Re: create_homedir 0.1 -- Comments requested

[Wil C. <wc...@na...>]

Also Sprach Joe Cooper:
>=20
> I haven't mapped out all of the data that will go into LDAP yet, but I=20
> expect quite a lot of it will--for the first 'useful' version I'd like=20
> to simply do things in the traditional way (with a few additions):=20
> Apache virts, BIND records in normal flat-files, users in the flat-file=
=20
> passwd, and Sendmail/Postfix aliases set up also in a flat-file.

For the users & aliases, it should be fairly trivial to interface
with LDAP--You just enable LDAP in /etc/nsswitch.conf and run
'getent' (assuming you're using a Linux/glibc-based system) and
you've got your files.  The Apache virts and BIND stuff would
be more difficult, but probably not terribly hard.  I don't even
configure Apache anymore for virtual hosts; I use mod_vhost_alias
and mod_rewrite and it's done; this works for all but about 3%
of our clients.  For BIND, I basically share one zone file between
all zones, so when I have to renumber or change something, I have
fewer changes to make.  That shouldn't be hard to do in LDAP either.


>=20
> For performance reasons and easier maintainability and mobility (because=
=20
> we'll hopefully be managing quite large hosting environments from a=20
> single master server) I'd like to be able to freely migrate between=20
> flat-files and a database back-end, and LDAP is a quite suitable form of=
=20
> database for this purpose.  It will be more than user information, but=20
> that's a good start--we'll be attaching to each username (where=20
> username=3D=3Dhosting customer name) virtual host info for all of their=
=20
> sites, DNS info, mail aliases, backup schedule and targets, monthly=20
> recurring service costs, maintenence schedule, redundancy and failover=20
> rules, /their/ virtual customers, etc.
>=20
> It's all very complicated, and I haven't enough hours in the day to even=
=20
> get a start on this stuff, but it'll happen sometime...

Yeah, I can imagine.  I've been meaning to take a look at similar
stuff myself for a while.  Getting users & groups out of flat files
and into LDAP is a big first step (I've set it up before at other
companies, but before I've managed those things directly.  Now I have
other people who will be managing it, so I need a easier interface
than GQ or LDAP_Explorer for them.)  I'm hoping to actually be able
to consolidate some of our existing accounting functions with LDAP,
although I suspect our accounting software won't handle it.

Wil
--=20
W. Reilly Cooley                           wc...@na...
Naked Ape Consulting                        http://nakedape.cc
irc.linux.com                             #orlug,#pdxlug,#lnxs

"There was a vague, unpleasant manginess about his appearence; he somehow
seemed dirty, though a close glance showed him as carefully shaven as an
actor, and clad in immaculate linen."
-- H.L. Mencken, on the death of William Jennings Bryan