[Kolab-devel] Modifying the LDAP user representation for a distributed Kolab server system?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Tue Jul 29 20:42:19 CEST 2008


Gunnar Wrobel wrote:
> I'd like to know if people feel it makes sense to allow for such
> splitted Kolab server setups. As far as I can see this would require
> additional settings comparable to "kolabHomeserver" in the LDAP schema
> for a Kolab user. There is already "kolabHomeMTA" in the schema but it
> is currently unused.
>   
Great!

In 2006 in installed a kolab infrastructure of more than 16 hosts and 
was quite difficult to have all the different components separated.

That's a great idea, it can make Kolab very useful for enterprise 
deployments drammatically reducing the TCO of the infrastructure project 
buildup and maintenance.


Even if could be more difficult from a design point of view, it could be 
even really cool to introduce the splitting of the data available inside 
the ldap directory.

For example keeping the passwords outside the slave ldap servers in 
order to save the security of the system (avoid that a single server in 
branch office, with a local compromise with offline data recovery 
causing a strong data loss) could cause the failure of the security of 
the whole identification infrastructure.

A cool approach could be to use LDAP referral for the password field:
http://www.openldap.org/doc/admin24/referrals.html

What do you think about it?

Regards
Fabio




More information about the devel mailing list