1 |
Wendall Cada schrieb: |
2 |
> I'm doing some research and admit I'm at a bit of a loss in regard to |
3 |
> LDAP. |
4 |
You're welcome ;) |
5 |
|
6 |
> |
7 |
> I currently manage my servers with DSA-ssh only access and manage |
8 |
> virtual mail and local unix mail accounts with mysql, using the virtual |
9 |
> mail setup. I've been very pleased with the setup and have even written |
10 |
> some administrative tools to make administering email quite simple. |
11 |
> However, recently I've been looking at LDAP to administer accounts on |
12 |
> the server. I'm a bit confused though and could use some help. |
13 |
> |
14 |
> I would like to administer the mail accounts via LDAP, and I see some |
15 |
> sparse examples, though it is well documented in the postfix docs. I'm |
16 |
> sure I could get it up and running, but the end goal would be to use a |
17 |
> GUI desktop app to allow our non-techie desk jockeys to modify email |
18 |
> account settings, store customer account information and personal |
19 |
> address books. Is this even possible? Or am I right back to creating |
20 |
> more cl scripts just using ldap as a backend. |
21 |
There are a lot of tools for ldap administration. Phpldapadmin, jxplorer |
22 |
luma, ... |
23 |
|
24 |
> |
25 |
> Also, LDAP is a bit unwieldy. There appears to be no clear method for |
26 |
> creating schemas, and the lingo is entirely cryptic. It's damn near like |
27 |
> having to create your own damn dtd to just publish a web page, I fail to |
28 |
> see the usefulness of this. |
29 |
Normally you don't write schemas, check what other people use for mail |
30 |
setups and use it. |
31 |
|
32 |
> |
33 |
> There also appears to be a new configuration that uses an ldap schema. |
34 |
> It appears to complicate a fairly simple configuration process. I'm not |
35 |
> sure what the goal was in this. |
36 |
You mean back-config? It' only useful if you need to change your |
37 |
configuration remotely without restarting the server. Otherwise its safe |
38 |
to ignore. You can still use slapd.conf. |
39 |
|
40 |
> Also, I see they have a default using bdb on the backend. I've gone away |
41 |
> from bdb because it breaks servers frequently. Minor version bumps often |
42 |
> break compatibility. Is there a good, fast alternative? |
43 |
No, ldbm is deprecated and will go away in 2.4. We haven't seen a major |
44 |
bdb update in gentoo yet, (and IMO the ebuild won't catch it) but |
45 |
upgrading is straightforward: |
46 |
stop slapd, dump the db with slapcat, upgrade the server, import your |
47 |
data with slapadd, restart the server. |
48 |
|
49 |
> |
50 |
> Another note. For heavy loads, I use proxy:mysql to connect from |
51 |
> postfix, since it creates a persistent connection. Can I use proxy:ldap |
52 |
> to achieve the same thing? Or is this even necessary with ldap? |
53 |
Dunno, should be in the postfix docs. |
54 |
|
55 |
In my |
56 |
> current setup, I can handle around 500,000+ emails per day, since there |
57 |
> isn't much mysql overhead with the persistent connection. |
58 |
We have used mysql for system users and mail as well, my main concern |
59 |
was poor access control and you always need a proxy account with |
60 |
priviledges to read passwords. If you just want to expose your data over |
61 |
LDAP you might want to look at back-sql..., it seems to be a pain to |
62 |
setup though ;) |
63 |
|
64 |
|
65 |
cheers |
66 |
Paul |
67 |
-- |
68 |
gentoo-server@g.o mailing list |