Wendall Cada schrieb:
I'm doing some research and admit I'm at a bit of a loss in regard to
LDAP.
You're welcome ;)
I currently manage my servers with DSA-ssh only access and manage
virtual mail and local unix mail accounts with mysql, using the virtual
mail setup. I've been very pleased with the setup and have even written
some administrative tools to make administering email quite simple.
However, recently I've been looking at LDAP to administer accounts on
the server. I'm a bit confused though and could use some help.
I would like to administer the mail accounts via LDAP, and I see some
sparse examples, though it is well documented in the postfix docs. I'm
sure I could get it up and running, but the end goal would be to use a
GUI desktop app to allow our non-techie desk jockeys to modify email
account settings, store customer account information and personal
address books. Is this even possible? Or am I right back to creating
more cl scripts just using ldap as a backend.
There are a lot of tools for ldap administration. Phpldapadmin, jxplorer
luma, ...
Also, LDAP is a bit unwieldy. There appears to be no clear method for
creating schemas, and the lingo is entirely cryptic. It's damn near like
having to create your own damn dtd to just publish a web page, I fail to
see the usefulness of this.
Normally you don't write schemas, check what other people use for mail
setups and use it.
There also appears to be a new configuration that uses an ldap schema.
It appears to complicate a fairly simple configuration process. I'm not
sure what the goal was in this.
You mean back-config? It' only useful if you need to change your
configuration remotely without restarting the server. Otherwise its safe
to ignore. You can still use slapd.conf.
Also, I see they have a default using bdb on the backend. I've gone away
from bdb because it breaks servers frequently. Minor version bumps often
break compatibility. Is there a good, fast alternative?
No, ldbm is deprecated and will go away in 2.4. We haven't seen a major
bdb update in gentoo yet, (and IMO the ebuild won't catch it) but
upgrading is straightforward:
stop slapd, dump the db with slapcat, upgrade the server, import your
data with slapadd, restart the server.
Another note. For heavy loads, I use proxy:mysql to connect from
postfix, since it creates a persistent connection. Can I use proxy:ldap
to achieve the same thing? Or is this even necessary with ldap?
Dunno, should be in the postfix docs.
In my
current setup, I can handle around 500,000+ emails per day, since there
isn't much mysql overhead with the persistent connection.
We have used mysql for system users and mail as well, my main concern
was poor access control and you always need a proxy account with
priviledges to read passwords. If you just want to expose your data over
LDAP you might want to look at back-sql..., it seems to be a pain to
setup though ;)
cheers
Paul
--
[EMAIL PROTECTED] mailing list
