setting up an LDAP-server for use with kaddressbook
This is a summary of my experience in setting up a local LDAP-server for managing/sharing address data in my tiny home-lan - so don't expect too much here, I'm not an expert in LDAP, things mentioned here may be incomplete or even wrong - I write this mainly as a reference for myself.
First, I will list the software/versions which I ended up to use for the given task, all the following descriptions are only tested with this environment, and may not work at all with other packages/versions.
As a first start, I followed the instructions in the openldap quickstart guide to get a basic setup for the server.
This turned out to work with the given example, but failed to import ldif files exported from kaddressbook - I got all kind of errors, regardless what I tried .
Finally, I found out that these were mostly related to not having included several schemas into my slapd.conf file - namely the following:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/openldap.schema
Another hint is to NOT have any spaces,tabs or whatsoever at the beginning and end of each line in ldif-files - ldapadd is VERY picky about this !
During these investigations, I also tried some GUI frontends to manage LDAP-servers, namely directoryadministrator, ldapexplorer etc., which would partly work, but ended up using phpldapadmin (see link above) which turned out to be by far the best of all I tried - so I can strongly recommend it.
Once a basic server installation is completed, you can do all common tasks such as add/delete/modify entries, import/export ldif data and so on from phpldapadmin - really easy.
Now, let's take a look at the goal of this project and figure out how to achieve this:
- populate the server's database with entries currently stored in local ~./kde/share/apps/kabc/std.vcf
- merge with other user's address data
- adapt user permissions, so that each user can modify/delete his own entries, but only read those created by others
- connect kaddressbook to the LDAP server
- evtl. try to add/modify/delete entries on server via kaddressbook
As for 1., I exported my addressbook to an ldif file and tried to import this into my LDAP server.
However, this didn't work without modifications:
First, I had to realize, that the 'dn: ..' line had to be accomplished by my base definition, e.g.
dn: cn=Mustermann, Hans
had to be replaced by:
dn: cn=Mustermann Hans,dc=mydomain,dc=com
Also note, the comma ',' after the Name in the exportfile, was not accepted by ldapadd, so it had to be removed. Another hint is to remove any 'mail=xxx' entry from the 'dn: ..' line, which are present in each export record that has a 'mail:' attribute. Then, there are attributes in the ldif export, for which any value is just rejected, these are uid+modifytimestamp - I just filtered them out using 'grep -v ...'. Other attributes which are not accepted may be replaced by equivalents, a list is as follows:
In addition, each entry with a 'mail:' attribute had to be accomplished by a line: