This document should get you through the basics of installation and configuration for a server that will handle SMTP, IMAP4 and POP3 as well as providing a company wide LDAP directory of email addresses. This is the most basic of services that we hope to eventually provide.
My experience with both UNIX and Microsoft systems has led me to the conclusion that I can no longer work on Microsoft systems. While Exchange Server offers tighter integration than this collection of software and easier (GUI) system administration, I'd rather not be awakened by a pager in the middle of the night or be completely unable to determine the cause of problems. I've never been more embarrassed in my professional life than telling a manager or client, “I don't know why it broke or how I fixed it.”. The peace of mind that I have gained with this architecture is priceless. Troubleshooting and debugging leads to concrete answers that can be fixed, given the time.
The biggest drawback to this system is security. This is simply a matter of someone getting a working system. The OpenLDAP server is capable of SSL enabled LDAP connections, most clients are capable of SSL encrypted IMAP4, POP3 and LDAP sessions. The pam_ldap module supports SSL using the Netscape C SDK precompiled library. I believe Cyrus supports SSL IMAP and POP3 sessions. As long as your data does not pass over public networks you are somewhat safe. However please keep in mind when evaluating this system, that security should remain a top priority. If anyone has any information on how they may have locked down their connections, please let me know.
Lack of server side calendar coordination and client mailing list management. These are the 2 major drawbacks as far as functionality is concerned. I will be looking at solutions as I come across them, but any help in this area will also be greatly appreciated.
The Sympa Mailing List Manager at http://listes.cru.fr/sympa/ looks promising. Complete LDAP support is not available yet. I am primarily concerned with using LDAP to manage lists, list owners and subscribers, perhaps by having a Sympa User LDAP entry that has an objectclass entry for sympa. The list entry would then contain a list of users and the list manager. You could do this without modifying users. The actual messages could be stored via Sympa's default storage methods.
Administration is also a big concern. OpenLDAP is working on building LDIF and schema files that will allow you to load most of the configurations that popular clients look for when utilizing LDAP servers. This project is a bit slow and scattered however. If you run into any LDAP related issues that involve the schema or ACLs, please let me know so that we can update the information, and hopefully help out the OpenLDAP project. Also, administration utilities for converting mailboxes from other systems and a single interface for setting users up within this architecture would be quite welcome.
I am currently building a Perl CGI script that will allow web-based user management. Currently it modifies the configuration file for the script, adds users, and partially modifies users. I'll be finishing the scripts basic functionality before Febuary 2000. The current problems are security, and POP3. In order to enable pop3 a directory must be created on the filesystem with owner cyrus and group mail. The directory that this must be created in is owned by cyrus and mail. As most web servers run as nobody/nobody, this creates a permissions problem. The most likely solution for this problem will be to turn the script into an inetd controlled server, like linuxconf's web interface or Samba's swat. This way you may use host.allow and hosts.deny to control access. The only drawback, is that using a web server, you can use the CGI through an SSL enabled connection. SSL is a definate plus since you will be passing passwords around.