LDAP seems like a good mechanism to control and configure domains, and mailboxes remotely, and could be a step in the direction towards having a web interface. Here is a brief spec of what I think it should look like.
- It must be written in ruby, using the code in Symbiosis::Utils (etc) when setting/unsetting attributes.
- The LDAP server run as non-root, with child processes changing privs to the correct user ID on login.
- "Real" unix users can have full read/write control over all their domains, presented as a tree, e.g.
| |- dc=domain,dc=com | |- ou=config, dc=domain, dc=com | | |- antispam = true | | |- antivirus = true | | \- etc | | | |- ou=mailboxes, dc=domain, dc=com | \- ou=public, dc=domain, dc=com | |- dc=domain,dc=net \- dc=domain,dc=org
- Non-real users should have read/write control over their mailbox / ftp login as needed (i.e. to change passwords, principally).
- Should this need a custom schema, it should resemble an existing schema as far as possible (e.g.inetOrgPerson for mailboxes) such that we stick to our principal of "least surprise".
- All changes should be immediate -- i.e. the directory should exactly resemble the data on disc.