On Thu, 2008-05-01 at 00:11 +0100, Timothy Murphy wrote: > Craig White wrote: > > > No - you misunderstood him > > > > It is not possible to have a 'DN: Address Book' > > No, it is you who misunderstand. > I was _asked_ for the DN, > and the only response that worked was "Address Book". > > Bizarrely, I just checked, and now any response works - > presumably the DN (or RDN) has been stored somewhere. ---- it's ignoring what you put in and getting the base dn from the server and doing a sub search. It may be functional but it's a mess and works only because you're basically doing nothing else with LDAP. If you had LDAP under any kind of load, doing sub searches across the entire DSA is a rather stupid thing to do...it slows down every search and ties up the LDAP server. While you might get away this as a 'read only' client, it doesn't work if you intend to use Kaddressbook to 'write' because it HAS to know what the baseDN is to know where to 'write' ----- > > All you need is suitable 'ou' with ACL permissions to access that 'ou' > > and if that 'ou' were called 'People_I_Want_to_SPAM', Kaddressbook would > > be happy with that too. Of course, that gets into the nuts and bolts of > > LDAP. Having an 'ou' called 'Address Book' or 'AddressBook' has no > > meaning to Kaddressbook unless Kaddressbook is configured to use the DN > > like... > > ou=AddressBook,dc=xyz,dc=com > > KAddressBook had already asked for my host. > The only sense I can make of it is that KAddressBook constructed the DN > from this, together with "Address Book", which I gave in response to "DN". ---- yeah, it probably got the baseDN from your server and is doing a 'sub' search on everything in your LDAP DSA as explained above. That doesn't make it the right way to use it. For example, on my ldap servers, I typically do... ou=AddressBook,dc=example,dc=com # public address book ou=People,dc=example,dc=com # users ou=AddressBook,uid=SOME_USER,ou=People,dc=example,dc=com # as the users own personal LDAP address book and probably some others. I have a lot of users and I can't have them trying to do sub searches from the base all over the entire DSA. Therefore, they have 3 different LDAP address books set up (per above) and they only need to authenticate to their personal LDAP address book (ACL restriction) and anonymous users can (read only) use the shared address book and the 'users' list. ---- > Incidentally, the reason I did this was that I was following > the yolinux tutorial at > <http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html>. > You are invited to access their LDAP server, > and I found that I could indeed see their address book > in my KAddressBook when I gave Host: ldap.yo-linux.com , DN: o=stooges . > This was following their general instructions, which read (in part): > > * Name: YoLinux Demo > * Hostname: ldap.yo-linux.com > * Base DN: o=stooges ---- OK - but yo-linux is running a public LDAP server that has a 'base' of o=stooges If you are trying to make a point here, you aren't making it. Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
