I've been wanting to move everybody.org to LDAP-based backend for email and authentication. For the longest time, I was stuck on the idea of using Cyrus IMAPd -- the server is the basis for much of what is done with IMAP. However, although it is designed for large sites, it is not designed with virtual domains in mind. I was so stubborn when it came to using Cyrus that I even looked at embedding a Perl interpreter into Cyrus to help it at the Authentication/Authorization stage. It worked -- somewhat. This is impressive because I am not a C programmer. It is a huge credit to the authors of the documentation that comes with Perl. I certainly have very few qualms now about embedding Perl wherever I feel it would help me.
Still, for all my stubbornness and grunting, Cyrus wasn't designed for virtual domains. It is a bit too monolithic as well, which makes it less flexible. After looking a bit, I dug a little deeper into Courier IMAPd and found that it would do what I wanted and it is packaged to do what I want out of the box on Debian. And, although there is a Courier SMTP server, I decided to stick with Exim since it already has Perl embedded and, as a result, allows an enormous amount of flexibility.
Last night, I successfully got Courier IMAPd up and running. Since it authenticates using an email address for the username, it is perfect for virtual domains. I was a little leery at first, but it turns out that the Authdaemon backend (which supports LDAP) actually works quite nicely.
It is all maildir, though, so that will be a change for our shell users. (Though, technically, I could allow them shell access to mbox mail or POP/IMAP access to maildir mail.) The stats seem to show that only Jeff and I really use the shell access, so I'm not really worried about that, though. New shell users (if we get any) will have to use a maildir client.
Since I have that done, I plan to write up the plan for transitioning everybody.org to Debian tomorrow, test it this week and execute it next weekend.
The major changes that will be happening are:
- Move from FreeBSD to Debian
- LDAP-based backend.
- Kerberos support implemented.
- Virtual domain support for email.
All this should be transparent to the end users if it is done right. Which is why I'm writing up the migration plan and testing it thoroughly.