On Wed, Apr 25, 2001 at 10:15:29AM -0600, elyograg <[EMAIL PROTECTED]> wrote a message of 57 lines which said:
> Some goals for whatever we implement: We have almost exactly the same goals. We seem more advanced (we have an experimental LDAP testbed) but it is not yet in production so take it with a grain of salt. We plan (but it is not yet decided) to use a DBMS for all information management and to export it to a LDAP base. Which means LDAP would be mostly read-only for the users. > - Ability for owners of our hosted domains to administer > their own user databases. Easy with LDAP, where ACLs are per-branch. But it means you need to study your scheme: we plan to have a branch per group of customers (we don't have individual customers). > - True virtual domain hosting. This means that we won't need to > create local accounts in our own domain to hold email, run > user scripts on the web server, etc. It works fine in our testbed (mostly with PAM and NSS). > - Make only applicable accounts visible to each server. The web > server should not know about any of the mail accounts, and the > shell server should only see accounts that have been granted > shell access. If the account doesn't apply, it should be as if > it isn't even in the database. Easy with the LDAP filters. Both PAM and NSS allow you to specify an arbitrary LDAP filter (NSS is stricter, the filter is for all services). > - Ability for any applicable account to be able to own a file in > the file system with a globally unique UID/GID. Not every account > would have this requirement, email-only accounts likely don't need > to own any files. It costs nothing to give an UID to everyone (in 'woody', all the programs use 32-bits UID) so we plan to give it to everybody. > - Maildir support for SMTP, POP3, and IMAP. It works in our testbed, with Postfix, Courier-POP and Courier-IMAP (only free software, as you see, I believe Cyrus and Cucipop are not free). > for the email side of it? Our webserver is Roxen (from source, not > packaged), and we are using the IMHO plugin for web-based email. > Unless we can't get this scheme to work with Roxen, we have no plans > to change webserver software. We use Apache and LDAP authentication works fine.
