openldap + kmail

Thu Apr 24 02:56:11 UTC 2008

On Wed, 2008-04-23 at 22:07 -0400, Ric Moore wrote:
> On Wed, 2008-04-23 at 14:35 -0700, Craig White wrote:
> > On Wed, 2008-04-23 at 22:09 +0100, Timothy Murphy wrote:
> > > Craig White wrote:
> > > 
> > > >> Is anyone successfully using openldap to maintain an address book?
> > > > ----
> > > > sure - lots of them
> > > 
> > > I've seen many discussions of this,
> > > but never seen an actual example of an ldap address book
> > > working with KDE kontact/kaddressbook.
> > ----
> > the client (in your Kaddressbook/Kontact) is probably the meaningless
> > part because OpenLDAP provides LDAPv3 services to any LDAPv3 client (v2
> > is possible too but not allowed by default).
> > ----
> > > 
> > > >> As far as I can see, if you save kaddressbook data in LDIF format,
> > > >> the resulting file has to be extensively modified
> > > >> before it becomes acceptable to openldap.
> > > >> 
> > > >> Eg the DN of a typical entry in the LDIF file reads
> > > >>         dn: cn=Andrew Ryan,mail=aryan27 at tcd.ie
> > > >> which openldap certainly will not like.
> > > > ----
> > > > it's not openldap that *wouldn't like this* - it's that there is nothing
> > > > that says that an ldif file that program X creates in an 'export'
> > > > operation will match up to the restrictions imposed by your LDAP
> > > > setup...which is generally the case.
> > > 
> > > I'm no expert in openldap,
> > > but I don't see why kaddressbook doesn't use the LDAP DN
> > > specified in the KAddressBook->LDAP Lookup 
> > > when creating the LDIF.
> > > 
> > > Or at least it could ask you what DNs you want to use.
> > ----
> > I suppose that you could put in an RFE
> > ----
> > >  
> > > > all you need to do is to figure out a way to edit (sed/awk/perl/?) this
> > > > ldif in a way that matches your setup so that you can import these
> > > > things without a problem.
> > > > 
> > > > for example...
> > > > while this isn't likely to work...
> > > >   dn: cn=Andrew Ryan,mail=aryan27 at tcd.ie
> > > > this could conceivably work...
> > > >   dn: cn=Andrew
> > > > Ryan,mail=aryan27 at tcd.ie,ou=AddressBook,dc=gayleard,dc=org
> > > 
> > > That's more or less exactly what I do.
> > > But I don't think it should be necessary.
> > ----
> > LDAP does...it's entirely rigid about this too.
> > ----
> > > 
> > > >> What puzzles me about this is that the issue must be one
> > > >> which occurs to many people.
> > > >> How is one meant to keep a "global" address book under Fedora?
> > > 
> > > > Well, since Kmail is a 'write' capapble LDAP client, it is possible to
> > > > simply create an empty LDAP 'organizationalUnit' for an address book and
> > > > add entries directly via Kaddressbook. This of course insists that you
> > > > comport with specific rules such as entries that absolutely require an
> > > > 'sn' attribute (last name), etc.
> > > 
> > > Is it possible to do that?
> > > Could you be a bit more specific please?
> > > I thought one needed to include the host 
> > > (ou=People,dc=www,dc=xyz,dc=com in my case)?
> > ----
> > OK, say you have slapd.conf
> > and in the database section, you have...
> > 
> > database        bdb
> > suffix          "dc=www,dc=xyz,dc=com"
> > 
> > and in your ACL's, you have something like
> > 
> > access to dn.subtree="dc=www,dc=xyz,dc=com"
> >         by * write
> > access to dn.subtree="ou=People,dc=www,dc=xyz,dc=com"
> >         by * write
> > access to dn.subtree="ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com"
> >         by * write
> > 
> > you're pretty much good to go.
> > 
> > Now, import a simple little ldif that creates the AddressBook ou
> > 
> > dn: ou=People,dc=www,dc=xyz,dc=com
> > objectClass: organizationalUnit
> > ou: People
> > 
> > dn: ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com
> > objectClass: organizationalUnit
> > ou: AddressBook
> > 
> > import it and you're good to go
> > 
> > Why do I get the feeling that you never bought the Gerald Carter book I
> > told you to buy?
> 
> Thanks Craig! You just saved me twenty bucks! <cackles> Ric
----
the last laugh is on you...you have to maintain it

personally, I would have just gone with...

ou=AddressBook,dc=xyz,dc=com

for a simple shared addressbook just to minimize the typing.

because ou=People,dc=xyz,dc=com is where I would put authentication
accounts. I do also put users own personal LDAP AddressBooks under their
account info though but now we are getting way afield of simple LDAP
address book.

To be honest though, I am quite sure that openldap.org has a simple
address book setup in their - yep...

http://www.openldap.org/faq/data/cache/1005.html

but more importantly...buy the damn book and spend the $20...it will
learn ya good.

Craig