[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Recommended approach for LDAP as backend for virtual domain mail hosting?

On Monday 04 October 2010 21:19:42 Dan White wrote:
> On 04/10/10 20:47 +0200, Andreas Ntaflos wrote:
> >
> >Short version: What is a recommended way to set up virtual mail
> >hosting based on OpenLDAP? I.e. providing mail and authentication
> >services, like SMTP and IMAP, using Postfix and Dovecot, for
> >multiple *independent domains* such as example.net, example.org,
> >example.com?
> A very flexible is to implement a pam/nss layer on top of your DIT
> that presents your users as fully qualified to your system software.
> Assuming that dovecot and your other server software do not strip
> domains, or at least strip them in predictable ways, then you can
> use pam/nss to export your users as system level users.

Dan, thank you for the reply and ideas! Essentially making all virtual 
users look like system users to Postfix and Dovecot (and other services)  
certainly sounds interesting but I am not sure if this won't make things  
more complex than they need to be. And wouldn't this approach require 
any services and applications to know how to handle PAM/NSS? I will keep 
it in mind, however, could come in handy in the future.

Our current setup using Postgres and virtual users, while complex 
enough, is quite adequate for our ISP needs. We just need to evaluate if 
and how it is feasible to model this setup using LDAP as a backend.

So I guess my question is really more about how to properly design a DIT 
that holds multiple independent domains and for each domain possibly 
hundreds of users and groups. 

The problem is roughly equivalent to designing a proper relational 
database schema to manage and query user information only that a 
relational database schema is generally not designed with a single root 
or base node like the typical LDAP tree. This makes finding the 
information I require difficult.

Thanks again for your reply!


Attachment: signature.asc
Description: This is a digitally signed message part.