[Date Prev][Date Next] [Chronological] [Thread] [Top]

Single LDAP db for both Email and Radius?


I'm a complete LDAP newbie, so please bear with me. However, I'm an
experienced DBA, email admin, and Radius admin.

We are currently running both our Email and Radius systems off of
separate, local, unrelated CDB databases. This is working very well.
However, in order to scale and increase availability, we want to
replicate our db's. So, we're considering migrating to LDAP for both
email and radius, since we like LDAP's replication technology. Both our
email and our radius systems have support for LDAP, so that should be
straightforward. So here's the big question...

* Should we merge both db's into a common LDAP database? *

In other words, does it make sense to serve both services from a common
LDAP database? Note that the relationship between a radius username and
an email address is not one-to-one; it is one-to-many. Plus, they have
distinct attributes:

Typical Email attributes:
	name: joe
	domain: schmo.com
	password: mypass
	forward_address: joe@hotmail.com
	quota: 10
	local_delivery: 1

Typical Radius attributes:
	username: joe2
	password: mypass8
	expiration_date: 2/7/2001
	check_attributes: Framed-Address =
	reply_attributes: Framed-User = PPP, Idle-Timeout = 0...

Actually, there is a second big question. All the LDAP literature I've
read shows the typical schema as an inverted tree. However, for our
application, there is no "hierarchy"; there would just be a flat list of
email accounts or radius (dialup) accounts, accordingly. So the 2nd
question is:

* Is LDAP well-suited to a FLAT hierarchy? *

Will its performance suffer? Will a flat schema diminish any of LDAP's
advantages? Thanks very much in advance for your comments!