DoveCot vs Cyrus-Imapd Performance

Aleksandar Milivojevic amilivojevic at pbl.ca
Mon Jan 17 15:31:59 UTC 2005 

Les Mikesell wrote:
> The problem is that I want to be able to install my next hundred
> boxes running an assortment of OS versions that I don't know
> about yet, and have them find whatever attributes they need
> already available.  I don't want to have to tweak the server
> every time I add a new service.  In fact I want it to work without
> the person adding a new box/service having access to modify the
> LDAP server.

For most part, various components will use same attributes, so it will 
be usually easy to integrate new stuff with LDAP database.  However, 
having static LDAP setup, that you can put in place and forget about is 
kind of unrealistic.  LDAP is extensible, and that is what is great 
about it.  It comes with a price.  If nothing else, you might want to 
extend it and add attributes specific to your company/environment. 
There's no way to standardize those, unless each and every imaginable 
bussiness starts to be managed in *exactly* the same way (to the last 
tiny bit of detail).  Something that isn't going to happen.

>>You want to add Sendmail LDAP mail routing for 
>>that user, add inetLocalMailRecipient to list of his objectClass(es), 
>>and add attributes such as mailLocalAddress or mailRoutingAddress.  You 
>>don't create separate tree for every service that needs to store data 
>>about user.  You add object classes needed to describe user to his 
>>objectClass attribute, and than you add service specific attributes.
> 
> But isn't this already well enough understood to just be included
> in one standard format? 

Well it is.  Hower (some of the) data that one implementation of some 
service can use, might be unusable by another.  Both can be perfect 
implementations of a protocol as defined by RFC.  But both will have 
specific additional features to make your life easier.  For example, 
something that is trivial to implement in Sendmail, might not be easy 
job for Postfix.  Or vice versa.

> I don't really want to know that I'm modifying things in LDAP to
> add a user or change a password.  The tool that adds users should
> do all the grunge work. If it needs to store the password in
> 3 different format to work, it should do it.  I think there are
> such tools - the problem is that there is more than one and they
> probably don't all interoperate.

> No, I don't want a custom tool - I don't want to need a custom tool.
> I want a stock schema that provides all the attributes that all the
> tools in the base distribution know how to use, and a standard tool
> that populates them.  Anything else seems as bizarre as having to
> decide on your own fields and layout of the passwd file before you
> could add any users.  What is it about LDAP that has kept it from
> being standardized years ago?

It is hard to standardize on something extensible.  Anybody (including 
you and me) can add custom attributes and extend standard schemas.  A 
tool that would be used for managing users, would need to be extendible 
too.  It's far more complex that adding a line to /etc/passwd.

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

More information about the fedora-list mailing list