Michael Monnerie wrote: > On Freitag 26 Juni 2009 Paul J Stevens wrote: >> I don't follow. It's been in dbmail forever. Take a look at >> dbmail.schema. > > OK, I never looked so far, as LDAP was never really thought about. I > looked once into it, but didn't find a nice tool to insert our data in > an easy way (like an editor, webpage, whatever). Is there something to > start with? Of course I want to adopt our web interface to use that, but > it will take some time.
phpldapadmin comes to mind. I've used cpu (cpu.sf.net) a lot for managing users from the commandline. But lately I've written a set of shell scripts acting as wrappers around ldapmodify that allow me to setup users/domains/aliases/forward/transports etc etc really easy. These shell tools are also wrapped in a simple set of python classes that are exposed as xmlrpc objects for remote management from a pylons web-interface. > >> To summarize: >> DESC 'DBMail-LDAP User' SUP top AUXILIARY >> 'dbmailForwardingAddress' DESC 'DBMail-LDAP Forwarding Address' SUP >> DESC 'DBMail-LDAP Virtual Domain' SUP top STRUCTURAL > > Hm. I understand this are 3 objects user/alias/domain, but that's only > part of the story. There need to be objects where users and companies > are defined, and how they are connected, where the uidNumber is defined, > the mailCluster, etc. You can used OU (organisationalUnit) type tree nodes to map out your accounting logic. Users come in flavors. For shell users I use the following list of objectClasses: posixAccount, account, shadowAccount, dbmailUser, top But for email-only users the list is different: top, account, dbmailUser For example a simple email-only user might look like: dn: [email protected],mailDomain=foobar.com,ou=MailDomains, dc=foobar,dc=com objectClass: top objectClass: account objectClass: dbmailUser objectClass: amavisAccount uid: [email protected] mail: [email protected] uidNumber: 12345 gidNumber: 12345 mailQuota: 200000000 but you can make the ldap-tree as deeply nested as you like, assigning management permissions to certain objects in the tree, allowing them to manage specific sub-trees. > I don't really have the full picture of LDAP, only know it's some > directory like Novell's NDS used to be (which I loved a lot). Now I > looked into dbmail.schema, it says it needs > # - core.schema > # - cosine.schema > # - nis.schema > Is this everything you use? I found a company definition there, but are > other modifications to make? Might sound stupid, but it's a PITA to > start something new. Is there a simple way to copy existing dbmail users > into the LDAP schema? I start fresh, so I'd like to copy everything from > SQL to LDAP. The schema files you need all depend on the ldap design you come up with. You can re-use existing schemas, or even build your own like I did for dbmail. All you need is an OID which you can request for free from IANA. (1.3.6.1.4.1.12340 is *mine*). I'm not aware of an easy way to migrate. When we moved to ldap, all our users where stored in /etc/passwd, and cpu did all the work. The main problem will be the password. I don't think ldap enforces a certain kind of encryption. The standard is SHA1, but crypt is also supported, and probably other types as well. Really depends on the ldap server you use. -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl _______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
