# Shared adress book?

## NrG

Hi,

I've been working on setting up a linux mail server and so far everything works great.

The only thing that im still missing is a option for a shared adress book.

Now i know that outlook and many other email clients have the option to add ldap servers to their adress books so my guess the only solution is a central ldap server where all the users login to with their client and ofcourse a tool for the admin to add adresses to it. 

my search ended up @ http://rolodap.sourceforge.net/.

So my question for you is:

Is this the only project that can offer such kind of service or are there any other project that i might have missed?

It seems that rolodap hasnt been updated for almost a year now and the documentation provided is also very limited.

Advice appreciated   :Smile: 

NrG

----------

## nitro322

I just finished setting up an LDAP server to share my address book across multiple computers.  Since I use Mozilla, I just exported my Mozilla Address Book to ldif format, added a Mozilla schema to the ldap server, and then imported it.  It works great now as I can query for addresses when sending an e-mail, browse the notact list in my address book, etc., but I'm still trying to work out a few bugs (home address information, for example, isn't stored, while work address info is).

I did all this manually and had to learn as I went, so it was really a pain in the butt process to get everything setup right.  If you decide to go this route (manually), let me know and I'll post a mini-howto on it.  Should be pretty strightforward now that I sort-of know what's going on.   :Smile:   As I said, though, this is for Mozilla Mail.  It should probably work with other address books as well, but I've never tested it.

----------

## carl67lp

 *nitro322 wrote:*   

> I did all this manually and had to learn as I went, so it was really a pain in the butt process to get everything setup right.  If you decide to go this route (manually), let me know and I'll post a mini-howto on it.  Should be pretty strightforward now that I sort-of know what's going on.    As I said, though, this is for Mozilla Mail.  It should probably work with other address books as well, but I've never tested it.

 

Ah, just what I was looking for.  :Very Happy: 

Indeed, I would also appreciate some insight into this.  In addition, if there is a way other than with an LDAP server, I'd be interested.

Also:  What about security with the LDAP db?  I've got a couple of other users that I might not want seeing my contacts.

----------

## NrG

I didnt know mozilla could export to ldif style, very nice  :Smile: 

I just tried it and it seems to work. Only little problem i still see is that it uses some Mozilla varialbles ie: mozillaHomeLocalityName and some others.

The thing is this ldap adressbook should be able to be used on any system ie mozilla outlook or the likes and i dont know if thats possible to read this kind of information with for instance outlook but atleast this is a start. 

And ofcourse there is still the config of the LDAP server thats still not very clear to me. 

If you could write that howto that would be really nice. Im still a bit unclear bout OU's CN's and all that stuff  :Smile:  In the mean time ill try to find more information on this subject and post it here.

Thx

NrG

----------

## tomgan

I was installing a site with Win2000 computers some years ago. Since I wanted Linux as much as possible, MS Exchange and such was not an option. I spent (part time) several weeks trying to find a solution to the shared address book problem, but I simply couldn't find a satisfactory one. (Since this was Windows, it probably isn't entirely applicable to your problem, but my point is that this is a hard problem.)

Anyways, I stumbled across some solutions. The first (we are using Courier Imap) was to try to make the IMAP server the default mail box for Outlook. This required investment in a MAPI (MS' mail API) provider that seemed buggy...   :Sad: .

The next was to use LDAP. The problem here is that, what I found, Outlook wasn't very keen on updating the database. This would require a separate application. Not a very user friendly solution.

Third, developing a new MAPI address book. I looked into the API and realised that the word "No" kept repeating inside my head.

So, AFAIK, the shared address book question is still unsolved.

----------

## stig

 *nitro322 wrote:*   

> If you decide to go this route (manually), let me know and I'll post a mini-howto on it. 

 

Think it's possible to give out that mini-howto?

----------

## schlehmil

>>refresh  :Wink: <<

i also want such a how-to please

----------

## ews99

I've placed my howto on my wiki page: http://ews99.2y.net/~wiki/docs/index.php?pagename=openldap

Sorry, it's in dutch   :Wink:  but the config files should be readable.

Of course someone could add an English translation on my wiki, and of course, feel free to add your own pages!

The howto is based on https://forums.gentoo.org/viewtopic.php?t=72607

Hope this helps...

----------

## schlehmil

thanks ews99  :Smile: 

my ldap server is running now. but for some reason i have to press clear in the contact list in evolution every time i start evo to see the contacts in list. does anybody know what this can be?

----------

## taskara

anyone out there speaks dutch and english, a translation would be most appreciated  :Very Happy: 

----------

## chapel

I don't speak Dutch, but I just went throught setting up an LDAP server (for a shared address book as well as authentication for IMAP and Samba). So I might be able to help.

Along with this site, I found some very useful pages on http://www.yolinux.com.

Basically you can use the Dutch version, the code is all valid. Also check out the OpenLDAP 2.1 Administrator Guide it makes a good reference for what some of the settings are.

Emerge openldap, configure your slapd.conf, mine is ...

```

include   /etc/openldap/schema/core.schema

include   /etc/openldap/schema/cosine.schema

include   /etc/openldap/schema/nis.schema

include   /etc/openldap/schema/inetorgperson.schema

pidfile   /var/run/openldap/slapd.pid

argsfile  /var/run/openldap/slapd.args

## Only required if you want to use TLS ##

TLSCertificateFile      /etc/openldap/ssl/ldap.pem

TLSCertificateKeyFile   /etc/openldap/ssl/ldap.pem

TLSCipherSuite HIGH:+MEDIUM:!LOW

TLSVerifyClient never

database  ldbm

suffix    "dc=dyndns,dc=biz"   # This can be pretty much anything you want

#suffix    "o=dyndns,c=CA"    # You can also use the o - organization schema

rootdn    "cn=Manager,dc=dyndns,dc=biz"   # This is your "root" for the LDAP

rootpw    {MD5}secret                    # create this password with slappasswd -h {MD5}

defaultaccess none              # No access

access to attr=userPassword                                   # This defines access to the password field

  by dn.base="cn=Manager,dc=dyndns,dc=biz" write  # Manager can write

  by self write                                                        # User can change their own

  by * auth                                                           # Everyone else authenticate

access to *                                                   # This defines access to everything (except passwords)

  by dn="cn=Manager,dc=dyndns,dc=biz" write  # Manager can write

  by self write                                                # Users can change their own details

  by users read                                              # Users can read (needed to read search results)

  by anonymous read                                      # Anonymous can read also

directory /var/lib/openldap-ldbm  # Directory to store your ldbm in 

schemacheck on                      # I really don't know

lastmod     on                         # Track modifications to entries

# Database indexes

index   cn,sn,givenname           pres,eq,sub         # common name, surname, givenname

index   objectClass,uid,uidNumber,gidNumber eq

```

in the /etc/openldap/ldap.conf

```

HOST  localhost               # The host the server is on [host[:port]]

BASE   dc=dyndns,dc=biz   # the base search component, use your suffix from slapd.conf

```

Then you need to create your base.ldif, lots of people have examples. Building your own will help you learn. Also the best switch for ldapadd, ldapmodify and ldapdelete is the -d (debug) switch, very useful.

Here are the 3 keys to my address book, I created a file base.ldif

```

dn: dc=dyndns,dc=biz

objectClass: top

objectClass: domain

dc: dyndns

description: Domain

dn: ou=Address,dc=dyndns,dc=biz

ou: Address

objectClass: top

objectClass: organizationalUnit

description: Shared Addresses

dn: cn=Joe Smith,ou=Address,dc=eastsideimages,dc=dyndns,dc=biz

cn: Joe Smith

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

ou: Address

givenname: Joe

sn: Smith

mail: jsmith@hotmail.com

street: 123 Any St.

l: Dallas

st: TX

```

This defines the main domain first, then an origanizationalUnit of the domain and finally a person in the ou (organizationalUnit). This guy has a wonderful reference to see what you can and cannot define depending on the objectClass.

AK BK Home and amazingly he needs a job!

then run 

```
ldapadd -xvW -D "cn=Manager,dc=dyndns,dc=biz" -f base.ldif
```

it will prompt you for your Manager password, but should add your records.

Then in your mail client, I tested with Netscape set host to your server base DN to ou=Address,dc=dyndns,dc=biz  this means only people that have this string in their dn with be picked. I also have my users but made a users organizational unit for them.

Also, remember to allow port 389 unless you changed the default.

I hope this helps.   :Smile: 

----------

## stig

 *chapel wrote:*   

> 
> 
> ```
> 
> ## Only required if you want to use TLS ##
> ...

 

I really need some help to get this going. How do I create this certs?

----------

## indros

In the same directory as the certs (/etc/openldap/ssl) there is a script, call gencert.sh. Run it, and it'll prompt you for the relavent info.

----------

## stig

This directory wasn't present at my computer. 

Maybe remerging openldap with some juicy use-flags will help  :Smile: 

Thanks for the info anyway  :Smile: 

Just finished emerging now.

```
[ebuild   R   ] net-nds/openldap-2.0.25-r2  +ssl +tcpd +sasl +readline +ipv6 +berkdb +gdbm +ldap
```

This didn't result in the creation of the directory that you spoke of.

----------

## indros

Ahh.. Well I am running version 2.0.27-r4. Perhaps thats why.

```

#!/bin/sh

##

##  gencert.sh -- Create self-signed test certificate

##  Christian Zoffoli <czoffoli@linux-mandrake.com>

##  Version 0.2 - 20010501

##

##

### external tools

openssl="/usr/bin/openssl"

### some optional terminal sequences

case $TERM in

    xterm|xterm*|vt220|vt220*)

        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`

        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`

        ;;

    vt100|vt100*)

        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0);

 }'`

        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`

        ;;

    default)

        T_MD=''

        T_ME=''

        ;;

esac

#   find some random files

#   (do not use /dev/random here, because this device

#   doesn't work as expected on all platforms)

randfiles=''

for file in /var/log/messages /var/adm/messages \

            /kernel /vmunix /vmlinuz \

            /etc/hosts /etc/resolv.conf; do

    if [ -f $file ]; then

        if [ ".$randfiles" = . ]; then

            randfiles="$file"

        else

            randfiles="${randfiles}:$file"

        fi

    fi

done

echo ""

echo "${T_MD}"

echo "----------------------------------------------------------------------"

echo "Create self-signed test certificate"

echo ""

echo "Christian Zoffoli <czoffoli@linux-mandrake.com> "

echo "Version 0.2 - 20010501"

echo ""

echo ""

echo "

----------

## stig

Thanks for the script - I've got myself a certificate now!

The only thing I can't seem to figure out is why slapd starts on port 389, and not on 636 or whatever the secure socket for ldap is. 

Changing the

```
HOST localhost
```

 in ldap.conf to

```
HOST localhost:636
```

 gives me no results - slapd still starts on port 389.

----------

