LDAP Address Book Howto

This page will help to explain how to install an LDAP Address Book solution. I'm particularly concerned with integration with Thunderbird, Squirrelmail and SpamAssassin/TMDA within my Postfix environment.

Assumptions

I'm working with Debian 'etch'. I know that Debian has some default schemas that it imports into LDAP that will make my implementation different so take everything with a grain of salt.

I'm copying configuration from a working system, presently, so I'm not positive whether I did anything between steps below, i.e. I'm not sure what dpkg prompts there were on install or how I set my admin password for slapd.

I'll let you in on something that I wasn't aware of as well... lots of clients have support for querying LDAP for address book entries, but almost no clients have support for adding/editing/deleting LDAP entries from the client end. So far, I've confirmed this with Outlook 2007, Thunderbird 2.0.0.9 and Squirrelmail 1.4.9a . So far, I'm using phpldapadmin for manipulating my entries and this works OK for me, although isn't ideal.

Install LDAP server

apt-get install slapd

I'm using a suffix of "dc=pachogrande,dc=local" as my home domain is pachogrande.local . Adjust as appropriate for you.

The relevant parts of my slapd.conf appear below:

#allow bind_v2

include         /etc/ldap/schema/core.schema

include         /etc/ldap/schema/cosine.schema

include         /etc/ldap/schema/inetorgperson.schema

include         /etc/ldap/schema/openldap.schema

include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid

argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap

moduleload      back_bdb

moduleload      back_monitor

sizelimit       unlimited

tool-threads 1

backend         bdb

checkpoint 512 30

database        bdb

suffix          "dc=pachogrande,dc=local"

rootdn          "cn=admin,dc=pachogrande,dc=local"

rootpw          rootpassword

directory       "/var/lib/ldap"

dbconfig set_cachesize 0 67108864 0

dbconfig set_lk_max_objects 1500

dbconfig set_lk_max_locks 1500

dbconfig set_lk_max_lockers 1500

index objectclass,entryCSN,entryUUID eq

lastmod         on

access to attrs=userPassword,shadowLastChange

        by dn="cn=admin,dc=pachogrande,dc=local" write

        by anonymous auth

        by self write

        by * none

access to dn.base="" by * read

access to *

        by dn="cn=admin,dc=pachogrande,dc=local" write

        by * read

Manipulate LDAP

Now apt-get install phpldapadmin and go to http://localhost/phpldapadmin/ to administer your database. For me, my login DN is "cn=admin,dc=pachogrande,dc=local".

I then create a new OU entry called AddressBook at the root level.

I then create a new "Address Book Entry (mozillaOrgPerson)" within the newly create OU. I populate its fields as appropriate, in particular the email field.

Thunderbird configuration

• 1. Open Tools -> Address Book. 

  2. File -> New -> LDAP Directory.

     1. Name: POTTER

     2. Hostname: potter.pachogrande.local

     3. Base DN: OU=AddressBook,DC=pachogrande,DC=local

     4. Port Number: 389

     5. Bind DN: CN=admin,DC=pachogrande,DC=local

Now, compose a new email. Click on Contacts icon in the toolbar. Drop down the address book and pick the newly created LDAP address book. Search for "." which will find everything. Thunderbird will want you to authenticate - save the password to avoid entering it each time you use Thunderbird. It should see the mozillaOrgPerson from above OK.

Squirrelmail configuration

Run squirrelmail-configure

6 (Address Books)

1 (Change LDAP Servers)

+ (add host)

potter.pachogrande.local (hostname)

OU=AddressBook,DC=pachogrande,DC=local (base)

389 (port)

utf-8 (charset)

LDAP: POTTER (name)

unlimited (maxrows)

CN=admin,DC=pachogrande,DC=local (binddn)

........... (bindpw)

3 (protocol)

d (done)

S (save data)

<ENTER> (press enter to continue)

Q (quit)

Bonus: Replicating LDAP

Now, I happen to have a home development network in addition to my web hosting network, and I decided that I want some backups of LDAP occuring, so what I'm going to set up is my home to be the master for LDAP with my web server taking slave replication of LDAP over my nailed up VPN connection.

Install slapd on both ends of the connection.

The master then becomes:

#allow bind_v2

include         /etc/ldap/schema/core.schema

include         /etc/ldap/schema/cosine.schema

include         /etc/ldap/schema/inetorgperson.schema

include         /etc/ldap/schema/openldap.schema

include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid

argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap

moduleload      back_bdb

moduleload      back_monitor

moduleload      syncprov

sizelimit       unlimited

tool-threads 1

backend         bdb

checkpoint 512 30

database        bdb

suffix          "dc=pachogrande,dc=local"

rootdn          "cn=admin,dc=pachogrande,dc=local"

rootpw          rootpassword

directory       "/var/lib/ldap"

dbconfig set_cachesize 0 67108864 0

dbconfig set_lk_max_objects 1500

dbconfig set_lk_max_locks 1500

dbconfig set_lk_max_lockers 1500

index objectclass,entryCSN,entryUUID eq

lastmod         on

access to attrs=userPassword,shadowLastChange

        by dn="cn=admin,dc=pachogrande,dc=local" write

        by anonymous auth

        by self write

        by * none

access to dn.base="" by * read

access to *

        by dn="cn=admin,dc=pachogrande,dc=local" write

        by * read

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

The slave end becomes:

#allow bind_v2

include         /etc/ldap/schema/core.schema

include         /etc/ldap/schema/cosine.schema

include         /etc/ldap/schema/inetorgperson.schema

include         /etc/ldap/schema/openldap.schema

include         /etc/ldap/schema/nis.schema

pidfile         /var/run/slapd/slapd.pid

argsfile        /var/run/slapd/slapd.args

modulepath      /usr/lib/ldap

moduleload      back_bdb

moduleload      back_monitor

moduleload      syncprov

sizelimit       unlimited

tool-threads 1

backend         bdb

checkpoint 512 30

database        bdb

suffix          "dc=pachogrande,dc=local"

rootdn          "cn=admin,dc=pachogrande,dc=local"

rootpw          rootpassword

directory       "/var/lib/ldap"

dbconfig set_cachesize 0 67108864 0

dbconfig set_lk_max_objects 1500

dbconfig set_lk_max_locks 1500

dbconfig set_lk_max_lockers 1500

index objectclass,entryCSN,entryUUID eq

lastmod         on

access to attrs=userPassword,shadowLastChange

        by dn="cn=admin,dc=pachogrande,dc=local" write

        by anonymous auth

        by self write

        by * none

access to dn.base="" by * read

access to *

        by dn="cn=admin,dc=pachogrande,dc=local" write

        by * read

syncrepl        rid=1

        provider=ldap://192.168.32.254:389/

        binddn="cn=admin,dc=pachogrande,dc=local"

        bindmethod=simple

        credentials=rootpassword

        searchbase="dc=pachogrande,dc=local"

        schemachecking=off

        scope=sub

        type=refreshAndPersist

        retry="5 5 300 5"

overlay         syncprov

database        monitor