On Monday 04 October 2010 21:19:42 Dan White wrote:
On 04/10/10 20:47 +0200, Andreas Ntaflos wrote:
Short version: What is a recommended way to set up virtual mail hosting based on OpenLDAP? I.e. providing mail and authentication services, like SMTP and IMAP, using Postfix and Dovecot, for multiple *independent domains* such as example.net, example.org, example.com?
A very flexible is to implement a pam/nss layer on top of your DIT that presents your users as fully qualified to your system software.
[...]
Assuming that dovecot and your other server software do not strip domains, or at least strip them in predictable ways, then you can use pam/nss to export your users as system level users.
Dan, thank you for the reply and ideas! Essentially making all virtual users look like system users to Postfix and Dovecot (and other services) certainly sounds interesting but I am not sure if this won't make things more complex than they need to be. And wouldn't this approach require any services and applications to know how to handle PAM/NSS? I will keep it in mind, however, could come in handy in the future.
Our current setup using Postgres and virtual users, while complex enough, is quite adequate for our ISP needs. We just need to evaluate if and how it is feasible to model this setup using LDAP as a backend.
So I guess my question is really more about how to properly design a DIT that holds multiple independent domains and for each domain possibly hundreds of users and groups.
The problem is roughly equivalent to designing a proper relational database schema to manage and query user information only that a relational database schema is generally not designed with a single root or base node like the typical LDAP tree. This makes finding the information I require difficult.
Thanks again for your reply!
Andreas