LDAP
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
VRAC
apt-get install slapd phpldapadmin ldap-utils slappasswd -> create a root pwd string edit /etc/ldap/slapd.conf -> enable rootdn and add rootpw "{SHA}xxxx" private:/etc/ldap# cat create_struct.ldif dn: dc=addressbook,dc=yobi,dc=be description: Yobi's addessbook objectClass: domain objectClass: top dc: addressbook dn: dc=groups,dc=yobi,dc=be description: Users groups objectClass: domain dc: groups dn: dc=users,dc=yobi,dc=be description: Users objectClass: domain dc: users ldapadd -c -x -D "cn=admin,dc=yobi,dc=be" -W -f create_struct.ldif ... users groups books /usr/lib/cgi-bin/pwab.cgi /var/www/styles/pwab.css /etc/pwab/config.pl # For pwab AddHandler cgi-script .cgi <Directory "/var/www/pwab"> Options +ExecCGI </Directory> apt-get install libnet-ldap-perl .htaccess add schema /etc/ldap/shema/mozillaAbPersonAlpha.schema walrantMozillaAbPerson.schema /etc/ldap/slapd.conf: #include /etc/ldap/schema/mozillaAbPersonAlpha.schema include /etc/ldap/schema/walrantMozillaAbPerson.schema ACLs... BASE DN dc=addressbook,dc=yobi,dc=be BIND DN cn=phil,dc=users,dc=yobi,dc=be
mozimport.pl
#!/usr/bin/perl use strict; use MIME::Base64; die "Usage: $0 <file>" unless $ARGV[0]; my $dest = "ou=import,ou=phil,dc=addressbook,dc=yobi,dc=be"; my %e; my @t; open (my $fh,$ARGV[0]) or die "Cannot open file $ARGV[0]: $!"; while (<$fh>) { next if m/^modifytimestamp:/i; next if m/^mozillaDefaultEmail/i; next if m/^mozillaCustom4/i; next if m/^objectclass/i; next unless m/([^:]+):(.*)/; my $attr = $1; my $val = $2; $#t++ if m/^dn/; warn "attr already exists: $attr" if $t[$#t]->{$attr}; if ( $val =~ m/^:/ ) { $val = decode_base64(substr($val,2)); $t[$#t]->{$attr . 'charset'} = 1; } else { $val = substr($val,1); } $t[$#t]->{$attr} = $val; } close($fh); foreach (@t) { unless ($_->{'sn'}) { $_->{'sn'} = $_->{'givenName'}; $_->{'givenName'} = "-"; } $_->{'cn'} = $_->{'sn'} . " " . $_->{'givenName'}; $_->{'cn'.'charset'} = $_->{'sn'.'charset'} + $_->{'givenName'.'charset'}; $_->{'dn'} = 'cn=' . $_->{'cn'} . ',' . $dest; $_->{'dn'.'charset'} = $_->{'cn'.'charset'}; foreach my $i (keys %{$_}) { next if $i =~ m/charset/; if ($_->{$i.'charset'}) { $_->{$i} = encode_base64($_->{$i}); $_->{$i} =~ s/[\n\r]//g; } } my $h = ''; $h = ':' if $_->{'dn'.'charset'}; print "dn:$h $_->{dn}\n"; print "objectclass: top\n"; print "objectclass: person\n"; print "objectclass: organizationalPerson\n"; print "objectclass: inetOrgPerson\n"; print "objectclass: mozillaAbPersonAlpha\n"; print "objectclass: walrantMozillaAbPerson\n"; foreach my $i (keys %{$_}) { next if $i =~ m/charset/; next if $i =~m/dn/; my $h=''; if ($_->{$i.'charset'}) { $h=':'; } print "$i:$h $_->{$i}\n"; } print "\n"; } exit; if ( m/objectclass: mozillaAbPersonAlpha/ ) { print; print "objectclass: walrantMozillaAbPerson\n"; next; } print;
Bugs
- when moving card to a dir where the card dn exists already
- Mozilla autocompletion -> account settings -> choose explicitely the LDAP server, not via default LDAP
TLS
To run the service through TLS for the outside and without TLS internally (for phpLdapAdmin and pwab):
Edit /etc/default/slapd
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps://<public_ip>/"
Edit /etc/ldap/slapd and add:
include /etc/ldap/tls.conf
Create /etc/ldap/tls.conf
Here I simply reuse the certificates done for apache:
TLSCertificateFile /etc/apache2/ssl/www_yobi_be.crt TLSCertificateKeyFile /etc/apache2/ssl/www_yobi_be.key TLSVerifyClient never
Now it works through TLS for Mozilla Thunderbird