headers
Tarjei Huse | 1 Feb 12:47
Picon

Re: midgard mail integration

Hi - and good morning :)

I thought I'd add a few thoughts on this subject.

1) Cyrus-imap has a new version in cvs now that has virtualdomain support in two ways:
- one mailserver adress - the user logs on with his emailaddress. 
- one ip per domain - user logs on to "his domain" and the ip is translated to a realm.

I think a virtual domain hosting solution should be easier with this in place.

More on this here:
http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/doc/Attic/install-virtdomains.html?rev=1.1.2.5&content-type=text/x-cvsweb-markup

The document is a little old, but the concepts still apply.

2) With cyrus-imapd in virtual mode, we still need authentication. I suggest that they are solved using
mysql - not
ldap. I will get back to ldap in 3).

Authentication may well be done using the mysql_auxprop. Using it you should probably be able to set up a working
system today. Here's an ok howto:
http://home.earthlink.net/~jaymzh666/cyrus/cyrus_sql.html

The problem would be multiple domainadressed, but I guess this could be solved in dns by setting the mx record
correctly.
Passwords
As you know, midgard stores passwords in two ways either using the mysql encrypt() function (or crypt()?)
or by
beeing prefixed with ** and then the plaintext password.
(Continue reading)

Permalink | Reply | 3 comments |
headers
Peter J Slot | 1 Feb 17:21
Picon

Re: midgard mail integration

Hej

Tarjei Huse wrote:

> Hi - and good morning :)

Good afternoon!
Thanks for your input!!

>
> 2) With cyrus-imapd in virtual mode, we still need authentication. I suggest that they are solved using
mysql - not
> ldap.

What are your arguments for doing this? I myself thought about the LDAP option as being more generic.
There are more and more LDAP directories in use, that one could interface with. Eventually we could
move all of the midgard user information in the LDAP store by adding a midgardObjectclass or CMSObjectClass
to the LDAP directory. We might also be able to integrate with a external Sun One, Novell NDS or a MS AD server.

Interfacing with LDAP will give the possibility to integrate with LDAP aware program suites like
Bind, postfix, exim, sendmail, cyrus imapd, cyrus sasl, courier IMAP, apache, proftpd, samba, IMP and
many perl, phyton and php based programs
There are community programs like ISPman that can automate taks like creating virtual domains and a mail
boxes when you create user entries in
LDAP.
That way one does need less need to deal with this from midgard CMS system.

> What also could be considered in this is converting midgard
> auth to using cyrus-sasl. I'm not sure how smart this
> is, but at least then these problems would have to be dealt
(Continue reading)

Permalink | Reply | 2 comments |
headers
Tarjei Huse | 1 Feb 18:40
Picon
Favicon
Gravatar

Re: midgard mail integration

> > 2) With cyrus-imapd in virtual mode, we still need authentication. I
> suggest that they are solved using mysql - not ldap 
> What are your arguments for doing this? I myself thought about the LDAP
> option as being more generic.
Yes that is true. Actually I view the two options as just as good. However, if 
we just need to get an ok midgard-mail integration suite going, then I'd opt 
for trying to just use mysql. I like ldap a lot, but I fear that will be one 
extra thing to get going, integrated etc. If we only use mysql & midgard, we 
allready got admin utilities etc ready.

I think that we'll need both options in the end. Using ldap for authentication 
is quiet nice on corporate lan, but for a hosting solution it is not that 
important. If you can reduce complexity then that helps a lot.

> There are more and more LDAP directories in use, that one could interface
> with. Eventually we could
> move all of the midgard user information in the LDAP store by adding a
> midgardObjectclass or CMSObjectClass
This is IMHO the way it should be, but I do not think that will happen in the 
next year :)
> Interfacing with LDAP will give the possibility to integrate with LDAP aware
> program suites like
> Bind, postfix, exim, sendmail, cyrus imapd, cyrus sasl, courier IMAP, apache,
> proftpd, samba, IMP and many perl, phyton and php based programs
> There are community programs like ISPman that can automate taks like creating
> virtual domains and a mail boxes when you create user entries in
> LDAP.
> That way one does need less need to deal with this from midgard CMS system.
True. 
But then you're talking about another binny. Using just mysql gives a quick fix
(Continue reading)

Permalink | Reply | 1 comment |
headers
Peter J Slot | 3 Feb 01:10
Picon

Re: midgard mail integration

Hi,

Tarjei Huse wrote:

> I think that we'll need both options in the end. Using ldap for authentication
> is quiet nice on corporate lan, but for a hosting solution it is not that
> important. If you can reduce complexity then that helps a lot.

True, but I think that those people, who are integrating midgard with external
applications, will be able to handle LDAP. LDAP should just be an extension
only activated when integrating external apps.
I quess quite a lot of ISP's and hosting firms  are already using LDAP ;-)

> > adding a midgardObjectClass or CMSObjectClass
> This is IMHO the way it should be, but I do not think that will happen in the
> next year :)

What should be done? I tried to look at the LDAP patch from "Wyschkon Mirko"
which will allow authentication to a LDAP directory. This means that you need an
eksternal program to sync userinfo between mysql and ldap. This could be the first
step?
What more is needed and what could be the roadmap?

> > > What also could be considered in this is converting midgard
> > > auth to using cyrus-sasl. I'm not sure how smart this
> > > is, but at least then these problems would have to be dealt
> > > with oce and for all :)
> >  What about interfacing PAM ;-)
> True just as good :)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Alan Knowles | 1 Feb 07:53
Favicon
Gravatar

Re: Patch to phpmole's midgard_receiver.php

Ok, added - And a new release of phpmole is out.. (only 2 real bug fixes 
in reality..)

I started renaming stuff and moving it around to match pear standards - 
but unfortunatly havent really got alot of time to do this.. - 
volunteers kindly welcome :)

Regards
Alan

Martin Langhoff wrote:

> See the attached email for a <silly> patch to midgard_receiver.php
>
> It does not add any new features, though it does clean up many 
> warnings and notices from midgard_receiver.php... tailing the logs 
> while working on midgard is useful once again ;)
>
> This might need a clarification: I develop with all warnings and 
> notices on, to catch typos and invalid data. Under such settings, 
> midgard_receiver.php spews out a ton of warnings, hiding any warnings 
> from 'my' code.
>
> regards,
>
>
>
>
> martin
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
dev | 3 Feb 17:55
Favicon

[Midgard 1.x 0000147]: Enable LDAP authentication in Midgard


The following bug has been ASSIGNED.
=============================================================
http://bugs.midgard-project.org/view_bug_page.php?f_id=147
=============================================================
Reporter:             bergie
Handler:              torben
=============================================================
Project:              Midgard 1.x
Bug ID:               0000147
Category:             midgard-lib
Reproducibility:      always
Severity:             feature
Priority:             normal
Status:               assigned
=============================================================
Date Submitted:       13 Aug 02 11:52 CEST
Last Modified:        03 Feb 03 17:55 CET
=============================================================
Summary:              Enable LDAP authentication in Midgard
Description: 
Include the LDAP authentication patch as a compile option for Midgard-lib.
Possibly something like --with-ldap-auth="My dn"
=============================================================

-------------------------------------------------------------
 torben - 13 Aug 02 12:36 CEST 
-------------------------------------------------------------
please attache the pathc as a file to the bug. this way it is not really
usable.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Henri Bergius | 3 Feb 18:03
Picon
Picon
Favicon

Integrating Midgard with LDAP

Greetings!

We were discussing integrating Midgard's user management with
LDAP on #midgard today. Quick log:

<Peter_Slot> How much work do you think it will be to rewrite the other
user functions
<Peter_Slot> create modify etc 
<Peter_Slot> just like the authentication part?
<bergie> No idea. I think we will do those on PHP level
<Peter_Slot> Would it not be nice to have this in midgard?
<bergie> Yes, it would. I'll think about it, but we would probably need
somebody with C experience
<Peter_Slot> How much experience do you have?
<Peter_Slot> If I find someone could you help?
<bergie> torben: What do you think about this? Adding LDAP connectivity
to mgd_person functions...
<torben> sorry, i didn't follow the conversation...
<torben> i assume the basic idea is having MidgardPerson use LDAP rather
then the Midgard Database as data storage?
<torben> The same would have to apply to MidgardGroup also in this case.
<torben> or at least partly
<bergie> well, MidgardPerson at first
<bergie> I think we should still have a stub entry on each person in
Midgard DB, mainly just ID and GUID
<torben> we have to, since we need to ensure midgard's db integrity
<torben> i would suggest having a field in the MidgardPerson record that
specifies wether this is a LDAP or a local record.
<bergie> Not a bad idea
<torben> if it is a LDAP one, you'd also need some kind of LDAP
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sergei Dolmatov | 4 Feb 10:12
Picon

Some thoughts about Midgard

Hello!

Here are some my thoughts about Midgard... Sorry for my poor english, but
I hope it's enough simple.

1. Templates.

Midgard is good. Its base idea about splitting website content into 3
trees - content, pages and styles - is very good. Some years ago (when I
just meet Midgard) I read interview with Bergie, where he tells about
differences between Zope and Midgard. AFAIR, the main one was: "Midgard is
content oriented while Zope is code-oriented" (If I wrong - fix me, of
course :)

But could you point me to anyone who build even very basic site - says,
main page, news and some articles (I think, on such kind of sites MIdgard
shows its power) - without PHP knowlege? Ok, ok, PHP is enough simple (is
it? :), but anyway - looks like for building any site you have to learn
PHP (if you don't know it yet).

We have good feature - using PHP variables in HTML code and including
elements by <[]>. Well, why we can't go more and make some kind of macros
- by inserting special tags. For example:

<[mgd-foreach topic("/root_topic/news_topic/2003-02-04").articles
order="date desc" start="1" end="5"]>
&(date); - &(title);
<[/mgd-foreach]>

Of course, enough ugly, but (I think) enough easy. And yes, it's yet
(Continue reading)

Permalink | Reply | 10 comments |
headers
Alexander Bokovoy | 4 Feb 12:07

OSCOM3 Midgard-related talks

Greetings!

As Henri Bergius is now at OSCOM's board and the policy doesn't allow members 
to have a talk about CM they are representing, we need to find another one
representative to replace him in Midgard/Aegir talk which Henri supposed
to present.

We discussed this briefly with Henri. I would like to give a talk on
integrating Midgard-powered sites with CIFS domains for better management
of intranet applications (use CIFS users and passwords instead of storing 
them in Midgard database), allowing seamless logon of users under Windows
once they logged in into their CIFS domain. The core part of this work is
done under Samba 3.0 development with NTLM auth API.

I could give the second talk on presenting Aegir/Midgard if nobody else will
be able to be at OSCOM-3 but I really would like to see more Midgardians
in Boston.

Any thoughts?

--

-- 
/ Alexander Bokovoy
---
Default, n.:
	The hardware's, of course.
Permalink | Reply | 17 comments |
headers
dev | 4 Feb 12:20
Favicon

[Aegir CMS 0000313]: Enable logins to non-FQDN hosts


A BUGNOTE has been added to this bug.
=============================================================
http://bugs.midgard-project.org/view_bug_page.php?f_id=0000313
=============================================================
Reporter:             bergie
Handler:              
=============================================================
Project:              Aegir CMS
Bug ID:               0000313
Category:             core
Reproducibility:      always
Severity:             feature
Priority:             none
Status:               new
=============================================================
Date Submitted:       09 Jan 03 14:30 CET
Last Modified:        04 Feb 03 12:20 CET
=============================================================
Summary:              Enable logins to non-FQDN hosts
Description: 
We should enable using Aegir CMS in non-FQDN hosts (like localhost) since
this is a very frequent question on the mailing lists.

=============================================================

-------------------------------------------------------------
 bergie - 31 Jan 03 16:56 CET 
-------------------------------------------------------------
Apparently upgrading to latest NemeinAuthentication did not work. Either
(Continue reading)

Permalink | Reply | 0 comments |

Gmane