[Kolab-devel] Modifying the LDAP user representation for a distributed Kolab server system?

Gunnar Wrobel wrobel at pardus.de
Tue Sep 30 06:34:11 CEST 2008


Quoting Bernhard Reiter <bernhard at intevation.de>:

> On Friday 15 August 2008 06:41, Gunnar Wrobel wrote:
>> Quoting Bernhard Reiter <bernhard at intevation.de>:
>> > On Tuesday 29 July 2008 14:05, Gunnar Wrobel wrote:
>> >> Inventing a new Kolab user LDAP attribute for each and every service
>> >> of the Kolab server to support such splitting seems like an overhead
>> >> and people did not like the suggestion too much.
>> >>
>> >> So let me suggest an alternative by using the existing
>> >> "kolabHomeserver" attribute. Would it be okay to extend its syntax to
>> >> allow for several settings like:
>> >>
>> >>   "example.org"
>> >>   "MTA:smtp.example.org"
>> >>   "IMAP:imap.example.org"
>> >>   "FreeBusy:fb.example.org"
>> >>
>> >> The default would be the entry without "prefix:" but it would be
>> >> possible to provide redirects for specific services.
>> >
>> > This looks quite ugly to me. Somehow inventing more parsing within
>> > an LDAP attribute really feel wrong to me.
>> > So if we need the attributes, we can for sure come up with enough for
>> > them.
>>
>> Okay, I agree with the parsing thing.
>>
>> > I am not sure that we need it per user, though.
>>
>> p at rdus does :) If you have an array of IMAP servers behind an MTA
>> layer the MTA layer should actually know which IMAP server to deliver
>> to. And that is per user. I know this is not possible with
>> Kolab2/OpenPKG at the moment but such distributed setup are feasible
>> with Kolab.
>
> Ah, you also want to split up below one homeserver.
> Of course, if you want to do this, it needs to be saved somewhere.
> For most deployment I would normally recommend having one imap server (which
> can be a cluster) per homeserver. It does not hurt to have one MTA per IMAP
> server and might help in many situations. I guess this is why I did not get
> the idea.

Created a bug for the additional "kolab*Server" entries in the kolab schema:

https://www.intevation.de/roundup/kolab/issue3088

>
>> > For the user, most should be transparent (means: not visible).
>>
>> The admin sets this stuff in the web admin frontend. It should
>> obviously not be editable by the user as this concerns the server
>> infrastructure and is no user setting.
>>
>> > This is why I am also against putting anything server specific in the
>> > login information. This could change during the lifetime of an account.
>>
>> Login information? Sorry, didn't understand this comment. Can you clarify?
>
> I believe I've refered to the upcoming point where I saw "USER:PASS at SERVER"
> and I wanted to outrule this as part of an LDAP entry.
>>
>> >> If I consider the point Bernhard mentioned recently concerning
>> >> splitted IMAP storage per user it might also make sense to have a
>> >> syntax like
>> >>  "imap://USER:PASS@SERVER"
>> >
>> > For what in particular?
>> > The splitted IMAP storage will only be known the the user's client
>> > mostly.
>>
>> So the user would set the storage spaces in Kontact and in the Kolab
>> web client again?
>
> Yes.
> Even if we find a desired way of saving client configuration on one server
> somehow.
>
>> Storing that in LDAP would remove this redundancy or not?
>
> It would, but it would also defeat the security aspect of the idea.
> If you have server A and server B, you would not want admin of server
> A to be able to log into server B to have some separation. :)
> So putting credentials in the directory service of server A
> is not that helpful.
>
>
>
> --
> Managing Director - Owner: www.intevation.net       (Free Software Company)
> Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the devel mailing list