Howto‎ > ‎

LDAP Address Book Howto

This page will help to explain how to install an LDAP Address Book solution. I'm particularly concerned with integration with Thunderbird, Squirrelmail and SpamAssassin/TMDA within my Postfix environment.

Assumptions


I'm working with Debian 'etch'. I know that Debian has some default schemas that it imports into LDAP that will make my implementation different so take everything with a grain of salt.

I'm copying configuration from a working system, presently, so I'm not positive whether I did anything between steps below, i.e. I'm not sure what dpkg prompts there were on install or how I set my admin password for slapd.

I'll let you in on something that I wasn't aware of as well... lots of clients have support for querying LDAP for address book entries, but almost no clients have support for adding/editing/deleting LDAP entries from the client end. So far, I've confirmed this with Outlook 2007, Thunderbird 2.0.0.9 and Squirrelmail 1.4.9a . So far, I'm using phpldapadmin for manipulating my entries and this works OK for me, although isn't ideal.

Install LDAP server


apt-get install slapd

I'm using a suffix of "dc=pachogrande,dc=local" as my home domain is pachogrande.local . Adjust as appropriate for you.

The relevant parts of my slapd.conf appear below:

#allow bind_v2

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/openldap.schema
include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_monitor

sizelimit       unlimited
tool-threads 1

backend         bdb
checkpoint 512 30
database        bdb
suffix          "dc=pachogrande,dc=local"
rootdn          "cn=admin,dc=pachogrande,dc=local"
rootpw          rootpassword
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 67108864 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectclass,entryCSN,entryUUID eq
lastmod         on

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=pachogrande,dc=local" write
        by anonymous auth
        by self write
        by * none

access to dn.base="" by * read

access to *
        by dn="cn=admin,dc=pachogrande,dc=local" write
        by * read

Manipulate LDAP


Now apt-get install phpldapadmin and go to http://localhost/phpldapadmin/ to administer your database. For me, my login DN is "cn=admin,dc=pachogrande,dc=local".

I then create a new OU entry called AddressBook at the root level.

I then create a new "Address Book Entry (mozillaOrgPerson)" within the newly create OU. I populate its fields as appropriate, in particular the email field.

Thunderbird configuration


  1. Open Tools -> Address Book. 
  2. File -> New -> LDAP Directory.
    1. Name: POTTER
    2. Hostname: potter.pachogrande.local
    3. Base DN: OU=AddressBook,DC=pachogrande,DC=local
    4. Port Number: 389
    5. Bind DN: CN=admin,DC=pachogrande,DC=local

Now, compose a new email. Click on Contacts icon in the toolbar. Drop down the address book and pick the newly created LDAP address book. Search for "." which will find everything. Thunderbird will want you to authenticate - save the password to avoid entering it each time you use Thunderbird. It should see the mozillaOrgPerson from above OK.

Squirrelmail configuration


Run squirrelmail-configure

6 (Address Books)
1 (Change LDAP Servers)
+ (add host)
potter.pachogrande.local (hostname)
OU=AddressBook,DC=pachogrande,DC=local (base)
389 (port)
utf-8 (charset)
LDAP: POTTER (name)
unlimited (maxrows)
CN=admin,DC=pachogrande,DC=local (binddn)
........... (bindpw)
3 (protocol)
d (done)
S (save data)
<ENTER> (press enter to continue)
Q (quit)

Bonus: Replicating LDAP


Now, I happen to have a home development network in addition to my web hosting network, and I decided that I want some backups of LDAP occuring, so what I'm going to set up is my home to be the master for LDAP with my web server taking slave replication of LDAP over my nailed up VPN connection.

Install slapd on both ends of the connection.

The master then becomes:

#allow bind_v2

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/openldap.schema
include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_monitor
moduleload      syncprov

sizelimit       unlimited
tool-threads 1

backend         bdb
checkpoint 512 30
database        bdb
suffix          "dc=pachogrande,dc=local"
rootdn          "cn=admin,dc=pachogrande,dc=local"
rootpw          rootpassword
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 67108864 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectclass,entryCSN,entryUUID eq
lastmod         on

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=pachogrande,dc=local" write
        by anonymous auth
        by self write
        by * none

access to dn.base="" by * read

access to *
        by dn="cn=admin,dc=pachogrande,dc=local" write
        by * read

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100


The slave end becomes:

#allow bind_v2

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/openldap.schema
include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_monitor
moduleload      syncprov

sizelimit       unlimited
tool-threads 1

backend         bdb
checkpoint 512 30
database        bdb
suffix          "dc=pachogrande,dc=local"
rootdn          "cn=admin,dc=pachogrande,dc=local"
rootpw          rootpassword
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 67108864 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectclass,entryCSN,entryUUID eq
lastmod         on

access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=pachogrande,dc=local" write
        by anonymous auth
        by self write
        by * none

access to dn.base="" by * read

access to *
        by dn="cn=admin,dc=pachogrande,dc=local" write
        by * read

syncrepl        rid=1
        provider=ldap://192.168.32.254:389/
        binddn="cn=admin,dc=pachogrande,dc=local"
        bindmethod=simple
        credentials=rootpassword
        searchbase="dc=pachogrande,dc=local"
        schemachecking=off
        scope=sub
        type=refreshAndPersist
        retry="5 5 300 5"

overlay         syncprov
database        monitor