ISPConfig & LDAP

Discussion in 'Feature Requests' started by SamTzu, Mar 22, 2008.

  1. SamTzu

    SamTzu Member HowtoForge Supporter

    I understand that this request is not easy to implement, BUT...
    It is in my opinion the ONLY right way for us to go.

    Many people use DataBases (DB) to handle authentication because it is an easy way to do it. It was never designed to do this and will eventually cause problems later on down the road. Lightweight Directory Access Protocol (LDAP) can be difficult to set up correctly and there are too many different ways to do it.

    The good thing about this is that we would not have to start from nothing.

    I hesitate to suggest this, BUT the easy way to do this would be to integrate Zimbra with ISPConfig. Zimbra is a HEAVY duty mail server that comes with LDAP, MySQL, Tomcat, Ajax, Java & etc. implementations. There would be no need to learn and implement a new LDAP system that integrates with mail system that use MySQL.

    In my opinion (+10 years in business) this is the best way to significantly improve ISPConfig while keeping the load on the good people who code this software to minimum.

    I look forward to your opinions on the matter.
    I belive we all need this one.

    Sami Mattila
    http://www.matttila.eu
     
    Last edited: Mar 22, 2008
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    ISPConfig 3 will use MySQL for authentication. We decided that we will not use ldap as it is much too complicated to setup for most users.

    Please read the zimbra licence, it is not really open source even if they have a so named open source version. Additionally, using a project like zimbra as basis for ISPConfig is not an option for me as this would limit ISPConfigs functionality too much.
     
  3. SamTzu

    SamTzu Member HowtoForge Supporter

    I thought that Zimbra was an OpenSource project?


    How about just "copying" the zimbras-ldap module to make one for us?

    Even Joomla project has finally managed to "support" ldap authentication. (v1.5)
    Joomla has been notoriously bad with authentication because their CMS comes from Publishing sector that has never cared about such things.
    We could just go that way. Not really adding anything in ISPConfig execpt the "support" for external ldap queries.

    I don't see any way around this. The longer we wait with this the more it will hurt us when the circumstances force us to support ldap.

    Sam
     
    Last edited: Mar 29, 2008
  4. binaryrogue

    binaryrogue New Member

    Without LDAP, you will lose many users... including myself.
     
  5. binaryrogue

    binaryrogue New Member

    Are there any ISPConfig alternatives that supports LDAP? I hate to leave ISPConfig because it's great.
     
  6. SamTzu

    SamTzu Member HowtoForge Supporter

    I have looked, but so far ISPConfig is the best. (Even without LDAP)
    Perhaps someone who knows openLDAP well could give ISPConfig people a hand?

    It doesnt have to be perfect if its an "option" :)
     
  7. telcontarius

    telcontarius New Member

    I believe from Till's reply that its not that they can't, it's that they don't want to use LDAP. I can't see how this can become an Enterprise-level system (e.g. a FOSS replacement for commercial products like CPanel et al) if it doesn't support distributed authentication using LDAP.

    I also wish it'd support multiple backends. Courier isn't really a very good imap server; both cyrus and dovecot are superior, yet neither seems supported with ISPConfig 3.
     
  8. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    No. Its not that we dont want it, just I will not implement it as primary authentication source at the moment. If someone who is familar with LDAP is willing to implement it as additional Authentication source, we will add it in the main distribution.

    Generally, ISPConfig 3 supports any IMAP or POP§ daemon that is able to authenticate against a SQL server. Just the installer of current Beta writes only config files for Courier, thats all. The current Beta also supports just debian and ubuntu, this does not mean that it will not support other distributions in the finel version ;)

    By the way guys, if you complain about missing features or that I dont implement this or that, sit down and start coding and I will intergrate it in the main distribution. I'am not able to write the code for everything alone if you want to see all features soon. I start with the most requested and common featues.
     
  9. telcontarius

    telcontarius New Member

    Ok, that's a different matter then. I said that because two months ago you wrote "We decided that we will not use ldap as it is much too complicated to setup for most users."

    Ok. So more advanced features such as support for shared folders (cyrus) would also have to be implemented, right?


    I don't currently have a debian or ubuntu testing box available. I wanted to download the VMWare image from your other post but it's from 2005. Is a newer version of the image available?

    -- tel
     
  10. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes. But in opposite to ISPConfig 2, ispconfig 3 is modular and such application specific features can be implemented by writing a small plugin.

    http://www.howtoforge.com/forums/showthread.php?t=22788
     
  11. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Yes. But in opposite to ISPConfig 2, ispconfig 3 is modular and such application specific features can be implemented by writing a small plugin.

    http://www.howtoforge.com/forums/showthread.php?t=22788
     
  12. SamTzu

    SamTzu Member HowtoForge Supporter

    I'm happy to see so many taking part in the discussion.
    I wish I had the knowledge to help with the code but, alas...
    I'm a mere admin/nerd not coder/nerd. (nerdadd? nerdcod? :))

    It would be great if someone who knows ldap and can code could help you guys.

    Keep the faith. Some1 will show up. I'm sure.
     
  13. torusturtle

    torusturtle ISPConfig Developer ISPConfig Developer

    ldap Feature request

    ldap support would be great.
    It would help me to centralize customer information.

    I have created a feature request.
    Feel free to add comments or even take the programming lead.

    Feature #911
     
  14. SamTzu

    SamTzu Member HowtoForge Supporter

    Philosofy of Leadership

    I read from Linux magazine about the Creator of PHP.

    Why was he wasting his time offering free support to all those companies who used his code? He eventually just got fed up of all the support requests from hundreds of companies (like Oracle) and decided that from that moment onwards those people who were crying about PHP/Oracle support were in charge of PHP/Oracle code :)

    I think Rasmus called it 'Creative Anarchy' = ie. Those who do, are in charge => Conclusion, Those who take charge (or are given responsibility) do not necessarily do anything. 'Cogito ergo sum' they are not really in charge. But those who are actually willing to do something about it, they are the real leaders.

    ----------------------------------------
    I believe in ProxMox/ISPConfig/Joomla
    :rolleyes:
     
  15. miththu

    miththu New Member

    Are there any ISPConfig alternatives that supports LDAP? I hate to leave ISPConfig because it's great.
     
  16. binaryrogue

    binaryrogue New Member

    I am also waiting patiently for LDAP support and hopefully it will get implimented in the future!

    Since ISPConfig is such a great hosting panel regardless of LDAP, I choose to stay with it.

    I found a few articles on how it's possible to sync MySQL username/password with LDAP but it's not all there yet.. If some one has any idea, let us know!
     
  17. SamTzu

    SamTzu Member HowtoForge Supporter

    I have been thinking about that too. Being able to sync MySQL <=> LDAP <=> AD would be a great invention that would solve many problems.
     
  18. SamTzu

    SamTzu Member HowtoForge Supporter

    I have been looking in to the LDAP in Linux and I must say it sucks (compared to AD.) Only one of the distro's that has a decent implementation in Linux is OpenSUSE. I'm reluctant to use OpenSUSE/Novel and would much rather see Ubuntu/Canonical make a working system but alas no. They have dropped the ball when it comes to LDAP. This is sad and one of the major reasons corporations are still using RedHat/CentOS/Fedora. Debian/Ubuntu should get their act together and soon. In the mean time we still waiiittttt......
     

Share This Page