[Date Prev][Date Next]
Schema design help for a newbie
This is an absolute LDAP newbie here, so be gentle when pointing those
I'm working on a free software (Open Source in corpspeak) Perl/Web
based project for provisioning for a web/mail service provider.
(It'll be GPL'ed when it's complete). I plan to use LDAP as the base
database for holding client, domain and user information.
Having already made a prototype schema for holding the above
information, I feel that it is not necessarily the ideal way of going
about it. The Information I need to store includes:
some admin stuff (renewal date, payment status, etc)
apache-specific stuff (ssl/special modules required)
Virtual Email User:
autoreply message file
I'd like some advice from you LDAP design guru's on the following:
- What would be a good design for a schema which needs to hold all
this information. Obviously, performance, extensibility,
completeness, security and maintainability are the prime
considerations for the schema. I find that I'm unable to add any top
level stuff (e.g. if the virtual host is abcd.com, I am unable to
create a dn:dc=abcd,dc=com), only stuff under the TLD of the LDAP
database (e.g. dn:dc=abcd,dc=com,dc=toplevelhost,dc=topleveldomain).
- Is it possible to make this hierarchical, so that the relationship
- I'm truly stuck at the authentication part of things. Ideally I'd
like the owner of the Client subtree (apart from the LDAP owner) to be
able to bind to, access and modify all hosts and user under her
hierarchy, and each user to be able to bind to and change some parts
of her records. How do I enable multiple levels of authentication in
OpenLDAP? Note that I need to do all this on the fly, so modifying
the slapd.conf file except once at system setup time is not an option.
- Finally, the big question: is anyone aware of an free software IMAP4
server which will use LDAP for authentication AND to get the location
of the user's mailbox? Cyrus handles the auth part, but I haven't yet
found one which uses LDAP for locating user's mailboxes.
Look out for the software when it's complete!
Thanks in advance, and regards,