setting up an LDAP-server for use with kaddressbook

This is a summary of my experience in setting up a local LDAP-server for managing/sharing address data in my tiny home-lan - so don't expect too much here, I'm not an expert in LDAP, things mentioned here may be incomplete or even wrong - I write this mainly as a reference for myself.

First, I will list the software/versions which I ended up to use for the given task, all the following descriptions are only tested with this environment, and may not work at all with other packages/versions.

As a first start, I followed the instructions in the openldap quickstart guide to get a basic setup for the server.
This turned out to work with the given example, but failed to import ldif files exported from kaddressbook - I got all kind of errors, regardless what I tried .
Finally, I found out that these were mostly related to not having included several schemas into my slapd.conf file - namely the following:

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/openldap.schema

Another hint is to NOT have any spaces,tabs or whatsoever at the beginning and end of each line in ldif-files - ldapadd is VERY picky about this !
During these investigations, I also tried some GUI frontends to manage LDAP-servers, namely directoryadministrator, ldapexplorer etc., which would partly work, but ended up using phpldapadmin (see link above) which turned out to be by far the best of all I tried - so I can strongly recommend it.
Once a basic server installation is completed, you can do all common tasks such as add/delete/modify entries, import/export ldif data and so on from phpldapadmin - really easy.
Now, let's take a look at the goal of this project and figure out how to achieve this:

  1. populate the server's database with entries currently stored in local ~./kde/share/apps/kabc/std.vcf
  2. merge with other user's address data
  3. adapt user permissions, so that each user can modify/delete his own entries, but only read those created by others
  4. connect kaddressbook to the LDAP server
  5. evtl. try to add/modify/delete entries on server via kaddressbook

As for 1., I exported my addressbook to an ldif file and tried to import this into my LDAP server. However, this didn't work without modifications:
First, I had to realize, that the 'dn: ..' line had to be accomplished by my base definition, e.g.

dn: cn=Mustermann, Hans

had to be replaced by:

dn: cn=Mustermann Hans,dc=mydomain,dc=com

Also note, the comma ',' after the Name in the exportfile, was not accepted by ldapadd, so it had to be removed. Another hint is to remove any 'mail=xxx' entry from the 'dn: ..' line, which are present in each export record that has a 'mail:' attribute. Then, there are attributes in the ldif export, for which any value is just rejected, these are uid+modifytimestamp - I just filtered them out using 'grep -v ...'. Other attributes which are not accepted may be replaced by equivalents, a list is as follows:

export import
cellphone mobile
streethomeaddress postalAddress
streetaddress street
mozillahomelocalityname l
mozillahomepostalcode postalcode
homepostalcode postalcode
workurl labeledURI

In addition, each entry with a 'mail:' attribute had to be accomplished by a line:

objectclass: inetOrgPerson