Yippie, I have 29 days to get an IMAP server up with LDAP. I really am enjoying this task. :-)
LDAP will provide + a general address lookup facility + account authentication This is the first time I have setup LDAP, so I am sending this for peer review. Help, I have no one here to look up to ;-) Question 1: How would I go about setting email aliases ? I could do it through canonical maps in postfix but that seems messy. Question 2: I decided to breakup the people and accounts in two separate containers in attempt to make the directory hardier and more secure. Am I wasting my time with this structure or does it make sense ? The Structure: washcoll.edu + People + Accounts The ou=People will hold the address info. The ou=Accounts will do the authentication/account info. Question 3: I do not understand what I am doing under the access control info. Besides for the default-access read for testing, does this look secure ? /etc/ldap/slapd.conf ... ######################## #Access Control Info ######################## defaultaccess read index mail,mailAlternateAddress eq index cn,sn,uid,mail index objectClass eq #access Control list access to attr=userpassword by dn="cn=admin, dc=washcoll, dc=edu" write by dn="cn=cyrus, dc=washcoll, dc=edu" read by dn="cn=postfix, dc=washcoll, dc=edu" read by self write by self read access to * by self write by dn=".+" read by * read ... #top.ldif dn: dc=washcoll, dc=edu objectClass: top objectClass: organization o: Washington College description: Top level of Directory creatorsName: cn=admin, dc=washcoll, dc=edu dn: ou=People, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: People description: People within Washington College. dn: ou=accounts, dc=washcoll, dc=edu objectClass: top objectClass: organizationalUnit ou: Accounts description: People with accounts at Washington College. #accounts.ldif dn: uid=bmarshal,ou=accounts, dc=washcoll, dc=edu uid: bmarshal cn: Brad Alan Marshall sn: Marshall ou: staff objectClass: top objectClass: person objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: qmailUser objectClass: organizationalPerson objectClass: inetOrgPerson accountStatus: active deliveryMode: normal mail: [EMAIL PROTECTED] mailHost: imap.washcoll.edu mailAlternateAddress: [EMAIL PROTECTED] loginShell: /bin/false uidNumber: 500 gidNumber: 100 homeDirectory: /mnt/home/bmarshal userPassword:: e2NyeXB0fWxuYkRhejRuYjlhUXA= #listing.ldif dn: uid=bmarshal,ou=People, dc=washcoll, dc=edu uid: bmarshal givenName: Brad initials: BAM cn: Brad Alan Marshall sn: Marshall o: Washington College ou: staff objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson mail: [EMAIL PROTECTED] title: programmer homePostalAddress: 110 Clove St Chestertown, MD 21401 homePhone: 410-555-1212 telephoneNumber: 410-555-1212 mobile: 443-770-5658 facsimileTelephoneNumber: 1-800-111-1111 pager: 1-800-555-1212 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]