Topic: LDAP

[andy_wismer]

Hi

PHPLDAPadmin:

I suppose you CAN create new LDAPs, I've never tried that.

What you CAN do is: create new entries in the existing LDAP.
These entries are "seen" by the Horde Address app and by any E-Mail app which has it's Addressbook pointed to the SME. Outlook Express, Thunderbird, Outlook, Mac Mail and others can easily use the SME LDAP as an addressbook (addition...).

I just add/modify E-Mail addresses, and add in "address" type entries, not normal users. For "normal" users, use the server-manager.

PHPLDAPadmin has it's own type of templates, it isn't too difficult to modify them, to make address-making faster...

PHPLDAPadmin can also be used for scheme-extensions. A lot of applications like NetOP remote-control, FileMaker, PCAnywhere, Timbuktu can also use LDAP entries to make the application show up faster on other instances of that application.

Full Docu is available on the PHPLDAPadmin Home Page (Sourceforge...)

YMMV

Andy Wismer

[Agent86]

Thanks that helps.

And one more thing ?

So if I understand this, basically the PHPldapadmin allows you to put in new addresses into the main LDAP, but these new addresses will not show up via SME server-manager but they will actually be there, but not visible to the SME-server-manager ??

And how do you go about restricting users from accessing the LDAP, I guess there is not way to do this ?

Thanks for all the help this clears things up good,

Please confirm all this ?

Thanks

[andy_wismer]

Hi

@Agent86: Your accessment of LDAP/Server-Manager is correct:

LDAP / Server-Manager
================

The Server-Manager is used to manage (most) aspects of SME server. In this sense, the Server-Manager can create/modify/delete accounts on the server.

Accounts created on the server get a automatically created account in MySQL for any settings in Horde.

Any account also gets an entry in the LDAP system, which is used for Address-Book functions in Horde only. SME doesn't use LDAP for anything else, AFAIK.

This means that the entries in LDAP do not show up in Server-Manager, only the corresponding entries in the local files which are created/modified at the same time as SME creates the LDAP entries. This is a technicality, really...

But: SME does provide you with the LDAP infrastructure.

Your added addresses and such will show up in any mail client pointing to the right OU (Check the server-manager page for the right OU...), but they will not show up in Server-Manager because:

- The Server-Manager doesn't query LDAP for display (It's write-only...)
- The Server-Manager isn't built to manage addresses, but accounts.


LDAP Rights
========

LDAP permissions can be really fine-granulated. If needed, you could even set attributes on almost any part of the info.

Say allowing an authenticated user to view the whole name and e-mail only, but not the telefon number, not even first and last names...

LDAP also allows you to set permissions based on IP, Domain-Names, Users, Groups - almost anything needed . But there's several books worth of information on permissions and rights in a LDAP system. Basically most info on M$ Active-Directory and/or Novells eDirectory (NDS) are also valid, at least as far as permissions and rights are concerned, because all mentioned products are based on LDAP V3.

YMMV

Andy Wismer

[Agent86]

Thanks for the clarifications

So I will be able to do what I want with the PHPLDAPadmin if I can get it working properly.

What about the importing and exporting of the addressbooks ?
To the LDAP ? I'm guessing I'll need PHPLDAPadmin to do that ?

Can my email client view all the addressbook fields via the LDAP?
And how? I'm guessing I'll need PHPLDAPadmin to do that ?


Thanks again for the great help this.

[andy_wismer]

Importing and Exporting of Addressbooks:

You'll need to use your Addressbook to Export (CSV, TXT or LDIF)
and PHPLDAPadmin to Import that data into LDAP. You could use command-line LDAP tools instead of PHPLDAPadmin to import, but that's more than hard-core.

Setting your E-Mail Client to use LDAP is actually well documented - in the SME Doku. Basically you just need to point your addressbook (Outlook Express, Outlook, Thunderbird, etc...) to the LDAP Server (Name or IP) and the exact "OU" your SME Server is using. You don't need PHPLDAPadmin for this.

An "OU" is like a folder in LDAP, it's basically a "container" for stuff.

YMMV

Andy Wismer

[nonenone]

Hi
I can't remove smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm

rpm -e smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm
error: package smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm is not installed

rpm -Uvh smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm
Preparing...                ########################################### [100%]
        package smeserver-phpldapadmin-0.9.7.2-0 is already installed
Run SME 7.1.3
Please help.

[Stefano]

Hi
I can't remove smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm

rpm -e smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm
error: package smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm is not installed

Hi

try
rpm -e smeserver-phpldapadmin

HTH
Ciao
Stefano

[nonenone]

Hi
I can't remove smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm

rpm -e smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm
error: package smeserver-phpldapadmin-0.9.7.2-0.noarch.rpm is not installed

Hi

try
rpm -e smeserver-phpldapadmin

HTH
Ciao
Stefano

Work fine!!!!!!!!!!!!!
Merci!!!!

     

[Agent86]

I'm not sure if phpadmin will do this, but I was curious that is there a way that when adding new users to the SME box that each user could have their own LDAP ? And that LDAP would only be editable by the user within horde etc.

I'm not really concerned about sharing the user addressbook, or the user LDAP, but something that would also be nice is:
When adding RPM's contribs, that are available and making the proper edits for sharing addressbooks perhaps there could also  be and edit to share those addressbooks which are now also LDAP's for each user if someone wanted to share their address book.

Basically each user could access their own private address book which would now be a user LDAP and not the main LDAP.

Any suggestions  on these 2 subjects ?

Thanks

[judgej]

I can't figure out how to import contacts to the LDAP addressbook.

From an earlier post: "It's read-only at the moment." You can read the LDAP address book, but you can't write to it.

PHPLDAPadmin - wow. Nice tool. Been looking for something like that for a long time.

-- JJ

[cactus]

I can't figure out how to import contacts to the LDAP addressbook.

From an earlier post: "It's read-only at the moment." You can read the LDAP address book, but you can't write to it.

PHPLDAPadmin - wow. Nice tool. Been looking for something like that for a long time.

-- JJ

If you modify the configuration file of the phpLDAPAdmin and supply the encrypted, randomly generated LDAP password to it you could make it writeable. Although the risk of changes not being properly propagated to other services and SME Server configuration files is pretty big. A better way is trying to help out implementing LDAP in the core of SME Server. There is a bug for that in the bugtracker if I remember correctlty

[Agent86]

Importing and Exporting of Addressbooks:

You'll need to use your Addressbook to Export (CSV, TXT or LDIF)
and PHPLDAPadmin to Import that data into LDAP. You could use command-line LDAP tools instead of PHPLDAPadmin to import, but that's more than hard-core.

Setting your E-Mail Client to use LDAP is actually well documented - in the SME Doku. Basically you just need to point your addressbook (Outlook Express, Outlook, Thunderbird, etc...) to the LDAP Server (Name or IP) and the exact "OU" your SME Server is using. You don't need PHPLDAPadmin for this.

An "OU" is like a folder in LDAP, it's basically a "container" for stuff.

YMMV

Andy Wismer

Can I point the client to a user addressbook on SME ? or only the main LDAP ???

Thats basically what I want is to point the client to the user addressbook ???

Please advise and thanks again for the help.