I did a little more testing with it. So this is going to be a summary of what
I have found, and a continuation of the discussion below. First what I have
found.
If I have an existing LDAP system which I upgrade to the latest master with
the new data model (Cit-NG), I can log into webcit with users and do the
typical with webcit, but I cannot direct mail to the Internet address listed
in Citadel under the User Configuration screen. User not found. I can send to
the user by the Citadel recognized name (which in my case is really long and
has spaces in it) which would not work for most users. They think in the
terms of email. What I found was that if I went into the users
configuration, and without changing anything, saved it, then I could mail
that person. This persisted through a reboot. So in this case, a login was
not enough to set the internet address for a system which upgrades. I would
have to manually select each of my 300+ users and save their entry to get
their addresses to work.
I also took note that for those users, there was no way to add another
internet address to their allowed (for aliases etc). Granted this could be
fine, as long as it is selectable. This brings me to the discussion, because
as it is now, we are still at an incomplete model.
I will start with a couple questions, and then my thoughts.
* How is addressing handled for Host Based and local user bases? Is there
the option to add more aliases / internet addresses? Is LDAP getting special
treatment with how users populate the user table? (Pardon my terms if I don't
get it just right)
* Is the upgrade script handling an LDAP based system different than a new
install would handle it (both LDAP)?
* Is there a way to customize how the LDAP info maps to the vCard? I
agree with what you said below, for the reason that usually if someone is
using LDAP, then they usually would want to control the information from that
LDAP directory, and not have to go and change it multiple places. Also,
usually LDAP is used more in a controlled environment. It would be good for
there to be a switch / button to trigger a full LDAP poll from the baseDN
given in setup, and search that for entries, to populate the citadel mail
table / user table based on what it finds. Very helpful for a new server
setup where users need to be able to mail each other right away without
waiting for the other person to log in first to register their entry.
I guess for more clarity: LDAP should be considered from two standpoints.
* Initial account generation - initial mail table setup
* Day to day user management What I described above would be beneficial
for the first setup, and possibly the second if there is ever a mass change
at the LDAP level or many people all added at once etc. Basically a way to be
able to flush the existing info and do a full populate from what exists in
LDAP. During the query, it would do what you said below, and compare the
entries in the mail field with what is allowed for citadel to handle / route
mail for, and put those in the internet mail fields, with any non matches
either being discarded or populating the vCard as internet addresses (as long
as that vCard has nothing to do with the actual mailer table).
One issue with only checking for updates when a user logs in is that people
may send mail to the user, and the system will never know until the next
refresh as above, that the user does not actually exist any more. The aide
user could manually remove their entry from the list, which would keep them
out of the mailer table then, and that is fine, but there needs to be a way
to tell if they have been removed from the LDAP. To solve a couple of these
issues, I propose that there be a service option set up to poll the LDAP
server for changes at a set interval, making such changes as necessary to
keep in sync. I am not sure how much that would entail, but I would not think
it more than was already being done to sync citadel servers etc.
I think if the LDAP could have a way to be polled at a regular interval for
semi-auto management, as well as a way to throw the switch and completely
replenish and sync the entries, as well as each users LDAP being updated when
they log in - we would catch most of the problems.
One thought I had regarding the LDAP is if we made more use of the
specified schema for a citadel user, and customized it to reflect the changes
we are making, then made an interface to customize what populates which field
in the vCard, could even be "by numbers" with all valid vCard fields which
citadel recognizes on one side with a list of numbers matching the fields in
the schema, and the ability to enter those numbers to each field citadel
recognizes? As it is, I am having to custom register each user at an interval
to make sure the fields match so the GAB entries show properly.
I guess that is probably enough of a scattered post to give you something
to work with. Let me know what you think.
> Mon Aug 14 2017 06:10:29 PM EDT from IGnatius T Foobar @ Uncensored
>
>
>>2) unable to send email to users with internet mail disabled. This is a
> show
>
>>stopper. I cannot use the email address listed as internet address without
>
>
>>enabling all internet email.
>
>Let's see if we can boil this down a bit.
>
>Is it your expectation that we should always read the email address field(s)
>out of LDAP, look for Citadel-local domains, and populate the user record
>with any qualified addresses that are found?
>
>If so, that makes sense to me, and it probably also explains the IMAP login
>problems.
>
>
>
>
