[Date Prev][Date Next] [Chronological] [Thread] [Top]

newbie:- LDAP classes

To: openldap-software@OpenLDAP.org
Subject: newbie:- LDAP classes
From: Craig Skinner <craig@kepax.co.uk>
Date: Sat, 19 Jul 2003 21:21:33 +0100
Organization: Kepax Ltd
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313

Hi there,

I have a Master's in soft-eng but am very new to LDAP/mail-admin.

I am trying to set up a commercial mail server running Cyrus-imap/sasl,
Postfix & Squirrelmail on Gentoo.

As this will be a 'black box' server (ie, no mail account holders
present in /etc/passwd), all users will be virtual.

Since Cyrus, Postfix & Squirrelmail all support LDAP, I thought I'd have a go with LDAP. Likewise for MySQL, but that hasn't subselects, nor foriegn keys, as I understand it.

Various bits of data need to be stored, most unique to each account,
some that will be fairly common amongst accounts.

Coming from a Java background, defining new classes doesn't scare me,
but I am having trouble understanding how ldap classes inter-operate.

I've raked though lots of rfc's, the OpenLDAP docs, yolinux website &
google.

I have a VirtualMailAccount schema (id, alais, password, name,....) and
a Quota schema (disk space).

In Java the VirtualMailAccount class would have an attribute of quota of
type Quota class.

In sql I would normalise out the 1:m quota to another table & use a
foreign key.

How do I do this in LDAP? I guessed Quota would be an AUXILIARY class,
but in the VirtualMailAccount class deffinition, the MUSTs & MAYs only
seem to permit simple attributes.

There will also be m:n relationships such as bulletin board membership.

I want to be able to set a default disc space quota (of say 15MB), and
yet permit account holders to be able to rent more space (in say 5MB
slabs). I want this extra space to be over & above the default value, so
if I change the default space to 20MB, the bloke that paid for 5MB more
will still have 5MB more.

Can business logic be put into LDAP? For example, if an account expires
and I want to grant a grace period of 1 month before deletion. In sql I
could select the expireDate & compare it to a standard tabel's
gracePerid. I don't want to have to put the same logic in a PHP web
interface, Java billing system & Perl admin system, or whatever.

Here are my VirtualMailAccount & Quota schemas:-

Cheers,
Craig in Scotland.


# VirtualMailAccount
# Used by postfix & cyrus & squirrelmail


attributeType
(
  1.1.2.1.400
  NAME 'ukKepaxMailAccount'
  DESC 'Virtual mail account identifier'

  # integer or string??

  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27

  #EQUALITY caseExactIA5Match
  #SUBSTR caseIgnoreSubstringsMatch
  #SYNTAX 1.3.6.1.4.1.1466.115.121.1.26

  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.401
  NAME 'ukKepaxMailAlias'
  DESC 'Virtual mail account alias'
  EQUALITY caseIgnoreIA5Match
  #SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.402
  NAME 'ukKepaxDateCreated'
  DESC 'Account creation date'
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.403
  NAME 'ukKepaxDateLastLogin'
  DESC 'Last login date'
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.404
  NAME 'ukKepaxAddressLastLogin'
  DESC 'Address last logged in from'
  SUP labeledURI

  #EQUALITY caseIgnoreIA5Match
  #SUBSTR caseIgnoreSubstringsMatch
  #SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.405
  NAME 'ukKepaxDateExpire'
  DESC 'Account expirey date'
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.406
  NAME 'ukKepaxAlternativeEmail'
  DESC 'Virtual mail user account alternative email address'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  #SINGLE-VALUE
)

# Quota class, put in here as an attribute?
#attributeType
#(
#  1.1.2.1.407
#  NAME 'ukKepaxQuota'
#  DESC 'Disk space quota'
#  EQUALITY integerMatch
#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
#  SINGLE-VALUE
#)


attributeType
(
  1.1.2.1.408
  NAME 'ukKepaxMailPassword'
  DESC 'Virtual mail user account password'
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.409
  NAME 'ukKepaxNameLast'
  DESC 'Virtual mail user account surname'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.410
  NAME 'ukKepaxNameFirst'
  DESC 'Virtual mail user account Christian name'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.411
  NAME 'ukKepaxNameFrom'
  DESC 'Virtual mail user account mail from name'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.412
  NAME 'ukKepaxNamePerfered'
  DESC 'Virtual mail user account perfered name'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.413
  NAME 'ukKepaxPerferedLanguage'
  DESC 'Virtual mail user perfered language'
  EQUALITY caseIgnoreIA5Match
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
)


objectClass
(
  1.1.2.2.400
  NAME 'ukKepaxVirtualMailAccount'
  DESC 'Virtual Mail Account Class'
  SUP top
  STRUCTURAL
  MUST
  (
    ukKepaxMailAccount $
    ukKepaxMailAlias $
    ukKepaxDateCreated $
    ukKepaxDateExpire $
    ukKepaxQuota $
    ukKepaxMailPassword $
    ukKepaxMameLast $
    ukKepaxNameFirst
  )
  MAY
  (
    ukKepaxDateLastLogin $
    ukKepaxAddressLastLogin $
    ukKepaxAlternativeEmail $
    ukKepaxNameFrom $
    ukKepaxNamePrefered $
    ukKepaxPreferredLanguage
  )
)

# EOF

# Quota
# Used by postfix & cyrus & squirrelmail


attributeType
(
  1.1.2.1.300
  NAME 'ukKepaxDiscSpaceDefault'
  DESC 'Virtual mail account allocated disc space quota in Mega bytes'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.301
  NAME 'ukKepaxDiscSpaceAllocated'
  DESC 'Virtual mail account allocated disc space quota in Mega bytes'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
  SINGLE-VALUE
)


attributeType
(
  1.1.2.1.302
  NAME 'ukKepaxWarningPercent'
  DESC 'Virtual mail account allocated disc
	space quota warning level percentage'
  EQUALITY integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
  SINGLE-VALUE
)

objectClass
(
  1.1.2.2.300
  NAME 'ukKepaxQuota'
  DESC 'Virtual mail account disc space quota class'
  SUP top
  AUXILIARY
  MUST
  (
    ukKepaxDiscSpaceDefault $
    ukKepaxWarningPercent
  )
  MAY
  (
    ukKepaxDiscSpaceAllocated
  )
)


#EOF

Prev by Date: *FIXED* RE: trouble with openldap 2.1.22 and sasl proxy auth
Next by Date: error building openldap
Index(es):
- Chronological
- Thread