[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap structure for multi domain.tld email hosting

To: "Gary C. New" <garycnew@yahoo.com>
Subject: Re: ldap structure for multi domain.tld email hosting
From: Edwin Culp <eculp@encontacto.net>
Date: Thu, 29 Aug 2002 12:23:51 -0700
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <20020829183522.40542.qmail@web12501.mail.yahoo.com>
References: <20020829183522.40542.qmail@web12501.mail.yahoo.com>
User-agent: Internet Messaging Program (IMP) 4.0-cvs

Quoting "Gary C. New" <garycnew@yahoo.com>:

 | --- Edwin Culp <eculp@encontacto.net> wrote:
<SNIP FIRST QUESTION>
 | >  | 
 | > FWIW, I would change the dn to use mail to simplify
 | > the seperation
 | > of multiple gary's - gary@domain1 gary@domain2, etc.
 | > dn: mail=gary@somedomain.us,o=yourcompany.com
 | > I actually throw in an ou=people for 
 | > dn:
 | > mail=gary@somedomain.us,ou=people,o=yourcompany.com
 | > 
 | > ed
 | > 
 | >  | dn: uid=someuser, o=someorg, c=us
 | >  | uid: someuser
 | >  | userpassword: somepassword
 | >  | maildrop: fulladdress@machine.dom.ain
 | >  | mailacceptinggeneralid: someuser
 | >  | mailacceptinggeneralid: somealias
 | >  | 
 | 
 | 
 | I appreciate your reply and suggestion.  I have a
 | couple of more questions I thought you might know.
 | 
 | I am new to the ldap architecture, but understand that
 | like any structure it is important to develop a good
 | understanding of what is needed and then decide on the
 | best way of implementing it.  In terms of ldap, I've
 | read that there are 2 basic types of structures used: 
 | flat and hierarcle.  It has been suggested that the
 | flat structure is the better way to go and am trying
 | to decide on a flat scheme that will best suite my
 | needs for ldap authentication using postfix,
 | cyrus-imap, and a ldap based per organization address
 | book.  I am also trying to tie all this in using SASL
 | (simply for digest-md5 authentication while user
 | passwd's will be stored in plain text in their ldap
 | entry).

You might want to look at http://www.horde.org for webmail,
addressbook, etc.  It works well with ldap.  If my memory
serves me right, there are several folks on the list using
the setup you mention above.

 | 
 | I previously outlined a few of the basic attributes
 | that will be needed per ldap entry, but for security
 | purposes would it be better to separate each client
 | company's entries per an organizational unit? 
 | Wouldn't this better segment the entries and allow a
 | distinct per organizational unit address book list? 
 | This would further allow me to continue my use of the
 | uid attribute (which I believe is required for SASL
 | authentication) rather than being forced to use the
 | mail=user@domain attribute in a single group.  Any
 | idea how I might tie a mailling list to a client
 | company's group?  I guess my real problem, at the
 | moment, is the fact that I don't know how ldap's
 | default attributes work (i.e., o=, ou=, objectclass).
 | 
 | This is how I currently picture the structure in my
 | mind (a kind of 2 tier then flat model):
 | 
 |        -- company1
 | rootdn -- company2 -- user1 -- user2 -- user3
 |        -- company3

I am far from being an expert but it looks like a good place to start
to me. If you haven't already, you probably want to take a look at 
ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf.  It is awesome.  

Good luck,

ed

 | 
 | As always, comments and suggestions are appreciated
 | (especially ldif examples).
 | 
 | Respectfully,
 | 
 | 
 | Gary
 | 
 | __________________________________________________
 | Do You Yahoo!?
 | Yahoo! Finance - Get real-time stock quotes
 | http://finance.yahoo.com


--

References:
- Re: ldap structure for multi domain.tld email hosting
  - From: "Gary C. New" <garycnew@yahoo.com>

Prev by Date: Re: ldap structure for multi domain.tld email hosting
Next by Date: Re: ldapadd won't add entry via SASL/DIGEST-MD5
Index(es):
- Chronological
- Thread