Re: DoveCot vs Cyrus-Imapd Performance

From: Aleksandar Milivojevic (amilivojevic_at_pbl.ca)
Date: 01/14/05

  • Next message: antonio montagnani: "Re: FC3:Up2date icon frozen" 
    Date: Fri, 14 Jan 2005 15:20:23 -0600
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Les Mikesell wrote:
    > Yes, the bits and pieces are all there, although I'm not sure the
    > mail part is really standard (do sendmail/postfix/cyrus all use
    > the same thing, and what about aliases and groups?), but how useful
    > is it if you can't expect all versions to match? You also need a
    > tool that populates all of the common fields at once. By default
    > you probably want the posix, samba, and email accounts to match
    > without typing them again and you'll want to change passwords in
    > one place and affect them all. Redhat/fedora has the market share
    > to become the standard if they just shipped something that came up
    > working as installed. I doubt if anyone else can do that now.

    I don't see where's the problem. You want user to have attributes from
    posixAccount? Add posixAccount to list of his objectClass(es), and than
    you can add attributes that are defined in that class, and use LDAP as
    replacement for NIS. You want to add Sendmail LDAP mail routing for
    that user, add inetLocalMailRecipient to list of his objectClass(es),
    and add attributes such as mailLocalAddress or mailRoutingAddress. You
    don't create separate tree for every service that needs to store data
    about user. You add object classes needed to describe user to his
    objectClass attribute, and than you add service specific attributes.

    As for passwords, old style Windows passwords needed to support older
    Windows implementations are not compatible with more or less anything.
    So those will have to be separate. Even in Active Directory, they are
    stored as base64 representation of UTF8 plaintext password. The reason
    is basically the same as behind using smbpasswd file. More or less
    anything else should be happy with userPassword attribute. If all your
    Windows clients are 2000 and newer, Kerberos in combination with Cyrus
    SASL might save you there (depending on your actual configuration, and
    what really you want/need to implement). Either have Windows side
    authenticate against Unix-side Kerberos server, or have slapd use
    Windows side Kerberos server to authenticated against Active Directory
    domain (use {SASL}username@KRB-REALM.COM as value for userPassword
    attribute). Works both way.

    If you don't like fiddling with LDIF files in vi editor, use GUI tools
    such as gq, jxplorer, and/or ldapbrowser (there are probably others).
    Those are general purpose tools (basically GUI versions of
    ldapsearch/add/modify), however they do the job fairly well. The only
    thing Fedora folks might do, IMHO, is to include one of them into
    distribution (probably gq, since jxplorer and ldapbrowser are Java
    applications, and they don't work with gcj, or at least I couldn't get
    them to work with anything but Sun's Java).

    Want something more custom made for your installation (rather than
    general tools)? There are easy to use Perl and PHP LDAP modules that
    will let you develop whatever interface for managing users you might
    wish. You type add_user.pl, and script sets up user in LDAP database
    whatever way you want. 

    -- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: antonio montagnani: "Re: FC3:Up2date icon frozen"

    Relevant Pages

    • Re: DoveCot vs Cyrus-Imapd Performance
      ... >> to become the standard if they just shipped something that came up ... LDAP server. ... > Windows implementations are not compatible with more or less anything. ... > Windows side Kerberos server to authenticated against Active Directory ...
      (Fedora)
    • Re: getting rid of reset disc
      ... Assign all new passwords to all accounts and password protect your BIOS. ... Go through this list and secure your PC. ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Attack From Registry Cleaner
      ... MS-MVP Windows Shell/User ... >> why you should understand and utilize good passwords. ... >> Why you should use a computer firewall.. ... >> The system restore feature is a new one - first appearing in Windows ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: i hate HACKERS
      ... > If english is not your native language, might I suggest one more suited to ... > - Have you regularly changed your passwords and made sure they are strong ... > I'll mainly work around Windows XP, as that is what the bulk of this ... > Why you should use a computer firewall.. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Destroy, Corrupt, Permanently Delete Remote Instructions, please.
      ... > and notebooks) running Windows XP Pro and Windows 98SE. ... > internet and undoubtedly, collecting all available information. ... If you were to do everything on this list of TIPS and have a firewall router ... your computer and change all of your passwords to something ...
      (microsoft.public.windowsxp.work_remotely)