From owner-freebsd-questions@FreeBSD.ORG Sun Feb 8 07:06:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1350716A4CE for ; Sun, 8 Feb 2004 07:06:12 -0800 (PST) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F13943D1D for ; Sun, 8 Feb 2004 07:06:12 -0800 (PST) (envelope-from aaron@justaaron.com) Received: from justaaron.com (c-24-9-227-110.client.comcast.net[24.9.227.110]) by comcast.net (rwcrmhc11) with ESMTP id <20040208150611013006upnue>; Sun, 8 Feb 2004 15:06:11 +0000 Message-ID: <40265050.3080706@justaaron.com> Date: Sun, 08 Feb 2004 08:05:52 -0700 From: Aaron User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040126 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20040208073927.A9C6516A4DE@hub.freebsd.org> In-Reply-To: <20040208073927.A9C6516A4DE@hub.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: "Thomas T. Veldhouse" Subject: Re: OpenLDAP and Mozilla Messenger X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: aaron@justaaron.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2004 15:06:12 -0000 "Thomas T. Veldhouse" wrote: > Does anybody know of a "GOOD" HOWTO to get Mozilla Messenger and > OpenLDAP (2.2) to work well together [for addressbooks]? > > I have been searching for doco all day and I have downloaded schema and > entered configurations to no avail. I don't know of a good doc that covers specifically this, but ... Every ldap-enabled mail client seems to use their own ldap schema. I am sort of aware that mozilla's schema might be available somewhere on mozilla.org, but I've never personally looked for it. Note that mozilla does not write to an ldap directory, it only reads from it. If you are in control of the directory, you have lots of options. If you want mozilla to show you "any directory," then you have to hope that the directory was implemented with attributes that mozilla expects. That's a fair hope, since mozilla's notion of a person is derived from a commonly used objectclass, inetOrgPerson. But depending on your directory's specific schema, mozilla may or may not see all of what you're interested in. Mozilla gives you some room to play, using bind dn, base dn and search filters. If the directory is yours and you will be implementing your own schema, one thing you can do is to fully populate a mozilla address card, then export the addressbook as ldif, and you'll see the objectclasses and attributes that mozilla uses/expects. Do this in a new addressbook with one entry so you don't have to look at a bunch of other entries. Here's one that I did, using Mozilla 1.6: dn: cn=First Last,mail=email@krelm.com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: mozillaAbPersonObsolete givenName: First sn: Last cn: First Last xmozillanickname: NickName mail: email@krelm.com mozillaSecondEmail: additionalEmail@krelm.com mozilla_AimScreenName: screenName xmozillausehtmlmail: false modifytimestamp: 0Z telephoneNumber: work 555-1111 homePhone: home 555-2222 facsimileTelephoneNumber: fax 555-3333 pager: pager 555-4444 mobile: mobile 555-5555 homePostalAddress: 123 myhomeaddress st mozillaHomePostalAddress2: apt 111 mozillaHomeLocalityName: homeCentennial mozillaHomeState: homeCO mozillaHomePostalCode: home80122 mozillaHomeCountryName: homeCountry postalAddress: 456 myworkaddress st mozillaPostalAddress2: apt 222 l: workDenver st: workCO postalCode: work80111 c: workCountry title: workTitle ou: workDept o: workOrg workurl: http://www.workwebpage.com homeurl: http://www.homewebpage.com custom1: custom1 custom2: custom2 custom3: custom3 custom4: custom4 description: This is a note Things to note: - mozilla addressbook entries are objectclass: mozillaAbPersonObsolete - mozillaAbPersonObsolete appears to be derived from inetOrgPerson - Most, but not all of mozilla's extra attributes have "mozilla" prepended to the attribute name. The following are also mozilla specific, even though they don't say "mozilla": workurl: http://www.workwebpage.com homeurl: http://www.homewebpage.com custom1: custom1 custom2: custom2 custom3: custom3 custom4: custom4 - the distinguished name is dn: cn=First Last,mail=email@krelm.com, in other words cn=...,mail=... but this is not critical, you can have any directory organization you like and the entries can still be seen by mozilla as long as they are of the right objectclass and/or have the right attributes. - cn is composed of givenName and sn, *unless* in the ab entry you specifically filled in Display Name. This is an export issue only; remember that moz only reads, doesn't write directories. I have found that as long as what you have in your directory has the attributes that mozilla is looking for, they "should" show up in the addressbook. Note that I say "should." After having done this limited experiment, and for other reasons related to the work I'm doing, I decided to just be happy with a name and email address showing up in addressbook from my directory, and all the other attributes being managed and viewed by the app I'm working on. So I haven't painstakingly verified that if I have a mozillaHomePostalAddress2 attribute in my unique local schema, for example, that it shows up in addressbook. Bottom line: you should be able to use mozilla's schema in your directory if you can find it at their site, or just reverse engineer it from the above or your own experiment and reproduce it in your local setup, if what you want is mozilla's exact view of a person. But, mozilla doesn't write to ldap directories, so you will have to write or find an app that allows you to add entries. Depending on your user population and your requirements for directory security (and coherence :) you could use one of the php admin tools, and either restrict access to your self and admins, or open it up to your user population. Openldap's ACL's could/should be used to restrict each user's write-access to their own entry, but then they can't add new entries for their *own* contacts, unless you also give each of them their own organization units under which their contacts go. When you set up a directory in addressbook to view your ldap directory, and then select that addressbook, you wont' see anything in the contact list. Put a single * in the "Name or Email contains" text field, and you'll see all your inetOrgPersons listed. Put a single @ in there instead, and you'll see all entries that have an email address. Etc. Edit/Properties has a search filter on the Advanced tab. This will not affect what you see in the addressbook entry list, but it does affect what gets automatically filled in for the To: field when you're composing a message. The General tab has fields for Base DN and Bind DN, so with those three things you have some room to play around with what gets seen/used. Tools to write to a directory: - gq. Everyone seems to like this one. It's a standalone app. - phpldapadmin. This is what I use. Requires php and apache to run. easy to configure, but does require some configuration beyond what gq requires. - there are a few addressbook-like applications, which I haven't tried. Here's one, rolodap, but I don't know if it's active or not. It appears to have some association with mozilla's project site, mozdev.org. http://www.google.com/search?q=rolodap&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8 -- Aaron aaron@justaaron.com