london.eduBrendan E. Quinn, London Business School
bquinnlondon.edu
LDAP is being increasingly utilized in the enterprise to store information about enterprise users. As the corporate LDAP generally already includes authentication information, and other information which can be used for mail routing, the obvious next step is to integrate the mail relays with LDAP, rather than maintain a separate, application-specific data store to support this single, albeit crucial application.
Due to the volume of mail, and the mission-critical nature of an enterprise's mail relays, integration with a single data source presents some unique challenges and risks. In this paper, I discuss the architecture of such an integration, and analyze methods of addressing these challenges, while minimizing the risks, with specific focus on the deployment of an LDAP integrated mail relay system at London Business School. This implementation uses the Exim MTA for the mail relays, and the SunOne Directory server for LDAP. I discuss the new LDAP object classes required for this implementation, and show how we were able to use the data that already existed in LDAP. I explore in detail the exim configuration required, some of the difficulties involved, and give examples from our configuration. I propose a method for controlling mail relaying using SMTP AUTH, and propose a new LDAP object class which this method uses. I analyze the impact an implementation like this has on the existing LDAP architecture, outline the test methodology used to ensure that the existing LDAP infrastructure is sufficient, and discuss the tools used for this testing. Finally, I will discuss the new tools and business processes required, and contrast them with the tools and procedures used under the previous system.