Also Sprach Joe Cooper:
> I haven't mapped out all of the data that will go into LDAP yet, but I=20
> expect quite a lot of it will--for the first 'useful' version I'd like=20
> to simply do things in the traditional way (with a few additions):=20
> Apache virts, BIND records in normal flat-files, users in the flat-file=
> passwd, and Sendmail/Postfix aliases set up also in a flat-file.
For the users & aliases, it should be fairly trivial to interface
with LDAP--You just enable LDAP in /etc/nsswitch.conf and run
'getent' (assuming you're using a Linux/glibc-based system) and
you've got your files. The Apache virts and BIND stuff would
be more difficult, but probably not terribly hard. I don't even
configure Apache anymore for virtual hosts; I use mod_vhost_alias
and mod_rewrite and it's done; this works for all but about 3%
of our clients. For BIND, I basically share one zone file between
all zones, so when I have to renumber or change something, I have
fewer changes to make. That shouldn't be hard to do in LDAP either.
> For performance reasons and easier maintainability and mobility (because=
> we'll hopefully be managing quite large hosting environments from a=20
> single master server) I'd like to be able to freely migrate between=20
> flat-files and a database back-end, and LDAP is a quite suitable form of=
> database for this purpose. It will be more than user information, but=20
> that's a good start--we'll be attaching to each username (where=20
> username=3D=3Dhosting customer name) virtual host info for all of their=
> sites, DNS info, mail aliases, backup schedule and targets, monthly=20
> recurring service costs, maintenence schedule, redundancy and failover=20
> rules, /their/ virtual customers, etc.
> It's all very complicated, and I haven't enough hours in the day to even=
> get a start on this stuff, but it'll happen sometime...
Yeah, I can imagine. I've been meaning to take a look at similar
stuff myself for a while. Getting users & groups out of flat files
and into LDAP is a big first step (I've set it up before at other
companies, but before I've managed those things directly. Now I have
other people who will be managing it, so I need a easier interface
than GQ or LDAP_Explorer for them.) I'm hoping to actually be able
to consolidate some of our existing accounting functions with LDAP,
although I suspect our accounting software won't handle it.
W. Reilly Cooley wcooley@...
Naked Ape Consulting http://nakedape.cc
"There was a vague, unpleasant manginess about his appearence; he somehow
seemed dirty, though a close glance showed him as carefully shaven as an
actor, and clad in immaculate linen."
-- H.L. Mencken, on the death of William Jennings Bryan