Marius,
We use standard DNS, not DNS entries in LDAP or anything like that.
I assume (I could be wrong - someone help me out...) that your LDAP
directory structure would be completely independent of your DNS
registrations. If you had 2 domains registered to your organization, you
could have 2 Cyrus/Postfix combos installed on 1 physical server, where your
LDAP tree that looks something like this (LDAP can be running on any
machine...):
o=LDAPadmin (or whatever)
ou=MailDomains (or whatever)
ou=Acme
miller
smith
ou=Rutgers
miller
smith
Now, lets assume you have "email.acme.com" registered for the Acme domain
and "email.rutgers.edu" registered for the Rutgers domain. In your DNS
data, all mail for "acme.com" will be handled by "email.acme.com" and all
mail for "rutgers.edu" will be handled by "email.rutgers.edu" As long as
Postfix or Sendmail is configured to accept mail for their respective
domains, if you send to "[EMAIL PROTECTED]", the message should get dropped to
"[EMAIL PROTECTED]"
At this point, the only purpose your LDAP directory serves is for account
authentication (storage container just for usernames and passwords...). You
can make the structure look anyway you want. You don't not even need to
reference the domains at all - as long as you know the users for domain "A"
are at this basedn, and users for domain "B" are at this basedn, just
configure each imapd.conf's sasl configuration to point to that location.
In my example, all I am using LDAP for is <username> <password>. The mail
server or the ldap server does not care whether or not you are using domains
or subdomains.
-John
"Tegomoh, Marius N." wrote:
> John,
>
> Thanks for the further clarification. It certainly helps.
> Unfortunately, my original query wasn't clear enough.
> Your directory service is for Rutgers.edu and everything
> else is a subdomain of that.
>
> What if you wanted your directory service to hold information
> for Acme.com as well as Rutgers.edu?
>
> I'm hoping for an example multiple unrelated domains in the
> same directory server (I suppose that's we need to define
> multiple BaseDNs).
>
> Marius
>
> -----Original Message-----
> From: John C. Amodeo [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 26, 2001 5:20 PM
> To: Tegomoh, Marius N.
> Cc: [EMAIL PROTECTED]
> Subject: Re: Virtual Domain Implementation (example)
>
> Marius,
>
> Actually, we are not using OpenLdap - we are using Novell NDS, which
> exports all its information in LDAP compliant form. We translate each
> context in the NDS tree into a separate "Virtual Server" or department -
> for example:
>
> o=Rutgers.edu
> ou=Units
> ou=Economics
> miller
> smith
> ou=Biology
> miller
> smith
>
> So, one Cyrus server's Sasl config would point to
> "ou=Economics,ou=Units,o=Rutgers.edu" and the other would point to
> "ou=Biology,ou=Units,o=Rutgers.edu" These LDAP entries go in the
> imapd.conf files for each Cyrus server (1 Cyrus server can point to one
> LDAP server OR different BaseDN's in an LDAP tree...)
>
> As far as logging 2 users from different departments in to their mail
> server is pretty easy...
>
> Cyrus server 1, whose sasl config points to
> "ou=Economics,ou=Units,o=Rutgers.edu" is running on an IP address that
> is registered as "email.economics.rutgers.edu" and Cyrus server 2,
> whose sasl config points to "ou=Biology,ou=Units,o=Rutgers.edu" is
> running on an IP address that is registered as
> "email.biology.rutgers.edu"
>
> For each user (smith, for instance) on any given server, a login would
> look like:
>
> username "smith"
> imap server "email.economics.rutgers.edu"
> smtp server "email.economics.rutgers.edu"
> OR
> username "smith"
> imap server "email.biology.rutgers.edu"
> smtp server "email.biology.rutgers.edu"
>
> Each user will use just their "username" and the server for their
> department. What's nice about our setup is that since most of our users
> are on Windows (some things you can't change... ), when they log into
> Novell to "get to the network" the same account gets them their email.
>
> I assume you could apply this directory structure where each on of our
> "departments" would equal a domain. At this point, it would be up to
> your DNS servers and MX records to drop mail to the proper server. What
> we do is for a department like Economics, whose Novell server is
> "economics.rutgers.edu", and whose Cyrus e-mail server is
> "email.economics.rutgers.edu", the MX record for "economics.rutgers.edu"
> has its mail handling set to "email.economics.rutgers.edu" So, when you
> send to miller@economics it actually goes to [EMAIL PROTECTED]
>
> Hope this helps.
>
> -John
--
______________________________________________
John C. Amodeo, Associate Director
Information Technology and Computer Operations
Faculty of Arts & Sciences, Rutgers University
732.932.9455-voice 732.932.0013-fax
