LDAP
Revision as of 01:16, 18 February 2008 by <bdi>PhilippeTeuwen</bdi> (talk | contribs)
VRAC
apt-get install slapd phpldapadmin ldap-utils slappasswd -> create a root pwd string edit /etc/ldap/slapd.conf -> enable rootdn and add rootpw "{SHA}xxxx" private:/etc/ldap# cat create_struct.ldif dn: dc=addressbook,dc=yobi,dc=be description: Yobi's addessbook objectClass: domain objectClass: top dc: addressbook dn: dc=groups,dc=yobi,dc=be description: Users groups objectClass: domain dc: groups dn: dc=users,dc=yobi,dc=be description: Users objectClass: domain dc: users ldapadd -c -x -D "cn=admin,dc=yobi,dc=be" -W -f create_struct.ldif ... users groups books /usr/lib/cgi-bin/pwab.cgi /var/www/styles/pwab.css /etc/pwab/config.pl # For pwab AddHandler cgi-script .cgi <Directory "/var/www/pwab"> Options +ExecCGI </Directory> apt-get install libnet-ldap-perl .htaccess add schema /etc/ldap/shema/mozillaAbPersonAlpha.schema walrantMozillaAbPerson.schema /etc/ldap/slapd.conf: #include /etc/ldap/schema/mozillaAbPersonAlpha.schema include /etc/ldap/schema/walrantMozillaAbPerson.schema ACLs... BASE DN dc=addressbook,dc=yobi,dc=be BIND DN cn=phil,dc=users,dc=yobi,dc=be
mozimport.pl
#!/usr/bin/perl use strict; use MIME::Base64; die "Usage: $0 <file>" unless $ARGV[0]; my $dest = "ou=import,ou=phil,dc=addressbook,dc=yobi,dc=be"; my %e; my @t; open (my $fh,$ARGV[0]) or die "Cannot open file $ARGV[0]: $!"; while (<$fh>) { next if m/^modifytimestamp:/i; next if m/^mozillaDefaultEmail/i; next if m/^mozillaCustom4/i; next if m/^objectclass/i; next unless m/([^:]+):(.*)/; my $attr = $1; my $val = $2; $#t++ if m/^dn/; warn "attr already exists: $attr" if $t[$#t]->{$attr}; if ( $val =~ m/^:/ ) { $val = decode_base64(substr($val,2)); $t[$#t]->{$attr . 'charset'} = 1; } else { $val = substr($val,1); } $t[$#t]->{$attr} = $val; } close($fh); foreach (@t) { unless ($_->{'sn'}) { $_->{'sn'} = $_->{'givenName'}; $_->{'givenName'} = "-"; } $_->{'cn'} = $_->{'sn'} . " " . $_->{'givenName'}; $_->{'cn'.'charset'} = $_->{'sn'.'charset'} + $_->{'givenName'.'charset'}; $_->{'dn'} = 'cn=' . $_->{'cn'} . ',' . $dest; $_->{'dn'.'charset'} = $_->{'cn'.'charset'}; foreach my $i (keys %{$_}) { next if $i =~ m/charset/; if ($_->{$i.'charset'}) { $_->{$i} = encode_base64($_->{$i}); $_->{$i} =~ s/[\n\r]//g; } } my $h = ''; $h = ':' if $_->{'dn'.'charset'}; print "dn:$h $_->{dn}\n"; print "objectclass: top\n"; print "objectclass: person\n"; print "objectclass: organizationalPerson\n"; print "objectclass: inetOrgPerson\n"; print "objectclass: mozillaAbPersonAlpha\n"; print "objectclass: walrantMozillaAbPerson\n"; foreach my $i (keys %{$_}) { next if $i =~ m/charset/; next if $i =~m/dn/; my $h=''; if ($_->{$i.'charset'}) { $h=':'; } print "$i:$h $_->{$i}\n"; } print "\n"; } exit; if ( m/objectclass: mozillaAbPersonAlpha/ ) { print; print "objectclass: walrantMozillaAbPerson\n"; next; } print;
Bugs
- when moving card to a dir where the card dn exists already
- Mozilla autocompletion -> account settings -> choose explicitely the LDAP server, not via default LDAP
TLS
To run the service through TLS for the outside and without TLS internally (for phpLdapAdmin and pwab):
Edit /etc/default/slapd
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps://<public_ip>/"
Edit /etc/ldap/slapd and add:
include /etc/ldap/tls.conf
Create /etc/ldap/tls.conf
Here I simply reuse the certificates done for apache:
TLSCertificateFile /etc/apache2/ssl/www_yobi_be.crt TLSCertificateKeyFile /etc/apache2/ssl/www_yobi_be.key TLSVerifyClient never
Now it works through TLS for Mozilla Thunderbird