From YobiWiki
Jump to navigation Jump to search


apt-get install slapd phpldapadmin ldap-utils
slappasswd -> create a root pwd string
edit /etc/ldap/slapd.conf -> enable rootdn and add rootpw "{SHA}xxxx"
private:/etc/ldap# cat create_struct.ldif 
dn: dc=addressbook,dc=yobi,dc=be
description: Yobi's addessbook
objectClass: domain
objectClass: top
dc: addressbook

dn: dc=groups,dc=yobi,dc=be
description: Users groups
objectClass: domain
dc: groups

dn: dc=users,dc=yobi,dc=be
description: Users
objectClass: domain
dc: users

ldapadd -c -x -D "cn=admin,dc=yobi,dc=be" -W -f create_struct.ldif

... users groups books


# For pwab                                                                                                                                                                
AddHandler cgi-script .cgi                                                                                                                                                
<Directory "/var/www/pwab">                                                                                                                                               
    Options +ExecCGI                                                                                                                                                      
apt-get install libnet-ldap-perl

add schema /etc/ldap/shema/mozillaAbPersonAlpha.schema
#include         /etc/ldap/schema/mozillaAbPersonAlpha.schema                                                                                                             
include         /etc/ldap/schema/walrantMozillaAbPerson.schema


BASE DN dc=addressbook,dc=yobi,dc=be
BIND DN cn=phil,dc=users,dc=yobi,dc=be



use strict;
use MIME::Base64;
die "Usage: $0 <file>" unless $ARGV[0];
my $dest = "ou=import,ou=phil,dc=addressbook,dc=yobi,dc=be";
my %e;
my @t;
open (my $fh,$ARGV[0]) or die "Cannot open file $ARGV[0]: $!";
while (<$fh>) {

    next if m/^modifytimestamp:/i;
    next if m/^mozillaDefaultEmail/i;
    next if m/^mozillaCustom4/i;
    next if m/^objectclass/i;
    next unless m/([^:]+):(.*)/;
    my $attr = $1;
    my $val = $2;
    $#t++ if m/^dn/;
    warn "attr already exists: $attr" if $t[$#t]->{$attr};
    if ( $val =~ m/^:/ ) {
	$val = decode_base64(substr($val,2));
	$t[$#t]->{$attr . 'charset'} = 1;
    } else {
	$val = substr($val,1);
    $t[$#t]->{$attr} = $val;
foreach (@t) {
    unless ($_->{'sn'}) {
	$_->{'sn'} = $_->{'givenName'};
	$_->{'givenName'} = "-";
    $_->{'cn'} = $_->{'sn'} . " " . $_->{'givenName'};
    $_->{'cn'.'charset'} = $_->{'sn'.'charset'} + $_->{'givenName'.'charset'};
    $_->{'dn'} = 'cn=' . $_->{'cn'} . ',' . $dest;
    $_->{'dn'.'charset'} = $_->{'cn'.'charset'};
    foreach my $i (keys %{$_}) {
	next if $i =~ m/charset/;
	if ($_->{$i.'charset'}) {
	    $_->{$i} = encode_base64($_->{$i});
	    $_->{$i} =~ s/[\n\r]//g;
    my $h = '';
    $h = ':' if $_->{'dn'.'charset'};
    print "dn:$h $_->{dn}\n";
    print "objectclass: top\n";
    print "objectclass: person\n";
    print "objectclass: organizationalPerson\n";
    print "objectclass: inetOrgPerson\n";
    print "objectclass: mozillaAbPersonAlpha\n";
    print "objectclass: walrantMozillaAbPerson\n";
    foreach my $i (keys %{$_}) {
	next if $i =~ m/charset/;
	next if $i =~m/dn/;
	my $h='';
	if ($_->{$i.'charset'}) {
	print "$i:$h $_->{$i}\n";
    print "\n";

if ( m/objectclass: mozillaAbPersonAlpha/ ) {
    print "objectclass: walrantMozillaAbPerson\n";


  • when moving card to a dir where the card dn exists already
  • Mozilla autocompletion -> account settings -> choose explicitely the LDAP server, not via default LDAP


To run the service through TLS for the outside and without TLS internally (for phpLdapAdmin and pwab):
Edit /etc/default/slapd

SLAPD_SERVICES="ldap:// ldaps://<public_ip>/"

Edit /etc/ldap/slapd and add:

include /etc/ldap/tls.conf

Create /etc/ldap/tls.conf
Here I simply reuse the certificates done for apache:

TLSCertificateFile /etc/apache2/ssl/www_yobi_be.crt
TLSCertificateKeyFile /etc/apache2/ssl/www_yobi_be.key
TLSVerifyClient never

Now it works through TLS for Mozilla Thunderbird