Philipp,
At 17:27 on 28-January-2002, Philipp Gaschuetz wrote:
> Hi,
>
> we are planning on introducing LDAP for our mailservers. We have several
> offices and in each office we have serveral mailservers, each having a
> different "service" running on it and all servicing virtual domains.
>
> I was thinking about a "global" LDAP structure - I'm basically completly
> new to LDAP, so please forgive any errors - ie:
>
> ou=office1, o=company
> ou=office2, o=company
>
> and so forth... Then have several entries for each of the mail-services, ie:
> device=mail1, ou=office1, o=company
> device=mail2, ou=office1, o=company
> ...
>
> then split between aliases and pop3 accounts
>
> l=aliases,device=mail1, ou=office1, o=company
> l=pop accounts,device=mail1, ou=office1, o=company
>
> then by domain:
> domain=foo.com,l=aliases,device=mail1, ou=office1, o=company
> domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company
>
> and then the users
> dn=popuser1, domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company
> which then holds passwords, mail spool, etc.
>
> Well, my question is: am I getting too complicated here, or am I missing
> something about LDAP?
LDAP can be structured in numerous ways, and the main issue is trying
to build something that fits your needs. If you have a mobile work
force, then you may want to go for a flatter structure. If you have a
flat structure, then you can always have a use filters to return the
appropriate records, and you may not be able to get to that data if it
is in the tree structure. It may be that you want a structure
dn: cn=popuser1@???,ou=user,o=company
objectclass: top
objectclass: person
objectclass: OrgPerson
objectclass: inetOrgPerson
cn: popuser1@???
mailhost: mail1.office1.myco.com
mail: popuser1@???
mailForwardingAddress: popuser2@??? (so replacing your aliases)
l: city for office1
c: country for office1
(off the top of my head I cannot remember which objectclass mailhost
or mailForwardingAddress are part of).
Some references:
o Two books on LDAP deployment
Implementing Directory Services, Archie Reed
McGraw Hill, ISBN 0-07-134408-X
This book has lots of questionaires to help you understand what
type of implementation would be best for your needs.
Understanding and Deploying LDAP Directory Services Tim Howes, et al;
Macmillan Technical Publishing USA; ISBN: 1578700701
o As for other LDAP related references,
http://www.innosoft.com/ldapworld/index.html
Used to be Critical Angle, so the site for LDAP materials on the
WEB.
http://www.umich.edu/~dirsvcs/ldap/index.html
University of Michigan (LDAP grew from U. Mich.) site with
references relating to LDAP
http://www.kingsmountain.com/ldapRoadmap.shtml
An LDAP Roadmap & FAQ of resources on the WEB (and some book
reviews)
RFCs
RFC 1777 Lightweight Directory Access Protocol
RFC 1778 The String Representation of Standard Attribute Syntaxes
RFC 1779 A String Representation of Distinguished Names
RFC 1798 Connection-less Lightweight Directory Access Protocol
RFC 1823 The LDAP Application Program Interface
RFC 1960 A String Representation of LDAP Search Filters
RFC 2044 UTF-8, a transformation format of Unicode and ISO 10646
RFC 2251 Lightweight Directory Access Protocol (v3)
RFC 2252 Lightweight Directory Access Protocol (v3) Attribute
Syntax Definitions
RFC 2254 The String Representation of LDAP Search Filters
RFC 2255 The LDAP URL Format
RFC 2256 A Summary of the X_500(96) User Schema for use with LDAPv3
I hope this helps get you started.
Douglas.
--
================================
Douglas GRAY STEPHENS
Global Infrastructure (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND
Phone +44 1223 325295
Mobile +44 773 0051628
Fax +44 1223 311830
Email DGrayStephens@???
================================