LDAP
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
VRAC
apt-get install slapd phpldapadmin ldap-utils
slappasswd -> create a root pwd string
edit /etc/ldap/slapd.conf -> enable rootdn and add rootpw "{SHA}xxxx"
private:/etc/ldap# cat create_struct.ldif
dn: dc=addressbook,dc=yobi,dc=be
description: Yobi's addessbook
objectClass: domain
objectClass: top
dc: addressbook
dn: dc=groups,dc=yobi,dc=be
description: Users groups
objectClass: domain
dc: groups
dn: dc=users,dc=yobi,dc=be
description: Users
objectClass: domain
dc: users
ldapadd -c -x -D "cn=admin,dc=yobi,dc=be" -W -f create_struct.ldif
... users groups books
/usr/lib/cgi-bin/pwab.cgi
/var/www/styles/pwab.css
/etc/pwab/config.pl
# For pwab
AddHandler cgi-script .cgi
<Directory "/var/www/pwab">
Options +ExecCGI
</Directory>
apt-get install libnet-ldap-perl
.htaccess
add schema /etc/ldap/shema/mozillaAbPersonAlpha.schema
walrantMozillaAbPerson.schema
/etc/ldap/slapd.conf:
#include /etc/ldap/schema/mozillaAbPersonAlpha.schema
include /etc/ldap/schema/walrantMozillaAbPerson.schema
ACLs...
BASE DN dc=addressbook,dc=yobi,dc=be
BIND DN cn=phil,dc=users,dc=yobi,dc=be
mozimport.pl
#!/usr/bin/perl
use strict;
use MIME::Base64;
die "Usage: $0 <file>" unless $ARGV[0];
my $dest = "ou=import,ou=phil,dc=addressbook,dc=yobi,dc=be";
my %e;
my @t;
open (my $fh,$ARGV[0]) or die "Cannot open file $ARGV[0]: $!";
while (<$fh>) {
next if m/^modifytimestamp:/i;
next if m/^mozillaDefaultEmail/i;
next if m/^mozillaCustom4/i;
next if m/^objectclass/i;
next unless m/([^:]+):(.*)/;
my $attr = $1;
my $val = $2;
$#t++ if m/^dn/;
warn "attr already exists: $attr" if $t[$#t]->{$attr};
if ( $val =~ m/^:/ ) {
$val = decode_base64(substr($val,2));
$t[$#t]->{$attr . 'charset'} = 1;
} else {
$val = substr($val,1);
}
$t[$#t]->{$attr} = $val;
}
close($fh);
foreach (@t) {
unless ($_->{'sn'}) {
$_->{'sn'} = $_->{'givenName'};
$_->{'givenName'} = "-";
}
$_->{'cn'} = $_->{'sn'} . " " . $_->{'givenName'};
$_->{'cn'.'charset'} = $_->{'sn'.'charset'} + $_->{'givenName'.'charset'};
$_->{'dn'} = 'cn=' . $_->{'cn'} . ',' . $dest;
$_->{'dn'.'charset'} = $_->{'cn'.'charset'};
foreach my $i (keys %{$_}) {
next if $i =~ m/charset/;
if ($_->{$i.'charset'}) {
$_->{$i} = encode_base64($_->{$i});
$_->{$i} =~ s/[\n\r]//g;
}
}
my $h = '';
$h = ':' if $_->{'dn'.'charset'};
print "dn:$h $_->{dn}\n";
print "objectclass: top\n";
print "objectclass: person\n";
print "objectclass: organizationalPerson\n";
print "objectclass: inetOrgPerson\n";
print "objectclass: mozillaAbPersonAlpha\n";
print "objectclass: walrantMozillaAbPerson\n";
foreach my $i (keys %{$_}) {
next if $i =~ m/charset/;
next if $i =~m/dn/;
my $h='';
if ($_->{$i.'charset'}) {
$h=':';
}
print "$i:$h $_->{$i}\n";
}
print "\n";
}
exit;
if ( m/objectclass: mozillaAbPersonAlpha/ ) {
print;
print "objectclass: walrantMozillaAbPerson\n";
next;
}
print;
Bugs
- when moving card to a dir where the card dn exists already
- Mozilla autocompletion -> account settings -> choose explicitely the LDAP server, not via default LDAP
TLS
To run the service through TLS for the outside and without TLS internally (for phpLdapAdmin and pwab):
Edit /etc/default/slapd
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps://<public_ip>/"
Edit /etc/ldap/slapd and add:
include /etc/ldap/tls.conf
Create /etc/ldap/tls.conf
Here I simply reuse the certificates done for apache:
TLSCertificateFile /etc/apache2/ssl/www_yobi_be.crt TLSCertificateKeyFile /etc/apache2/ssl/www_yobi_be.key TLSVerifyClient never
Now it works through TLS for Mozilla Thunderbird