On Wed, 2005-01-19 at 17:19 -0700, Steven Balthazor wrote:
> On Wed, 19 Jan 2005 14:40:09 -0700, Mike Garfias <mike@garfias.org> wrote:
> > LDAP can be used that way, but LDAP really isn't a simple thing. I wouldn't
> > recommend attempting it unless you're willing to put in a serious amount of
> > time learning it.
> >
>
> I would second second the thoughts that Mike had about LDAP. I tried
> to use OpenLDAP as a "person database" about a year ago for exactly
> the type of setup you are talking about -- it was a good way to waste
> a week. I ended up going with a mysql backend instead of LDAP (and I
> seem to recall there were some squirrelmail modules which allowed you
> to create contact lists in mysql also...).
>
> The good news/bad news with Postfix and a mysql (or any db, including
> LDAP) backend is that you can find notes and howtos from many people
> on the web and all of them work but each one does it slightly
> different. So until you finally put it all together once and it
> actually works you can get pretty confused trying to troubleshoot why
> your particular installation does not work..and why did one person do
> it one way and another person did it another way. The reason why is
> that Postfix makes everything configurable. After I finally got mine
> working, I had an A-ha moment and it all made sense, but until that
> moment I was just trying to blindly follow someone else's instructions
> (which might be only 80% complete).
>
> At least with a Mysql backend there are many people that have done it
> and you can figure out from the many different tutorials how to
> actually make it work. With a LDAP backend there are very few
> people/notes about how to make it work. LDAP seems simple, but it is
> not something to start with lightly. You quickly run into things
> like: how do you edit the LDAP database, how do you modify the schema,
> etc. Things may have changed in the last year...
>
> I have used squirrelmail with a postfix/mysql setup and it works
> pretty good; however, I have not hit it with a substantial load so I
> can't speak to its performance under fire.
---
All things are about scale. LDAP is about large scale where as a mysql
db for user accounts is small scale.
Yes LDAP is a pain to set up - primarily because it is unlike anything
else you've ever dealt with. But the advantages of LDAP is scale. You
can use it to provide authentication to all services and not have to
struggle adapting it to the backend authentication of all services. Want
to add a new server, you can use LDAP to make accounts, passwords etc.
across the network. Want to encrypt passwords, transmit the encrypted
password across the network to authenticate a user on another system?
LDAP. Want to implement SASL/Kerberos security? LDAP
The problem that you speak of in terms of 'how-to' on LDAP is because it
is so flexible/extensible that no one does it the same way. You figure
out how/where it works for you and pile on.
Original question was about multiple domains and I gathered that this
was not Windows DOMAINS. Yes, LDAP can handle multiple
domains...multiple db's etc.
I would call squirrelmail light duty. For multiple domains, I have found
Horde/IMP to be extremely capable...especially for LDAP contacts.
Other question in original post - would I be able to restrict users from
searching other than 'their' domain - yes, simple
I think lots of people fall back on MySQL because it is something that
they can get a quicker grasp of - but that is not necessarily the best
reason to choose it for backend. It tends to be singular in purpose.
You neglected to say what you planned to use for IMAP/POP3 server. That
my ultimately be the biggest decision you make.
Craig
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss