OPEN-XCHANGE
You are here: Community > Mailinglist
General Links
 Download
Help
freshmeat.net
[OX General] some basis setup questions

Peter Schober peter.schober at univie.ac.at
Mon Apr 10 15:02:52 CEST 2006 

AArobert,

* Robert Penz <Robert.Penz at hitt.at> [2006-04-10 10:35]:
> 0. what should I use as base for ldap?
> 
> for the test system i used: dc=ox,dc=hitt,dc=at.
> But I can't say why its good or bad. Would be dc=hitt,dc=at or
> dc=hitt alone be better?

both are fine technically and according to RFC 2247.

do you think it's possible some other DSA might be installed in the
future that might collide with this one?

if it's likely that the DSA you're using for OX will be the only (or
rather the authoritative) one (in your oraganization) I would use just
"dc=hitt,dc=at" (you'll probably have an ou=OxObjects container in
there anyway unless you change things yourself).

> 1.  if I want to use a second domain on the server. does this change
> the above question?

since (at least with OpenLDAP) there can be only one basedn per
database: no.  while you could have several databases in your DSA I
don't expect OX to handle this.

> 2. I took a look at luma as ldap client. Is it save to change stuff
> in the ldap or is that bad because the data is also stored somewhere
> else? Which data is save to change only in ldap

this depends on what you're changing. there's data that's stored in
both (the RDBMS and the DSA) and there's data that's only stored in
the DSA.

> 3. Whats the best way to define aliases? is there a ox way or is
> done only by the mta?

one could have a look at the way the OX admin interface does this.

other than that this probably depends on the MTA you're using.

see pages 136ff in this sample chapter from the O'Reilly LDAP System
Administration book (which I don't really recommend, btw) for a start:
http://www.oreilly.com/catalog/ldapsa/chapter/ch07.pdf

> 5. where can I find a list of all options I can use for adduser_ox
> and changeuserattr_ox?

did you try:

  vim adduser_ox
  adduser_ox --help

> 6. how can I change the password of an user with the *_ox command
> line tools? should I use/install resetuserpasswd_ox? is it save to
> change it with an ldap client like luma?

don't know about these OX tools but changing passwords with *anything*
(ldapmodify, luma, gq, lat, web2ldap, etc.) should be fine as long as
the used hashes are supported all components. note that RFC 2256 says:

  5.36. userPassword

   Passwords are stored using an Octet String syntax and are not
   encrypted.

so there is no standard wrt mandatory-to-implement support for hashed
passwords with LDAP, AFAIK.

> ps: I'm missing a FAQ part in the wiki, I'll add a new page to the
> wiki with the answers to my questions.

good idea. I'm not too sure of the structure (FAQ vs. different
categories for different topics) but the main idea for the wiki was
just that -- to "distill" stuff from the mailing lists. so go ahead!

cheers,
-p.schober

-- 
peter.schober at univie.ac.at - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140

More information about the General mailing list