| 1 |
Wendall Cada schrieb: |
| 2 |
> I'm doing some research and admit I'm at a bit of a loss in regard to |
| 3 |
> LDAP. |
| 4 |
You're welcome ;) |
| 5 |
|
| 6 |
> |
| 7 |
> I currently manage my servers with DSA-ssh only access and manage |
| 8 |
> virtual mail and local unix mail accounts with mysql, using the virtual |
| 9 |
> mail setup. I've been very pleased with the setup and have even written |
| 10 |
> some administrative tools to make administering email quite simple. |
| 11 |
> However, recently I've been looking at LDAP to administer accounts on |
| 12 |
> the server. I'm a bit confused though and could use some help. |
| 13 |
> |
| 14 |
> I would like to administer the mail accounts via LDAP, and I see some |
| 15 |
> sparse examples, though it is well documented in the postfix docs. I'm |
| 16 |
> sure I could get it up and running, but the end goal would be to use a |
| 17 |
> GUI desktop app to allow our non-techie desk jockeys to modify email |
| 18 |
> account settings, store customer account information and personal |
| 19 |
> address books. Is this even possible? Or am I right back to creating |
| 20 |
> more cl scripts just using ldap as a backend. |
| 21 |
There are a lot of tools for ldap administration. Phpldapadmin, jxplorer |
| 22 |
luma, ... |
| 23 |
|
| 24 |
> |
| 25 |
> Also, LDAP is a bit unwieldy. There appears to be no clear method for |
| 26 |
> creating schemas, and the lingo is entirely cryptic. It's damn near like |
| 27 |
> having to create your own damn dtd to just publish a web page, I fail to |
| 28 |
> see the usefulness of this. |
| 29 |
Normally you don't write schemas, check what other people use for mail |
| 30 |
setups and use it. |
| 31 |
|
| 32 |
> |
| 33 |
> There also appears to be a new configuration that uses an ldap schema. |
| 34 |
> It appears to complicate a fairly simple configuration process. I'm not |
| 35 |
> sure what the goal was in this. |
| 36 |
You mean back-config? It' only useful if you need to change your |
| 37 |
configuration remotely without restarting the server. Otherwise its safe |
| 38 |
to ignore. You can still use slapd.conf. |
| 39 |
|
| 40 |
> Also, I see they have a default using bdb on the backend. I've gone away |
| 41 |
> from bdb because it breaks servers frequently. Minor version bumps often |
| 42 |
> break compatibility. Is there a good, fast alternative? |
| 43 |
No, ldbm is deprecated and will go away in 2.4. We haven't seen a major |
| 44 |
bdb update in gentoo yet, (and IMO the ebuild won't catch it) but |
| 45 |
upgrading is straightforward: |
| 46 |
stop slapd, dump the db with slapcat, upgrade the server, import your |
| 47 |
data with slapadd, restart the server. |
| 48 |
|
| 49 |
> |
| 50 |
> Another note. For heavy loads, I use proxy:mysql to connect from |
| 51 |
> postfix, since it creates a persistent connection. Can I use proxy:ldap |
| 52 |
> to achieve the same thing? Or is this even necessary with ldap? |
| 53 |
Dunno, should be in the postfix docs. |
| 54 |
|
| 55 |
In my |
| 56 |
> current setup, I can handle around 500,000+ emails per day, since there |
| 57 |
> isn't much mysql overhead with the persistent connection. |
| 58 |
We have used mysql for system users and mail as well, my main concern |
| 59 |
was poor access control and you always need a proxy account with |
| 60 |
priviledges to read passwords. If you just want to expose your data over |
| 61 |
LDAP you might want to look at back-sql..., it seems to be a pain to |
| 62 |
setup though ;) |
| 63 |
|
| 64 |
|
| 65 |
cheers |
| 66 |
Paul |
| 67 |
-- |
| 68 |
gentoo-server@g.o mailing list |
Archives