# ldap address book howtos? anyone?

## GenTimJS

Anyone have any good how-to docs about setting up an ldap address book server?

We're -almost- done replacing ms exchange, and this is essentially the "last leg" ...

I've googled and STFF'ed but found little ...

----------

## j-m

Hmm, have you already chosen a particular groupware solution?

----------

## GenTimJS

postfix + imap

.. just need the damn shared addy book working and everyone will be happy...

----------

## j-m

Oh, this is probably a misunderstanding. I thought something like PHPGroupWare or Open-Xchange.  :Very Happy: 

----------

## GenTimJS

I am using phpgroupware .. seperately.. but the marketing guys "need" (so they say..) to use outlook and "need" thier shared address book .. this one detail is the last thing left stopping us from unplugging the exchange server ... help!!

anyone have some working slapd.conf files I can template from?

----------

## VoVaN

did you find a solution? if not I can describe few simple steps in order to have private (editable) and shared AB on openLDAP server. For me works/tested for Evolution 2.0 and Kmail 3.4 with read/write access.

----------

## Herring42

Please, post your solution!

----------

## VoVaN

I presume you have OpenLDAP configured and running.

I'm using cyrus-imapd + cyrus-sasl + postfix  for all mailservices and LDAP authentication. In this case you don't have to have unix account in order to access Mail(IMAP) and Address Books (LDAP). I don't know, but it could be possible for other combinations. 

All users are in this example at ou=People,dc=net,dc=home, so this container is used for searching and authenticating users for IMAP/LDAP access. Shared address book you can store where you want  in LDAP server. For private address books which is readable only for particular person we will use ou=personal_addressbook,dc=net,dc=home, so uid=user1,ou=People,dc=net,dc=home has read/write access to ou=user1,ou=personal_addressbook,dc=net,dc=home. That's the idea  :Smile:  Bellow is an example of my slapd.conf in this case. Note, that you can find evolutionperson.schema in /usr/share/evolution-data-server-1.0, which is important if you use Evolution as a client.

```
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/misc.schema

include         /etc/openldap/schema/mail-misc.schema

include         /etc/openldap/schema/evolutionperson.schema

include         /etc/openldap/schema/samba.schema

allow bind_v2

# Use crypt to hash the passwords

password-hash {crypt}

# Define SSL and TLS properties (optional)

TLSCertificateFile      /etc/ssl/ldap.pem

TLSCertificateKeyFile   /etc/openldap/ssl/ldap.pem

TLSCACertificateFile    /etc/ssl/ldap.pem

#TLSVerifyClient                try

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

#######################################################################

# ldbm database definitions

#######################################################################

database        ldbm

suffix          "dc=net,dc=home"

rootdn          "cn=admin,dc=net,dc=home"

# Cleartext passwords, especially for the rootdn, should

# be avoid.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw          topsecret

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory       /home/openldap/openldap-ldbm

# Indices to maintain

#index  objectClass     eq

index      objectClass,uidNumber,gidNumber                      eq

index      cn,sn,uid,displayName                                pres,sub,eq

index      memberUid,mail,givenname                             eq,subinitial

#index      sambaSID,sambaPrimaryGroupSID,sambaDomainName       eq

# index uid             eq

# index    cn,sn,mail   pres,eq,approx,sub

access to dn="ou=(.+),ou=personal_addressbook,dc=net,dc=home"

    by dn="uid=$1,ou=People,dc=net,dc=home" write

    by * none

access to dn=".*,ou=People,dc=net,dc=home"

    by dn="ou=horde,ou=Services,dc=net,dc=home" write

    by dn="ou=mail,ou=Services,dc=net,dc=home" read

    by dn="ou=sasl,ou=Services,dc=net,dc=home" read

    by anonymous auth

    by * none

access to *

    by dn="uid=root,ou=People,dc=net,dc=home" write

    by users read

    by * search

```

----------

## mariourk

 *Quote:*   

> 
> 
> Anyone have any good how-to docs about setting up an ldap address book server?
> 
> 

 

If you did a search on the Gentoo forums, you should have found my howto

Hope that helps  :Smile: 

----------

