On Wed, May 24, 2006 at 09:45:30AM -0400, Russell Handorf wrote:
Just as a quick bit of history, MySQL support is necessary because of
our MTA. All the user accounts and related settings are currently being
stored in this system for email auth. Currently, users have to maintain
2 passwords (fugly), and I'd like to centralize this. Unfortunately, to
move the mail server to LDAP auth would be far more of a complicated
project than testing out a MySQL auth'd back end. Maybe i'm trying to
use the wrong tool for the job, but this is the approach I was looking
to use (MySQL for back end to keep mail services uninterrupted, yet
passwords synced).
Maybe this would be a better solution for you:
1) Add an action or status field in your user table. I'll assume action
field and valid values of 'active', 'change', 'disable', 'deleted'.
2) Write a perl daemon. It should:
a) Read in all rows with action='change' and add/modify the entry in
the directory.
b) Set their action to 'active' in the database.
c) Read in all rows with action='disable' and remove the entry from
the directory.
d) Set their action to 'deleted' in the database.
In reality this is mixing an action field with a status field,
but you can add the status field as well to get the desired
full view without having to read between the lines.
e) sleep 5 or 10 seconds.
f) loop back up to the beginning.
3) Have your user provisioning utils populate that action field with
the value 'change' when a user is created or modified.
4) Have your user provisioning utils populate that action field with
the value 'delete' when a user is deleted.
5) Have a housecleaning script that you run once per $INTERVAL to catch
inconsistencies. A good interval is a day/week/month (in other
words, whatever works for you).