Hi there,
I am an avid e-smith user and have been for over a year. During this year I have increased my opensource/linux knowledge up and up, which has been both challenging and enjoyable. I am currently working on an e-smith setup that can and will completely replace the need for an MS Exchange/Win2k Domain Controller, which is pretty much what e-smith able to do with a few tweaks (bit of an understatement). It does by default lack certain things; the ability to share calendars and schedules and a central repository for contacts to be stored and easily accessed via client apps. I know that LDAP can solve the central contacts list in its directory and on the dev-lists Brandon Friedman mentioned jical (jical –
http://jical.sourceforge.net/). I am still doing testing on jical, but it is LDAP that is my current focus. I have been trying to set up a server that is a NT Domain Controller with the other services that are set up by e-smith 5.6, but I am still struggling with setting up a central contacts list in LDAP. I have been doing quite a bit of research in the last month on the topic LDAP. There is a lot of information on the topic and there is a lot of capability/potential there.
What I need to do is:
1. Take an E-smith 5.6 install and create an organisational unit in the LDAP directory (e.g. ou=contacts) for the contacts to be stored in
2. This directory should be accessible by MS Outlook and Evolution for browsing
3. It should be readable by all and writable by one LDAP account (e.g. create new acc. - LDAPadmin), which should be able to add new and update old entries
4. Some form of security needs to put in place.
5. The setup needs some sort of backup
What I have know so far is (which isn’t to say its right, so please correct me if I am wrong, constructive criticism is what I need from everyone out there):
1. The default install install of e-smith 5.6 has LDAP well integrated with all the services/modules (e.g. pam, nss, shadow, samba, ftp, qmail, etc), which all do their authentication through a single account.
To create a central contacts directory I will need to make some modifications to the directory.
2. I need to create an organisational unit for the “contacts” to be stored in
3. The correct access control needs to be set on the directory so that everyone has the correct access to the information needed
4. The slapd.conf needs to be modified to allow for any of the above mentioned stuff to be done. Edit and insert slapd.conf templates that will add the necessary functions
5 To allow for MS Outlook and Netscape or Evolution to browse all their defined attributes in the LDAP directory structure I will need to include another schema file (see bottom
), which will insert the additional attributes needed by these applications
6. As far as I can see I need to turn on schemacheck to make sure that all the data that would be inserted into the directory conforms to directory schema standards, what I noticed is that this is turned of by default.
7. The slurpd.conf needs to be setup/created to allow for replication and the relevant master/slave relationships need to be set up
Once slurpd.conf has been setup then an entry needs to be made for location of the “logfile” and for the “loglevel”
8. For secure communication (SSL/TLS) to take place a server certificate and key needs to create via openssl or third-party, about three or more TLS*** lines need to be added to tell LDAP where everything is
9. Additional index entries need to be made to speed up search requests
10. The main thing that I have noticed in the slapd.conf file in e-smith 5.6 is that it has no access control permissions set. I have tried to set some but this has not helped me to gain writable access to the directory. Any suggestions here are welcome!
11. Any other part of importance in this file I may have left out, please comment on
12. Once all of this is set up I should be able to connect to this via an LDAP browser (GQ - http://biot.com/gq/, SALT - http://salt.sourceforge.net/, etc.) and add, modify and update entries in the contacts list without affecting the users defined in the directory for all the other services
I have been adding additional entries into slapd.conf by creating the respective templates and then initializing them, but even though I have set what I see to be the correct acl’s I am unable to add info into the directory. I also am unsure of how to create an administration user to bind to LDAP. Even if I try to connect as root I am unable to make changes.
If you are able to shed any light on my project it would be greatly appreciated. Once I have completed this project and got all of this integration working 100%, I would like to document my findings in a howto and submit it to contribs.org, but I am not quite sure what I would need to do to get this right. Thank you for the time and effort of reading this LONG post and I await a response with anticipation.
Kind Regards
Ashley Shaw
Light Speed Development
South Africa
P.s. Plan on doing quite a bit of development regarding JiCal, it really does show some rad potential.
extension.schema - a schema file included on slapd.conf (source at http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-DefineObjectsAndAttributes.html)
attributetype ( 1.3.6.1.4.1.4203.666.100.121
NAME ( 'rdn' )
SUP name )
attributetype ( 1.3.6.1.4.1.4203.666.100.122
NAME ( 'otherFacsimiletelephoneNumber' )
SUP telephoneNumber )
attributetype ( 1.3.6.1.4.1.4203.666.100.123
NAME ( 'IPPhone' )
SUP telephoneNumber )
# This attribute handles MS/Outlook and Netscape Communicator
attributetype ( 1.3.6.1.4.1.4203.666.100.124
NAME ( 'URL' 'homeUrl' )
SUP name )
attributetype ( 1.3.6.1.4.1.4203.666.100.125
NAME ( 'comment' )
SUP name )
attributetype ( 1.3.6.1.4.1.4203.666.100.126
NAME ( 'conferenceInformation' )
SUP name )
attributetype ( 1.3.6.1.4.1.4203.666.100.127
NAME ( 'reports' )
SUP manager )
objectclass ( 1.3.6.1.4.1.4203.666.100.1
NAME 'officePerson'
DESC 'Office employee or computer user'
SUP inetOrgPerson
STRUCTURAL
MAY ( c $
rdn $
otherFacsimiletelephoneNumber $
IPPhone $
URL $
comment $
reports $
conferenceInformation )
)
# New attributes and object required for compatability with Netscape Communicator
attributetype ( 1.3.6.1.4.1.4203.666.100.151
NAME ( 'xmozillanickname' )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributetype ( 1.3.6.1.4.1.4203.666.100.152
NAME 'xmozillausehtmlmail'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
objectclass ( 1.3.6.1.4.1.4203.666.100.5
NAME 'zillaPerson'
DESC 'Netscape Communicator Extensions'
SUP inetOrgPerson
STRUCTURAL
MAY ( cellPhone $
pagerPhone $
description $
homeUrl $
xmozillanickname $
xmozillausehtmlmail )
)
11 Replies
1601 Views