For me, I'm running several 'virtual machines' on one machine, so that
each Cyrus instance is distinct from the next ... works real sweet
... but, I'd like to avoid having an LDAP server running for each one if I
can help it, and its "one more thing to go wrong" ...
The server itself is quite secure, as we don't create accounts, so setuid
scripts aren't a concern ...
On Mon, 6 Nov 2000, Alain Turbide wrote:
> Now you're talking about su'ed scripts..It's easy to do but you're
> compromising quite a bit of security by doing that.. (not that the admin
> script is that secure). Another approach that I've avoided is the use of
> cron scripts to syncronise the ldap database periodically with the
> saslpasswd database.
> I did'nt want the delay in activating the accounts or password changes.
> One of the reasons I use LDAP is that I don't currently use any of the other
> authentication mechanism ( I could also use sasl_auto_transition=true to
> automatically put PLAIN authenticated users into sasldb), I already have the
> LDAP server setup for directory searches, so why not use it for passwords as
> well. Everything done in one place.
> I haven't had a chance to look into it yet, but will see what I can come up
> with.
>
> Alain
> ----- Original Message -----
> From: "The Hermit Hacker" <[EMAIL PROTECTED]>
> To: "Alain Turbide" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Monday, November 06, 2000 8:39 AM
> Subject: Re: Cyrus iimap/ldap account creation cgi script available
>
>
> >
> > Just a quick thought here ... the way I've been setting things up has been
> > to create the mailbox and to add the user to the sasldb file .. no passwd
> > entry at all.
> >
> > how hard would it be to add the capability to add/update/delete from
> > sasldb, using, say, a root enabled saslpasswd command? There doesn't
> > appear to be any perl modules that I can find for doing this, so would
> > have to do it with a system() call ...
> >
> > On Sun, 5 Nov 2000, Alain Turbide wrote:
> >
> > > There are various tools to migrate existing passwd or other accounts to
> > > ldap. See the following link.. http://www.padl.com/tools.html
> > >
> > >
> > > Alain
> > >
> > > ----- Original Message -----
> > > From: "The Hermit Hacker" <[EMAIL PROTECTED]>
> > > To: "Alain Turbide" <[EMAIL PROTECTED]>
> > > Cc: <[EMAIL PROTECTED]>
> > > Sent: Sunday, November 05, 2000 3:03 PM
> > > Subject: Re: Cyrus iimap/ldap account creation cgi script available
> > >
> > >
> > > >
> > > > anyone have a good doc on how to setup LDAP? So far, what I've been
> able
> > > > to find, has had my run scared of using LDAP :(
> > > >
> > > > On Sun, 5 Nov 2000, Alain Turbide wrote:
> > > >
> > > > > This is perl cgi script (very alpha) that is used to create and
> maintain
> > > > > user accounts on
> > > > > an LDAP server as well as creating/deleting/modifying user accounts
> on
> > > an
> > > > > Imap server. Currently it is tested with Cyrus Imap but should work
> > > with
> > > > > any Imap ser
> > > > > ver. It supports all ACL settings, user mail account creation,
> public
> > > > > folder cr
> > > > > eation, deletions. It does not allow sub-folder creation but only
> > > initial
> > > > > mailbox creations.
> > > > >
> > > > > Find it available at http://host1.dyndns.org/cyrusadmin
> > > > >
> > > > > Please note: It works well for me but I can't guarantee that it
> will
> > > work
> > > > > for all setups. I'm making it available because some users have
> > > enquired
> > > > > about such tools, and I hope they can find some use with it. It is
> > > > > available with no warranty whatsover. Have fun with it..
> > > > >
> > > > > Alain Turbide
> > > > >
> > > > >
> > > >
> > > > Marc G. Fournier ICQ#7615664 IRC Nick:
> > > Scrappy
> > > > Systems Administrator @ hub.org
> > > > primary: [EMAIL PROTECTED] secondary:
> > > scrappy@{freebsd|postgresql}.org
> > > >
> > > >
> > >
> > >
> >
> > Marc G. Fournier ICQ#7615664 IRC Nick:
> Scrappy
> > Systems Administrator @ hub.org
> > primary: [EMAIL PROTECTED] secondary:
> scrappy@{freebsd|postgresql}.org
> >
> >
> >
>
>
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: [EMAIL PROTECTED] secondary: scrappy@{freebsd|postgresql}.org
