[turba] ldap config so users can edit their own address book

Lucius Junevicus ljunevicus at delphinus.com
Tue Mar 11 12:07:47 PST 2003


I'm pretty new to ldap.
I've just setup openldap on the server and have it configured so that it
shows up in turba and is also viewable by an outlook or netscape client.

What I'd like to do is set up turba so that each user can modify their own
entry, and only a few select users can modify everyone's entry.

I've set up the following:



under the sources.php I've put in $cfgSources['localldap'] = array(
    'title' => 'Shared Directory',
    'type' => 'ldap',
    'params' => array(
        'server' => 'ourserver.com',
        'port' => 389,
        'root' => 'o=ourcompany',
        'bind_dn' => 'cn=userAdmin,o=ourcompany',
        'bind_password' => 'whateverpassword',
        'dn' => array('cn'),
        'objectclass' => 'person',
        'version' => 3
    ),
    'map' => array(
        '__key' => 'dn',
        'name' => 'cn',
        'email' => 'mail',
        'homePhone' => 'homephone',
        'workPhone' => 'telephonenumber',
        'cellPhone' => 'mobile',
        'homeAddress' => 'homepostaladdress'
    ),
    'search' => array(
        'name',
        'email',
        'homePhone',
        'workPhone',
        'cellPhone',
        'homeAddress'
    ),
    'strict' => array(
        'dn'
    ),
    'public' => true,
    'readonly' => true,
    'admin' => array(Auth::getAuth()),
    'export' => true
);

The array(Auth::getAuth()) seems to allow me to edit everyone's address.

This is the access part of my slapd.conf file
access to dn=".*,ou=users,o=ourcompany"
  by self write
  by dn="cn=userAdmin,o=ourcompany" write
  by anonymous read

Again I'm very new to ldap and have no idea if this is remotely correct.

Right now I can modify everyone's address.  I'd just like to be able to
modify myown  (then setup an account to modify everyones)

Thanks.







More information about the turba mailing list