Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43

Thread: HowTo: Create LDAP server for shared Address Book in Thunderbird

  1. #1
    Join Date
    Feb 2006
    Location
    USA
    Beans
    98

    Lightbulb HowTo: Create LDAP server for shared Address Book in Thunderbird

    Do you envy Lotus Notes users with their shared Address Book, but want to use only open-source software? Then this HowTo may be for you! We will set up an LDAP server to host an Address Book for users to access via Mozilla Thunderbird.

    This was installed on Ubuntu Dapper 6.06 from the Server CD with the LAMP option. Standard desktop install should work, but hasn't been tested.

    Also required: You MUST have a "fully qualified domain name" pointing to your server (i.e. can't just point to 192.168.1.2 or other network number, at least not for SSL data). To do this, you go to dyndns.org (or similar website) and register a domain such as "KewlLdapServer.homedns.org" and set your router to forward port 389 traffic to your server computer (and later will change to port 636 when SSL set up).

    First install OpenLDAP:
    Code:
    sudo apt-get install slapd
    Set a password:
    Code:
    slappasswd
    The system will return a hash. As an example:
    {SSHA}Afaw3o8asdAWEfksj
    Now we define a schema to match T'Bird's requirements:
    Code:
    sudo nano /etc/ldap/schema/mozillaorgperson.schema
    You can use Gedit instead of Nano if in desktop mode.

    Copy/paste the following:
    Code:
    #
    # mozillaOrgPerson schema v. 0.6.3
    #
    
    # req. core
    # req. cosine
    # req. inetorgperson
    
    # attribute defs
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.1 
            NAME ( 'mozillaNickname' ) 
            SUP name )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.2 
            NAME ( 'mozillaUseHtmlMail' ) 
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
            SINGLE-VALUE )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.3
            NAME 'mozillaSecondEmail' 
            EQUALITY caseIgnoreIA5Match
            SUBSTR caseIgnoreIA5SubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.4
            NAME 'mozillaHomeLocalityName' 
            EQUALITY caseIgnoreMatch
            SUBSTR caseIgnoreSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.5 
            NAME 'mozillaPostalAddress2'
            EQUALITY caseIgnoreListMatch
            SUBSTR caseIgnoreListSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.6 
            NAME 'mozillaHomePostalAddress2'
            EQUALITY caseIgnoreListMatch
            SUBSTR caseIgnoreListSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.7 
            NAME ( 'mozillaHomeState' ) SUP name )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.8 
            NAME 'mozillaHomePostalCode'
            EQUALITY caseIgnoreMatch
            SUBSTR caseIgnoreSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.9 
            NAME ( 'mozillaHomeCountryName' ) 
            SUP name SINGLE-VALUE )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.10
            NAME ( 'mozillaHomeFriendlyCountryName' )
            EQUALITY caseIgnoreMatch
            SUBSTR caseIgnoreSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.11
            NAME ( 'mozillaHomeUrl' )
            EQUALITY caseIgnoreIA5Match
            SUBSTR caseIgnoreIA5SubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.12
            NAME ( 'mozillaWorkUrl' )
            EQUALITY caseIgnoreIA5Match
            SUBSTR caseIgnoreIA5SubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
    
    # un-comment for all LDAP server NOT supporting SYNTAX 2.16.840.1.113730.3.7.1
    attributetype ( 1.3.6.1.4.1.13769.2.1.13
            NAME ( 'nsAIMid' )
            DESC 'AOL Instant Messenger (AIM) Identity'
            EQUALITY telephoneNumberMatch
            SUBSTR telephoneNumberSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.14 NAME ( 'mozillaHomeStreet' )
            EQUALITY caseIgnoreMatch
            SUBSTR caseIgnoreSubstringsMatch
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
    
    # un-comment for Netscape 6.x and all other LDAP server supporting SYNTAX 2.16.840.1.113730.3.7.1
    # attributeTypes ( 2.16.840.1.113730.3.1.2013
    #       NAME ( 'nsAIMid' )
    #       DESC 'AOL Instant Messenger (AIM) Identity'
    #       SYNTAX 2.16.840.1.113730.3.7.1 )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.96
            NAME ( 'mozillaCustom1' )
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.97
            NAME ( 'mozillaCustom2' )
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.98
            NAME ( 'mozillaCustom3' )
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )
    
    attributetype ( 1.3.6.1.4.1.13769.2.1.99
            NAME ( 'mozillaCustom4' )
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
            SINGLE-VALUE )
     
    # defined in "A Summary of the X.500(96) User Schema for use with LDAPv3" - RFC 2256
    #
    # attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
    #       DESC 'RFC2256: ISO-3166 country 2-letter code'
    #       SUP name SINGLE-VALUE )
    
    # defined in "The COSINE and Internet X.500 Schema" - RFC 1274
    #
    # attributetype ( 0.9.2342.19200300.100.1.43
    #       NAME ( 'co' 'friendlyCountryName' )
    #       DESC 'RFC1274: friendly country name'
    #       EQUALITY caseIgnoreMatch
    #       SUBSTR caseIgnoreSubstringsMatch
    #       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
    
    
    # objectClass defs 
    
    objectclass ( 1.3.6.1.4.1.13769.2.2.1 
            NAME 'mozillaOrgPerson' 
            SUP top 
            AUXILIARY 
            MAY ( 
            sn $ 
            givenName $ 
            cn $ 
            mozillaNickname $ 
            title $ 
            telephoneNumber $ 
            facsimileTelephoneNumber $ 
            mobile $ 
            pager $ 
            homePhone $ 
            street $ 
            postalCode $ 
            mozillaPostalAddress2 $ 
            mozillaHomeStreet $ 
            mozillaHomePostalAddress2 $ 
            l $ 
            mozillaHomeLocalityName $ 
            st $ 
            mozillaHomeState $ 
            mozillaHomePostalCode $ 
            c $ 
            mozillaHomeCountryName $ 
            co $ 
            mozillaHomeFriendlyCountryName $  
            ou $ 
            o $ 
            mail $ 
            mozillaSecondEmail $ 
            mozillaUseHtmlMail $ 
            nsAIMid $ 
            mozillaHomeUrl $ 
            mozillaWorkUrl $ 
            description $ 
            mozillaCustom1 $ 
            mozillaCustom2 $ 
            mozillaCustom3 $ 
            mozillaCustom4 ) ) 
    
    # not part of the official Mozilla schema but read by Mozilla: 'departmentNumber' and 'postOfficeBox'
    #
    LDAP uses slapd as a daemon. Edit the config file:
    Code:
    sudo nano /etc/ldap/slapd.conf
    Find the following line:
    include /etc/ldap/schema/nis.schema
    Change it to:
    Code:
    include /etc/ldap/schema/mozillaorgperson.schema
    Find the line under datbase #1 that starts with "suffix" and change to:
    Code:
    suffix          "dc=homedns,dc=org"
    You can use any two other names you want instead, such as "dc=example,dc=com" or whatever.

    Find the line under datbase #1 that starts with "directory" and change to:
    Code:
    directory       "/var/lib/ldap"
    Someplace in this area under database #1, add the following two lines:
    Code:
    rootdn          "cn=admin,dc=homedns,dc=org"
    rootpw          {SSHA}Afaw3o8asdAWEfksj
    You can use a different root user other than "admin" and also change the "dc=homedns,dc=org" to whatever you used under the "suffix" line. Of course you will enter whatever {SSHA} hash you were specifically given after the "slappasswd" command.

    Save and exit your editor.

    Restart the server daemon:
    Code:
    sudo /etc/init.d/slapd restart
    At this point if you get an error message, it usually means you did something wrong in the configuration file, so go over it again.

    If no errors came back at you, erase any prior data:
    Code:
    sudo rm -rf /var/lib/ldap/*
    Next make an initialization file:
    Code:
    nano ~/init.ldif
    Add this code:
    Code:
    dn: dc=homedns,dc=org
    objectClass: top
    objectClass: dcObject
    objectClass: organizationalUnit
    dc: homedns
    ou: Kewl LDAP Server HomeDNS
    
    dn: ou=personal,dc=homedns,dc=org
    objectClass: top
    objectClass: organizationalUnit
    ou: personal
    description: Personal Addressbook
    Again, change the "dc=homedns,dc=org" to whatever you entered previously.

    Create a template file:
    Code:
    nano ~/template.ldif
    Add this code:
    Code:
    dn: cn=Sam Smith,ou=personal,dc=homedns,dc=org
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    objectclass: mozillaOrgPerson
    givenName: Sam
    sn: Smith
    cn: Sam Smith
    mail: email@here.com
    mozillaSecondEmail: .
    mozillaNickname: .
    homePhone: .
    telephoneNumber: .
    facsimileTelephoneNumber: .
    pager: .
    mobile: .
    mozillaHomeStreet: .
    mozillaHomeLocalityName: .
    mozillaHomeState: .
    mozillaHomePostalCode: .
    mozillaHomeCountryName: .
    mozillaHomeUrl: .
    title: JobTitle
    ou: BusinessDept
    o: BusinessOrganization
    street: BusinessStreet
    l: BusinessCity
    st: BusinessState
    postalCode: BusinessZip
    c: BusinessCountry
    mozillaWorkUrl: .
    mozillaCustom1: .
    mozillaCustom2: .
    mozillaCustom3: .
    mozillaCustom4: .
    Some points about the template:
    1. Change "Sam Smith" to a relevent name. Note that the full name "Sam Smith" is twice above (lines 1 and 9) and "Sam" is on line 7 and "Smith" is on line 8. All these names must match as shown in the template above for this to work right.
    2. As always, change the "dc=homedns,dc=org" to whatever you decided on.
    3. Each line has a definition followed by a colon then some data. The data line must not be blank. I have inserted a period for these lines. For several of the lines I have put desciptors, just so it is clear what they contain. You can change these to periods, too.

    Add the initiatlization file to the LDAP database:
    Code:
    sudo slapadd -v -l init.ldif
    If you have an error here, try to reset the server and do the rm command again: sudo slapadd -v -l init.ldif, then sudo rm -rf /var/lib/ldap/*, then try the code again.

    Add the template file data:
    Code:
    sudo slapadd -v -l template.ldif
    Again, if you get an error here, try to restart again and troubleshoot until the system accepts the command without error.

    Restart the server daemon for it to load the new data:
    Code:
    sudo /etc/init.d/slapd restart
    Now to try to access via Thunderbird. This is tested with the standard repository "mozilla-thunderbird", currently at version 1.5.0.7. Click on "Address Book" then File -> New -> LDAP Directory. Hostname is "KewlLdapServer.homedns.org" (substitute your actual server), Base DN is "dc=homedns,dc=org" (or whatever you used) and port is default 389. Be sure your router is passing all port 389 data to your server's internal IP address.

    Now left-click the new addressbook, type Control-F, then try to search for your name. Hint: To bring up all addresses in the list, search the e-maill address field for "@".

    If it finds the name you entered, great. If not, exit T'Bird and load again. If it fails again, go back through the above and troubleshoot. You might want to use Luma to troubleshoot (see below).

    If all went well up to this point you are ready to secure your server with SSL.

    You may have to install OpenSSL:
    Code:
    sudo apt-get install openssl
    Create an SSL certificate:
    Code:
    openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEM
    You can put anything here you want, except the "common name" MUST match your "fully qualified domain name" such as "KewlLdapServer.homedns.org".

    Copy the certificate files to their proper folders:
    Code:
    sudo cp ldap_crt.pem /etc/ssl/certs
    sudo cp ldap_key.pem /etc/ssl/private
    Re-edit the config file:
    Code:
    sudo nano /etc/ldap/slapd.conf
    Uncomment the ssl lines, rename to:
    Code:
    TLSCertificateFile      /etc/ssl/certs/ldap_crt.pem
    TLSCertificateKeyFile   /etc/ssl/private/ldap_key.pem
    Ask the server to listen for SSL:
    Code:
    sudo nano /etc/default/slapd
    Find the "SLAPD_SERVICES" line and change to:
    Code:
    SLAPD_SERVICES="ldaps:///"
    Now go back to your router and change the forwarded port from 389 to 636.

    Restart the server daemon to run with the new config:
    Code:
    sudo /etc/init.d/slapd restart
    Close and restart T'Bird. Edit your LDAP Addressbook (right-click -> properties) and check "use secure connection (SSL)" and it should change the port to 636. Close and restart T'Bird then try to search for your data as before.

    At this point you should have a working LDAP Addressbook server with a whopping ONE entry. Now comes the hard part: adding other entries and editing them. It turns out that Mozilla Thunderbird presently will not let you edit any LDAP entries (it is hoped that feature may be added some day). So the basic way to build up your entries is to enter them one at a time after editing the template and executing the "slapadd" command above. This works fine for those of us with a couple dozen entries. If you have in the hundreds, you will have to write some sort of script to automate this.

    How do you edit entries? There is an ubntu package "ldap-utils" that runs from the command line, but a GUI solution is available: Luma.

    The Dapper repository version of Luma is old, and the newer one worked out some bugs, so we will compile from source. Please note that this is installed on a client computer, not the server.

    Note: Luma in Edgy / Feisty is more current than Dapper and works great, so you can install directly via apt-get or Synaptic and skip the steps to compile from source.

    Go to http://luma.sourceforge.net and download the latest version (currently "luma-2.3.tar.bz2") and untar to a directory.

    Install dependencies:
    Code:
    sudo apt-get install qt3-dev-tools python2.4-dev python2.4-qt3 python2.4-ldap python2.4-samba
    Run the install script:
    Code:
    ./install.py --prefix=/usr/local
    You should now be able to Alt-F2 and enter "luma".

    Set it up with plugins for Addressbook and Browser. Set up server with SSL, uncheck "anonymous bind", select simple authentication, Bind as "cn=admin,dc=homedns,dc=org" (or whatever you had chosen above), password you had entered above, and select "Use base DN's provided by server".

    Under Luma "Addressbook" plugin you can browse the names and change the lines where a period is present. The other blank lines do not match our schema and should be left alone. Disappointingly, only a few basic options can be edited here.

    To edit the other options, choose Luma "Browser" plugin and now all options can be edited.

    BIG thanks to Nathan Wills and his tutorial at http://applications.linux.com/articl.../05/18/1248224
    Last edited by NobodySpecial; May 3rd, 2007 at 03:31 PM. Reason: Luma in Edgy / Feisty can be installed directly via Synaptic.

  2. #2
    Join Date
    Feb 2006
    Beans
    13

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Thank you very much, this helped tremendously for understanding LDAP and SSL authentication!

  3. #3
    Join Date
    Feb 2006
    Location
    USA
    Beans
    98

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Thanks for the feedback! I'm glad my efforts helped somebody. So many wonderful people have contributed things to these forums that have helped me tremendously and I'm glad I can give something back to this community.

  4. #4
    Join Date
    Feb 2006
    Location
    Canberra
    Beans
    103
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Still working my way through this HOWTO, however though I would note that LUMA is now in the Ubuntu Repository (at least as of Ubuntu 6.10)

  5. #5
    Join Date
    Feb 2006
    Location
    Canberra
    Beans
    103
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Great, it's all working. A useful HOWTO -- thanks.

    BTW, I found a nicer GUI for creating address book entries. It's called 'directoryassistant' and its in the Ubuntu repositories.

    Cheers
    JP

    --- EDIT: I had trouble using 'directoryassistant' over an encrypted connection. So maybe Luma is better after all.
    Last edited by jdpipe; December 15th, 2006 at 02:39 PM.

  6. #6
    Join Date
    May 2006
    Beans
    135

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    This may be a stupid question, but is there a way to set up a computer on a local network as an LDAP server? I realize that users won't be able to use the shared address books if they are not in the office, but I don't think that will be a problem in this case.

    I have a very simple office setup, where the users work on PCs and Macs and an Ubuntu box acts as a file server. Email clients are Thunderbird and Outlook, though I'm trying to phase out Outlook. There is no domain controller or anything like that.

    If this is not possible and/or an alternate solution is better, I'm all ears!

    Thanks!

  7. #7
    Join Date
    Feb 2006
    Location
    USA
    Beans
    98

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    jdpipe - you are right, Luma in the present Edgy / Feisty repositories works fine, don't need to install from source.

    Pitt Stains - if you follow this how-to on a server, you will have it set up for everyone in the office to access. And if you follow it through, you will see that you can access your address book outside the office, from anywhere in the world that you have internet connectivity and a Thunderbird client.

  8. #8
    Join Date
    May 2006
    Beans
    135

    Question Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Quote Originally Posted by NobodySpecial View Post
    Pitt Stains - if you follow this how-to on a server, you will have it set up for everyone in the office to access. And if you follow it through, you will see that you can access your address book outside the office, from anywhere in the world that you have internet connectivity and a Thunderbird client.
    Thanks. I see the instructions want me to open up ports 389 and 636 to the world, which I'm not sure I'm ready to do. Too scary. I think I'll try to set this up as a local domain, which will suit our needs for now. For that, I think I can skip the "fully qualified domain name" bit, which I believe would require a static IP address (not sure whether my ISP offers that).

    If the need arises I can set up the same thing on the Ubuntu box that will be our web server (in the process of migrating servers), which I'd feel better about (for some reason) than exposing our office network.

    I do have a second question... not everyone in the office uses Thunderbird. I see a lot of the attribute names have a "mozilla" prefix. Is it not possible to create a schema that would work for TBird as well as Outlook? I am trying to move people over to TBird, but some are more resistant than others.

    Thanks for taking the time to answer.
    -Pitt

  9. #9
    Join Date
    Feb 2006
    Location
    USA
    Beans
    98

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Pitt Stains - The 389 port is just initial to test, you end up with only 636 "open to the world" and of course your router points it to only one computer, running Linux, thus minimal security risk (i.e. only risk if that port is also used for something less secure, or risk of a vulnerability in slapd arises).

    Your ISP doesn't have to give you a static IP address - just get one from www.dyndns.org and configure your router for it (most routers can handle this).

    I don't think there is any way to make it work for Evolution as well, because it would require a different schema.

  10. #10
    Join Date
    May 2007
    Beans
    6

    Re: HowTo: Create LDAP server for shared Address Book in Thunderbird

    Hi there. First of all, thank you for this great howto.
    I have followed all the steps but for some (probably idiotic) reason I cannot get T'Bird to load the data from the LDAP server. Could you take a look at my settings and give me some hints?
    Thanks a lot.

    sa

    Settings:


    Domain name: ldap.servername.org
    (-> DNS record for ldap.servername.org poiting to static server ip)
    Router: forwarding all 389 traffic to local server ip


    ---
    File: init.ldif

    dn: dc=servername,dc=org
    objectClass: top
    objectClass: dcObject
    objectClass: organizationalUnit
    dc: servername
    ou: LDAP Server ServerName

    dn: ou=personal,dc=servername,dc=org
    objectClass: top
    objectClass: organizationalUnit
    ou: personal
    description: Personal Addressbook


    ---
    File: template.ldif

    dn: cn=Sam Smith,ou=personal,dc=servername,dc=org
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    objectclass: mozillaOrgPerson
    givenName: Sam
    sn: Smith
    cn: Sam Smith
    mail: email@here.com
    mozillaSecondEmail: .
    mozillaNickname: .
    homePhone: .
    telephoneNumber: .
    facsimileTelephoneNumber: .
    pager: .
    mobile: .
    mozillaHomeStreet: .
    mozillaHomeLocalityName: .
    mozillaHomeState: .
    mozillaHomePostalCode: .
    mozillaHomeCountryName: .
    mozillaHomeUrl: .
    title: JobTitle
    ou: BusinessDept
    o: BusinessOrganization
    street: BusinessStreet
    l: BusinessCity
    st: BusinessState
    postalCode: BusinessZip
    c: BusinessCountry
    mozillaWorkUrl: .
    mozillaCustom1: .
    mozillaCustom2: .
    mozillaCustom3: .
    mozillaCustom4: .


    ---
    T'Bird LDAP settings:

    Name: LDAP Server
    Hostname: ldap.servername.org
    Base DN: ldap,dc=servername,dc=org
    Port number: 389
    Bind DN: <empty>
    Last edited by silly.agent; May 8th, 2007 at 09:43 PM.

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •