Re: ISP converting to automation with LDAP

Excellent advice.

One thing that has puzzled me for a while, in the wonderful world of
Postfix Sasl Imap and LDAP is that there does not seem to be a "best
practice" guide for someone wanting to set up an ISP or a multidomain
service. There are bits and pieces of information everywhere with
postfix.org probably the most complete. openldap.org has taken a
different approach with this type of discussion being verbotten which is
why the interoperability forum was set up but it has no www site or
repository for information.

The LDAP schemas that come with OpenLDAP seem to be a hodge-podge of
overlapping and contradictory ideas. It would seem that it is time for a
real cleanup of this.

I would guess that 90-95% of the people using Postfix sasl, imap and
LDAP would be perfectly happy with identical structures and
configurations. If the core was well structured, extending it to meet
local needs or additional services would be possible. In my own case, I
see that I am trying to achieve the same result as Matt but am taking a
slighly different approach. I will extend the core functionality to
provide e-learning support but I still needthe basic ISP/Virtual domain
core before I move on.

Has anyone besides Luc (web-cyradm) put together a set of configuration
files and schemas and documentation that would cover one or more of the
most likely scenarios?

I would guess that there would be some discussion required to work
through interoperability/compatibility issues with Active Directory, Sun
and IBM but this would be much easier in an open source project than the
current method of everyone taking a unique approach to this and then
showing up here for help in making Postfix work with their unique LDAP,
sasl, imap setups.

Another puzzling area is IMAP. Why so many choices for such a standards
driven piece of functionality? Is it not possible to get this down to 1
really good one and have everyone put their efforts into making that one
better and easier to install and operate.
Perhaps my approach will stiffle innovation a bit but at some point, the
value of innovation diminishes compared to the value of everyone putting
their efforts into supporting one approach and making it usable.

It seems that most of the questions here and in other forums are from
people trying to do rather standard things in somewhat unique ways
rather that the other way around. We seem to be the author of most of
our own problems and I am beginning to wonder if the amount of support
would be dramatically reduced if we had a common architecture. For all
of its faults, Windows Server is pretty easy to install and get running.
The LDAP, IMAP, Outlook combination pretty much works out of the box.
This is largely due to packaging rather than really great software. The
Linux side should be getting to a point where we can do as good a job if
the open source community could get organized just a little bit and look
beyond one piece of the puzzle.

</rant>
Ron


Victor Duchovni wrote:

>On Mon, Jun 06, 2005 at 08:18:14PM -0400, Matt Juszczak wrote:
>
>
>
>>Hi all,
>>
>>We're a nationwide ISP converting to automation, via LDAP.
>>
>>
>>
>
>Don't think about LDAP for now, it is just a data delivery mechanism,
>you need to decide higher level questions about your MTA process flow.
>
> http://www.postfix.org/ADDRESS_REWRITING_README.html
> http://www.postfix.org/VIRTUAL_README.html
> http://www.postfix.org/OVERVIEW.html
> http://www.postfix.org/DATABASE_README.html
>
>Prototype the whole system without LDAP in the lab, then use LDAP to
>implement as many of:
>
> access(5)
> canonical(5)
> virtual(5)
> transport(5)
> aliases(5)
> generic(5)
>
>as appropriate. Generally speaking you design your database for
>the application, not the application to the database, so for
>Postfix and LDAP, figure out what data Postfix needs (get it
>working without LDAP) then configure LDAP to provide that data.
>
>
>