iPhone 3.0 contacts LDAP

[Deeeep]

Anyone got a way to use LDAP on iPhone 3.0 to add contacts to the iPhone... I got IMAP email and CalDAV working with the Zimbra server, but the contacts using LDAP would make desktop syncing less needed...

[ddwyer]

i also have caldav + imap working and ldap would be great

[dljordaneku]

If you have port 389 open on your firewall you can add an address book to the iPhone and point it to your Zimbra server and it will pull in your contacts. We did it as a test here for one of our IT people who has one.

Go to your settings and go to mail and add account. Select other and select Add LDAP account and add your settings. Should be good to go.

dj

[phoenix]

It's not a good idea to expose your Zimbra LDAP to the outside world as it's not, as yet, secure.

[ewilen]

Agreed. If you do that, anyone can browse your ldap and harvest the addresses/names.

Instead, you might use a VPN. Otherwise you should wait for secure ldap and/or Carddav support.

[dljordaneku]

Quote:

Originally Posted by phoenix

It's not a good idea to expose your Zimbra LDAP to the outside world as it's not, as yet, secure.

I agree with you there. It's not a good idea but they were asking

dj

[phingers]

and by not secure you mean that anyone can access it without a password?

Any ideas when this will be secure? Or another way to get a shared address book on an iphone for my company?

[ewilen]

Last I checked, you can access the LDAP directory without a password, and it appears to send info over a non-secure channel.

This bugzilla entry suggests you can use TLS but may not really be relevant: Bug 16601 – Secure Access To LDAP

This possibly-related bug is still open: Bug 13832 – run zimbra ldap over ssl

This seems to be the "really important" bug for purposes of this topic: Bug 15378 – Obviate the need for and disallow LDAP anonymous binds

And note that this seems to be fixed as of GnR.

Also see this discussion: Disable Anonymous LDAP Browse

[phingers]

so I have used the command

Quote:

It's fixed for GnR release - in ZCS 6.0 the new behavior is:

Anonymous searches of the LDAP directory:
-Are disabled on fresh installs.
-Are allowed on upgrades, matching the old behavior of previous releases.

To disable anonymous access after upgrading: On each LDAP server run /opt/zimbra/libexec/zmldapanon -d as the zimbra user.

To enable anonymous access at any point: On each LDAP server run /opt/zimbra/libexec/zmldapanon -e as the zimbra user.

To disable anonymous access, so what are the security holes in allowing ldap access now to the internet?

[maxxer]

Quote:

Originally Posted by dljordaneku

If you have port 389 open on your firewall you can add an address book to the iPhone and point it to your Zimbra server and it will pull in your contacts. We did it as a test here for one of our IT people who has one.

Go to your settings and go to mail and add account. Select other and select Add LDAP account and add your settings. Should be good to go.

dj

did this work for anyone?