bh: doc/architecture server.sgml,1.37,1.38

cvs at kolab.org cvs at kolab.org
Wed Aug 9 14:55:46 CEST 2006 

Author: bh

Update of /kolabrepository/doc/architecture
In directory doto:/tmp/cvs-serv11300/architecture

Modified Files:
	server.sgml 
Log Message:
Add section with a description of the ldap changes between versions 2.0
and 2.1 of the Kolab server


Index: server.sgml
===================================================================
RCS file: /kolabrepository/doc/architecture/server.sgml,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -d -r1.37 -r1.38
--- server.sgml	1 Aug 2006 16:21:09 -0000	1.37
+++ server.sgml	9 Aug 2006 12:55:43 -0000	1.38
@@ -685,6 +685,227 @@
 <para>Further attributes can be easily added to the object class as the project advances and
  other requirements are identified.</para>
 </sect2>
+
+<sect2><title>LDAP-Changes for Kolab Server 2.1</title>
+  <para>
+    This section describes the changes in the LDAP structure that have
+    been made between version 2.0 and 2.1 of the Kolab server.  The main
+    difference between the two versions is the support for multiple
+    email-domains.  The implementation of that feature in Kolab is
+    relatively simple and the LDAP changes to accommodate this feature
+    have been kept to a minimum.
+  </para>
+
+
+  <sect3><title>Multidomainsupport</title>
+    <para>
+      Multidomainsupport affects the following places in the LDAP
+      structure immediately:
+    </para>
+    <itemizedlist>
+      <listitem>
+	<para>
+	  The domains the kolab server is responsible for.
+	</para>
+	<para>
+	  All domains are listed in the Kolab configuration object (dn:
+	  k=kolab,<base-dn>) in the attribute postfix-mydestination
+	  postfix-mydestination defines which domains the postfix MTA is
+	  reponsible for.
+	</para>
+      </listitem>
+
+      <listitem>
+	<para>
+	  Domain-maintainers
+	</para>
+	<para>
+	  Domain-maintainers are internal Accounts which have basically
+	  the same permissions as maintainers, with the exception that
+	  they only have access to a subset of the domains of the Kolab
+	  server.  To which domains a domain-maintainer has write access
+	  to is defined by the domain objects.
+	</para>
+	<para>
+	  There is one domain object for each domain and is represented
+	  by an LDAP entry under 
+	  <programlisting>
+            dn: cn=domains,cn=internal,<base-dn>
+            cn: domains
+            objectClass: top
+            objectClass: kolabNamedObject
+	  </programlisting>
+	  with the following structure:
+	  <programlisting>
+            dn: cn=<domain>,cn=domains,cn=internal,<base-dn>
+            objectClass: top
+            objectClass: kolabGroupOfNames
+            cn: <domain>
+	  </programlisting>
+	</para>
+
+	<para>
+	  The members of this kolabGroupOfNames are the
+	  domain-maintainers who have access to the accounts of this
+	  domain.
+	</para>
+	<para>
+	  Since "members" is a MUST attribute of kolabGroupOfNames, at
+	  least one member has to be given.  In a standard Kolab
+	  installation this is the manager accout (dn:
+	  cn=manager,cn=internal,<base-dn>).
+	</para>
+	<para>
+	  Kolab's web-admin interface creates the domain objects when
+	  the first domain maintainers are defined.
+	</para>
+	<para>
+	  Every domain-maintainer is an LDAP-objekt of the form:
+	  <programlisting>
+            dn: cn=<CN>,cn=internal,<base-dn>
+            objectClass: top
+            objectClass: inetOrgPerson
+            objectClass: kolabInetOrgPerson
+            sn: <SN>
+            cn: <CN>
+            userPassword:: <pwd>
+            uid: <uid>
+	  </programlisting>
+	</para>
+	<para>
+	  Like maintainers and admins, domain-maintainer are members of
+	  a special kolabGroupOfNames:
+	  <programlisting>
+	    dn: cn=domain-maintainer,cn=internal,<base-dn>
+            cn: domain-maintainer
+            objectClass: top
+            objectClass: kolabGroupOfNames
+	  </programlisting>
+	</para>
+	<para>
+	  In a stand kolab installation, the only member of this group
+	  is the manager account.
+	</para>
+	<para>
+	  Domain-maintainers are only used by kolab's web-admin
+	  interface.  Installation that use some other means to
+	  administrate the server may ignore domain-maintainers.
+	</para>
+	<para>
+	  Which accounts, distribution lists, etc. belong to which
+	  domain is described in the sections below.
+	</para>
+      </listitem>
+    </itemizedlist>
+  </sect3>
+
+  <sect3><title>Associating Accounts with Domains</title>
+    <para>
+      A kolab account belongs to the domain that is used as the domain
+      of its primary email address, that is, the value of the "mail"
+      attribute.
+    </para>
+  </sect3>
+
+  <sect3><title>Distributionlists</title>
+    <para>
+      In Kolab server 2.1, the CN of a distributionlist is its
+      email-address.  In version 2.0 it was only the local part of the
+      email-address (the part before the @).  This was changed in 2.1 to
+      make it possible to have multiple distribution lists with the same
+      local names in different domains.
+    </para>
+    <para>
+      A distributionlist belongs to the domain that is used as the
+      domain in the value of the "mail" attribute.
+    </para>
+  </sect3>
+
+  <sect3><title>Resource Manager</title>
+    <para>
+      The attribute kolabEncryptedPassword is no longer used in version
+      2.1.  In Kolab Server 2.0 it was used by the resource manager to
+      have write access to the calendar folders of resource and group
+      accounts.  In 2.1 the resource manager always uses the calendar
+      user for this.
+    </para>
+  </sect3>
+
+  <sect3><title>Shared Folders</title>
+    <para>
+      The object class kolabSharedFolder has two new attributes:
+    </para>
+    <variablelist>
+      <varlistentry><term>kolabFolderType</term>
+	<listitem>
+	  <para>
+	    Defines the value of the IMAP annotation "folder-type" as
+	    used for the resource folders of normal kolab accounts.
+	    More details about this attribute can be found in the file
+	    kolab2.schema shipped with Kolab server 2.1.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry><term>alias</term>
+	<listitem>
+	  <para>
+	    This attribute is not used yet by Kolab.
+	  </para>
+	</listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>
+      Furthermore, just as for distributionlists, in Kolab version 2.1
+      the domain is now part of the CN aufgenommen.  Instead of simply
+      <foldername> as in 2.0, it's now <foldername>@<domain>.
+    </para>
+
+    <para>
+      The domain given in the CN is the domain to which the shared
+      folder belongs.  Note that this is different from to accounts and
+      distributionlists where the domain is taken from the "mail"
+      attribute.
+    </para>
+  </sect3>
+
+  <sect3><title>Postfix Relayport</title>
+    <para>
+      The kolab configuration object (dn: k=kolab,<base-dn>) has a
+      new attribute, postfix-relayport.  This is the port of the
+      relayhost for the postfix MTA.  This attribute is used in
+      main.cf.template.
+    </para>
+  </sect3>
+
+  <sect3><title>Other schema changes</title>
+    <para>
+      The object class kolabInetOrgPerson has a new attribute
+      kolabComment.  This is not used yet in Kolab.
+    </para>
+    <para>
+      The following attribute have been explicitly marked as "single
+      value":
+      <programlisting>
+	kolabFreeBusyFuture
+	kolabFreeBusyPast
+	kolabHomeMTA
+	kolabVacationBeginDateTime
+	kolabVacationEndDateTime
+	kolabVacationResendInterval
+	kolabVacationReplyToUCE
+	kolabForwardKeepCopy
+	kolabForwardUCE
+	postfix-enable-virus-scan
+	postfix-allow-unauthenticated
+	cyrus-autocreatequota
+	cyrus-imap
+      </programlisting>
+    </para>
+  </sect3>
+</sect2>
+
+
 </sect1>
 
 <sect1><title> Postfix Mail Server </title>

More information about the commits mailing list