OpenLDAP woes

Craig White craig at
Tue Jul 3 17:02:54 UTC 2007

On Tue, 2007-07-03 at 15:05 +0100, Timothy Murphy wrote:
> I asked a couple of weeks ago for advice on a LAN-wide address-book,
> and several people suggested I look at LDAP.
> I did this, and it does indeed look like the best solution,
> as kmail and other mail clients seem to accept addresses from LDAP servers.
> Unfortunately, the openLDAP documentation seems horrendously bad.
> I found a few useful web-sites, particularly
> "Build an LDAP-based address book",
> at <>,
> "Building an Address Book with OpenLDAP"
> at <>,
> and also <>.
> But I'm left with a few small queries,
> and am wondering if many Fedora users have gone down this path?
> Also, I wonder if there is a mailing list or newsgroup
> devoted to this topic, for newbies?
It's not that the openldap documentation is horribly bad - it's that the
openldap documentation doesn't even remotely cover what it is that you
are trying to accomplish. In fact, it doesn't cover any specific
application at all but only generalized usage.

That of course, is always the issue of LDAP - that it is a general
product whose application is entirely up to the user and thus, there is
no single application, no one specific guide for everyone.

I use it for authentication and for shared address books and the
learning curve is quite steep - sorry - I wish it weren't the case. The
issue is that it does not lend itself to an easy walk through and
attempts to use ldap without achieving a reasonable comprehension of how
it works inevitably lead to a great deal of frustration. Note that even
mail applications vary widely in the specific attributes and make it
virtually impossible for any ldap address book backend to satisfy more
than a handful of attributes.

My recommendation...stick with Brennan's home guide and you should at
least get basic functionality. You should have noticed by now that each
different web walkthrough varies greatly and what is applicable to one
approach doesn't work in another.

Feel free to post specific questions to the list because there are some
people on this list that do understand openldap/fedora-ds and can help
but recognize that it's not a technology that is easily adopted without
the requisite education.

Craig White <craig at>

More information about the users mailing list