Chapter 15. Advanced customization principles

Table of Contents
Leveraging the provisioning system for users, groups, and i-bays
Programmatically creating users, groups, and i-bays
Reserving accounts to avoid conflicts with user, group, or i-bay names
Adding new account properties
Using the LDAP server
Data backup
Using the MySQL database
Sending email messages
Managing the firewall
Starting up programs automatically upon system boot

Leveraging the provisioning system for users, groups, and i-bays

One of the themes in the SME Server is that concepts such as users, groups, and shared information (information bays) are simplified and reused in the user interface. SME Server users are email users, filesharing users, web users and users for any other sofware installed on the system.

For example, in the user interface you can create an information bay called salesdata representing information of interest to the sales team. Creating the information bay automatically reconfigures Samba and Netatalk to share salesdata as a new shared folder, reconfigures Apache to present http://www.example.com/salesdata/ as a new part of the web site, and reconfigures the FTP server - so that the information can be accessed by logging in as user salesdata.

Another example of this type of concept-reuse is that you can create a group called marketing that will, among other things, create an email alias called marketing to automatically forward email to all the group members. This group can also be used as a unit of information-sharing.

In order to enable this concept-reuse, there are certain namespace restrictions. You cannot have a user account and an information bay with the same name - since there would be ambiguity when logging into the FTP server. You cannot have a user account and a group with the same name either - since there would be ambiguity when sending email to the server.

To enforce these restrictions, the SME Server defines a concept of account. Users, groups, and information bays are all different types of account. No two accounts can have the same name. The account list is maintained in the accounts database.

Whenever a user, group, or information bay is created, the following steps are performed automatically by the SME Server:

  1. Check if there is an existing account (of any type) with the same name. If so, display an error and terminate.

  2. If there was no error, then create a new accounts database entry. The entry contains the name of the account, its type (e.g. user, group, ibay), and all associated properties.

  3. Signal the create event for that account type - user-create, group-create, ibay-create, and so on.

  4. The actions for that event will then do all the work to set up the account - creating underlying user accounts if necessary, creating groups and directories, reconfiguring services, and so on.

The SME Server supports the following account types:

Table 15-1. SME Server software

Account typePurpose
UserIndividual users of the system with local email accounts, home directories, etc.
GroupA list of users. All applications which require a list of users should use the standard SME Server group mechanism. They should extend the properties of the group, if required, but should not create additional group types - group lists, work groups, etc.
Information bayA shared storage area - shared folder, intranet, extranet, etc.
SystemAny account name that is reserved by the SME Server for internal use.
URLAny subdirectory of the primary web site (e.g. "webmail")
PseudonymAny email alias for a user or group
PrinterAny shared printer

When creating applications, you should always try to make use of the built-in SME Server account types. If your application has any concept of users, groups, or shared data - try to make your application use the built-in SME Server mechanisms for all of these.