smedev:make_everything_dynamic_with_ldap

Ceci est une ancienne révision du document !

Make everything dynamic with LDAP

This page just lists a few thing I have in mind to make SME Server better. LDAP authentication is nearly ready (there's still a few little things to fix, but I'm running with LDAP auth enabled on my own personal server for 3 years now without issue). What I'd like now is make more use of LDAP.

This is just a few ideas I have, nothing serious, nothing written or working, nothing approved by other devs, and maybe even nothing realistic

The goal

The goal I have is to have more things in LDAP, ultimately, adding users and groups shouldn't require anything but adding the user or the group in LDAP. No templates to expand, no service to restart. This means for example, all the mail stuff (qpsmtpd, qmail) should read LDAP to get the required info, no more flat files, no more static configuration.

In which way this can be useful

A first bonus we would have with this is adding, removing, modifying groups and users really faster, but that would just be a side effect. The real benefit is that SME could then use another LDAP directory. You can manage all your users and groups elsewhere, in any LDAP server you want, and then connect your SME box (or several SME servers). Your master LDAP server could of course be another SME, but should not be required, as long as you use a compatible LDAP schema.

What needs to be done to get there

Switch to LDAP auth

Modify a few things in LDAP

Automatically create the home dir on first connection

Switch to qmail-ldap (or another LDAP aware MTA, like postfix)

Modify qpsmtpd to use LDAP

Modify esmith::AccountsDB to read LDAP

  • smedev/make_everything_dynamic_with_ldap.1364497120.txt.gz
  • Dernière modification: 28/03/2013 19:58
  • de dani