OpenLDAP as Address Book Server

From: Simon Waters
Date: Fri, 23 Feb 2001 13:00:06 +0000
Organization: Eighth Layer Limited
[original here]

Hi List,

So you'd like to share all the Netscape or Outlook Express or Outlook address books across your company, but you don't want to buy expensive proprietary mail software from people who try to lock you into their brand, you'd prefer free, open source software. Well here are some hints.

List - I finally got some more time to try this again - and it took a while for my first successful OpenLDAP install - however the task is pretty straightforward and with detailed instructions I think an hour or two would be enough to get things pretty much sorted (Except perhaps cleaning the data in the address books!!!) for a big company.

I'm posting to the list - not least because I haven't found a good HOWTO despite this being a frequently asked question on the LDAP lists - and having found my original question to the D&C LUG list in a Google search I figure we get them indexed okay.

Basically;

Get latest OpenLDAP and install.

Follow getting started quick guide;

Edit the slapd.conf guide to include relevant schema - this is where actually knowing LDAP in depth would help.

Better men than I suggest including all the schema files provided. In theory you can hunt down the Netscape schema files, and make a Netscape import that doesn't lose any data - see later - but all we are likely to lose is "date modified" and whether they "like html mail", which will now be today, and 'why would you send mail in html format ?' (Maybe some odd address fields - I'm still working on this).

Extract of slapd.conf 

include     /usr/local/etc/openldap/schema/core.schema
include     /usr/local/etc/openldap/schema/cosine.schema
include     /usr/local/etc/openldap/schema/nis.schema
include     /usr/local/etc/openldap/schema/misc.schema
include     /usr/local/etc/openldap/schema/inetorgperson.schema
include     /usr/local/etc/openldap/schema/java.schema

Create somewhere in the hierarchy to store all your addresses (I did dc="eighth-layer",dc="com" - but maybe somewhere else would be better) as explained in the guide.

Create the manager person as explained in the getting started guide.

Export you address books in 'ldif'. This could be fun. Netscape Messenger can export LDIF on Linux. Netscape Messenger can import many formats and export LDIF on Windoze. So yet another use for a Windoze box, but then if your importing Outlook address books you probably have the odd Windoze box.

Cleanup your address book ldif. The LDIF format is easily machinable, I used vi with 'ex/sed' like commands - others use PERL but I haven't learnt it yet.

Netscape produced something like the Aaron entry below..... well there were 700+ other entries. You can of course concatenate all your address books when doing this to get as many as possible in. 

dn: cn=Aaron Trevena,mail=betty at termisoc.org
modifytimestamp: 20001110093905Z
cn: Aaron Trevena
xmozillanickname: Aaron Trevena
mail: betty at termisoc.org
xmozillausehtmlmail: FALSE
givenname: Aaron
sn: Trevena
xmozillauseconferenceserver: 0
objectclass: top
objectclass: person

LDIF is very sensitive to white space, at the start of lines it means continued from above, at the end of lines it gets included in the data, and a blank lines mean a new record. Junk looking lines are probably base64 encoding - they'll look okay in applications - honest.

Two big hacks are required to the above.

First we want to change the "dn:" so it goes where we want it in the LDAP hierarchy. So I made them all something like; 

dn: cn=Aaron Trevena, dc=eighth-layer,dc=com

Second we need to add to the list of objectclass's so that the schema we are importing into is more similar to the Netscape schema. Thus these two lines were appended to each entry (Oh and I forgot that a carriage return is "crtl-v <CR>" when entered in vim as part of a substitute command). 

objectclass: organizationalPerson
objectclass: inetOrgPerson

Basically now you do an 'ldapadd' as in the getting started guide, logging in as manager. You can use "-c" to ignore errors, but I'd suggest taking the first ten records or so of the top of the list and figuring out what causes the errors before using "-c".

Doing it the way I have suggested will mean some attributes are not in the schema, and so you need to delete some lines from the ldif file you want to import. If you have the schema viewer tool (latest gtk required to compile) you can probably look up what works , or even add the relevant objectclass - but I found trial and error worked okayish. The error messages are not brilliant.

Once I was happy importing the first ten records - I spewed the whole list through with the "-c", it will then take the first copy of duplicated records, and spit problems to standard error, I got about 80% of my Netscape address book in first time. You can rerun having fixed the LDIF file as duplicates are discarded.

Now I opened the Netscape address book, and added a new LDAP server (Starting at dc=eighth-layer,dc=com) - changed my preferences to use the LDAP server when looking up entries for addressing e-mail - and voila - an open protocol, open source, network sharable list of addresses - no more - "What is Aaron's e-mail address?" from my numerous co-workers (Urm - okay I'm working on getting enough business to employ some co-workers).

What I learnt - what needs improving - where next.................

Thanks to James Gregory, whose question(!) to the OpenLDAP FAQ-o-matic was detailed enough to answer all my questions. James is working on a more advanced FAQ on how to use OpenLDAP and Linux as a full directory service (Address book, authentication, with replication etc etc) - Novell eat your heart out.

Disclaimer: Well if you haven't figured it out yet - I'm not an LDAP expert yet - this is a pragmatic "how I got it working" to help people trying to do the same thing get over the initial hurdles as quickly as possible. Use at your own risk.

Regards,
Simon