[turba] Re: ldap global address book.
Neal Timm
neal.timm at trillion.net
Fri Mar 4 08:40:17 PST 2005
One more question is when I export the shared address book all the
entries show up but when I search they are not any Ideas?
Thanks,
-----Original Message-----
From: Craig White [mailto:craigwhite at azapple.com]
Sent: Friday, March 04, 2005 10:03 AM
To: Neal Timm
Cc: turba at lists.horde.org
Subject: RE: [turba] Re: ldap global address book.
No - your problem is that you don't understand how to use LDAP (gosh I
hate replying to top posted replies)
The answer to setting up turba sources for ldap source address books is
ALWAYS obvious if you can use the ldap client tools from the command
line...
ldapsearch -x -h localhost -b 'dc=trillion,dc=net' '(cn=*)'
or
ldapsearch -x -h localhost -D 'cn=rootbinddn,dc=trillion,dc=net' -b
'dc=trillion,dc=net' -W '(cn=*)'
the second method is needed if you don't permit anonymous binds to this
data and of course, you would have to substitute your real rootbinddn
Lastly - it would make sense to me to have containers for your data
rather than just tossing it into the base and suggesting that it must be
this way because of postfixadmin suggests that little planning when into
setting up DSA in the first place and too little knowledge of things
like the padl tools such as nsswitch and ldap.conf for integrating
postfix and other applications into using the ldap DSA.
Craig
On Fri, 2005-03-04 at 07:57 -0600, Neal Timm wrote:
> Thanks for the response. My problem is I can't make any changes to
ldap
> we are using postfixadmin for virtual hosting it it slings entries in
to
> some mysql tables which ldap then reads. I can see the mysql queries
> being executed the first query it does doesn't return anything but the
> second query it does is exactly the same as the one from outlook
express
> but my guessing is that since the first one fails nothing gets
returned.
>
>
> -----Original Message-----
> From: Craig White [mailto:craigwhite at azapple.com]
> Sent: Thursday, March 03, 2005 10:02 PM
> To: turba at lists.horde.org
> Subject: [turba] Re: ldap global address book.
>
> On Thu, 2005-03-03 at 20:08 -0600, Neal Timm wrote:
> > I have a global address book stored in ldap I can search entries
using
> > outlook express fine but with turba nothing ever gets returned.
Here
> is
> > a query I use via ldap search.
> >
> > If someone could point me to the right variables in the sources.php
I
> > would appreciate it.
> >
> >
> >
> > ldapsearch -x -b 'dc=domain,dc=net' '(objectclass=*)'
> >
> > # extended LDIF
> >
> > #
> >
> > # LDAPv3
> >
> > # base <dc=trillion,dc=net> with scope sub
> >
> > # filter: (objectclass=*)
> >
> > # requesting: ALL
> >
> > #
> >
> >
> >
> > # ntimm, domain.net
> >
> > dn: cn=ntimm,dc=domian,dc=net
> >
> > objectClass: inetOrgPerson
> >
> > cn: neal
> >
> > mail: ntimm at domain.net
> ----
> My idea of ldap DIT is to have 'containers' for the various objects
and
> thus, I wouldn't think it a great idea to put users in the base of my
> DIT.
>
> You might consider...
>
> ou=People,dc=domain,dc=net
> ou=Groups,dc=domain,dc=net
>
> then a dn: for ntimm would look like...
>
> uid=ntimm,ou=People,dc=domain,dc=com
> and this dn: might include attributes like
> ou: top
> ou: person
> ou: inetOrgPerson
> ou: sambaSamAccount
> ou: calEntry
> cn: ntimm
> sn: Timm
> userPassword: someencryptedpassword
> sambaLMPassword: someencryptedpassword
> sambaNTPassword: someencryptedpassword
> sambaSID: S-1...
> sambaPrimaryGroupSID: S-1...
>
> this is all from the top of my head and I may have messed some things
up
> and missed some obvious required entries
>
> of course, you are free to set things up as you wish.
>
> the 'root' setup in turba would best be set to the root ou for your
> 'People' category, whatever you call it and thus, not do sub
searching.
>
> I think that trying to use applications to learn how to do ldap is too
> indirect, too frustrating and at best ineffective way to learn ldap -
> you need to learn to use LDAP and plan it's structure and stuff before
> you try to integrate it into applications, and when you do try to
> integrate it into applications, best to try simple system applications
-
> i.e. authentication stuff for imap, ssh etc.
>
> Craig
>
More information about the turba
mailing list