"Brian Clark" <[EMAIL PROTECTED]> a �crit dans le message de news: [EMAIL PROTECTED] > I use this LDAP editor. > http://www.iit.edu/~gawojar/ldap/ > It is written in Java, and runs on Windows, Unix, and MacOS X. > > You could also go the webadmin route and avoid platform issues altogether. > http://phpqladmin.bayour.com/ > > Brian!
Thanks Brian & Fernando :) Nothing better ? (I don't know, perhaps ?)
Often, people end up writing their own interface to manage the system. For example, we recently wrote a nice interface during a longer project for a client based on PHP (screenshots near bottom):
http://www.puryear-it.com/mail.htm
The point here is that it's not hard once you learn the basics.
The idea is usually to build a system that you can let lose on help-desk or low-level administrators. Also, by building your own interface you can automate tasks such as building the [EMAIL PROTECTED] account, controlling aliases, use default values for new accounts, and so forth. Otherwise you would need a nice checklist to follow each time you add, remove, or disable an account.
Also, I would like to know what is the best for the directory hierarchy : "dc=" or "o= & c=" ? I want to manage lots of domains in qmail so : I would like to separate users for Outlook to be able not to show all the hierarchy ( @example.com will see only users in examples.com) but I want to be able to sets persons witch could view the entire hierarchy in Outlook What kind on dn should I have ? ([EMAIL PROTECTED], [...] ??)
I have found that the following works well:
dc=domain, dc=com o=accounts, dc=domain, dc=com dc=domain.com, o=accounts, dc=domain, dc=com dc=domain2.com, o=accounts, dc=domain, dc=com dc=domain3.com, o=accounts, dc=domain, dc=com
Unless you are using authentication you are kind of screwed on restricting access really. I would suggest handing out the DN appropriate for each client. Say, client A uses "dc=domain2.com, ..." while client B uses "dc=domain3.com, ..." in their search path.
If you are using authentication then access control is possible.
--- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
