[Kolab-devel] Modifying the LDAP user representation for a distributed Kolab server system?
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Tue Jul 29 20:42:19 CEST 2008
Gunnar Wrobel wrote:
> I'd like to know if people feel it makes sense to allow for such
> splitted Kolab server setups. As far as I can see this would require
> additional settings comparable to "kolabHomeserver" in the LDAP schema
> for a Kolab user. There is already "kolabHomeMTA" in the schema but it
> is currently unused.
>
Great!
In 2006 in installed a kolab infrastructure of more than 16 hosts and
was quite difficult to have all the different components separated.
That's a great idea, it can make Kolab very useful for enterprise
deployments drammatically reducing the TCO of the infrastructure project
buildup and maintenance.
Even if could be more difficult from a design point of view, it could be
even really cool to introduce the splitting of the data available inside
the ldap directory.
For example keeping the passwords outside the slave ldap servers in
order to save the security of the system (avoid that a single server in
branch office, with a local compromise with offline data recovery
causing a strong data loss) could cause the failure of the security of
the whole identification infrastructure.
A cool approach could be to use LDAP referral for the password field:
http://www.openldap.org/doc/admin24/referrals.html
What do you think about it?
Regards
Fabio
More information about the devel
mailing list