On Monday 07 February 2005 02:01, Nick Smith wrote: > On Sun, 2005-02-06 at 22:19 +0000, Paul Worrall wrote: > > On Sunday 06 February 2005 21:29, Nick Smith wrote: > > > every how-to i have read about on openldap also wants you to > > > authenticate against it. i just want to use it for a global address > > > list, is this possible? if so, is their a how to on just this one part > > > of openldap? or come someone just explain to me how to do it? i already > > > authenticate against a mysql db and dont need openldap for that. is it > > > possible to just use it for a global address list without having to > > > also authenticate with it? is there a better solution for what i want > > > to do? aka a different global address list, that is compatible with > > > both linux and windows boxes. > > > > With the default config on Gentoo, you will need to authenticate to write > > data, but not to read data. For example to add an entry: > > is there a way to change the default config to not authenticate? or have > it look somewhere else, perhaps my mysql db for the authentication? > > > ldapadd -x -H "ldap://localhost"; -D "cn=Manager,dc=example,dc=com" -W > > Enter LDAP Password: <enter the value of rootpw from > > /etc/openldap/slapd.conf> dn: cn=Test User,dc=example,dc=com > > objectclass: person > > sn: User > > cn: Test User > > mail: Test [EMAIL PROTECTED] > > ^D > > adding new entry "cn=Test User,dc=example,dc=com" > > ^D > > im very new to openldap so im not quite sure how to set it up, i can > just emerge it and then start adding people? and also, is there a file i > can edit and put all of them in there or do i have to run that command > every time i want to add someone? also what about a gui frontend for > adding people? is there one? perhaps that i can access remotely as well? > sorry for all the questions. >
Well I am far from an expert, but I have set up an LDAP 'Global Address Book'
such as you describe on my network at home. In my experience it took a bit
of work to set up, and I am not 100% pleased with the end result. For
example: the KDE address book can only retrieve some of its data from ldap,
so if (for example) you want to store more that one email address for a
contact, or their birthday, then you still have to store that in a private
address book, and then you end up with two address book entries for each
contact - one from the ldap server, and one from the private data. In
Thunderbird's address book, the ldap data is not shown at all until you start
typing in the search box and, unlike KDE, you cannot update an ldap entry
from Thunderbird's address book.
To answer some of your questions above:
1. I haven't tried it but if you really want to I think you could give
unauthenticated read/write access by putting the following line in the config
file:
access to * by * write
2. To load data from a file, you will need to prepare a file in LDIF format
(e.g. by exporting from your current address book). The LDIF file must only
contain attributes supported by the ldap schema you have selected in the
config file. The default Gentoo installation selects only core.schema, I
added inetorgperson.schema and cosine.schema. The following command will
load the ldif file into the ldap database:
ldapadd -x -H "ldap://<host.running.ldap>" -D "cn=Manager,dc=example,dc=com"
-W -f example.ldif
replace the bit after -D with the value of rootdn from the config file, or if
you have done away with authentication you can probably omit the -x -D and -W
options.
3. install phpldapadmin on the machine running the ldap server, this gives
you a gui interface accessible from any machine via a web browser. (I've not
used it much though so can't say how useful it is)
--
Paul
pgpOIlIyZfRUd.pgp
Description: PGP signature
