[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Schema design help for a newbie
Hi,
This is an absolute LDAP newbie here, so be gentle when pointing those
flamethrowers :-)
I'm working on a free software (Open Source in corpspeak) Perl/Web
based project for provisioning for a web/mail service provider.
(It'll be GPL'ed when it's complete). I plan to use LDAP as the base
database for holding client, domain and user information.
Having already made a prototype schema for holding the above
information, I feel that it is not necessarily the ideal way of going
about it. The Information I need to store includes:
Client information:
Unix userID
Home directory
some admin stuff (renewal date, payment status, etc)
description
Virtual Domain:
domain name
client name
ip address
htdocs/log/cgibin directories
apache-specific stuff (ssl/special modules required)
disk quota
Virtual Email User:
user ID
virtual domain
Client name
mail directory
mailbox file
autoreply message file
forward address(es)
disk quota
I'd like some advice from you LDAP design guru's on the following:
- What would be a good design for a schema which needs to hold all
this information. Obviously, performance, extensibility,
completeness, security and maintainability are the prime
considerations for the schema. I find that I'm unable to add any top
level stuff (e.g. if the virtual host is abcd.com, I am unable to
create a dn:dc=abcd,dc=com), only stuff under the TLD of the LDAP
database (e.g. dn:dc=abcd,dc=com,dc=toplevelhost,dc=topleveldomain).
- Is it possible to make this hierarchical, so that the relationship
Client
|
|-------Host
| |
| |-------User
| |-------User
| |
|-------Host
| |
| |------User
| |------User
| |------User
...
is preserved?
- I'm truly stuck at the authentication part of things. Ideally I'd
like the owner of the Client subtree (apart from the LDAP owner) to be
able to bind to, access and modify all hosts and user under her
hierarchy, and each user to be able to bind to and change some parts
of her records. How do I enable multiple levels of authentication in
OpenLDAP? Note that I need to do all this on the fly, so modifying
the slapd.conf file except once at system setup time is not an option.
- Finally, the big question: is anyone aware of an free software IMAP4
server which will use LDAP for authentication AND to get the location
of the user's mailbox? Cyrus handles the auth part, but I haven't yet
found one which uses LDAP for locating user's mailboxes.
Look out for the software when it's complete!
Thanks in advance, and regards,
-- Raju