversight]) is the use of berkdb internally for which there is no php extension. if im not mistaken, the 'queries' are compiled directly into the source. i know your reqs for ldap usage are small, but im thinking it would be much more straight-forward and less time consuming to just setup ldap, write some php scripts to map / sync data from ur relational db to it and point the client software to said ldap installation. -nathan
Re: [PHP] LDAP in php
Nathan Nobbe schrieb: I am 100% aware of the fact that LDAP is a read optimized database (though I am not sure where this optimization goes when back end is PostgreSQL, for example - the LDAP commands seem simple and re-writing them into SQL can't be so much overhead; the explanation might be that PostgreSQL powered LDAP is not as fast as... - whatever, I'm not an expert and this analysis is not my goal, not now.). afaik, the performance degrades severly; Yes, this reconfirms the LDAP strength as read-optimized. and its a little more complicated to map to sql than one might initially suspect http://www.openldap.org/doc/admin24/intro.html#LDAP%20vs%20RDBMS Yes, that's why I decided to try a php LDAP read-only (for Thunderbird) implementation - I could not see how I can map the LDAP to our SQL (which implements object-relational mapping defined in XML text files and could not be done without the php logic). the other key facet of the open ldap (assume this implementation is what were discussing [sorry if its an oversight]) No, we did not discuss any specific implementation. We are not against them (or any of them). Just for me to implement a simple php LDAP (read-only, for Thunderbird use) seemed easier for prototyping purposes, than setting up LDAP and writing something that updates it on every change in the original db. But could be that I am wrong. is the use of berkdb internally for which there is no php extension. if im not mistaken, the 'queries' are compiled directly into the source. I do not intend to use bdb - but our PostgreSQL, trying to write php LDAP server (read-only) - which listens to the LDAP port, receives the requests, gets what it needs from the db and gives it back in an LDAP way. i know your reqs for ldap usage are small, but im thinking it would be much more straight-forward and less time consuming to just setup ldap, write some php scripts to map / sync data from ur relational db to it and point the client software to said ldap installation. May be at the end you are right... But it was nice brainstorming so far and I'll play a bit, and may be submit the results, in case anything interesting happens. Thanks for your thoughts, though. Iv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP in php
On Sun, March 30, 2008 8:15 pm, [EMAIL PROTECTED] wrote: As LDAP can have SQL back-end (I saw an example with PostgreSQL) - is it a very wild idea to implement (a simple) LDAP server in php? We have all the address data already in PostgreSQL and a php application managing all of it. I am thinking of simple uses, such as providing LDAP address books to Thunderbird/Squirrelmail users. For instance, is it too wild to think of Apache/php listening on the LDAP port (or so), get the request, parse it, get the data from PostgreSQL and send it back to the LDAP client? You probably wouldn't run it through Apache, but you probably COULD run an LDAP server of sorts using http://php.net/sockets Main problem is one of performance. The reason most people choose LDAP in the first place is to get blazing fast performance, because they NEED it. PHP is probably not going to give you blazing fast performance compared to an off-the-shelf LDAP server in C. You may be able to leverage from the code in http://php.net/ldap to move most of the heavy lifting into an extension, or perhaps you could expand that extension to do so, and then you just have a simple PHP wrapper to handle the sockets part. That would help some, and possibly even come close to C performance, since the socket open/close/traffic/bandwidth is probably the limiting factor there, rather than a single PHP byte-code interpreted function call... This is all just my expectations. Feel free to surprise me with actual test results. :-) ymmv -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP in php
Chris schrieb: If ldap can already use a database backend, just use the normal ldap_* functions to do all of the work, don't re-invent it all. http://www.php.net/ldap Just wanted to avoid installing and maintaining a LDAP server and mapping all the data. Perhaps I am underestimating it, but just to read one URI like request, find the data and send it back in some form, does not look difficult to implement. We do not need full LDAP support, just to feel Thunderbird and Squirrelmail address books. Both can't edit LDAP yet anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] LDAP in php
As LDAP can have SQL back-end (I saw an example with PostgreSQL) - is it a very wild idea to implement (a simple) LDAP server in php? We have all the address data already in PostgreSQL and a php application managing all of it. I am thinking of simple uses, such as providing LDAP address books to Thunderbird/Squirrelmail users. For instance, is it too wild to think of Apache/php listening on the LDAP port (or so), get the request, parse it, get the data from PostgreSQL and send it back to the LDAP client? Iv -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] LDAP in php
[EMAIL PROTECTED] wrote: As LDAP can have SQL back-end (I saw an example with PostgreSQL) - is it a very wild idea to implement (a simple) LDAP server in php? We have all the address data already in PostgreSQL and a php application managing all of it. I am thinking of simple uses, such as providing LDAP address books to Thunderbird/Squirrelmail users. For instance, is it too wild to think of Apache/php listening on the LDAP port (or so), get the request, parse it, get the data from PostgreSQL and send it back to the LDAP client? If ldap can already use a database backend, just use the normal ldap_* functions to do all of the work, don't re-invent it all. http://www.php.net/ldap -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] LDAP and PHP
I'm having trouble getting LDAP to work with PHP. ldap_connect results in: Fatal error: Call to undefined function: ldap_connect() in /home/davedash/public_html/ldap.php on line 3 and when I compiled I enabled --enable-ldap. Am I missing something else here? I've got openldap installed as well. Thanks for any help :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
