On Wed, 2008-04-23 at 14:35 -0700, Craig White wrote: > On Wed, 2008-04-23 at 22:09 +0100, Timothy Murphy wrote: > > Craig White wrote: > > > > >> Is anyone successfully using openldap to maintain an address book? > > > ---- > > > sure - lots of them > > > > I've seen many discussions of this, > > but never seen an actual example of an ldap address book > > working with KDE kontact/kaddressbook. > ---- > the client (in your Kaddressbook/Kontact) is probably the meaningless > part because OpenLDAP provides LDAPv3 services to any LDAPv3 client (v2 > is possible too but not allowed by default). > ---- > > > > >> As far as I can see, if you save kaddressbook data in LDIF format, > > >> the resulting file has to be extensively modified > > >> before it becomes acceptable to openldap. > > >> > > >> Eg the DN of a typical entry in the LDIF file reads > > >> dn: cn=Andrew Ryan,mail=aryan27@xxxxxx > > >> which openldap certainly will not like. > > > ---- > > > it's not openldap that *wouldn't like this* - it's that there is nothing > > > that says that an ldif file that program X creates in an 'export' > > > operation will match up to the restrictions imposed by your LDAP > > > setup...which is generally the case. > > > > I'm no expert in openldap, > > but I don't see why kaddressbook doesn't use the LDAP DN > > specified in the KAddressBook->LDAP Lookup > > when creating the LDIF. > > > > Or at least it could ask you what DNs you want to use. > ---- > I suppose that you could put in an RFE > ---- > > > > > all you need to do is to figure out a way to edit (sed/awk/perl/?) this > > > ldif in a way that matches your setup so that you can import these > > > things without a problem. > > > > > > for example... > > > while this isn't likely to work... > > > dn: cn=Andrew Ryan,mail=aryan27@xxxxxx > > > this could conceivably work... > > > dn: cn=Andrew > > > Ryan,mail=aryan27@xxxxxx,ou=AddressBook,dc=gayleard,dc=org > > > > That's more or less exactly what I do. > > But I don't think it should be necessary. > ---- > LDAP does...it's entirely rigid about this too. > ---- > > > > >> What puzzles me about this is that the issue must be one > > >> which occurs to many people. > > >> How is one meant to keep a "global" address book under Fedora? > > > > > Well, since Kmail is a 'write' capapble LDAP client, it is possible to > > > simply create an empty LDAP 'organizationalUnit' for an address book and > > > add entries directly via Kaddressbook. This of course insists that you > > > comport with specific rules such as entries that absolutely require an > > > 'sn' attribute (last name), etc. > > > > Is it possible to do that? > > Could you be a bit more specific please? > > I thought one needed to include the host > > (ou=People,dc=www,dc=xyz,dc=com in my case)? > ---- > OK, say you have slapd.conf > and in the database section, you have... > > database bdb > suffix "dc=www,dc=xyz,dc=com" > > and in your ACL's, you have something like > > access to dn.subtree="dc=www,dc=xyz,dc=com" > by * write > access to dn.subtree="ou=People,dc=www,dc=xyz,dc=com" > by * write > access to dn.subtree="ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com" > by * write > > you're pretty much good to go. > > Now, import a simple little ldif that creates the AddressBook ou > > dn: ou=People,dc=www,dc=xyz,dc=com > objectClass: organizationalUnit > ou: People > > dn: ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com > objectClass: organizationalUnit > ou: AddressBook > > import it and you're good to go > > Why do I get the feeling that you never bought the Gerald Carter book I > told you to buy? Thanks Craig! You just saved me twenty bucks! <cackles> Ric -- ================================================ My father, Victor Moore (Vic) used to say: "There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome." R.I.P. Dad. Linux user# 44256 Sign up at: http://counter.li.org/ http://www.sourceforge.net/projects/oar http://www.wayward4now.net <---down4now too ================================================ -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
