[imp] LDAP - GWIA

Craig White craigwhite@azapple.com
Sun, 24 Jun 2001 18:50:03 -0700


Cliff Green wrote:
> 
> On Sun, 24 Jun 2001, Craig White wrote:
> 
> CW> Which I guess gets me back to my original question...
> CW>
> CW> If I can query the Novell/GWIA LDAP with...
> CW>
> CW> ldapsearch -x -b "dc=aidssc,dc=org" -h host_ip "(objectclass=*) -v -P 2
> CW>
> CW> and it returns a stream of data that includes a sample like...
> CW>
> CW>   (please ignore real data)
> CW>   # YCB,ASC,ASCDOM,dc=aidssc,dc=org
> CW>   dn: cn=YCB,ou=ASC,ou=ASCDOM,dc=aidssc,dc=org
> CW>   sn: Benson
> CW>   givenname: Yvonne
> CW>   telephonenumber: 222
> CW>   objectclass: person
> CW>   cn:: WXZvbm5lIEJlbnNvbiA=
> CW>   mail: YCB@aidssc.org
> 
> Pardon the questions, but the above return is interesting...
> 
> Is this a complete entry for this person?  The reason I ask is that it
> shows two different cn values, one consisting of initials, and one of a
> base64 representation of a (presumably) binary value.  That's odd.
> 
> Are the ou values consistent across the organization?  That is, does
> everyone have ou=ASC, ou=ASCDOM?  Also, strange as this may sound, are
> other objects besides people being stored in the directory (ie, like
> equipment, groups, etc.).  If so, then expanding the basedn may help weed
> out the stuff you don't want.
> 
> CW> and my imp/config/ldap.php3  - includes...
> CW>
> CW> $LDAPServers['aidssc'] = new LDAPServer('aidssc',
> CW>                                            'AIDSSC',
> CW>                                            '192.168.1.2',
> CW>                                            'dc=aidssc,dc=org',
>                                                ^^^^^^^^^^^^^^^^^^
> 
> What happens when this is 'ou=ASCDOM,dc=aidssc,dc=org' ?  I know this may
> be too restrictive, but just for testing purposes...
> 
-------------
I am not familiar enough with ldap to tell whether the base64 code as a
cn property is odd or not, but it is typical of the entire listing. Note
that this cn line always has 2 '::' (colon's) instead of just one - this
may be significant but I don't know.

Yes, the ou values are consistent across the organization.

Yes, - if I obtain the entire listing from ...

ldapsearch -x -b "ou=ASC,ou=ASCDOM,dc=aidssc,dc=org" -h 192.168.1.2
"(objectclass=*)" -P 2
I get only objectclass=alias and objectclass=person records (203)

ldapsearch -x -b "ou=ASCDOM,dc=aidssc,dc=org" -h 192.168.1.2
"(objectclass=*)" -P 2
I get objectclass=alias, objectclass=person and objectclass=organization
unit records (207)

ldapsearch -x -b "dc=aidssc,dc=org" -h 192.168.1.2 "(objectclass=*)" -P
2
I get objectclass=alias, objectclass=person and objectclass=organization
unit records - same as above (207) 

an alias record looks like this...
  (again - real data - please ignore)
  # Yvonne,ASC,ASCDOM,dc=aidssc,dc=org
  dn: cn=Yvonne,ou=ASC,ou=ASCDOM,dc=aidssc,dc=org
  objectclass: alias
  mail: Yvonne@aidssc.org
GWIA creates these alias records when you create email aliases.

If I change the line per your suggestion in imp/config/ldap.php3'
'ou=ASC,ou=ASCDOM,dc=aidssc,dc=org
or
'ou=ASCDOM,dc=aidssc,dc=org'
or
'dc=aidssc,dc=org'

the result is the same ... too many results to display

but I am neither restarting php, apache nor logging out (i.e. ending
horde/imp/phpsession) with each subsequent change to ldap config file in
imp. I am however closing the contacts window before  I make the change
to imp/config/ldap.php3 and then re-opening contacts window in imp to
check whether it works. That was sufficient enough to make it work for
me on my home test (without Novell/GWIA but rather openldap server.

Those were very good questions and even though I think I went through it
all, it forced me to look it all through again and that is a good thing.

Thanks but still stumped...

Craig