Account Service

A self written service to provide a central API for user management. The challenge is it to delegate the creation process into several backing services.

The main reason for the requirement is due to the fact that some features in the backing services are missing:

Roundcube: Due to the special strategy of how Hostharing is choosing usernames of the email service it's required to provide the required real names directly into Roundcube. If this could be looked up dynamically and pushed upstream then this requirement could be dropped.
HSAdmin (email accounts): Sadly this service has it's own isolated user management and can not be supplied by an LDAP service

Also the pseudo concept of the service accounts require a special treatment.

Actually the LDAPadmin is going the same road, but only half way. Also the upstream support leaves a bit to be desired.

Architecture

The creation process needs to be cascaded down into other services.

Authentication

The service backend is coupled on the LDAP service. Users are required to be a member of the admin_ast LDAP group.

Workflow

sequenceDiagram participant ast as Account Service participant ads as ApacheDS participant hsadmin as HSAdmin participant roundcube as Roundcube ast->>ast: create UID Note right of ast: e.g. Steve Mc Irwin ⇒ steve.mc-irwin ast->>ast: create email address Note right of ast: e.g. steve.mc-irwin ⇒ steve.mc-irwin@ecogood.org ast->>ads: register user ast->>hsadmin: register email account+address hsadmin-->>ast: return IMAP username Note right of ast: eg.g ecg00-steve.mc_irwin ast->>roundcube: add user record Note right of roundcube: Consists of:<br>- IMAP server<br>- display name<br>- IMAP username<br>- email address