OpenLDAP

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol, and is used to quick data access across a network.

• See: http://www.openldap.org/

Installing a New LDAP Server[edit | edit source]

Installing Required Packages for LDAP[edit | edit source]

yum -y install openldap openldap-servers openldap-clients cyrus-sasl-ldap 

Configuring LDAP Server[edit | edit source]

Start out by creating a file named 01-buildldap.dir, and add:

dn: dc=mattrude,dc=com
objectClass: top
objectClass: dcObject
objectClass: organizationalUnit
dc: mattrude
ou: Top Level Domain

dn: ou=example.com,dc=mattrude,dc=com
objectClass: organizationalUnit
ou: example.com 
description: example domain

Now to create a OU to put lets say an address book under, create a new file named 02-buildldap.dir, and add:

dn: ou=addressbook,ou=example.com,dc=mattrude,dc=com
objectClass: organizationalUnit
ou: addressbook
description: Example Domains Addressbook

Now to add the entrys to the databases

ldapadd -D 'dc=mattrude, dc=com' -f 01-buildldap.ldif -W
ldapadd -D 'dc=mattrude, dc=com' -f 02-buildldap.ldif -W

And test to make sure you added what you thout

ldapsearch -x -b 'dc=mattrude, dc=com' 'objectclass=*'

Starting / Running LDAP Server[edit | edit source]

Accessing the LDAP Server[edit | edit source]

Using Your LDAP Server[edit | edit source]

LDAP with command line[edit | edit source]

Log in as root, and print all records in the database

ldapsearch -x -h localhost "objectClass=*"

LDAP with Horde[edit | edit source]

LDAP with RoundCube[edit | edit source]

In the config/main.inc.php file, you need to modify the following lines.

 $rcmail_config['ldap_public']['NetworkAddressBook'] = array(
  'name'          => 'Network Address Book',
  'hosts'         => array('localhost'),
  'port'          => 389,
  'use_tls'        => false,
  'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
  // %fu - The full username provided, assumes the username is an email
  //       address, uses the username_domain value if not an email address.
  // %u  - The username prior to the '@'.
  // %d  - The domain name after the '@'.
  'base_dn'       => 'ou=addressbook,dc=mattrude,dc=com',
  'bind_dn'       => 'cn=Manager,dc=mattrude,dc=com',
  'bind_pass'     => 'secret',
  'writable'      => true,   // Indicates if we can write to the LDAP directory or not.
  // If writable is true then these fields need to be populated:
  // LDAP_Object_Classes, required_fields, LDAP_rdn
  'LDAP_Object_Classes' => array("top", "inetOrgPerson"), // To create a new contact these are the object classes to specify (or any other classes you wish to use).
  'required_fields'     => array("cn", "sn", "mail"),     // The required fields needed to build a new contact as required by the object classes (can include additional fields not required by the object classes).
  'LDAP_rdn'      => 'mail', // The RDN field that is used for new entries, this field needs to be one of the search_fields, the base of base_dn is appended to the RDN to insert into the LDAP directory.
  'ldap_version'  => 3,       // using LDAPv3
  'search_fields' => array('mail', 'cn'),  // fields to search in
  'name_field'    => 'cn',    // this field represents the contact's name
  'email_field'   => 'mail',  // this field represents the contact's e-mail
  'surname_field' => 'sn',    // this field represents the contact's last name
  'firstname_field' => 'gn',  // this field represents the contact's first name
  'sort'          => 'cn',    // The field to sort the listing by.
  'scope'         => 'sub',   // search mode: sub|base|list
  'filter'        => ,      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
  'global_search' => true,    // perform a global search for address auto-completion on compose
  'fuzzy_search'  => true);   // server allows wildcard search

Or you can try the revised version.

$rcmail_config['ldap_public']['LOGH'] = array(
  'name'          => 'Company Name Here',
  'hosts'         => array('IP.OF.AD_LDAP.SERVER'),
  'port'          => 3268, // This port seems to work better
  'base_dn'       => 'DC=internal,DC=domain,DC=com',
  'bind_dn'       => 'CN=ldap-user,CN=Users,DC=internal,DC=domain,DC=com', // Create a account for querying the ldap
  'bind_pass'     => 'ldap-user-pass', // use the non-priv accounts password
  'search_fields' => array('mail', 'cn'),
  'name_field'    => 'cn',    // this field represents the contact's name
  'firstname_field' => 'givenName', // this field represents the contact's first name
  'surname_field' => 'sn',    // this field represents the contact's last name
  'email_field'   => 'mail',  // this field represents the contact's e-mail
  'scope'         => 'sub',   // search mode: sub|base|list
  'filter'        => ,  // all mail, except the exchange hidden 
  'fuzzy_search'  => TRUE);   // server allows wildcard search

LDAP with Outlook[edit | edit source]

• Outlook 2007 LDAP Support: http://technet.microsoft.com/en-us/library/cc179232.aspx

LDAP with Thunderbird[edit | edit source]

• For Thunderbird LDAP support see: http://kb.wisc.edu/helpdesk/page.php?id=3462

References[edit | edit source]

• LDAP Address Book

• http://www.onlamp.com/pub/a/onlamp/2003/03/27/ldap_ab.html
• http://www.openldap.org/faq/data/cache/1005.html