External LDAP GAL help (please)

[dlochart]

This one helped me a lot.

http://coewww.rutgers.edu/www1/linux.../lecture8.html

I also had this one in my bookmarks which is slanted towards the Windows side but has sasl stuff in it.

LDAP

Once you get LDAP installed and you understand it a little the rest is easy. Until I found a basic tutorial I was at a loss because the reference material I found assumed you understood how LDAP was laid out.

Once you get LDAP up and running and can query data use my post #5 to see the attributes you will need. The include statements go into your slapd.conf file to include schemas. All four are needed but at least you don't have to define your own.

When you get that done let me know if you need more assistance.

[djve]

let me add the OpenLDAP admin FAQ: OpenLDAP Software 2.3 Administrator's Guide

[folioguru]

let me add the OpenLDAP admin FAQ: OpenLDAP Software 2.3 Administrator's Guide

OK, combining everything I read from all the docs, and using this particular quick start example: OpenLDAP Software 2.3 Administrator's Guide: A Quick-Start Guide

I got here:

# See if it works.
Now we're ready to verify the added entries are in your directory. You can use any LDAP client to do this, but our example uses the ldapsearch(1) tool. Remember to replace dc=example,dc=com with the correct values for your site:

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

This command will search for and retrieve every entry in the database.

You are now ready to add more entries using ldapadd(1) or another LDAP client, experiment with various configuration options, backend arrangements, etc..

My search returns all the test data entered so far (as per this quckstart guide).

So, I'm guessing that in order to add addressbook entries, I create an ldif file with a ou branch for my addressbook entries, followed by each entry formatted like this:

dn: cn=Jane Doe,ou=TenonUK,dc=capesafe,dc=com
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgPerson
givenName: Jane
cn: Jane Doe
sn: Doe
mail: jane.doe@mymail.com
telephoneNumber: 410-555-1212
fax: 410-555-1214
mobile: 410 431 5341
title: IT MANAGER
physicalDeliveryOfficeName: Stockholm

Then, all I do is point Zimbra external GAL to the ou?

If that is all I have to do next, then also: How do I determine what to use in order to add street address, city, state (or province) and country?

All the assistance you've provided so far has been an enormous help in trying to understand what's required to get this rolling. Thanks so much!

We really need a Zimbra oriented tutorial on getting this done.

[jholder]

Thanks for the tip. Look for an Administrator's PowerTip soon.

[folioguru]

When I run

ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f sbnet02.ldif
Enter LDAP Password:

I enter my password, and don't have a problem. However, when I enter this:

[root@db workarea]# ldapsearch -H "ldap://example.com" -D 'dc=example,dc=com' -x -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

I entered the password in /etc/openldap/slapd.conf using the crypt format:

rootpw {crypt}ijFYNcSNctBYg

In slapd.conf, certificate, security and access control entries are all commented out (so, I presume, defaults are used). Don't understand why password works locally, but not when using ldap:// uri.

Any suggestions?

[bobby]

As what user did you run the ldapadd? Try specifying the dn when running the ldapsearch. Is there no ou?

ldapsearch -x D "cn=Manager,dc=example,dc=com" -W -H "ldap://example.com"

>ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f sbnet02.ldif

>[root@db workarea]# ldapsearch -H "ldap://example.com" -D 'dc=example,dc=com' -x -W
>

[bobby]

For those not used to configuring a directory server, it might be easiest to set up the external directory server as a standalone[1] ldap-only[2] zimbra installation. That way the schema is already configured, and we have a standardized configuration to work with.

Here is the contact attribute mapping wiki Doug mentioned:
Zimbra Wiki - LDAP_Mapped_Attributes

[1] standalone: Not a new node in the main zimbra installation; each ldap will be the *master* ldap for its installation; running "zmprov getAllServers" on one will *not* list the other ldap server.

[2] ldap-only: Install only the zimbra-core and zimbra-ldap packages (not zimbra-mailbox, zimbra-mta, etc).

>A copy of the schema you are using would be extremely helpful.

>There is a WIKI page that shows the mapping of LDAP attributes to zimbra contact attributes.
>

[folioguru]

As what user did you run the ldapadd? Try specifying the dn when running the ldapsearch. Is there no ou?

Thanks! That was it! All I added was "cn=Manager", and voila!

ldapsearch -H "ldap://example.com" -D 'cn=Manager, dc=example,dc=com' -x -W

Yes, there is an ou, I was just trying to list everything.

The schema used (from slapd.conf):

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

I did look at the LDAP Mapped Attributes. I used the same attributes from this tutorial since I was using pretty much the same schema (with the exception of officeperson.schema):

dn: cn=John Foo, ou=addressbook, dc=example, dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: officePerson
cn: John Foo
gn: John
sn: Foo
mail: john.foo@example.com
postalAddress: Green Street 5
title: Uhh?
l: Brussels
o: cudeso.be
ou: Software
postalCode: B-1000
telephoneNumber: +32-2-xxx.xx.xx
mobile: +32-xxx-xx.xx.xx
homePhone: +32-2-xxx.xx.xx
URL: linux.cudeso.be
displayName: cudeso
initials: jf
c: Belgium

Thanks so much!

-ron

[folioguru]

When I execute this command on the machine on which the ldap server is running, I get the expected results with all record entries:

ldapsearch -H "ldap://example.com" -D 'cn=Manager, dc=example,dc=com' -x -W

However, when I execute the very same command from the machine that Zimbra is running on I get this:

[root@zimbra ~]# ldapsearch -H "ldap://example.com" -D 'cn=Manager, dc=example,dc=com' -x -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Man, this is frustrating! What am I missing now?

UPDATE:

Sorry, answered my own question. ldap.conf is the client configuration, and I needed to modify the BASE element:

BASE dc=example,dc=com

Did this, and now I can list ldap server data from zimbra server.

Whew!

[folioguru]

One final question:

I've set up the LDAP server, added my contacts in .ldif files to the database, and Zimbra can connect to the LDAP server and make the contacts available as an external GAL.

What are people using to maintain the external GAL? Having to edit an .ldif text file and run ldapadd every time I want to add a new contact is a bit much. I'm assuming that others out there are using a much easier method of maintaining their LDAP database items. Could someone please share some options?

Also, is it at all possible to edit the external GAL entries from Zimbra? That is, can I edit the contact info supplied by LDAP using Zimbra?

Thanks for all the help!