What I'm Doing With LDAP

From Superk

Jump to: navigation, search

Over the past month or so, I have been working on building some LDAP-centric networking applications. Well, not building, but implementing. It has been a learning process and has a long way to go, but here is my current work in progress.

About a month ago, I found an article in Linux Journal Magazine that described the process in using free open source applications to develop a fully functional enterprise class email system using LDAP as the backend for holding user accounts and authentication credentials. The article suggested a system using a combination of RedHat, Postfix, Procmail, OpenLDAP and Courier-IMAP applications.

This article inspired me to attempt such an implementation myself for our company as we are currently using (make that underutilizing) IBM Lotus Domino/Notes configuration that is far too large and expensive for our simple needs. While Lotus Domino/Notes offers some really excellant features that are extremely useful, they can only be justified if they are actually being used. In our company of less than 50 people, we generally only use basic email and maybe calendaring functions which is far from the full extent of what Domino/Notes was designed to accomodate. Just recently we implemented a public calendar for the company inside Domino that allows for anyone in the company to display their own schedule as well as identify other's schedules who may impact their own work. This feature has been well received and used often.

Because of these features and their utilization in Lotus' products within our company, I find it is important to find a similar solution to match these basic functions in a new and far less costly configuration. I have a need for basic email with folders and the ability to be centerally located and backed up - IMAP. I must have flexibility and scalability in my account creation and maintenance that is also centrally located and fairly portable - LDAP. Finally I have a strong desire (if not a need) to continue using collaborative calendaring - not sure what will supply this feature yet! As you can see already, this is a work in progress.

So began the implementation. I'm developing this solution within a Debian 3.0 environment (also a new adventure to me as I've never used Debian before!). I'm using Debian because of the good news I've heard about it's stability along with it's fantastic package management using apt. So far I'm fairly impressed though up-to-date versions of key software are sacraficed for stability in older, more mature versions. I would have preferred some slightly newer versions of programs in the apt database, but for this trial, the older packages suffice. I also opted to use Postfix - again due to the good news I had heard of the product as well as the fact that it was the product used in the original Linux Journal article. I have been nothing but happy with Postfix to this day. It's configuration is simple and it's features powerful.

At this point I'm using Courier-IMAP rather tentatively. While I have heard somewhat more impressive things about the Cyrus IMAP server, Courier appears to be easier to integrate with my configuration (especially LDAP). Perhaps with further research and reading, this choice will change. At this point, Courier-IMAP integrates very well and provides all the basic functionality I need. I have implemented sqWebMail (the Courier webmail package) that also works flawlessly with my IMAP services. However, I have not been able to successfully get the beta calendaring functions of sqWebMail to work yet.

LDAP has been the virtual backbone of the whole configuration and has impressed me to no end. As I work to implement the OpenLDAP configuration on my test system, I continue to learn more and more uses for the LDAP directory and protocol that are offering a wealth of posibilities for this small project to grow into the heart of a new network in the future. In addition to authenticating IMAP users and directing SMTP mail to the proper mail user, I have found it is worthwhile to also implement system authentication as well. I can't say this has been a smooth learning curve, but at this point it seems to work fairly well. Using nsswitch for most basic authentication and PAM for some specialized services like SSH, my LDAP directory proves to be an ideal central account directory.

I see a bright future for LDAP in my network implementations including using it as a replacement for other more expensive directory services such as the proprietary Windows Active Directory or Novell's NetWare Directory Services. It is my hope to create other network objects in addition to basic users such as network printers, NFS and Samba shares, server and organization identification, etc. The possibilities are impressive to say the least.

While this offers only a broad glimpse of what I have been working on, it should provide a good history to build both this site on as well as inspire others to build their own LDAP-centric network systems. Hopefully you will also have some comments to add to this article to inspire and offer new ideas to me and anyone else who reads.

Retrieved from "http://www.superk.org/index.php/What_I%27m_Doing_With_LDAP"
Personal tools