Mailserver, LDAP, external user accounts: what if

pike · April 11, 2019, 3:22pm

@Robb is trying to create an alternative for ICT structure.

He’s considering to put his mailserver into VPS and connect it with a remote userbase (via VPN) for consolidate the user accounts db into one place.

Therefore it’s my example:

install a server with user account database
install a mailserver which fetches the user account database from this authentication server
connect them via VPN connection AND public internet

What happens if the mailserver loose for a consistent and undefined amount of time the connection to the users db?
For consistent i’m meaning starting from 48 hrs to 5-10 days.

davidep · April 11, 2019, 7:19pm

…sssd should continue to work, providing cached accounts info and credentials. Services based on PAM shouldn’t be affected, ie dovecot postfix

However those with direct ldap access would stop to work immediately ie webtop sogo nextcloud

Please run the experiment by yourself!

pike · April 12, 2019, 8:31am

I certainly will try to but

This answer the question in any case: without access to user account db, LDAP-connected modules will stop to work.