Re: Authentication schemes
On Friday 27 April 2001 16:29, Stephane Bortzmeyer wrote:
> > - Ability for owners of our hosted domains to administer
> > their own user databases.
>
> Easy with LDAP, where ACLs are per-branch. But it means you need to
> study your scheme: we plan to have a branch per group of customers (we
> don't have individual customers).
How do you implement ACLs per-branch? It seems to me that OpenLDAP only
supports this through regular expressions which are very slow. If you have
1000 customers and each has a regular expression to determine the access
rights then you'll probably get 2 LDAP reads per second out of high-end
hardware!
> > - Ability for any applicable account to be able to own a file in
> > the file system with a globally unique UID/GID. Not every account
> > would have this requirement, email-only accounts likely don't need
> > to own any files.
>
> It costs nothing to give an UID to everyone (in 'woody', all the
> programs use 32-bits UID) so we plan to give it to everybody.
You might as well allocate them a "customer number" as soon as they sign up.
If that number ever becomes a UID is another issue...
> > for the email side of it? Our webserver is Roxen (from source, not
> > packaged), and we are using the IMHO plugin for web-based email.
> > Unless we can't get this scheme to work with Roxen, we have no plans
> > to change webserver software.
>
> We use Apache and LDAP authentication works fine.
What exactly do you do with Apache and LDAP? LDAP authentication for WebDAV
for uploads?
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: