On Wed, 2008-04-23 at 22:09 +0100, Timothy Murphy wrote:
> Craig White wrote:
>
> >> Is anyone successfully using openldap to maintain an address book?
> > ----
> > sure - lots of them
>
> I've seen many discussions of this,
> but never seen an actual example of an ldap address book
> working with KDE kontact/kaddressbook.
----
the client (in your Kaddressbook/Kontact) is probably the meaningless
part because OpenLDAP provides LDAPv3 services to any LDAPv3 client (v2
is possible too but not allowed by default).
----
>
> >> As far as I can see, if you save kaddressbook data in LDIF format,
> >> the resulting file has to be extensively modified
> >> before it becomes acceptable to openldap.
> >>
> >> Eg the DN of a typical entry in the LDIF file reads
> >> dn: cn=Andrew Ryan,mail=aryan27@xxxxxx
> >> which openldap certainly will not like.
> > ----
> > it's not openldap that *wouldn't like this* - it's that there is nothing
> > that says that an ldif file that program X creates in an 'export'
> > operation will match up to the restrictions imposed by your LDAP
> > setup...which is generally the case.
>
> I'm no expert in openldap,
> but I don't see why kaddressbook doesn't use the LDAP DN
> specified in the KAddressBook->LDAP Lookup
> when creating the LDIF.
>
> Or at least it could ask you what DNs you want to use.
----
I suppose that you could put in an RFE
----
>
> > all you need to do is to figure out a way to edit (sed/awk/perl/?) this
> > ldif in a way that matches your setup so that you can import these
> > things without a problem.
> >
> > for example...
> > while this isn't likely to work...
> > dn: cn=Andrew Ryan,mail=aryan27@xxxxxx
> > this could conceivably work...
> > dn: cn=Andrew
> > Ryan,mail=aryan27@xxxxxx,ou=AddressBook,dc=gayleard,dc=org
>
> That's more or less exactly what I do.
> But I don't think it should be necessary.
----
LDAP does...it's entirely rigid about this too.
----
>
> >> What puzzles me about this is that the issue must be one
> >> which occurs to many people.
> >> How is one meant to keep a "global" address book under Fedora?
>
> > Well, since Kmail is a 'write' capapble LDAP client, it is possible to
> > simply create an empty LDAP 'organizationalUnit' for an address book and
> > add entries directly via Kaddressbook. This of course insists that you
> > comport with specific rules such as entries that absolutely require an
> > 'sn' attribute (last name), etc.
>
> Is it possible to do that?
> Could you be a bit more specific please?
> I thought one needed to include the host
> (ou=People,dc=www,dc=xyz,dc=com in my case)?
----
OK, say you have slapd.conf
and in the database section, you have...
database bdb
suffix "dc=www,dc=xyz,dc=com"
and in your ACL's, you have something like
access to dn.subtree="dc=www,dc=xyz,dc=com"
by * write
access to dn.subtree="ou=People,dc=www,dc=xyz,dc=com"
by * write
access to dn.subtree="ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com"
by * write
you're pretty much good to go.
Now, import a simple little ldif that creates the AddressBook ou
dn: ou=People,dc=www,dc=xyz,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com
objectClass: organizationalUnit
ou: AddressBook
import it and you're good to go
Why do I get the feeling that you never bought the Gerald Carter book I
told you to buy?
Craig
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
