On Friday 27 April 2001 16:29, Stephane Bortzmeyer wrote: > > - Ability for owners of our hosted domains to administer > > their own user databases. > > Easy with LDAP, where ACLs are per-branch. But it means you need to > study your scheme: we plan to have a branch per group of customers (we > don't have individual customers).
How do you implement ACLs per-branch? It seems to me that OpenLDAP only supports this through regular expressions which are very slow. If you have 1000 customers and each has a regular expression to determine the access rights then you'll probably get 2 LDAP reads per second out of high-end hardware! > > - Ability for any applicable account to be able to own a file in > > the file system with a globally unique UID/GID. Not every account > > would have this requirement, email-only accounts likely don't need > > to own any files. > > It costs nothing to give an UID to everyone (in 'woody', all the > programs use 32-bits UID) so we plan to give it to everybody. You might as well allocate them a "customer number" as soon as they sign up. If that number ever becomes a UID is another issue... > > for the email side of it? Our webserver is Roxen (from source, not > > packaged), and we are using the IMHO plugin for web-based email. > > Unless we can't get this scheme to work with Roxen, we have no plans > > to change webserver software. > > We use Apache and LDAP authentication works fine. What exactly do you do with Apache and LDAP? LDAP authentication for WebDAV for uploads? -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
