LDAP Directory Technology Review

Due to the complexity of the proposed system and the time required for the correct setup of the OpenLDAP server, the final implementation was not possible within this project’s timeframe.

The major problem experienced through the implementation stage is that no current MySQL database server release supports authentication through LDAP directories.

MySQL AB has the following question and answer in its frequently asked questions section:

“Does MySQL 5.0 have built-in Authentication against LDAP directories?”

“Support for external authentication methods is on the MySQL roadmap as a "rolling feature". This means that it is not a flagship feature, but will be implemented, development time permitting,”

After repeated attempts to authenticate into MySQL from within OpenLDAP failed and no specific information available in the MySQL 5 manual, the above technical note provided a hint about why the initial implementation could not operate.

However, there may be other factors related to either the Operating System used or the hardware drivers installed in the system. Microsoft’s MSSQL supports authentication from within the Active Directory, however this implementation is commercial and does not necessarily follow the standards.

Since the implementation was performed on a Windows environment, some of the applications required do not provide support for this Operating System. Qmail can not be installed and the Windows version of BIND requires complex configuration in order to work properly.

Alao because the system is not implemented on a “production” server, BIND can not map domains to IP addresses when the IP mapped is the default network address (E.g.: localhost or 127.0.0.1 or 0.0.0.0).