[turba] Re: Turba 1.2.2 and ldap

Mon Mar 21 07:48:13 PST 2005

On Mon, 2005-03-21 at 17:06 +0200, Jānis wrote:
> Hi!
> 
> I'd liek to ask for some advice on ldap/horde implementation:
> 
> I have
> 1. Horde suite running using MySql ar address book backend;
> 2. LDAP directory with common and personal address books (openldap 2.2.23)
----
2. doesn't make any sense - there are no 'common and personal address
books' that I am aware of in openldap 2.2.23
----
> 
> In case of common addressbook, i can add and entry just a plain entry with name
> , if i try to add anything else, i get "There was an error adding this object."
> and in horde log:
> Mar 21 16:56:49 HORDE [error] [turba] Failed to add an object: [65] "Object
> class violation" (attributes: [a:3:{s:2:"cn";s:12:"XXXX
> YYYYY";s:4:"mail";s:11:"jkbjk at jk.lk";s:11:"objectclass";s:6:"person";}]). [on
> line 41 of "/home/htdocs/morda/horde/turba/addobjectaction.php"]
----
seems as though you would need a 'sn' attribute (surname - last name) as
that is required by person objectclass
----
> 
> if i try to add an entry containing national chars, i am getting following
> error:
> RESULT tag=105 err=34 text=invalid DN
----
hmmm...may be a problem with turba? Can you add these DN's via command
line (ldapadd)
----
> 
> as for personal address book, i can go further than:
> slapd[17402]: conn=7 fd=14 ACCEPT from IP=xx.xx.xx.xx:40640 (IP=0.0.0.0:389)
> slapd[17423]: conn=7 op=0 BIND dn="cn=XXXX,ou=People,dc=d,dc=v" method=128
> slapd[17423]: conn=7 op=0 RESULT tag=97 err=49 text=
----
isn't that an insufficient privileges error?
----
> 
> May be there issomething wrong woth directory config of turba config, because
> all address book users are registered in ou=People as posixusers
----
you have to manage your own ldap DSA - I wouldn't have turba writing to
my ou=People leaf since I keep the posix stuff there and all security
would be out the window. I tend to think of the ou=People not as an
address book but as the container of system users with attributes such
as userPassword which are specifically of interest to authentication
mechanisms but do offer it as a 'read-only' directory to turba (among
others) but control via ACL who can read it (authenticated) and who can
write it (no one) and who can see specific attributes (userPassword
sambaNTPassword sambaLMPassword - self/administrators)
----
> 
> when i try to browse it. There is one record allready made in this book.
> 
> And one general question: how can i make LDAP use iso8859-13 instead of standard
> UTF8
----
LDAP uses UTF8 - by design - should be to your benefit
----
> 
> I can submit directory ldif (structure) if it could help...
----
no need

Craig