With redhat 'dumping' the support for centos and the availability of containers. I thought about reconsidering my default dovecot setup. Since the concept of having a lts distribution that is supported by redhat/centos is more or less 'unavailable'. I thought about using the repo of dovecot with centos8stream. os =For now I stick with centos8stream, just because the rest is still on centos7 support and the ceph development team is using it as a default. (And can't yet let go of the idea this closest to professional distro ;)) auth uid gid os ==============I am not really convinced that storing users in mysql/postgres is a better alternative than having linux do auth. I also think it is good to have mailbox files stored with different uid's (no idea if this is even the case when dovecot is using mysql/maria/postgres) Normally I would use a synced ldap server on the vm for authentication. But I was thinking of using now an external ldap task from the container environment. To de-duplicate services/data and make the environment simple. Since rh is moving to a different ldap server, it would be good to have this seperated in the future. New to me is the sssd, used nscd/nslcd for decades without issues. I guess the best solution is to have the os uid/gid coming from sssd, configure sssd to have a huge timeout if the backend ldap auth is not available. What is your thought about this? auth uid gid dovecot ===================I do not really have an idea if I should have dovecot use ldap directly or use this sssd pam? The advantage of using ldap directly is you could maybe skip identifying users in the os. But maybe then tools like dovadm that require a user are not working anymore. From the keep it simple perspective it is probably better to use sssd. However centos8stream and sssd are not really known to me. So any ideas/advice about this?
Marc, Have you heard of Rocky Linux[1]? Started by Gregory Kurtzer, founder of the CentOS project. You should give it a look. [1] https://rockylinux.org/ Regards, Elisamuel Resto> On Oct 7, 2021, at 3:31 AM, Marc <Marc at f1-outsourcing.eu> wrote: > > ? > With redhat 'dumping' the support for centos and the availability of containers. I thought about reconsidering my default dovecot setup. > > Since the concept of having a lts distribution that is supported by redhat/centos is more or less 'unavailable'. I thought about using the repo of dovecot with centos8stream. > > os > => For now I stick with centos8stream, just because the rest is still on centos7 support and the ceph development team is using it as a default. (And can't yet let go of the idea this closest to professional distro ;)) > > auth uid gid os > ==============> I am not really convinced that storing users in mysql/postgres is a better alternative than having linux do auth. I also think it is good to have mailbox files stored with different uid's (no idea if this is even the case when dovecot is using mysql/maria/postgres) > > Normally I would use a synced ldap server on the vm for authentication. But I was thinking of using now an external ldap task from the container environment. To de-duplicate services/data and make the environment simple. Since rh is moving to a different ldap server, it would be good to have this seperated in the future. > > New to me is the sssd, used nscd/nslcd for decades without issues. > > I guess the best solution is to have the os uid/gid coming from sssd, configure sssd to have a huge timeout if the backend ldap auth is not available. What is your thought about this? > > auth uid gid dovecot > ===================> I do not really have an idea if I should have dovecot use ldap directly or use this sssd pam? The advantage of using ldap directly is you could maybe skip identifying users in the os. But maybe then tools like dovadm that require a user are not working anymore. > From the keep it simple perspective it is probably better to use sssd. However centos8stream and sssd are not really known to me. So any ideas/advice about this? > > > > > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20211007/d038bc34/attachment.html>
> On 10-07-2021 4:30 am, Marc wrote: > With redhat 'dumping' the support for centos and the availability of > containers. I thought about reconsidering my default dovecot setup. > > Since the concept of having a lts distribution that is supported by > redhat/centos is more or less 'unavailable'. I thought about using the > repo of dovecot with centos8stream.https://www.oracle.com/linux/ Im surprised at how little people are aware of this. Oracle linux has been around since 2006 and is an exact port of RHEL. The only difference between Centos and Oracle is the repos. You can migrate your current Centos to Oracle by only changing out the repo files in /etc/yum.repos.d/ Ive been using Oracle Linux for about a year now beside Centos8 setting up identical services on both servers to experience if there are any differences. Everything has translated over 1:1 between both. Every command has been identical except for the names of adding repos. For example: Centos8: dnf config-manager --set-enabled PowerTools Oracle8: dnf config-manager --set-enabled ol8_codeready_builder But after you add in the repo, the package names for services are identical so you can use the same dnf install commands on both.
AlmaLinux? On 2021-10-07 1:30 a.m., Marc wrote:> > With redhat 'dumping' the support for centos and the availability of containers. I thought about reconsidering my default dovecot setup. > > Since the concept of having a lts distribution that is supported by redhat/centos is more or less 'unavailable'. I thought about using the repo of dovecot with centos8stream. > > os > => For now I stick with centos8stream, just because the rest is still on centos7 support and the ceph development team is using it as a default. (And can't yet let go of the idea this closest to professional distro ;)) > > auth uid gid os > ==============> I am not really convinced that storing users in mysql/postgres is a better alternative than having linux do auth. I also think it is good to have mailbox files stored with different uid's (no idea if this is even the case when dovecot is using mysql/maria/postgres) > > Normally I would use a synced ldap server on the vm for authentication. But I was thinking of using now an external ldap task from the container environment. To de-duplicate services/data and make the environment simple. Since rh is moving to a different ldap server, it would be good to have this seperated in the future. > > New to me is the sssd, used nscd/nslcd for decades without issues. > > I guess the best solution is to have the os uid/gid coming from sssd, configure sssd to have a huge timeout if the backend ldap auth is not available. What is your thought about this? > > auth uid gid dovecot > ===================> I do not really have an idea if I should have dovecot use ldap directly or use this sssd pam? The advantage of using ldap directly is you could maybe skip identifying users in the os. But maybe then tools like dovadm that require a user are not working anymore. > From the keep it simple perspective it is probably better to use sssd. However centos8stream and sssd are not really known to me. So any ideas/advice about this? > > > > > > > >-- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.