Jake Vickers wrote:
Eric Shubert wrote:
Jake Vickers wrote:
Eric Shubert wrote:
John Hansen wrote:
Hi,
We currently authenticate our users with an LDAP server for
different systems
such as email and thin clients (LTSP). I would like to keep this
same set up
and not use a separate user database for QmailToaster, if possible.
Most of
our users use webmail, but there are around 20 that use an email
client with POP3.
Does anyone have a recommendation, one way or another, on using
QmailToaster
with LDAP?
Pro's and cons?
Tuturial?
Thanks,
John
I'm sure Jake will chime in on this with authority.
I'd like to say, though, that I think this is a big weakness in the
toaster presently, and I'd love to see us develop LDAP capability
for QMT. I don't believe that it's a simple thing to do though, and
I'd be thrilled to work with a sponsor to get it implemented.
Not a weakness, a different path.
Vpopmail does not work with LDAP, and some of the other patches we
use will not work with qmail-ldap either.
There is a project that helps you set up a qmail-ldap server over at
qmail-ldap.org
Since they're completely different approaches, I don't think you can
really give any pros/cons besides what you get from LDAP anyway (both
pros and cons).
I beg to differ. QMT offers no common authentication mechanism that
can be shared with other applications in an organization. Seems like
most applications can authenticate with LDAP. Does anything besides
certain implementations of qmail use vpopmail authentication? I don't
know of any. With vpopmail, user and password definitions are
(un)necessarily separate from 'the rest of the world'. I'd call that a
weakness if I wanted to integrate it with other applications in an
organization. Let's face it, QMT is weak in this area. Now, how
important that might can vary with depending on the circumstances.
As I stated before, they're separate paths, not "weakness". Qmailtoaster
is a Qmail path that utilizes vpopmail and mysql. If you want to use
LDAP, use qmail-ldap. If you want to use vpopmail but not mysql, use
either LWQ or qmailrocks, etc.
Qmail is only the backend. There are many paths you can take to achieve
your goals. If you want vpopmail and mysql in an easy to install
package, then Qmailtoaster is a good path for you.
As far as sharing common authentication mechanisms, that is a matter of
viewpoint. I've written PHP apps that used the vpopmail database for
authentication to tie the application to the email system. With vpopmail
being in mysql, you can use any mashup that can communicate with mysql
for authentication. If this does not work for a specific app, then a
different approach may be in order for your configuration.
Wait a minute. I might be going to sound like an idiot here, but I'll
take that chance.
LDAP is a protocol, not an implementation. You can implement LDAP with a
mysql backend, can you not? If so, why couldn't you have a mysql
database that serves both vpopmail and ldap at the same time? I guess
it'd be a matter of mapping the database schemas together somehow. If
the schemas could not be merged together (a good chance of that I
expect, as the vpopmail database isn't normalized well at all), worse
case scenario would be having to run a process periodically that maps
one schema (probably ldap) on to the other (probably vpopmail). In that
way, you could share authentication data like John is looking to do.
Does this make any sense at all?
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
