Dear clapf-users,
as clapf grows it requires some new features. It's easy to implement in sql, however it's a bit trickier using LDAP. To decide how to deal with LDAP backend, a little background first. I modified the qmail.schema to include some clapf related attributes, such policy group id, blacklist, ... Every time I added a new feature, then I had to modify the ldap scheme too. The latest addition (token groups) required an addtional attribute ('gid'). However 'gid' might be a used attribute for other purposes, so I created a new one: 'clapfgid'. So far, so good. However though the webui has a user administration menu, you may not use it eg. to create a new user, since it handles clapf specific attributes mostly. Then why would I bother with it? So we need to come to an agreement (ie. make a best practice-like thing) howto throw clapf into an ldap environment, and I count on your ideas help on this matter. I have two proposals (but you are free to add your own). A) Let all clapf specific user data (policy group, domain, ... gid) be stored in the SQL database of clapf, and let clapf read the username, password (for webui auth) and perhaps the uid from the ldap database. This way I have to implement only the clapf specific attributes in the webui. The drawback is that whenever a message arrives, then clapf needs an LDAP query, then an SQL query to get all the required user data. OK, I can put the combined data to memcached later. B) the second idea is to import all the required ldap data to clapf's local SQL database. If we can somehow synchronize, then clapf can be simpler, since it needs SQL support only. Currently the webui supports method B) in junction with Active Directory, but I believe we can extend its concept to support an openldap (or other) LDAP directory as well. So to sum up, you can help me by the followings: - show me a user ldif entry (can be a fictional user) - describe how you manage your ldap users, and how you manage clapf related user data - which method would you accept? A) or B) or your own solution: C) Best regards, Janos