Ldap és a thunderbird

Linux-haladó

Ldap és a thunderbird

  • 2866 megtekintés

( mosoly | 2006. 02. 02., cs – 07:49 )

Sziasztok !

Thunderbird és outlook közös cimtarat szeretnek csinálni és ennek érdekében a következő dolgokat műveltem eddig:

Feltettem egy schema filet /mozillaOrgPerson.schema / majd utánna a slapd.conf módosítva most így néz ki:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
#include /etc/openldap/schema/officeperson.schema
include /etc/openldap/schema/mozillaOrgPerson.schema
#include /etc/openldap/schema/samba3.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by self write
by * read

access to dn.base="cn=Subschema"
by * read

access to attr=userPassword,userPKCS12
by self write
by * auth

access to attr=shadowLastChange
by self write
by * read

access to *
by * read

# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=mz,dc=perx,dc=hu"
rootdn "cn=Manager,dc=mz,dc=perx,dc=hu"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.

rootpw {SSHA}Q0lq1VB3HBRRrobZGa1lF1Xyd2DIT8S1

#rootpw {SSHA}j798i/9ZMC/hzF5Xv62AlEvoQx4jJUww
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass eq

A schema fájl a következő
# This file can be used to define an objects to support MS/Outlook,
# Netscape Communicator, and PAM.
#
# The first object type, "officePerson" is used to support the MS/Outlookemail
# address book LDAP interface.
#
# Requires files : core.schema, cosine.schema, inetorgperson.schema,
# officeperson.schema
# Requires objects:
# Modify:
# cosine.schema
# NAME ( 'pager' 'pagerTelephoneNumber' 'pagerPhone' )
#
# core.schema:
# NAME ( 'telephoneNumber' 'xmozillaanyphone' )
# NAME ( 'uid' 'userid' 'ntuid')
# NAME ( 'telephoneNumber' 'xmozillaanyphone' )
#
# nis.schema:
# NAME ( 'uidNumber' 'rid' )

# MS/Active Directory schema:
# objectClass: user
# objectSid:: AQUAAAAAAAUVAAAAmwvBHlQZDilDFwoyUAQAAA==
# objectClass: computer
# objectClass: group
# groupType: -2147483646

# Author Greg Ippolito
#
# Extentions to support MS/Outlook using openldap experimental OID's

attributetype ( 1.3.6.1.4.1.4203.666.100.121
NAME ( 'rdn' )
SUP name )

attributetype ( 1.3.6.1.4.1.4203.666.100.122
NAME ( 'otherFacsimiletelephoneNumber' )
SUP telephoneNumber )

attributetype ( 1.3.6.1.4.1.4203.666.100.123
NAME ( 'IPPhone' )
SUP telephoneNumber )

# This attribute handles MS/Outlook and Netscape Communicator

attributetype ( 1.3.6.1.4.1.4203.666.100.124
NAME ( 'URL' 'homeUrl' )
SUP name )

attributetype ( 1.3.6.1.4.1.4203.666.100.125
NAME ( 'comment' )
SUP name )

attributetype ( 1.3.6.1.4.1.4203.666.100.126
NAME ( 'conferenceInformation' )
SUP name )

attributetype ( 1.3.6.1.4.1.4203.666.100.127
NAME ( 'reports' )
SUP manager )

objectclass ( 1.3.6.1.4.1.4203.666.100.1
NAME 'officePerson'
DESC 'Office employee or computer user'
SUP inetOrgPerson
STRUCTURAL
MAY ( c $
rdn $
otherFacsimiletelephoneNumber $
IPPhone $
URL $
comment $
reports $
conferenceInformation )
)

# SAMBA:
#
# Samba | Existing attribute | Schema file
# ntuid | uid | core.schema
# rid | uidNumber | nis.schema
# There is a conflict with loginShell. posixAccount would hold /bin/bash
# while sambaAccount would hold /bin/pleurop

#attributetype ( 1.3.6.1.4.1.4203.666.100.101
# NAME ( 'lmpassword' )
# SUP userPassword )

#attributetype ( 1.3.6.1.4.1.4203.666.100.102
# NAME ( 'ntpasswd' )
# SUP userPassword )

#objectclass ( 1.3.6.1.4.1.4203.666.100.2
# NAME 'sambaAccount'
# DESC 'Samba user account'
# STRUCTURAL
# MAY ( ntuid $ rid $ lmpassword $ ntpasswd $ loginshell )
# )

# Extentions to support Netscape Communicator.
#
# Note that some current attribute definitions may be modified to avoid
# duplication which would break database normalization:
#
# Netscape | inetOrgPerson | Microsoft | Schema file
# cellPhone | mobile | | cosine.schema
# pagerPhone | pager | | cosine.schema
# homeUrl | seeAlso | URL | core.schema
# (distinguishedName)
# xmozillaanyphone|telephoneNumber | core.schema
# The inetorgperson.schema has a dificulty with the seeAlso attribute because
# it references a DN rather than the actual URL, thus I defined a new attribute
# for ( 'homeUrl' 'URL' ) in this file.

# Alter the schema files to add name as attribute is already defined:
# Thus add cellPhone and pagerPhone to existing definitions in cosine.schema
# and add homeUrl and xmozillaanyphone to existing definitions in core.schema.

attributetype ( 1.3.6.1.4.1.4203.666.100.151
NAME ( 'xmozillanickname' )
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

attributetype ( 1.3.6.1.4.1.4203.666.100.152
NAME 'xmozillausehtmlmail'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )

objectclass ( 1.3.6.1.4.1.4203.666.100.5
NAME 'zillaPerson'
DESC 'Netscape Communicator Extensions'
SUP officePerson
STRUCTURAL
MAY ( cellPhone $
pagerPhone $
description $
homeUrl $
xmozillaanyphone $
xmozillanickname $
xmozillausehtmlmail )
)

Bocsi a kicsit hosszúra nyúlt kérdésért.

Az Ldap szervert elinditva nincsen hiba fut és működőképes, ha egy outlook expresst vagy outlook programot hozok kapcsolatba vele.
Viszont még mindig nem működik a thunderbird programmal a címjegyzék elérés kérdésem az, hogy mit kell még elkövetnem a kapcsolódáshoz ??

Előre köszi a segítséget!

Mosoly

( Panther v | 2006. 02. 02., cs – 08:18 )

Gondoltam, megnézem. Az egyetlen gondom az, hogy a cellPhone tulajdonság nincs definiálva, ellenben a cosine.schema tartalmaz egy mobile tulajdonságot. Ez ugyanaz akar lenni?

Ez az oldal szerint ugyanaz: http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-GILSchemaExtension.html
szvsz ez gányolás

( mosoly | 2006. 02. 02., cs – 08:36 )

Már nem emlékszem honnan töltöttem le :(

De igazából az volna akkor a kérdésem hogy mit javítsak ki, vagy mire cseréljem le ??

Üdv Mosoly

Szia!

El tudnád küldeni Nekem a működő LDAP konfigurációs állományaidat, mert most Én is ezzel szívok (LDAP <-> ThunderBird kapcsolat). A végén sikerült tökéletesen működésre bírni?

Előre is köszönöm: Tamás!