Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Howto: Creating a central outlook addressbook with OpenLDAP.
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Sat Feb 07, 2004 6:17 pm    Post subject: Reply with quote

pens wrote:
Is there any way to import Outlook/Mozilla/Evolution address books into the openldap database?

Check the last link of my howto. I red something about that, there.
Back to top
View user's profile Send private message
reinier
n00b
n00b


Joined: 30 Jan 2004
Posts: 12
Location: Netherlands

PostPosted: Sat Feb 07, 2004 11:00 pm    Post subject: Re: Creating a central outlook addressbook with OpenLDAP how Reply with quote

mariourk wrote:
By now you should now what should be edited. You only have to edit a few first lines so phpldapadmin knows what the name, passwd, etc of your LDAP database is. Don't forget to save it as config.php!!
Now you can access and maintain your LDAP database with your browser. Open your browser and give the ip of your Gentoo-server. For example:
Code:
192.168.0.1/phpldapadmin

Your will enter a beautifull interface and maintaining yor database is a piece of cace from now an ;)


I really appreciate your help... unfortunately, this part of your instructions was a bit unclear. I'm now trying to edit the following in my ../phpldapadmin/config.php file:
Code:
$servers[$i]['name'] = 'server name';
$servers[$i]['auth_type'] = 'form or config, (form works best i think)';
$servers[$i]['login_dn'] = 'uid=myusername,cn=users,dc=mydomain,dc=com';
$servers[$i]['login_pass'] = 'my password';


I'm not sure on auth_type, login_dn, and login_pass... The form auth_type seems good but I haven't figured out what I should use for login_dn and login_pass ..? For reference sake, this is my slapd.conf:

Code:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/extension.schema
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        ldbm
suffix          "dc=smit, dc=nl"
rootdn          "dc=smit, dc=nl"
rootpw          secret
directory       /var/lib/openldap-ldbm
index   cn,sn           pres,eq,sub
index   objectClass     eq

Once again, any advice/help would be greatly appreciated :)
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Sun Feb 08, 2004 12:35 pm    Post subject: Reply with quote

This is all I changed in my config.php
Code:

<?php
 
/*
 *                  The phpLDAPadmin config file
 *
 *   This is where you customize phpLDAPadmin. The most important
 *   part is immediately below: The "LDAP Servers" section.
 *   You must specify at least one LDAP server there. You may add
 *   as many as you like. You can also specify your language, and
 *   many other options.
 *
 */
 
// Your LDAP servers
$i=0;
$servers = array();
$servers[$i]['name'] = 'My LDAP Server';    /*  A convenient name that will appear in
                                                the tree viewer */
$servers[$i]['host'] = 'localhost';  /*  Examples: 'ldap.example.com',
                                                'ldaps://ldap.example.com/'
                                                Note: Leave blank to remove it from the list
                                                of servers in the tree viewer*/
$servers[$i]['base'] = 'dc=gentoo,dc=com'; /*  The base DN of your LDAP server. Leave this
                                                blank to have phpLDAPadmin
                                                auto-detect it for you. */
$servers[$i]['port'] = 389;                 /*  The port your LDAP server listens on
                                                (no quotes) */
$servers[$i]['auth_type'] = 'config';       /*  2 options: 'form': you will be prompted, and
                                                a cookie stored with your login dn and
                                                password. 'config': specify your login dn
                                                and password here. In both cases, use caution! */
$servers[$i]['login_dn'] = 'dc=gentoo,dc=com';
                                            /*  For anonymous binds, leave the
                                                login_dn and login_pass blank */
$servers[$i]['login_pass'] = 'secret';


As you see, only the first few lines of the config file. The Rest, I didn't even looked at it :wink:

In your case it would be:
Code:

<?php
 
/*
 *                  The phpLDAPadmin config file
 *
 *   This is where you customize phpLDAPadmin. The most important
 *   part is immediately below: The "LDAP Servers" section.
 *   You must specify at least one LDAP server there. You may add
 *   as many as you like. You can also specify your language, and
 *   many other options.
 *
 */
 
// Your LDAP servers
$i=0;
$servers = array();
$servers[$i]['name'] = 'My LDAP Server';    /*  A convenient name that will appear in
                                                the tree viewer */
$servers[$i]['host'] = 'localhost';  /*  Examples: 'ldap.example.com',
                                                'ldaps://ldap.example.com/'
                                                Note: Leave blank to remove it from the list
                                                of servers in the tree viewer*/
$servers[$i]['base'] = 'dc=smit,dc=nl'; /*  The base DN of your LDAP server. Leave this
                                                blank to have phpLDAPadmin
                                                auto-detect it for you. */
$servers[$i]['port'] = 389;                 /*  The port your LDAP server listens on
                                                (no quotes) */
$servers[$i]['auth_type'] = 'config';       /*  2 options: 'form': you will be prompted, and
                                                a cookie stored with your login dn and
                                                password. 'config': specify your login dn
                                                and password here. In both cases, use caution! */
$servers[$i]['login_dn'] = 'dc=smit,dc=nl';
                                            /*  For anonymous binds, leave the
                                                login_dn and login_pass blank */
$servers[$i]['login_pass'] = 'secret';


Be careful that you don't open the phpldapadmin page to the whole world. This means that everyone has write access to you LDAP-directory!!
At least protect the page with apache.
Back to top
View user's profile Send private message
pens
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jan 2003
Posts: 121
Location: Irvine, CA

PostPosted: Mon Feb 09, 2004 5:06 am    Post subject: Reply with quote

I found a neat website that talks about how to convert outlook addressbooks to the openldap server. It even includes a perl script to fix mozilla's ldif output.

http://wlug.org.nz/LDAPInstallation
Back to top
View user's profile Send private message
DumbAss
Apprentice
Apprentice


Joined: 30 Sep 2003
Posts: 247
Location: 't Steen

PostPosted: Thu Feb 12, 2004 7:22 pm    Post subject: Reply with quote

mariourk wrote:


As far as I know it is not possible to edit a ldap-directory with any email program (like outlook, Evolution, etc)

Why's that? Hasn't anyone had that idea? Or is it to difficult to program?
Back to top
View user's profile Send private message
traviswu
n00b
n00b


Joined: 14 Mar 2004
Posts: 6

PostPosted: Sun Mar 14, 2004 10:22 pm    Post subject: check this out... outlook address book to ldif Reply with quote

ftp://ftp.gin.cz/pub/mswindows/the_bat/utilities/wab2ldif.exe
this is a wab2ldif converter.. it may help to convert windows address book to LDAP.
:) I'm gonna try it first and I'll have everybody posted. :D
Back to top
View user's profile Send private message
jordant
n00b
n00b


Joined: 31 May 2003
Posts: 68
Location: Vancouver, BC

PostPosted: Mon Mar 29, 2004 7:26 pm    Post subject: Reply with quote

Thanks for the very useful tutorial... I have my LDAP server setup, but I can't seem to access it using phpldapadmin.

I get this error message on the left sidebar on attempt:

Code:
rose
      Could not connect to LDAP server.


Any suggestions?
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Thu Apr 01, 2004 11:48 am    Post subject: Reply with quote

I suppose it's some type-error in the phpldapadmin configuration-file. Most likely the password or
the login_dn. Check the post I posted in this topic on Sun Feb 08, 2004 7:35 am, to help Reinier. I think this might help you as well.
Back to top
View user's profile Send private message
Cybergod091281
n00b
n00b


Joined: 14 May 2003
Posts: 10

PostPosted: Thu Apr 01, 2004 8:44 pm    Post subject: Reply with quote

hi, while following ur howto I ran into some problems after starting slapd and trying to add the directory.ldif:

Code:
Kerberos openldap # /etc/init.d/slapd start
 * Starting ldap-server...                                                                                       [ ok ]
Kerberos openldap # ldapadd -D "dc=d-c-a, dc=ath, dc=cx" -f directory.ldif -W
Enter LDAP Password:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (82)
        additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)
Kerberos openldap #


did anyone of u see something like this while following the howto?
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Fri Apr 02, 2004 6:59 am    Post subject: Reply with quote

It seems to be a problem with DNS. http://www.openldap.org/faq/data/cache/833.html

Someone suggested to take a look at the /etc/hosts file
Back to top
View user's profile Send private message
Cybergod091281
n00b
n00b


Joined: 14 May 2003
Posts: 10

PostPosted: Fri Apr 02, 2004 8:28 am    Post subject: Reply with quote

i didn't set up a dns-server in my network and my /etc/resolv.conf looks like:
Code:
#domain Kerberos.d-c-a.ath.cx
nameserver 194.25.2.129
nameserver 194.25.2.132

so I'm a little bit confused. after some reading through several websites I found out, the error occures when openldap - sasl - kerberos have some problem with authentification, but I'm not sure how to solve it.
Back to top
View user's profile Send private message
ralle
Tux's lil' helper
Tux's lil' helper


Joined: 25 Mar 2003
Posts: 144
Location: Aachen, Germany

PostPosted: Thu Apr 22, 2004 6:53 pm    Post subject: Reply with quote

I'm very new to this ldap thing so don't shoot me if my question is damn stupid.

As I understand, I have to setup a domain and a domain suffix. This might work with real domain names, like "gentoo.org", but I want to use ldap on my home network which is called like that:
Code:

bender root # hostname
bender.futurama


So my question: Will a setting like this (empty domain suffix) work?
Code:

suffix          "dc=futurama,dc="
rootdn          "dc=futurama,dc="


Or should I just delete the second "dc="?

Second question:
Can an ldap server be used to authenticate users and to serve as global adressbook at the same time?
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Thu Apr 22, 2004 8:14 pm    Post subject: Reply with quote

Or should I just delete the second "dc="?
I guess so... As far as I know the suffix has actually nothing to do with your domain. I think that it is common to use your doamain as your suffix to keep things clear.
I think that dc=futurama works fine. Otherwise you could use
dc=futurama,dc=com or something like that.
Let us know how this worked out for you.

Can an ldap server be used to authenticate users and to serve as global adressbook at the same time?
I have absolutely no idea. I think it shoud be possible. As far as I know you can
create multiple "trees" The tree you create in this howto is ou=addressbook
I think you can create a second tree that contains the logon information.
If you succeed, would you post here how you did it?
Back to top
View user's profile Send private message
VanDan
Guru
Guru


Joined: 30 Sep 2002
Posts: 586
Location: Australia

PostPosted: Thu May 06, 2004 12:19 am    Post subject: dc= Reply with quote

I have a question about the line:

Code:
dc=our_domain,dc=com


We are in Australia, so our full domain is nusconsulting.com.au
How do I represent that?

Code:
dc=nusconsulting,dc=com,dc=au


or maybe

Code:
dc=nusconsulting,dc=com.au


What's going on?
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Thu May 06, 2004 11:35 am    Post subject: Reply with quote

Code:

dc=nusconsulting,dc=com,dc=au

That is the right one. But as far as I know, it's possible to use
something different than your domain. I guess that most people
use their domain to keep things in order.
I think it should be possible to use something different then your
domain. For example:
Code:

dc=my,dc=openldap,dc=database

You might give it a try and let us know. :wink:
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Sat May 08, 2004 8:53 am    Post subject: Reply with quote

I updated my howto. It now also explains how to backup and restore your
adressbook (and it's about time... ;) ) So if something happens to your ldap-
server. You still have a backup to undo the damage :)
Back to top
View user's profile Send private message
agrippa_cash
Tux's lil' helper
Tux's lil' helper


Joined: 08 May 2003
Posts: 143
Location: Los Angeles

PostPosted: Sun May 09, 2004 5:00 am    Post subject: FQDn dat Reply with quote

I have a similar setup at work and my domains are not FQDN. They don't even have to LOOK like FQDN. My domain at work is "dc=local, dc=firmname."

I found phpldapadmin to be a little slow and too powerful and intimidating for users.[url] http://www.devshed.com/c/a/PHP/Using-PHP-With-LDAP-part-2/[/url] has a good tutorial on making your own forms. I set up an intranet site that allows anybody who wants to add an entry to do so. They could throretically screw things up since they have write access, but the pages I wrote only allow access to "ou=Addressbook."

On thing NOT mentioned in that site is: If you are populating form fields from the database, the ldap field must be all lowercase (eg: 'telephoneNumber' would be 'telephonenumber') Also the objectclasses should be made part of an array (when there is more than one).
_________________
Athlon xp 1700+;VIA-KT266;512mb RAM;Radeon 9600
-running with udev, hal, dbus, pmount & modular-xorg
Back to top
View user's profile Send private message
riggagoogoo
Tux's lil' helper
Tux's lil' helper


Joined: 06 Apr 2003
Posts: 108

PostPosted: Sun May 16, 2004 2:32 pm    Post subject: Reply with quote

would users of Outlook still be able to click on the 'Add user to address book' and have that add it straight in to the LDAP or would they need to inform the LDAP andmin and have him/her add it in??

Cheers

RiGGa
Back to top
View user's profile Send private message
meulie
l33t
l33t


Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway

PostPosted: Thu May 20, 2004 9:14 pm    Post subject: Reply with quote

Hmm, openldap doesn't want to emerge:
Code:

>>>>> Starting test000-rootdse ...
running defines.sh
Datadir is ./data
Cleaning up in ./test-db...
Starting slapd on TCP/IP port 9009...
Using ldapsearch to retrieve the root DSE...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
ldap_bind: Can't contact LDAP server (81)
>>>>> Test failed
>>>>> ./scripts/test000-rootdse failed (exit 1)
make: *** [test-bdb] Error 1
 
!!! ERROR: net-nds/openldap-2.1.30 failed.
!!! Function src_compile, Line 137, Exitcode 2
!!! make tests failed



Any suggestions anyone? 8)
_________________
Greetz,
Evert Meulie
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Fri May 21, 2004 7:23 am    Post subject: Reply with quote

Code:

Starting slapd on TCP/IP port 9009...

And then,
Code:

ldap_bind: Can't contact LDAP server (81)

I think this is a firewall problem. Does your LDAP server accept everything from localhost
on port 9009?
Back to top
View user's profile Send private message
meulie
l33t
l33t


Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway

PostPosted: Fri May 21, 2004 1:05 pm    Post subject: Reply with quote

It's all running on the same machine... I'm trying to install LDAP on localhost... 8)
_________________
Greetz,
Evert Meulie
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Fri May 21, 2004 1:13 pm    Post subject: Reply with quote

That's what I'm saying... :?
Code:

Does your LDAP server accept everything from [b]localhost[/b]
on port 9009?

It's possible that a firewall blocks TCP/IP traffic from/to localhost.
Back to top
View user's profile Send private message
meulie
l33t
l33t


Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway

PostPosted: Sat May 22, 2004 6:22 am    Post subject: Reply with quote

To my knowledge this is not the case...

I've also tried a
netstat -a --numeric-ports
to check whether anything was holding the port, but nope...



Any other suggestions? 8)
_________________
Greetz,
Evert Meulie
Back to top
View user's profile Send private message
mariourk
l33t
l33t


Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands

PostPosted: Sat May 22, 2004 8:40 am    Post subject: Reply with quote

Check this: http://forums.devshed.com/archive/t-129109
try to move /var/lib/ldap to /var/lib/ldapOLD.

If that still doesn't work, open a second terminal and type:
Code:

tail -f /var/log/everything/current

Start ldap again and see what the logs say. It is most of the time
very helpful ;)
Back to top
View user's profile Send private message
meulie
l33t
l33t


Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway

PostPosted: Sat May 22, 2004 9:39 am    Post subject: Reply with quote

Well, my machine didn't have any /var/lib/ldap so I moved on to the 2nd option... 8)

Not much in the log, only:
Code:

May 22 11:31:18 sb62g2 lt-slapd[30710]: sql_select option missing
May 22 11:31:18 sb62g2 lt-slapd[30710]: auxpropfunc error no mechanism available
May 22 11:31:18 sb62g2 lt-slapd[30710]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
[quote]

Who's next with helpful advice?  ;)

[/quote]

_________________
Greetz,
Evert Meulie
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3, 4  Next
Page 2 of 4

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum