Hi and thanks for taking the time to respond. After reviewing your advice I have begun the process of swapping from MySQL auth back over to LDAP auth, and can see that functionality via LDAP seems much greater.
I have a quick question though, does SOGo have any user administration methods without falling back to an LDAP management system? For example, our clients normally have one user that would like the ability to create new mailboxes and distribution groups etc - is there an easy way to accommodate such control or do we need to look at another approach for this? Cheers again On 5 August 2013 08:59, Jan-Frode Myklebust <janfr...@tanso.net> wrote: > On Fri, Aug 02, 2013 at 05:33:15PM +0100, SOGo Noob wrote: > > > > My plan is this: > > We have a new cleanly installed Ubuntu 12.04 server for mail, and we've > > opted to use MySQL for authentication and for basic storage. We will be > > using Postfix and Dovecot for mail transport and imap/pop respectively. > All > > of which seems to make sense so far, and much of this is configured > already. > > > > My issue is with choosing the correct password encryption. We need it to > be > > compatible with SOGo, Dovecot and Postfix, and we need mail client > support > > for all major platforms. > > I'm working for an ISP, running SOGo for webmail, postfix for SMTP and > dovecot for LMTP/POP/IMAP -- for a little under 100 > maildomains/1M-accounts. Earlier (before SOGo) we used MySQL for > user-database, but have moved over to a LDAP (389ds) for holding the > user-database. And I would strongly advice you to consider doing the > same. > > All services are speaking directly to the ldap-servers. When users > needs to authenticate, this is handled trough the ldap bind() operation, > so that none of the services need to know anything about encryption > schemes, > and also they don't have access to read the users' hashes. > > LDAP/389ds gives you proper multi-master setup, so that you can easily > configure a highly available environment, and also scale out if needed. > > > Obviously we need to administer the server too, > > some clean cli commands to generate new passwords would be great. What > > would the list recommend as an adopted password encryption that is simple > > to deploy but at the same time secure? > > Lots of options for editing LDAP data.. ldapvi, ldapsearch, ldapmodify, > apache directory studio and probably several web-based options exists. > > > -jf > -- users@sogo.nu https://inverse.ca/sogo/lists
