beldon on Tue, 17 Apr 2001 12:00:17 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] I have an idea

> ------------ Original Message -----------
> From: Mental <>
> Date: Tue, 17 Apr 2001 11:13:26 -0400
> How useful would it be if you could manage user accounts/mail
> delivery/aliases/whatever from one central place for multiple OS's?
> I've decided that pam, ldap and samba are just itching to be tied together
> into one killer app. 
> My idea is to setup an ldap cluster that handles user accounts for the
> network (sort of like NIS but for win32, and *nix), mail
> forwarding/aliases and services.
> As proof of concept, I have this setup so that apache can authenticate off
> ldap, sendmail uses ldap for mail delivery/forwarding/ and soon, aliases.
> Ldap support is still a little immature in samba, but its getting there.
> Acl's will let you have finer control over who can edit what.
> Objectclasses give you the ability to setup useraccounts that work for
> some services, but not others. 
> I've structured my directory so that domains are segregated, and thus
> managers for one domain cannot change/access domains they're not in.
> All in all, its shaping up to be fairly cool.
> Once its done, it would be fairly simple to extend it a bit further and
> create an open standard for groupware using ldap as the back end and
> simply defining how the client connects. As proof of concept it would be
> fairly simple to use X-headers for groupware functions/requests to the
> mail client. The client should then be able to connect to ldap, bind iwth
> its DN and do whatever the user specifies. Here's where sslwrap comes in
> handy... Further, since ldap is so easy to integrate it could potentialy 
> allow corporations to create massive ldap trees. Ones distributed 
> internationally.... But I digress.
> I really need to get my braindumps into human readable format and start
> writing howtos. 
> Does this sound interesting to anyone but me?
> Initially I just plan on using it to route mail. For me. But there's
> massive potential here. A decent structure and well put together
> documentation could very well set a standard we'd all come to enjoy.

Actually, this sounds like a fantastic idea!

I've forwarded this to myself at work and I'll run it by some network people.  Since I'm a DBA, I see where this could also solve the problem of database access control as well.

I'll let you know.  Is it okay to contact you at your personal e-mail address for things which are better discussed off-line?

Philadelphia Linux Users Group       -
General Discussion  -