[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: EXIM, LDAP and some pop3 stuff?

On Sun, 2002-01-13 at 00:18, Florian Bantner wrote:
> On Sam, 12 Jan 2002, Kevin Littlejohn wrote:
> 
> Seems to me so, too. 
> 
> I wonder if this problem is so far of that there are no
> 'standard' ways of doing it. Every MTA has it's way, every
> IMAP/POP3 MDA has it's own way - where mta1 only works with
> mda2 and mta3 only with mda1.
> 
> Worst of all the IMAP server who promote their own protocol
> and see LDAP as its disabled stepbrother. 
> 
> But I think this is an inherent UNIX / LDAP problem. LDAP seems
> a very powerful tool doing for UNIX everything the 'Regestry' has
> done for windows - and more. Whats missing here is some standardized
> way of how to do it. 
> 
> Got a little of topic, sorry.
> 
> > Look to using pam for pop3 passwords, and configure pam to use ldap. 
> > That's the most likely way to make it work.
> > 
> > KJL

I don't actually see it as that "non-standard".  I've got a woody-based
system I look after using LDAP for pretty much everything, via standard
debian packages, and it's pretty simple once you get over the first
hurdle of understanding how to lay out the info in an LDAP database -
PAM handles most everything, certain modules have their own specific
LDAP auth handlers that provide a touch more flexibility than PAM (eg.
apache).

The only nasty gotchya I ran into was MySQL - if nscd isn't running, and
mysql's user is served out of LDAP instead of in the /etc/passwd file,
mysql chokes badly on trying to retrieve username from uid (or something
near there, I didn't look too much further than realising that nscd
wasn't running and mysql was attempting to make queries of that type).

I'm using, for reference, courier-imap, delivering into that from
postfix (I like maildir, but dislike qmail).  Courier uses it's own ldap
auth module, postfix uses it's own LDAP module.  ssh uses PAM, apache
uses it's own module (for added flexibility), Zope uses it's own LDAP
auth (because it does wierd and wonderful things with user info), I
don't do POP or ftp thankfully but I'd imagine PAM support for both of
those would be fine.  passwd and su also lean on PAM, nscd/nsswitch
understands to use LDAP for getpwnam type lookups.

Each package that provides it's own module for LDAP seems to want
specific extra info out of the LDAP database - or support specific
extras.  Each will, as far as I can tell, also use PAM if you really
want to keep things centralised - the extended modules are pretty much
optional, but worthwhile.

I doubt you'll ever get a single centralised way of managing things, tho
- and truth be told, even in Windows you don't get that - different
packages will handle their own config info in different ways, if they're
written by different people.  Some packages abuse the registry, some
keep all their config to themselves, and so on and so forth.  Certainly,
the various games I have under Windows don't all have a standard way of
configuring them, for what little configuration they might have.  Hell,
programs even differ in where to find the configuration info (control
panel vs. file/configuration vs. view/properties vs. whatever else a
given author may have thought was "intuitive") :)

Now I'm way off topic ;)

KJL
-- 
Internet techie                    Obsidian Consulting Group
Phone: +613 9653 9364                    Fax: +613 9354 2681
http://www.obsidian.com.au/           darius@obsidian.com.au
Reply to: