At 12:20 11/06/01 -0400, Kevin J. Menard, Jr. wrote:
>Hey guys,
>
> I'm fairly new to the LDAP game. I've read the list archives a bit, and
> found a lot of good info. One thing that is still eluding me is the the
> directory structure itself.
../..
> Anyone out there do something similar? Please share any insight
> (structures, sample LDIF, config files, etc.) Thanks a lot.
Even though I rewrited the ISPman interface within the Webmin framework
I'm still using the ISPman structure, just a bit updated to add
mail servers management and mailing lists. Each domain can be split within
several servers or one server can manage several domains. Here is a sample
of the structure used (not ldif, only ldapsearch output):
o=nobel
objectclass=top
objectclass=organisation
uid=bernard, ou=admins, o=nobel
objectclass=top
objectclass=sysadmin
uid=bernard
ou=admins
o=nobel
userpassword=secret
uid=mailadmin, ou=admins, o=nobel
objectclass=top
objectclass=sysadmin
ou=admins
uid=mailadmin
userpassword=secret
domain=nobel.org, o=nobel
objectclass=top
objectclass=dnsdomain
objectclass=posixAccount
domain=nobel.org
comment=Nobel foundation
uid=nobel.org
cn=nobel.org
emailpattern1=on <-- flag to activate address generation rule
emailpattern3=on <-- flag to activate address generation rule
mailboxpattern=0 <-- flag to activate uid generation rule
mailserver=kheops, o=nobel
objectclass=top
objectclass=mailserver
mailserver=kheops
uid=kheops
cn=kheops
allowadmin=1 <-- 1 allow remote imap administration
comment=Slackware Linux 7.0 Kernel 2.2.15
mailservertype=0 <-- 0=Cyrus Imap, 1=NT Exchange, 2=Lotus Notes, etc...
uid=einsteal, ou=users, domain=nobel.org, o=nobel
objectclass=top
objectclass=person
objectclass=organizationPerson
objectclass=inetOrgPerson
domain=nobel.org
cn=EINSTEIN Albert
sn=EINSTEIN
uid=einsteal
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
mailserver=kheops
givenname=Albert
[EMAIL PROTECTED]
[EMAIL PROTECTED]
userpassword=secret
[ Nobel foundation and nobel.org names are only used for demonstrating
purposes. I don't currently have any relation with this organisation ]
> I'm also wondering what's the best method to do it with Cyrus. PAM_LDAP,
> the pwcheck patch, or the SASL patch?
PAM_LDAP works well but need PAM (obviously !!)
I'm testing a mix of SASL and pwcheck patch on Slackware and it's doing
well so far.
I recommend you to spend some time playing around with ISPman and PAM_LDAP.
You will gain knowledge and experience. You could find ISPman responding
adequately to your administrative needs. I needed something more Corporate
oriented (ISPman is ISP oriented) so I wrote another admin interface
within webmin wich is more secure (admin profiles, ssl, etc)
Hope that helps.
--
Bernard FRIT
