some basis setup questions

Hi!

I'm currently running an ox 0.8.6 test installation. I'm
planing now to migrate to ox and I've some questions I'm
not 100% sure of. 

0. what should I use as base for ldap?

for the test system i used: dc=ox,dc=hitt,dc=at.
But I can't say why its good or bad. Would be dc=hitt,dc=at
or dc=hitt alone be better?

1.  if I want to use a second domain on the server. does
this change the above question? where do I need to define
that domain, only in adduser_ox and in the mta settings?

2. I took a look at luma as ldap client. Is it save to
change stuff in the ldap or is that bad because the data is
also stored somewhere else? Which data is save to change
only in ldap

3. Whats the best way to define aliases? is there a ox way
or is done only by the mta?

4. if I create a user mail-test, and than a aliase hans.test
--> mail-test the internal adressbook still shows
mail-testhitt.at 

5. where can I find a list of all options I can use for
adduser_ox and changeuserattr_ox?

6. how can I change the password of an user with the *_ox
command line tools? should I use/install resetuserpasswd_ox?
is it save to change it with an ldap client like luma?

Please answer also if you know only the answer for one of
the questions. thx

ps: I'm missing a FAQ part in the wiki, I'll add a new
page to the wiki with the answers to my questions.


--

Robert Penz
HITT - health information technologies tirol gmbh
Tel: +43-512-576523 - 232
Fax: +43-512-576523 - 70
email: robert.penzhitt.at

"Windows Vista" is the abbreviation for
"Windows with Viruses, Instability, 
Spyware, Trojans and Adware"



_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general

AArobert,

* Robert Penz <Robert.Penzhitt.at> [2006-04-10
10:35]:
> 0. what should I use as base for ldap?
> 
> for the test system i used: dc=ox,dc=hitt,dc=at.
> But I can't say why its good or bad. Would be
dc=hitt,dc=at or
> dc=hitt alone be better?

both are fine technically and according to RFC 2247.

do you think it's possible some other DSA might be
installed in the
future that might collide with this one?

if it's likely that the DSA you're using for OX will be
the only (or
rather the authoritative) one (in your oraganization) I
would use just
"dc=hitt,dc=at" (you'll probably have an
ou=OxObjects container in
there anyway unless you change things yourself).

> 1.  if I want to use a second domain on the server.
does this change
> the above question?

since (at least with OpenLDAP) there can be only one basedn
per
database: no.  while you could have several databases in
your DSA I
don't expect OX to handle this.

> 2. I took a look at luma as ldap client. Is it save to
change stuff
> in the ldap or is that bad because the data is also
stored somewhere
> else? Which data is save to change only in ldap

this depends on what you're changing. there's data that's
stored in
both (the RDBMS and the DSA) and there's data that's only
stored in
the DSA.

> 3. Whats the best way to define aliases? is there a ox
way or is
> done only by the mta?

one could have a look at the way the OX admin interface does
this.

other than that this probably depends on the MTA you're
using.

see pages 136ff in this sample chapter from the O'Reilly
LDAP System
Administration book (which I don't really recommend, btw)
for a start:
http://www.oreilly.com/catalog/ldapsa/chapter/ch07.pdf

> 5. where can I find a list of all options I can use for
adduser_ox
> and changeuserattr_ox?

did you try:

  vim adduser_ox
  adduser_ox --help

> 6. how can I change the password of an user with the
*_ox command
> line tools? should I use/install resetuserpasswd_ox? is
it save to
> change it with an ldap client like luma?

don't know about these OX tools but changing passwords with
*anything*
(ldapmodify, luma, gq, lat, web2ldap, etc.) should be fine
as long as
the used hashes are supported all components. note that RFC
2256 says:

  5.36. userPassword

   Passwords are stored using an Octet String syntax and are
not
   encrypted.

so there is no standard wrt mandatory-to-implement support
for hashed
passwords with LDAP, AFAIK.

> ps: I'm missing a FAQ part in the wiki, I'll add a
new page to the
> wiki with the answers to my questions.

good idea. I'm not too sure of the structure (FAQ vs.
different
categories for different topics) but the main idea for the
wiki was
just that -- to "distill" stuff from the mailing
lists. so go ahead!

cheers,
-p.schober

-- 
peter.schoberunivie.ac.at - vienna university computer
center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140

_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general

Robert Penz wrote:
> Hi!
> 
> I'm currently running an ox 0.8.6 test installation.
I'm planing now to migrate to ox and I've some questions
I'm not 100% sure of. 
> 
> 0. what should I use as base for ldap?
> 
> for the test system i used: dc=ox,dc=hitt,dc=at.
> But I can't say why its good or bad. Would be
dc=hitt,dc=at or dc=hitt alone be better?
> 
> 1.  if I want to use a second domain on the server.
does this change the above question? where do I need to
define that domain, only in adduser_ox and in the mta
settings?
>

Totally up to you, the choice of base for your LDAP tree is
completely 
independent of OX and whatever makes the most sense for your
organization.



> 2. I took a look at luma as ldap client. Is it save to
change stuff in the ldap or is that bad because the data is
also stored somewhere else? Which data is save to change
only in ldap

Many items (such as contacts/address books) are stored in
both LDAP and 
SQL databases, so use this approach with caution.

> 3. Whats the best way to define aliases? is there a ox
way or is done only by the mta?

You'd want to do this at the mta level in an aliases file
or lookup 
table.  Some mta's can pull this info from LDAP, but you
may be fine 
with a flat file like /etc/aliases

> 5. where can I find a list of all options I can use for
adduser_ox and changeuserattr_ox?

Use the --help flag to both programs.

Those are the ones I can answer. 

_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general

> if it's likely that the DSA you're using for OX will
be the only (or
> rather the authoritative) one (in your oraganization) I
would use
just
> "dc=hitt,dc=at" (you'll probably have an
ou=OxObjects container in
> there anyway unless you change things yourself).

ok thx.


>> 1.  if I want to use a second domain on the server.
does this
change
>> the above question?
> 
> since (at least with OpenLDAP) there can be only one
basedn per
> database: no.  while you could have several databases
in your DSA I
> don't expect OX to handle this.

thats no problem as we'll host only company mail addresses,
but for
congresses and that stuff we've often additional domains.

>> 2. I took a look at luma as ldap client. Is it save
to change stuff
>> in the ldap or is that bad because the data is also
stored
somewhere
>> else? Which data is save to change only in ldap
> this depends on what you're changing. there's data
that's stored in
> both (the RDBMS and the DSA) and there's data that's
only stored in
> the DSA.

I'm looking for a list what is save to change and what not


>> 3. Whats the best way to define aliases? is there a
ox way or is
>> done only by the mta?
> one could have a look at the way the OX admin interface
does this.

I'm using the gpl version

> other than that this probably depends on the MTA
you're using.

yes, I can configure that in my mta, I just thought its
better do to
that also in ox, as I can provide an domain at creating an
user on the
command line.

> see pages 136ff in this sample chapter from the
O'Reilly LDAP System
> Administration book (which I don't really recommend,
btw) for a
start:
> http://www.oreilly.com/catalog/ldapsa/chapter/ch07.pdf

will take a look at it. 

>> 5. where can I find a list of all options I can use
for adduser_ox
>> and changeuserattr_ox?
> did you try:
>   vim adduser_ox
>   adduser_ox -- help

both. adduser_ox is somewhat ok documented but
changeuserattr_ox is
not.

# changeuserattr_ox -h

Usage: /usr/sbin/changeuserattr_ox [Options]

Options:

  --username=NAME              The Username - eg. john

  --attrib=NAME                The Attribute - eg. givenName

  --value=VALUE                The new Value of the
Attribute - eg.
Miller

  --file=FILE                  If given, custom ldif File is
used for
modifying! - eg. /home/f00/bar.ldif
                               See ldapmodify for Details!

can I only manipulate attributes which are also setable in
the
adduser_ox or are there some additional?


> don't know about these OX tools but changing passwords
with
*anything*
> (ldapmodify, luma, gq, lat, web2ldap, etc.) should be
fine as long
as
> the used hashes are supported all components. note that
RFC 2256
says:

ok

>> ps: I'm missing a FAQ part in the wiki, I'll add
a new page to the
>> wiki with the answers to my questions.
> 
> good idea. I'm not too sure of the structure (FAQ vs.
different
> categories for different topics) but the main idea for
the wiki was
> just that --  to "distill" stuff from the
mailing lists. so go
ahead!


I missing a faq section most, so I'll start sharing my in
the faq this
week 




--

Robert Penz
HITT - health information technologies tirol gmbh
Tel: +43-512-576523 - 232
Fax: +43-512-576523 - 70
email: robert.penzhitt.at

"Windows Vista" is the abbreviation for
"Windows with Viruses,
Instability, 
Spyware, Trojans and Adware"


_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general

>> 1.  if I want to use a second domain on the server.
does this change
the 
>> above question? where do I need to define that
domain, only in
adduser_ox and 
>> in the mta settings?
> Totally up to you, the choice of base for your LDAP
tree is
completely 
> independent of OX and whatever makes the most sense for
your
organization.

I know that I'm free to choose in the most questions I
asked, I'm look
for guidence which is the best way or which way is good in
which case,
or where are the pitfalls. 

>> 2. I took a look at luma as ldap client. Is it save
to change stuff
in the 
> ldap or is that bad because the data is also stored
somewhere else?
Which 
> data is save to change only in ldap
> Many items (such as contacts/address books) are stored
in both LDAP
and 
> SQL databases, so use this approach with caution.

ok

>> 3. Whats the best way to define aliases? is there a
ox way or is
done only 
> by the mta?
> You'd want to do this at the mta level in an aliases
file or lookup 
> table.  Some mta's can pull this info from LDAP, but
you may be fine

> with a flat file like /etc/aliases

yep, mine mta can do both, the questions is what does the 

       --maildomain
              Your Maildomain (company.org)

option for adduser_ox

>> 5. where can I find a list of all options I can use
for adduser_ox
and 
> changeuserattr_ox?
> Use the -- help flag to both programs.

not much output, see my other mail.



--

Robert Penz
HITT - health information technologies tirol gmbh
Tel: +43-512-576523 - 232
Fax: +43-512-576523 - 70
email: robert.penzhitt.at

"Windows Vista" is the abbreviation for
"Windows with Viruses,
Instability, 
Spyware, Trojans and Adware"


_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general

* Robert Penz <Robert.Penzhitt.at> [2006-04-11
11:40]:
> Usage: /usr/sbin/changeuserattr_ox [Options]
[...]
> can I only manipulate attributes which are also setable
in the
> adduser_ox or are there some additional?

last time I checked these shell scripts are just wrappers
around the
openldap command client tools. there's nothing special to
them.
  regarding the semantic of these values (e.g. maildomain)
someone who
actually uses these should give some insight.

cheers,
-p.schober

-- 
peter.schoberunivie.ac.at - vienna university computer
center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140

_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general

Hi!

I pasted my questions to the wiki. please paste also yours

http://www.ope
n-xchange.org/oxwiki/FAQ



--

Robert Penz
HITT - health information technologies tirol gmbh
Tel: +43-512-576523 - 232
Fax: +43-512-576523 - 70
email: robert.penzhitt.at

"Windows Vista" is the abbreviation for
"Windows with Viruses, Instability, 
Spyware, Trojans and Adware"



_______________________________________________
General mailing list
Generalopen-xchange.org
http://www.open-xchange.org/cgi-bin/mailman/listinfo
/general