HowTo: Create LDAP server for shared Address Book in Thunderbird

[NobodySpecial]

silly.agent - hard to say what is wrong as there are many variables, but try this one change:

Code:

Base DN: dc=servername,dc=org

When it works, Thunderbird won't show you a list. You have to do a search for a name, or simply for "@".

[silly.agent]

Thanks for your reply.
I tried your suggestion but didn't work.

I didn't mention earlier that I change the target location of the db (also changed permissions to openldap : openldap)

Code:

directory       "/var/lib/ldap/mozilla/db"

Also noticed that after wiping out the db with

Code:

sudo rm -rf /var/lib/ldap/mozilla/db/*

when I do a search

Code:

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

I get the following output:

Code:

# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts 
#

#
dn:
namingContexts: dc=servername,dc=org

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Then, after adding data:

Code:

sudo slapadd -v -l init.ldif
sudo slapadd -v -l template.ldif

and restarting server

Code:

sudo /etc/init.d/slapd restart
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

I get the following error message:

Code:

ldap_bind: Can't contact LDAP server (-1)

Any ideas?
Thanks again.

[silly.agent]

Still no white smoke.

I managed to solve this problem though:

Code:

ldap_bind: Can't contact LDAP server (-1)

looks like it was the byproduct of running slapd manually without adding the "-u openldap" parameter, consequently the db files were not owned anymore by openldap : openldap but by root : root instead.

Now running

Code:

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

generates the following output:

Code:

# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts 
#

#
dn:
namingContexts: dc=servername,dc=org

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Unfortunately, T'Bird still cannot retrieve the single entry from the LDAP server.
These are the db file permissions:

Code:

ls -l /var/lib/ldap/mozilla/db/

-rw------- 1 openldap openldap    2048 2007-05-08 19:59 alock
-rw------- 1 openldap openldap    8192 2007-05-08 16:55 __db.001
-rw------- 1 openldap openldap 2629632 2007-05-08 16:55 __db.002
-rw------- 1 openldap openldap   98304 2007-05-08 16:55 __db.003
-rw------- 1 openldap openldap  565248 2007-05-08 16:55 __db.004
-rw------- 1 openldap openldap   24576 2007-05-08 16:55 __db.005
-rw------- 1 openldap openldap      96 2007-05-08 16:55 DB_CONFIG
-rw------- 1 openldap openldap    8192 2007-05-08 19:59 dn2id.bdb
-rw------- 1 openldap openldap   32768 2007-05-08 19:59 id2entry.bdb
-rw------- 1 openldap openldap   58149 2007-05-08 19:59 log.0000000001
-rw------- 1 openldap openldap    8192 2007-05-08 19:59 objectClass.bdb

Any suggestions anyone?

[silly.agent]

More baby steps.

I managed to connect locally (LAN ip) and retrieve data from the LDAP server.
Attempts to connect to ldap.servername.org have failed (most likely a firewall/router problem, I will look into that later on)

In the meantime, I tried to get the TLS part going but after restarting the LDAP server I get the following syslog output:

Code:

main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy

looks like a problem with the certificates
any suggestions?
thanks

[NobodySpecial]

silly.agent - I don't think the certificates work unless you connect via the FQDN (e.g. ldap.servername.org).

[Ashaman074]

Thanks for writing a good HOWTO. I am fairly new to all of this, and was able to get this working without much difficulty.

I must admit though, that now having it set up and running I feel a bit like I have wasted my time. I thought that Thunderbird would be able to edit and add LDAP entries which would have been great; the fact that it cannot seems odd to me.

Making it worse, I am not sure how to even go about doing so. Obviously, the template can be used - but what if I want to delete an entry? How can that be accomplished?

Luma sounded like a reasonable option, but after installing it I gather it is for a graphical Linux installation (as opposed to server-based)? Or possibly a linux based workstation? I couldn't find any documentation or information about it on the website.

Is there another option for windows based machines, Thunderbird, and a linux LDAP server?

Any tips would be appreciated; my plan was to switch everyone to Thunderbird for use with LDAP, but this is a bit of a snag!

[NobodySpecial]

Ashaman074 - Your post is like the gameshow Jeopardy. You just posted the answer. Now I will give you the question!

Why don't more people move from Windows to Linux?

And you gave a fantastic answer - congratulations!

Of course, I say this with much sarcasm. Linux has made huge leaps in the past couple years, but one place it really lags is in competing with the MS Exchange Server. This method of LDAP and editing with Luma is clunky at best. It works quite well for my small household, but is not up to par for even a small office, in my view.

Hopefully an Open Source project such as Zimbra will soon change that.

[Ashaman074]

Heheh, well thanks for the reply. If nothing else, I figure some of these projects are good learning experiences.

Actually, I have looked at zimbra before and was shocked at what all it can do - I guess that is why I was surprised that sharing an address book via LDAP had limitations.

Is there a way to delete entries at least? It wouldn't really be what I had hoped for, but it would at least allow me to provide an up-to-date address book for everyone - and that would be of some benefit

[gentgeen]

Making it worse, I am not sure how to even go about doing so. Obviously, the template can be used - but what if I want to delete an entry? How can that be accomplished?

Luma sounded like a reasonable option, but after installing it I gather it is for a graphical Linux installation (as opposed to server-based)? Or possibly a linux based workstation? I couldn't find any documentation or information about it on the website.

If you are looking for a command-line option, I would suggest looking at ldapdelete Do a "man ldapdelete" before you tried it though.

If you would prefer a more GUI-approach, try some of the web based ones out there. There are lots. You can put that on your server, then it will not matter what OS you are on.

[mick8985]

Pitt Stains - The 389 port is just initial to test, you end up with only 636 "open to the world" and of course your router points it to only one computer, running Linux, thus minimal security risk (i.e. only risk if that port is also used for something less secure, or risk of a vulnerability in slapd arises).

Your ISP doesn't have to give you a static IP address - just get one from www.dyndns.org and configure your router for it (most routers can handle this).

I don't think there is any way to make it work for Evolution as well, because it would require a different schema.

This can be done for evolution. The schema is probably already sitting there on your system.

Code:

michael@michael-desktop:~$ sudo cp /usr/share/evolution-data-server-1.10/evolutionperson.schema /etc/ldap/schema/

open up /etc/ldap/slapd.conf in a text editor and add this line to the includes

Code:

include         /etc/ldap/schema/evolutionperson.schema