Op 15-11-16 om 15:54 schreef Alessandro Briosi ([email protected]): > Il 15/11/2016 13:56, Jeroen Beerstra ([email protected]) ha scritto: >> We also provide e-mail services to selected clients on request and here >> is where the problems begin. At the moment we use Mysql as >> authentication provider for SOGo only and because I don't want >> individual clients to find other clients contact data or possibly more >> we use a config section per domain and a seperate user table in the >> database. This works but is rather hard to maintain. >> >> For this reason and some others I'm looking into LDAP as authentication >> provider. Is it possible to use ldap in a simular way? That is by >> separating domains from each other so users can only find other users in >> their own organization or share with them. >> >> If I simply need to RTFM please let me know :) LDAP is rather >> complicated and my experience with it is limited, I did succeed in >> setting up a test environment with 389 server on CentOS 7 and letting it >> work with SOGo and Dovecot. >> >> PS in the end all of this should work with postfix/dovecot virtual >> users, but I guess that is off-topic and more a postfix/dovecot issue. > > I have a similar installation. > > I though have 1 table with all the users (my management interface > handles it this way), > so I setup 1 view for every "domain/customer" I need to manage. > Simply a select which filters by domain ... > > I started using the mysql only setup and it worked well, though I > thought it would have been nice to have groups which is only supported > by the > LDAP implementation in SOGo. > > So I configured an LDAP service with the mysql backend just to have > groups taken from the database. > > [OT] Nobody uses them :-( so I could have left the mysql backend [/OT] > > anyway then I simply configured the SOGO.conf with the separate domains > and it all works pretty well. > Of course it might become a bit complicated if you often need to > add/remove domains you manage, > but it could be scripted pretty easily IMHO. > > ... > domains = { > firstdomain = { > SOGoMailDomain = firstdomain.com; > SOGoUserSources = ( > { > /* ldap o mysql configuration */ > ... > /* here I even have a different ldap address book which is a mapped > database table of a shared web address book */ > } > ); > }; > seconddomain = { SOGoMailDomain = secondomain.com; > SOGoUserSources = ( > { > ... > } > ); > }; > }; > ... > > > Hope this helps, > Alessandro
Hi Alessandro, Thank you for your reply. This is exactly the setup we use, that is multiple mysql usersources for different domains. But this is rather hard to maintain, and new internet domains are added on a regular basis. In fact at the moment I'm kind of holding down the principle of also selling e-mail accounts to clients because of this. So the question remains and it would be really helpful if I could setup LDAP in a way that allows domain separation without needing to add a section to the sogo.conf per domain. As a bonus users could change their e-mail password themselves which would further add to the user expierence and take some load of me :) So is this even possible and of so how does one do this? Pointers would be greatly appreciated also! -- kind regards Jeroen Beerstra
signature.asc
Description: OpenPGP digital signature
