LDAP Integration

LDAP seems like a good mechanism to control and configure domains, and mailboxes remotely, and could be a step in the direction towards having a web interface. Here is a brief spec of what I think it should look like.

  • It must be written in ruby, using the code in Symbiosis::Utils (etc) when setting/unsetting attributes.
  • The LDAP server run as non-root, with child processes changing privs to the correct user ID on login.
  • "Real" unix users can have full read/write control over all their domains, presented as a tree, e.g.
     |
     |- dc=domain,dc=com
     |     |- ou=config, dc=domain, dc=com
     |     |     |- antispam = true
     |     |     |- antivirus = true
     |     |     \- etc
     |     |
     |     |- ou=mailboxes, dc=domain, dc=com
     |     \- ou=public, dc=domain, dc=com
     | 
     |- dc=domain,dc=net
     \- dc=domain,dc=org
    
  • Non-real users should have read/write control over their mailbox / ftp login as needed (i.e. to change passwords, principally).
  • Should this need a custom schema, it should resemble an existing schema as far as possible (e.g.inetOrgPerson for mailboxes) such that we stick to our principal of "least surprise".
  • All changes should be immediate -- i.e. the directory should exactly resemble the data on disc.