[Kolab-devel] Multi-domain support, request for ideas

Buchan Milne bgmilne at obsidian.co.za
Fri May 27 09:55:21 CEST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dieter Kluenter wrote:
> Hi,
> 
> Steffen Hansen <steffen at klaralvdalens-datakonsult.se> writes:
> 
> 
>>Hi.
>>
>>Multi-domain support in Kolab is a much requested feature. It is 
>>possible to extend the current Kolab server to support users with email 
>>addresses in different domains with too much trouble, but all the users 
>>will still be in one bag so to speak.
>>
>>A proper solution with separate distribution lists, users, maintainers 
>>etc. for each domain requires a change to the layout of the LDAP tree. 
>>I would imagine a subtree for each domain where each such subtree looks 
>>like what we have currently. But there might be other changes too.
> 
> 
> If you are going to redesign the LDAP tree structure, I would vote for
> a structure that would easily allow additional subtrees i.e. samba,
> something like
> 
> dc=myDomain,dc=tld
> cn=Administrators,dc=myDomain,dc=tld
> cn=kolabObjects,dc=myDomain,dc=tld
> cn=internal,cn=kolabObjects,dc=myDomain,dc=tld
> cn=firstMaildomain,cn=kolabObjects,dc=myDomain,dc=tld
> cn=kolabUsers,cn=firstMaildomain,cn=kolabObjects,dc=myDomain,dc=tld
> ...
> cn=sambaObjects,dc=myDomain,dc=tld
> cn=sambaHosts,cn=sambaObjects,dc=myDomain,dc=tld
> cn=sambaUsers,cn=sambaObjects,dc=myDdomain,dc=tld
> 
> The 'seeAlso' attribute may be used to point to identical Users.

I don't really see the need for this ... and in fact the version of
Kolab Mandriva ships allows having Kolab users be Samba users.

LDAP search filters are sufficient to be able to distinguish between
entries that are or are not sambaSAMAccounts, usually the benefit of
subtrees is in convenient access controls (instead of seperating
attributes by type).

Just my R0.12 ...

BTW, regarding Stephan's suggestion regarding "per-domain" maintainers,
our default slapd.access.conf (intended for posix/samba/address book -
not Kolab) may be of interest:

http://cvs.mandrakesoft.com/cgi-bin/cvsweb.cgi/SPECS/openldap/slapd.access.conf?rev=1.8&content-type=text/x-cvsweb-markup

(For samba, the accounts used by samba on the domain contollers are the
DNs that usually end up adding/modifying users ... either via User
Manager for Domains, or smbldap-tools).

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng          RHCE (803004789010797),LPIC-1 (LPI000074592)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCltJprJK6UGDSBKcRArzzAKC4u1mN8K2zN5Aox0+DLqSEnHvC0QCfVeyA
+oTyqCNVc5FKs6yldu5vx8A=
=F60I
-----END PGP SIGNATURE-----

More information about the devel mailing list