Re: [Exim] LDAP advise? (new to ldap)

Góra strony
Delete this message
Reply to this message
Autor: Douglas Gray Stephens
Data:  
Dla: Philipp Gaschuetz
CC: exim-users
Temat: Re: [Exim] LDAP advise? (new to ldap)
Philipp,

At 17:27 on 28-January-2002, Philipp Gaschuetz wrote:
> Hi,
>
> we are planning on introducing LDAP for our mailservers. We have several
> offices and in each office we have serveral mailservers, each having a
> different "service" running on it and all servicing virtual domains.
>
> I was thinking about a "global" LDAP structure - I'm basically completly
> new to LDAP, so please forgive any errors - ie:
>
> ou=office1, o=company
> ou=office2, o=company
>
> and so forth... Then have several entries for each of the mail-services, ie:
> device=mail1, ou=office1, o=company
> device=mail2, ou=office1, o=company
> ...
>
> then split between aliases and pop3 accounts
>
> l=aliases,device=mail1, ou=office1, o=company
> l=pop accounts,device=mail1, ou=office1, o=company
>
> then by domain:
> domain=foo.com,l=aliases,device=mail1, ou=office1, o=company
> domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company
>
 > and then the users
 > dn=popuser1, domain=foo.com,l=pop accounts,device=mail1, ou=office1, o=company
 >    which then holds passwords, mail spool, etc.

>
> Well, my question is: am I getting too complicated here, or am I missing
> something about LDAP?


LDAP can be structured in numerous ways, and the main issue is trying
to build something that fits your needs. If you have a mobile work
force, then you may want to go for a flatter structure. If you have a
flat structure, then you can always have a use filters to return the
appropriate records, and you may not be able to get to that data if it
is in the tree structure. It may be that you want a structure
dn: cn=popuser1@???,ou=user,o=company
objectclass: top
objectclass: person
objectclass: OrgPerson
objectclass: inetOrgPerson
cn: popuser1@???
mailhost: mail1.office1.myco.com
mail: popuser1@???
mailForwardingAddress: popuser2@??? (so replacing your aliases)
l: city for office1
c: country for office1

(off the top of my head I cannot remember which objectclass mailhost
or mailForwardingAddress are part of).


Some references:
 o Two books on LDAP deployment
    Implementing Directory Services, Archie Reed
     McGraw Hill, ISBN 0-07-134408-X
      This book has lots of questionaires to help you understand what
      type of implementation would be best for your needs.


    Understanding and Deploying LDAP Directory Services Tim Howes, et al;
     Macmillan Technical Publishing USA; ISBN: 1578700701


 o As for other LDAP related references,
    http://www.innosoft.com/ldapworld/index.html
     Used to be Critical Angle, so the site for LDAP materials on the
     WEB.


    http://www.umich.edu/~dirsvcs/ldap/index.html
     University of Michigan (LDAP grew from U. Mich.) site with
     references relating to LDAP


    http://www.kingsmountain.com/ldapRoadmap.shtml
     An LDAP Roadmap & FAQ of resources on the WEB (and some book
     reviews)


  RFCs
   RFC 1777 Lightweight Directory Access Protocol
   RFC 1778 The String Representation of Standard Attribute Syntaxes
   RFC 1779 A String Representation of Distinguished Names
   RFC 1798 Connection-less Lightweight Directory Access Protocol
   RFC 1823 The LDAP Application Program Interface
   RFC 1960 A String Representation of LDAP Search Filters
   RFC 2044 UTF-8, a transformation format of Unicode and ISO 10646
   RFC 2251 Lightweight Directory Access Protocol (v3)
   RFC 2252 Lightweight Directory Access Protocol (v3) Attribute
            Syntax Definitions
   RFC 2254 The String Representation of LDAP Search Filters
   RFC 2255 The LDAP URL Format
   RFC 2256 A Summary of the X_500(96) User Schema for use with LDAPv3



I hope this helps get you started.

Douglas.

--

================================
Douglas GRAY STEPHENS
Global Infrastructure (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGrayStephens@???
================================