LDAP

Building LAMP cluster one of the key point is: how to synchronize file update among all servers for Apache? Here we have many choice, e.g. DRBD + OCFS2, iSCSI + OCFS2, CephFS, Rsync, etc; but one of the most simple solution is to use NFS for sharing master server's DocumentRoot, e.g. /home. For sure, we are not considering performance and bottleneck here.

This HOWTO will guide you though installation of NFSv4 server and client on Ubuntu 12.04. In order to make uid/gid mapping works, we will reference Single-Sign-On (SSO) setup with LDAP in previous HOWTO. We will also utilize CacheFS for improving the overall performance.

In order to setup a LAMP cluster we usually need a way to share the master server uid/gid with other else member servers, for whatever NFS shared home directory, or running Apache2 + PHP5 in suexec style. Using LDAP + Webmin can simplify this Single-Sign-On (SSO) need in a handy way.

This HOWTO will guide you though installation of Webmin and OpenLDAP server, then use it as SSO between 2 server with nss-pam-ldapd. First of all let's fouce on making it works, and then enhence it with better security.

• Add support with Qmail-LDAP accountStatus attribute.
• Add support with Qmail-LDAP deliveryProgramPath attribute.
• Activate home_directory in transport with relative patch support.
• Add LDAP_MAILROOT support if homeDirectory is not absolute.
• Debug program pipe transport.
• Add sample LDIF for demo user demo@example.com.
• Document installation guideline in INSTALL.

For LDAP + PAM/NSS, please refer to my other article: LDAP + Samba PDC + PAM/NSS on Debian Lenny HOWTO

Add OpenLDAP mirror mode replication to existing server

Need to include qmail.schema into your slapd.conf, and add object class qmailUser with mail attribute to user object. phpldapadmin can assist most of this setup.

For login from external MUA, e.g. Thunderbird:

• username: postmaster (NOTE: not postmaster@example.com, we have no virtual domain support right now)
• password: your_password

Some code snippet for Courier LDAP authentication with qmail.schema.
/etc/courier/authldaprc:

Still reading...
http://www.zytrax.com/books/ldap/

P.S. Already able to authenticate Courier and Exim4 with LDAP, but now thinging about multiple virtual domain implementation. Need to consider both Samba, Exim4, Courier and eGroupWare (WOW!) requirement... E.g. Multiple DN is not allowed in Courier ldapauth... May be clone eGroupWare design? From egroupware/addressbook/doc/README:

Recall to my previous Exim4 + Courier + SSL on Debian etch mini-HOWTO, Exim4 authentication should work fine without enable plain_courier_authdaemon and login_courier_authdaemon support. But case will become a bit more complicated when using LDAP-Samba-PAM/NSS setup: LDAP user will now not able to be authenticated. Why and what's up!?