George Adams writes: > Hi, all. I'm just starting out with LDAP, so before I even start with > the technical details of my project (which is to make an address-book > system suitable for use with Mozilla Thunderbird and (if possible) > Outlook and Outlook Express, I'm trying to figure out just how to > organize my data.
This reply is a bit general since I don't know either Thunderbird or Outlook except from some brief tests. But anyway... Read up on LDAP first, if you haven't already. This sounds complicated enough that you ought to understand well what you are doing. Some suggested reading: * http://en.wikipedia.org/wiki/LDAP * http://www.ldapman.org/articles/intro_to_ldap.html * http://www.ldapman.org/articles/tree_design.html Have you decided which LDAP implementation to use? I've seen people write about troubles with using Windows clients against a standard LDAP server (OpenLDAP), though it seems to work fine at our site. Maybe I just don't know about some other Windows functionality which usually requires Active Directory. On the other hand, Active Directory is a sort-of LDAP server and more, which doesn't quite follow the LDAP standard and can give non-Microsoft clients like Thunderbird trouble. You can test your clients against our OpenLDAP server and look for me if you like: Server ldap.uio.no, port 389 (the default for LDAP), search base DN "dc=uio,dc=no", search scope subtree, no DN/password to bind with, no need to use TLS. We don't have a test user with 2 addresses though. > For instance, I thought about just having a single "Family Unit" LDAP > record that would store everything about a family (and would be > flexible enough to handle a family of 1 person or 15 people). But > what made it complicated is is that I want people to be able to search > for "John Doe" in Mozilla Thunderbird and have it automatically > present BOTH of his e-mail addresses as options. So it seems to me > that I need to have separate LDAP records for both of John Doe's > e-mail addresses.... right? I haven't tried Thunderbird with a two-address object, but that sounds quite likely. You could define several new attributes - workMail, homeMail, etc and stuff them into a single entry. But then you are limited to clients where you can configure which attributes they'll take the mail address from. Don't know if Thunderbird can, but my impression is that mail clients do not tend to have a very configurable LDAP setup. > But if I do that, how can I avoid having to duplicate all the OTHER > data about John Doe (address, city, state, etc.) that I want to keep > in a single record? Can I define a "family" record that has the whole > Doe family's info, then a separate "stub" record that has only their > e-mail addresses, which can somehow be tied back to the Doe family's > main record? You can make an LDAP tree (each 'dn:' line starts a new entry): dn: cn=addrbook,dc=example,dc=com ... dn: Doe family,cn=addrbook,dc=example,dc=com homePostalAddress: somewhere ... dn: cn=John Doe,Doe family,cn=addrbook,dc=example,dc=com cn: John Doe postalAddress: 15 Main St.$Ottawa$Canada ... dn: l=work,cn=John Doe,Doe family,cn=addrbook,dc=example,dc=com l: work # Include this cn so you can search for it independently of # the name of the parent DN. (Though maybe Thunderbird supports # something special about subtrees, I don't know.) cn: John Doe - work mail: [EMAIL PROTECTED] ... Unfortunately I don't think mail clients like Thunderbird are flexible enough that they can display the parent entries of the entry you search for, or the child entries for that matter. But for non-mail info like postal addresses, you can get an LDAP browser instead. An alternative is to not have a tree, just a "flat" address book. Instead, make use the groupOfNames object class for a family and list the family members' DNs (DN = Distinguished Name, the name of a directory entry) in the family object's "member" attribute. Then you'll need an LDAP browser which will display the "member" attributes of a family. Similarly, use other attributes to denote other relationships if you need to. Finally, remember to get the privacy protection right. E.g. set up access controls in the server so the data is only available to users in your domain, or only to authenticated LDAP users at your organization, or whatever. In the latter case you need to set up the mail client to Bind with your DN and to ask for password, which should be sent protected with TLS since the LDAP Simple Bind operation sends passwords unencrypted. Unless you use Kerberos and your mail client supports that. (No idea if Thunderbird does.) -- Regards, Hallvard --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
