Topic: LDAP

[wsmeurope]

How to connect to the LDAP server from a client or an admin tool like LDAP Admin.

Thanks a lot[/b]

[DarkMirage]

like LDAP Admin.

Which one would that be (url maybe)?

Anyway, LDAP is listening on port 389 by default, on whatever IP/hostname you have.
You may allow it to listen on the external interface through the server-manager (configuration->directory->LDAP directory access).

Your credentials should look like the following (assuming domain.org is your domain):
dn: cn=root,dc=domain,dc=org
Password is located in /etc/openldap/ldap.pw.

I'm not sure if it's possible to connect with other users, without specifying access in /etc/openldap/slapd.conf...

[wsmeurope]

How to make the password readable

[DarkMirage]

It is readable, that's the thing about that password.
Since you usually don't use it, it's not easy-typable or anything.

I suggest you use putty or something like that,
then do:

Code: [Select]

cat /etc/openldap/ldap.pw
and copy the password of the screen.

[wsmeurope]

A window say "DN syntax not valid"

[DarkMirage]

A DN is a distinguished name, common distinguished names are the bind dn (cn=root,dc=example,dc=org) and the root dn (dc=example,dc=org).

An invalid syntax means you typed one of the above wrong, or used a wrong format for your program. Note that there are NO spaces in the mentioned dn's.

Please provide a link to the program your using and your  domain name, so I can give the specific settings you need. (These may vary between programs, although they shouldn't)

[Carl50mq]

Why the LDAP in SMEServer7(b1, b2 and now b4) is never accessible ?
By webmail and by witchever mail client...

Thanks,
Carl

[wsmeurope]

It's maybe I run a 7b2 ldap doesn't connect !

[DarkMirage]

Using the freeware SofTerra LDAP Browser I have no problem connecting to 6.0.1  , or MS Server 2k3 for that matter. I can also connect to sme7 beta2, but it is not a normal installation (Open-Xchange development implements an LDAP tree). For all I know a normal installation of beta2 does not have an LDAP tree (seems unlikely though).

@Carl50mq: What exactly are you trying to accomplish with LDAP using webmail/mail clients?

[wsmeurope]

I just want to admin LDAP because I use Xoops, and the new version is supposed to connect to ldap for login in.

I just install 7b4 and have downloaded Softerre LDAP Browser

Thanks to everybody ...

[Carl50mq]

Thanks for your help DarkMirage,

I just install too the new SME Server 7b4, and when i open my webmail or a mail client same as Mozilla Thunderbird, i find the adressbook empty!

I have this problèm with SME Server 7b1, b2 and now b4.

I've well select the good parameters "dc=domaine,dc=fr" in the Mozilla mail client, but nothing.

Do ou have an idea about this ?

Carl

[DarkMirage]

Well, I figured it out after playing with Thunderbird/SME for a bit. It seems SME simply does not have a compatible addressbook in it's LDAP.

A Thunderbird export LDIF address card looks like this:

Code: [Select]

dn: cn=Anony Mouse,mail=any@mouse.org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonObsolete
givenName: Anony
sn: Mouse
cn: Anony Mouse
xmozillanickname: Anyme
mail: any@mouse.org
mozillaSecondEmail: mouse@any.org
mozilla_AimScreenName: Any Mouse
xmozillausehtmlmail: true
modifytimestamp: 0Z
telephoneNumber: 0-555-0123
homePhone: 0-555-4567
facsimileTelephoneNumber: 0-555-8999
pager: 0-555-0111
mobile: 0-555-2222
homePostalAddress: Street 1
mozillaHomeLocalityName: SomeVille
mozillaHomeState: ThisState
mozillaHomePostalCode: ZIP111
mozillaHomeCountryName: Linland
homeurl: http://myurl.com

An example from SME 6.0.1-01 in LDIF:

Code: [Select]

dn: uid=anonymouse,dc=domain,dc=org
objectClass: person
uid: anonymouse
cn: Anony Mouse
givenName: Anony
sn: Mouse
mail: anonymouse@domain.org
telephoneNumber: 555-5555
o: XYZ Corporation
ou: Main
l: Ottawa
street: 123 Main Street

which offcourse looks nothing like it.

If I can manage to free up some time I'll have a look at writing an action script,
adding users when created, plus a synchronisation script for existing users.

[DarkMirage]

Well, it seems the easy way out is as follows:
In Thunderbird, add the directory server in the addressbook, and search for one of your users.
A single character will do, although wildcards (*) doesn't seem to work. At that point it will ask for the password,
whichis discussed earlier in this thread (and I suggest you have it remembered instead of looking it up all the time).

Edit: I was going way over the top with my solution, untill I tried this without modifying anything

[CharlieBrady]

Well, it seems the easy way out is as follows:
In Thunderbird, add the directory server in the addressbook, and search for one of your users.
A single character will do, although wildcards (*) doesn't seem to work. At that point it will ask for the password,
whichis discussed earlier in this thread (and I suggest you have it remembered instead of looking it up all the time).

No, that's wrong. The password only exists so that the system can update the directory content. It shouldn't be required for queries.

The is all about 7.0beta. If anything doesn't work in 7.0beta, it should be reported on the bug tracker, not discussed here.

[DarkMirage]

It's not wrong, although it's a bad approach.
It's not a bug either, it's a missing feature.
You could think of adding an access definition which would allow users to view information about other users, which should be included in the sme ldap rpm. It's not even about sme7, as all of this goes for 6.x aswell.

I'll have a look at adding such a file (template fragment) to the rpm.

So the discussion starts here: Is there any information which should not be accessible to other users, which is currently maintained in LDAP?

If/when I get anything done, I'll post a quickfix here (create "somefile" with this content...)