Charles Cazabon <[EMAIL PROTECTED]> writes:
> Chris Garrigues <[EMAIL PROTECTED]> wrote:
> > >
> > > Much of the common patches that are around fail in one of the tests above,
> > > at least when using the author's stringent tests. There's nothing wrong
> > > with this; he keeps qmail secure, reliable, efficient, and "correct", and
> > > anyone who wants to applies patches as they see fit.
> >
> > I, for one, am hoping that 2.0 will have LDAP support which meets his
> > standards.
>
> As you said, the existing LDAP libraries are probably crap. But why does
> qmail have to be patched to use LDAP? Why not use a script which extracts
> user information from the LDAP database, puts it in passwd format, and
> feeds it to qmail-pw2u? Then cron it every hour or something. Voila,
> instant qmail+LDAP with no patches. If you want to set it up with
> virtualdomains-type use, have the script output qmail-users style output
> directly.
In many environments (including ours), it's not acceptable to wait an
hour or more (it takes our LDAP server about 2.5 hours to dump our 3
million user accounts into a text file, so significantly more) for a
password change or a change to mail aliases to go through. Especially
if you have users changing their own forwarding, who need to be able
to test the changes. If they're waiting 2 hours for updates to take
effect and are typo-prone, playing it by ear, or making changes for
the first time, it could easily take an entire work day to get a mail
forward or vacation right.
This approach is also pretty hard on an LDAP server. Just to make a
rough estimate, in an average hour, about 10% of our users check their
mail, and about 10% receive messages, so you need to look at 20% of
the entries in LDAP. If you dump it out, you need to look at 100% of
the entries, so it's requires 5 times more power.
While building a passwd-like file might work in some environments, it
certainly doesn't work for everybody. That's why qmail-ldap exists,
and is gaining popularity.
------ScottG.
