openldap + kmail
Ric Moore
wayward4now at gmail.com
Thu Apr 24 02:07:43 UTC 2008
On Wed, 2008-04-23 at 14:35 -0700, Craig White wrote:
> On Wed, 2008-04-23 at 22:09 +0100, Timothy Murphy wrote:
> > Craig White wrote:
> >
> > >> Is anyone successfully using openldap to maintain an address book?
> > > ----
> > > sure - lots of them
> >
> > I've seen many discussions of this,
> > but never seen an actual example of an ldap address book
> > working with KDE kontact/kaddressbook.
> ----
> the client (in your Kaddressbook/Kontact) is probably the meaningless
> part because OpenLDAP provides LDAPv3 services to any LDAPv3 client (v2
> is possible too but not allowed by default).
> ----
> >
> > >> As far as I can see, if you save kaddressbook data in LDIF format,
> > >> the resulting file has to be extensively modified
> > >> before it becomes acceptable to openldap.
> > >>
> > >> Eg the DN of a typical entry in the LDIF file reads
> > >> dn: cn=Andrew Ryan,mail=aryan27 at tcd.ie
> > >> which openldap certainly will not like.
> > > ----
> > > it's not openldap that *wouldn't like this* - it's that there is nothing
> > > that says that an ldif file that program X creates in an 'export'
> > > operation will match up to the restrictions imposed by your LDAP
> > > setup...which is generally the case.
> >
> > I'm no expert in openldap,
> > but I don't see why kaddressbook doesn't use the LDAP DN
> > specified in the KAddressBook->LDAP Lookup
> > when creating the LDIF.
> >
> > Or at least it could ask you what DNs you want to use.
> ----
> I suppose that you could put in an RFE
> ----
> >
> > > all you need to do is to figure out a way to edit (sed/awk/perl/?) this
> > > ldif in a way that matches your setup so that you can import these
> > > things without a problem.
> > >
> > > for example...
> > > while this isn't likely to work...
> > > dn: cn=Andrew Ryan,mail=aryan27 at tcd.ie
> > > this could conceivably work...
> > > dn: cn=Andrew
> > > Ryan,mail=aryan27 at tcd.ie,ou=AddressBook,dc=gayleard,dc=org
> >
> > That's more or less exactly what I do.
> > But I don't think it should be necessary.
> ----
> LDAP does...it's entirely rigid about this too.
> ----
> >
> > >> What puzzles me about this is that the issue must be one
> > >> which occurs to many people.
> > >> How is one meant to keep a "global" address book under Fedora?
> >
> > > Well, since Kmail is a 'write' capapble LDAP client, it is possible to
> > > simply create an empty LDAP 'organizationalUnit' for an address book and
> > > add entries directly via Kaddressbook. This of course insists that you
> > > comport with specific rules such as entries that absolutely require an
> > > 'sn' attribute (last name), etc.
> >
> > Is it possible to do that?
> > Could you be a bit more specific please?
> > I thought one needed to include the host
> > (ou=People,dc=www,dc=xyz,dc=com in my case)?
> ----
> OK, say you have slapd.conf
> and in the database section, you have...
>
> database bdb
> suffix "dc=www,dc=xyz,dc=com"
>
> and in your ACL's, you have something like
>
> access to dn.subtree="dc=www,dc=xyz,dc=com"
> by * write
> access to dn.subtree="ou=People,dc=www,dc=xyz,dc=com"
> by * write
> access to dn.subtree="ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com"
> by * write
>
> you're pretty much good to go.
>
> Now, import a simple little ldif that creates the AddressBook ou
>
> dn: ou=People,dc=www,dc=xyz,dc=com
> objectClass: organizationalUnit
> ou: People
>
> dn: ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com
> objectClass: organizationalUnit
> ou: AddressBook
>
> import it and you're good to go
>
> Why do I get the feeling that you never bought the Gerald Carter book I
> told you to buy?
Thanks Craig! You just saved me twenty bucks! <cackles> Ric
--
================================================
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
Linux user# 44256 Sign up at: http://counter.li.org/
http://www.sourceforge.net/projects/oar
http://www.wayward4now.net <---down4now too
================================================
More information about the fedora-list
mailing list