On Wed, 2005-01-19 at 17:19 -0700, Steven Balthazor wrote: > On Wed, 19 Jan 2005 14:40:09 -0700, Mike Garfias wrote: > > LDAP can be used that way, but LDAP really isn't a simple thing. I wouldn't > > recommend attempting it unless you're willing to put in a serious amount of > > time learning it. > > > > I would second second the thoughts that Mike had about LDAP. I tried > to use OpenLDAP as a "person database" about a year ago for exactly > the type of setup you are talking about -- it was a good way to waste > a week. I ended up going with a mysql backend instead of LDAP (and I > seem to recall there were some squirrelmail modules which allowed you > to create contact lists in mysql also...). > > The good news/bad news with Postfix and a mysql (or any db, including > LDAP) backend is that you can find notes and howtos from many people > on the web and all of them work but each one does it slightly > different. So until you finally put it all together once and it > actually works you can get pretty confused trying to troubleshoot why > your particular installation does not work..and why did one person do > it one way and another person did it another way. The reason why is > that Postfix makes everything configurable. After I finally got mine > working, I had an A-ha moment and it all made sense, but until that > moment I was just trying to blindly follow someone else's instructions > (which might be only 80% complete). > > At least with a Mysql backend there are many people that have done it > and you can figure out from the many different tutorials how to > actually make it work. With a LDAP backend there are very few > people/notes about how to make it work. LDAP seems simple, but it is > not something to start with lightly. You quickly run into things > like: how do you edit the LDAP database, how do you modify the schema, > etc. Things may have changed in the last year... > > I have used squirrelmail with a postfix/mysql setup and it works > pretty good; however, I have not hit it with a substantial load so I > can't speak to its performance under fire. --- All things are about scale. LDAP is about large scale where as a mysql db for user accounts is small scale. Yes LDAP is a pain to set up - primarily because it is unlike anything else you've ever dealt with. But the advantages of LDAP is scale. You can use it to provide authentication to all services and not have to struggle adapting it to the backend authentication of all services. Want to add a new server, you can use LDAP to make accounts, passwords etc. across the network. Want to encrypt passwords, transmit the encrypted password across the network to authenticate a user on another system? LDAP. Want to implement SASL/Kerberos security? LDAP The problem that you speak of in terms of 'how-to' on LDAP is because it is so flexible/extensible that no one does it the same way. You figure out how/where it works for you and pile on. Original question was about multiple domains and I gathered that this was not Windows DOMAINS. Yes, LDAP can handle multiple domains...multiple db's etc. I would call squirrelmail light duty. For multiple domains, I have found Horde/IMP to be extremely capable...especially for LDAP contacts. Other question in original post - would I be able to restrict users from searching other than 'their' domain - yes, simple I think lots of people fall back on MySQL because it is something that they can get a quicker grasp of - but that is not necessarily the best reason to choose it for backend. It tends to be singular in purpose. You neglected to say what you planned to use for IMAP/POP3 server. That my ultimately be the biggest decision you make. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss