Editing OpenLDAP (section)

==Backends==
===Overall concept===
Historically the OpenLDAP server (slapd, the Standalone LDAP Daemon) architecture was split between a frontend that handles network access and protocol processing, and a backend that deals strictly with data storage. This split design was a feature of the original University of Michigan code written in 1996<ref>{{cite web |url=http://www.tux.org/pub/net/ldap/ldap-3.3.tar.Z |title=Archived copy  |access-date=19 August 2013 |archive-url=https://web.archive.org/web/20050217100527/http://www.tux.org/pub/net/ldap/ldap-3.3.tar.Z |archive-date=17 February 2005 |url-status=dead}}</ref> and carried on in all subsequent OpenLDAP releases. The original code included one main database backend and two experimental/demo backends. The architecture is modular and many different backends are now available for interfacing to other technologies, not just traditional databases.

Note: In older (1.x) releases, the terms "backend" and "database" were often used interchangeably. To be precise, a "backend" is a class of storage interface, and a "database" is an instance of a backend. The slapd server can use arbitrarily many backends at once, and can have arbitrarily many instances of each backend (i.e., arbitrarily many databases) active at once.<ref name="backends">{{cite web|url=https://www.openldap.org/software/man.cgi?query=slapd.backends&apropos=0&sektion=0&manpath=OpenLDAP+2.6-Release&arch=default&format=html |title=OpenLDAP man page on slapd backends |access-date=25 October 2021}}</ref>

===Available backends===
Currently 17 different backends are provided in the OpenLDAP distribution, and various third parties are known to maintain other backends independently. The standard backends are loosely organized into three different categories:
* Data storage backends – these actually store data
** back-bdb: the first transactional backend for OpenLDAP, built on [[Berkeley DB]], removed with OpenLDAP 2.5.<ref>{{cite web|url=https://www.openldap.org/software/man.cgi?query=slapd-bdb&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&arch=default&format=html |title=OpenLDAP 2.4 slapd-bdb man page |access-date=25 October 2021}}</ref>
** back-hdb: a variant of back-bdb that is fully hierarchical and supports subtree renames, removed with OpenLDAP 2.5.<ref>{{cite web|url=https://www.openldap.org/software/man.cgi?query=slapd-hdb&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&arch=default&format=html |title=OpenLDAP 2.4 slapd-hdb man page |access-date=25 October 2021}}</ref>
** back-ldif: built on plain text [[LDIF]] files<ref name="backends" />
** back-mdb: a transactional backend built on OpenLDAP's [[Lightning Memory-Mapped Database]] (LMDB)<ref name="backends" />
** back-ndb: a transactional backend built on MySQL's NDB cluster engine, removed with OpenLDAP 2.6.<ref>{{cite web|url=https://www.openldap.org/software/man.cgi?query=slapd-ndb&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html |title=OpenLDAP 2.5 slapd-ndb man page |access-date=25 October 2021}}</ref>
** back-wiredtiger: an experimental transactional backend built on [[WiredTiger]], introduced with OpenLDAP 2.5.<ref name="backends" />
* Proxy backends – these act as gateways to other data storage systems
** back-asyncmeta: an asynchronous proxy with meta-directory features, introduced with OpenLDAP 2.5.<ref name="backends" />
** back-ldap: simple proxy to other LDAP servers<ref name="backends" />
** back-meta: proxy with meta-directory features<ref name="backends" />
** back-passwd: uses a Unix system's passwd and group data<ref name="backends" />
** back-relay: internally redirects to other slapd backends<ref name="backends" />
** back-sql: talks to arbitrary SQL databases, deprecated with OpenLDAP 2.5.<ref name="backends" />
* Dynamic backends – these generate data on the fly
** back-config: slapd configuration via LDAP<ref name="backends" />
** back-dnssrv: Locates LDAP servers via DNS<ref name="backends" />
** back-monitor: slapd statistics via LDAP<ref name="backends" />
** back-null: a sink/no-op backend, analogous to Unix /dev/null<ref name="backends" />
** back-perl: invokes arbitrary perl modules in response to LDAP requests, deprecated with OpenLDAP 2.5.<ref name="backends" />
** back-shell: invokes shell scripts for LDAP requests, removed with OpenLDAP 2.5.<ref>{{cite web|url=https://www.openldap.org/software/man.cgi?query=slapd-shell&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&arch=default&format=html |title=OpenLDAP 2.4 slapd-shell man page |access-date=25 October 2021}}</ref>
** back-sock: forwards LDAP requests over IPC to arbitrary daemons<ref name="backends" />

Some backends available in older OpenLDAP releases have been retired from use, most notably back-ldbm which was inherited from the original UMich code, and back-tcl which was similar to back-perl and back-shell.<ref>{{cite web|url=https://www.openldap.org/software/man.cgi?query=slapd-ldbm&apropos=0&sektion=0&manpath=OpenLDAP+2.3-Release&arch=default&format=html |title=OpenLDAP 2.3 slapd-ldbm man page |access-date=25 October 2021}}</ref>

Support for other backends will soon be withdrawn as well. back-ndb is removed now since the partnership with MySQL that led to its development was terminated by Oracle after Oracle acquired MySQL. back-bdb and back-hdb have been removed in favor of back-mdb since back-mdb is superior in all aspects of performance, reliability, and manageability.

In practice, backends like -perl and -sock allow interfacing to any arbitrary programming language, thus providing limitless capabilities for customization and expansion. In effect the slapd server becomes an RPC engine with a compact, well-defined and ubiquitous API.