[imp] Suggested LDAP Structure for IMP/Turba?

[Gary C. New]

I am currently trying to configure IMP + Cyrus + Postfix + SASL2 + LDAP. 
  I am at the point where I am trying to hammer out the ldap structure 
that will best support these applications to include virtual users and 
domains.

It was suggested to me that several persons on this list have attempted 
this before and I might be able to get some suggestions from you.  Most 
of my ldap structure and entries are based from the examples given in 
the postfix LDAP_README document.


        dn: cn=defaultrecipient, dc=fake, dc=dom
        objectclass: top
        objectclass: virtualaccount
        cn: defaultrecipient
        owner: uid=root, dc=someserver, dc=isp, dc=dom
   1 -> mailacceptinggeneralid: fake.dom
   2 -> mailacceptinggeneralid: @fake.dom
   3 -> maildrop: realuser@real.dom

As I am attempting to use SASL2 as the secure intermediary I believe the 
SASL Auth ID to LDAP DN conversion is suppose to be like this:

        uid=<user>,cn=<realm>,cn=digest-md5,cn=auth (sasl digest-md5)

        to

        uid=<user>,ou=person,dc=example,dc=com

My question is:  What would be the best ldap structure and entries to 
enable the use of virtual users and domains and intigrate well with 
IMP/Turba?

This is what I am currently considering:

                   -- ou=clientcompany1 -- uid=user1
dc=example,dc=org -- ou=clientcompany2 -- uid=user1 -- uid=user2
                   -- ou=clientcompany3 -- uid=user1

ldif entry:

dn: uid=user1,ou=clientcompany2,dc=clientcompany2,dc=org
objectclass: top
objectclass: virtualaccount
cn: defaultrecipient
owner: uid=root,dc=mail,dc=example,dc=org
mailacceptinggeneralid: @clientcompany2.org
mailacceptinggeneralid: clientcompany2.org
maildrop: <realuser>@<realdomain.org>
userpassword: <userpassword>

Can anyone suggest a better structure?

Respectfully,


Gary