On Wed, 2008-04-23 at 22:07 -0400, Ric Moore wrote: > On Wed, 2008-04-23 at 14:35 -0700, Craig White wrote: > > On Wed, 2008-04-23 at 22:09 +0100, Timothy Murphy wrote: > > > Craig White wrote: > > > > > > >> Is anyone successfully using openldap to maintain an address book? > > > > ---- > > > > sure - lots of them > > > > > > I've seen many discussions of this, > > > but never seen an actual example of an ldap address book > > > working with KDE kontact/kaddressbook. > > ---- > > the client (in your Kaddressbook/Kontact) is probably the meaningless > > part because OpenLDAP provides LDAPv3 services to any LDAPv3 client (v2 > > is possible too but not allowed by default). > > ---- > > > > > > >> As far as I can see, if you save kaddressbook data in LDIF format, > > > >> the resulting file has to be extensively modified > > > >> before it becomes acceptable to openldap. > > > >> > > > >> Eg the DN of a typical entry in the LDIF file reads > > > >> dn: cn=Andrew Ryan,mail=aryan27@xxxxxx > > > >> which openldap certainly will not like. > > > > ---- > > > > it's not openldap that *wouldn't like this* - it's that there is nothing > > > > that says that an ldif file that program X creates in an 'export' > > > > operation will match up to the restrictions imposed by your LDAP > > > > setup...which is generally the case. > > > > > > I'm no expert in openldap, > > > but I don't see why kaddressbook doesn't use the LDAP DN > > > specified in the KAddressBook->LDAP Lookup > > > when creating the LDIF. > > > > > > Or at least it could ask you what DNs you want to use. > > ---- > > I suppose that you could put in an RFE > > ---- > > > > > > > all you need to do is to figure out a way to edit (sed/awk/perl/?) this > > > > ldif in a way that matches your setup so that you can import these > > > > things without a problem. > > > > > > > > for example... > > > > while this isn't likely to work... > > > > dn: cn=Andrew Ryan,mail=aryan27@xxxxxx > > > > this could conceivably work... > > > > dn: cn=Andrew > > > > Ryan,mail=aryan27@xxxxxx,ou=AddressBook,dc=gayleard,dc=org > > > > > > That's more or less exactly what I do. > > > But I don't think it should be necessary. > > ---- > > LDAP does...it's entirely rigid about this too. > > ---- > > > > > > >> What puzzles me about this is that the issue must be one > > > >> which occurs to many people. > > > >> How is one meant to keep a "global" address book under Fedora? > > > > > > > Well, since Kmail is a 'write' capapble LDAP client, it is possible to > > > > simply create an empty LDAP 'organizationalUnit' for an address book and > > > > add entries directly via Kaddressbook. This of course insists that you > > > > comport with specific rules such as entries that absolutely require an > > > > 'sn' attribute (last name), etc. > > > > > > Is it possible to do that? > > > Could you be a bit more specific please? > > > I thought one needed to include the host > > > (ou=People,dc=www,dc=xyz,dc=com in my case)? > > ---- > > OK, say you have slapd.conf > > and in the database section, you have... > > > > database bdb > > suffix "dc=www,dc=xyz,dc=com" > > > > and in your ACL's, you have something like > > > > access to dn.subtree="dc=www,dc=xyz,dc=com" > > by * write > > access to dn.subtree="ou=People,dc=www,dc=xyz,dc=com" > > by * write > > access to dn.subtree="ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com" > > by * write > > > > you're pretty much good to go. > > > > Now, import a simple little ldif that creates the AddressBook ou > > > > dn: ou=People,dc=www,dc=xyz,dc=com > > objectClass: organizationalUnit > > ou: People > > > > dn: ou=AddressBook,ou=People,dc=www,dc=xyz,dc=com > > objectClass: organizationalUnit > > ou: AddressBook > > > > import it and you're good to go > > > > Why do I get the feeling that you never bought the Gerald Carter book I > > told you to buy? > > Thanks Craig! You just saved me twenty bucks! <cackles> Ric ---- the last laugh is on you...you have to maintain it personally, I would have just gone with... ou=AddressBook,dc=xyz,dc=com for a simple shared addressbook just to minimize the typing. because ou=People,dc=xyz,dc=com is where I would put authentication accounts. I do also put users own personal LDAP AddressBooks under their account info though but now we are getting way afield of simple LDAP address book. To be honest though, I am quite sure that openldap.org has a simple address book setup in their - yep... http://www.openldap.org/faq/data/cache/1005.html but more importantly...buy the damn book and spend the $20...it will learn ya good. Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
