evolution and LDAP

14/06/2007, 15h10

Having gone in circles with the Evolution '', I was wondering if
anybody here could give me a pointer as to how to set up an LDAP address
book such that I can access it from Evo on different Debian boxes?
Thanks, Michael

michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l | grep -i -e evolution
-e ldap
ii evolution 2.6.3-6 groupware
suite with mail client and org anizer

ii evolution-common 2.6.3-6
architecture independent files for Evolu tion

ii evolution-data-server 1.6.3-5 evolution
database backend server

ii evolution-data-server-common 1.6.3-5
architecture independent files for Evolu tion Data Server

ii evolution-dbg 2.6.3-6 debugging
symbols for Evolution

ii evolution-plugins 2.6.3-6 standard
plugins for Evolution

ii libcamel1.2-8 1.6.3-5 The
Evolution MIME message handling libr ary

ii libebook1.2-5 1.6.3-5 Client
library for evolution address boo ks

rc libebook8 1.0.4-1 Client
library for evolution address boo ks

ii libecal1.2-6 1.6.3-5 Client
library for evolution calendars

rc libecal6 1.0.4-1 Client
library for evolution calendars

rc libedata-book1 1.0.4-1 Backend
library for evolution address bo oks

ii libedata-book1.2-2 1.6.3-5 Backend
library for evolution address bo oks

ii libedata-cal1.2-5 1.6.3-5 Backend
library for evolution calendars

rc libedata-cal5 1.0.4-1 Backend
library for evolution calendars

ii libedataserver1.2-7 1.6.3-5 Utility
library for evolution data serve rs

rc libedataserver3 1.0.4-1 Utily
library for evolution data servers

ii libedataserverui1.2-6 1.6.3-5 GUI
utility library for evolution data s ervers

ii libexchange-storage1.2-1 1.6.3-5 Backend
library for evolution calendars

ii libldap2 2.1.30-13.3 OpenLDAP
libraries

ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution
support for mail notification

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 15h30

2007/6/14, michael <cs@networkingnewsletter.org.uk>:
> Having gone in circles with the Evolution '', I was wondering if
> anybody here could give me a pointer as to how to set up an LDAP address
> book such that I can access it from Evo on different Debian boxes?
> Thanks, Michael
>
> michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l | grep -i -e evolution
> -e ldap
> ii evolution 2.6.3-6 groupware
> suite with mail client and org anizer
>
> ii evolution-common 2.6.3-6
> architecture independent files for Evolu tion
>
> ii evolution-data-server 1.6.3-5 evolution
> database backend server
>
> ii evolution-data-server-common 1.6.3-5
> architecture independent files for Evolu tion Data Server
>
> ii evolution-dbg 2.6.3-6 debugging
> symbols for Evolution
>
> ii evolution-plugins 2.6.3-6 standard
> plugins for Evolution
>
> ii libcamel1.2-8 1.6.3-5 The
> Evolution MIME message handling libr ary
>
> ii libebook1.2-5 1.6.3-5 Client
> library for evolution address boo ks
>
> rc libebook8 1.0.4-1 Client
> library for evolution address boo ks
>
> ii libecal1.2-6 1.6.3-5 Client
> library for evolution calendars
>
> rc libecal6 1.0.4-1 Client
> library for evolution calendars
>
> rc libedata-book1 1.0.4-1 Backend
> library for evolution address bo oks
>
> ii libedata-book1.2-2 1.6.3-5 Backend
> library for evolution address bo oks
>
> ii libedata-cal1.2-5 1.6.3-5 Backend
> library for evolution calendars
>
> rc libedata-cal5 1.0.4-1 Backend
> library for evolution calendars
>
> ii libedataserver1.2-7 1.6.3-5 Utility
> library for evolution data serve rs
>
> rc libedataserver3 1.0.4-1 Utily
> library for evolution data servers
>
> ii libedataserverui1.2-6 1.6.3-5 GUI
> utility library for evolution data s ervers
>
> ii libexchange-storage1.2-1 1.6.3-5 Backend
> library for evolution calendars
>
> ii libldap2 2.1.30-13.3 OpenLDAP
> libraries
>
> ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution
> support for mail notification
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Did you try to install a LDAP Server?

--
Saludos,
Roberto D'Oliveira

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 16h00

On Thu, 2007-06-14 at 09:21 -0400, Roberto D'Oliveira wrote:
> 2007/6/14, michael <cs@networkingnewsletter.org.uk>:
> > Having gone in circles with the Evolution '', I was wondering if
> > anybody here could give me a pointer as to how to set up an LDAP address
> > book such that I can access it from Evo on different Debian boxes?
> > Thanks, Michael
> >
> > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l | grep -i -e evolution
> > -e ldap
> > ii evolution 2.6.3-6 groupware
> > suite with mail client and org anizer
> >
> > ii evolution-common 2.6.3-6
> > architecture independent files for Evolu tion
> >
> > ii evolution-data-server 1.6.3-5 evolution
> > database backend server
> >
> > ii evolution-data-server-common 1.6.3-5
> > architecture independent files for Evolu tion Data Server
> >
> > ii evolution-dbg 2.6.3-6 debugging
> > symbols for Evolution
> >
> > ii evolution-plugins 2.6.3-6 standard
> > plugins for Evolution
> >
> > ii libcamel1.2-8 1.6.3-5 The
> > Evolution MIME message handling libr ary
> >
> > ii libebook1.2-5 1.6.3-5 Client
> > library for evolution address boo ks
> >
> > rc libebook8 1.0.4-1 Client
> > library for evolution address boo ks
> >
> > ii libecal1.2-6 1.6.3-5 Client
> > library for evolution calendars
> >
> > rc libecal6 1.0.4-1 Client
> > library for evolution calendars
> >
> > rc libedata-book1 1.0.4-1 Backend
> > library for evolution address bo oks
> >
> > ii libedata-book1.2-2 1.6.3-5 Backend
> > library for evolution address bo oks
> >
> > ii libedata-cal1.2-5 1.6.3-5 Backend
> > library for evolution calendars
> >
> > rc libedata-cal5 1.0.4-1 Backend
> > library for evolution calendars
> >
> > ii libedataserver1.2-7 1.6.3-5 Utility
> > library for evolution data serve rs
> >
> > rc libedataserver3 1.0.4-1 Utily
> > library for evolution data servers
> >
> > ii libedataserverui1.2-6 1.6.3-5 GUI
> > utility library for evolution data s ervers
> >
> > ii libexchange-storage1.2-1 1.6.3-5 Backend
> > library for evolution calendars
> >
> > ii libldap2 2.1.30-13.3 OpenLDAP
> > libraries
> >
> > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution
> > support for mail notification
> >
> >
{}
>
> Did you try to install a LDAP Server?

Not explicitly... I wasn't sure if I needed that or could use another
server (but how to get an account?)... as I should have said, a newbie
to this!

Any recommendations for LDAP server for this particular purpose? I see
there's sl[a]pd and courier-ldap

Michael

debian etch stable:
michael@ratty:~/SMOKE/2.1/subsys/ioapi$ uname -a
Linux ratty 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686
GNU/Linux

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 17h20

2007/6/14, michael <cs@networkingnewsletter.org.uk>:
> On Thu, 2007-06-14 at 09:21 -0400, Roberto D'Oliveira wrote:
> > 2007/6/14, michael <cs@networkingnewsletter.org.uk>:
> > > Having gone in circles with the Evolution '', I was wondering if
> > > anybody here could give me a pointer as to how to set up an LDAP address
> > > book such that I can access it from Evo on different Debian boxes?
> > > Thanks, Michael
> > >
> > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l | grep -i -e evolution
> > > -e ldap
> > > ii evolution 2.6.3-6 groupware
> > > suite with mail client and org anizer
> > >
> > > ii evolution-common 2.6.3-6
> > > architecture independent files for Evolu tion
> > >
> > > ii evolution-data-server 1.6.3-5 evolution
> > > database backend server
> > >
> > > ii evolution-data-server-common 1.6.3-5
> > > architecture independent files for Evolu tion Data Server
> > >
> > > ii evolution-dbg 2.6.3-6 debugging
> > > symbols for Evolution
> > >
> > > ii evolution-plugins 2.6.3-6 standard
> > > plugins for Evolution
> > >
> > > ii libcamel1.2-8 1.6.3-5 The
> > > Evolution MIME message handling libr ary
> > >
> > > ii libebook1.2-5 1.6.3-5 Client
> > > library for evolution address boo ks
> > >
> > > rc libebook8 1.0.4-1 Client
> > > library for evolution address boo ks
> > >
> > > ii libecal1.2-6 1.6.3-5 Client
> > > library for evolution calendars
> > >
> > > rc libecal6 1.0.4-1 Client
> > > library for evolution calendars
> > >
> > > rc libedata-book1 1.0.4-1 Backend
> > > library for evolution address bo oks
> > >
> > > ii libedata-book1.2-2 1.6.3-5 Backend
> > > library for evolution address bo oks
> > >
> > > ii libedata-cal1.2-5 1.6.3-5 Backend
> > > library for evolution calendars
> > >
> > > rc libedata-cal5 1.0.4-1 Backend
> > > library for evolution calendars
> > >
> > > ii libedataserver1.2-7 1.6.3-5 Utility
> > > library for evolution data serve rs
> > >
> > > rc libedataserver3 1.0.4-1 Utily
> > > library for evolution data servers
> > >
> > > ii libedataserverui1.2-6 1.6.3-5 GUI
> > > utility library for evolution data s ervers
> > >
> > > ii libexchange-storage1.2-1 1.6.3-5 Backend
> > > library for evolution calendars
> > >
> > > ii libldap2 2.1.30-13.3 OpenLDAP
> > > libraries
> > >
> > > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution
> > > support for mail notification
> > >
> > >
> {}
> >
> > Did you try to install a LDAP Server?
>
> Not explicitly... I wasn't sure if I needed that or could use another
> server (but how to get an account?)... as I should have said, a newbie
> to this!
>
> Any recommendations for LDAP server for this particular purpose? I see
> there's sl[a]pd and courier-ldap
>
> Michael
>
> debian etch stable:
> michael@ratty:~/SMOKE/2.1/subsys/ioapi$ uname -a
> Linux ratty 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686
> GNU/Linux
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

OK, you have to setup a LDAP server for that intention. I think that
the most used free LDAP Server is OpenLDAP (aptitude install slapd).
After configure the LDAP server, you can configure evolution to use
this server: File -> New -> Address Book (LDAP).
--
Saludos,
Roberto D'Oliveira

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 17h40

On Thu, 2007-06-14 at 11:10 -0400, Roberto D'Oliveira wrote:
> 2007/6/14, michael <cs@networkingnewsletter.org.uk>:
> > On Thu, 2007-06-14 at 09:21 -0400, Roberto D'Oliveira wrote:
> > > 2007/6/14, michael <cs@networkingnewsletter.org.uk>:
> > > > Having gone in circles with the Evolution '', I was wondering if
> > > > anybody here could give me a pointer as to how to set up an LDAP address
> > > > book such that I can access it from Evo on different Debian boxes?
> > > > Thanks, Michael
> > > >
> > > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l | grep -i -e evolution
> > > > -e ldap
> > > > ii evolution 2.6.3-6 groupware
> > > > suite with mail client and org anizer
> > > >
> > > > ii evolution-common 2.6.3-6
> > > > architecture independent files for Evolu tion
> > > >
> > > > ii evolution-data-server 1.6.3-5 evolution
> > > > database backend server
> > > >
> > > > ii evolution-data-server-common 1.6.3-5
> > > > architecture independent files for Evolu tion Data Server
> > > >
> > > > ii evolution-dbg 2.6.3-6 debugging
> > > > symbols for Evolution
> > > >
> > > > ii evolution-plugins 2.6.3-6 standard
> > > > plugins for Evolution
> > > >
> > > > ii libcamel1.2-8 1.6.3-5 The
> > > > Evolution MIME message handling libr ary
> > > >
> > > > ii libebook1.2-5 1.6.3-5 Client
> > > > library for evolution address boo ks
> > > >
> > > > rc libebook8 1.0.4-1 Client
> > > > library for evolution address boo ks
> > > >
> > > > ii libecal1.2-6 1.6.3-5 Client
> > > > library for evolution calendars
> > > >
> > > > rc libecal6 1.0.4-1 Client
> > > > library for evolution calendars
> > > >
> > > > rc libedata-book1 1.0.4-1 Backend
> > > > library for evolution address bo oks
> > > >
> > > > ii libedata-book1.2-2 1.6.3-5 Backend
> > > > library for evolution address bo oks
> > > >
> > > > ii libedata-cal1.2-5 1.6.3-5 Backend
> > > > library for evolution calendars
> > > >
> > > > rc libedata-cal5 1.0.4-1 Backend
> > > > library for evolution calendars
> > > >
> > > > ii libedataserver1.2-7 1.6.3-5 Utility
> > > > library for evolution data serve rs
> > > >
> > > > rc libedataserver3 1.0.4-1 Utily
> > > > library for evolution data servers
> > > >
> > > > ii libedataserverui1.2-6 1.6.3-5 GUI
> > > > utility library for evolution data s ervers
> > > >
> > > > ii libexchange-storage1.2-1 1.6.3-5 Backend
> > > > library for evolution calendars
> > > >
> > > > ii libldap2 2.1.30-13.3 OpenLDAP
> > > > libraries
> > > >
> > > > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution
> > > > support for mail notification
> > > >
> > > >
> > {}
> > >
> > > Did you try to install a LDAP Server?
> >
> > Not explicitly... I wasn't sure if I needed that or could use another
> > server (but how to get an account?)... as I should have said, a newbie
> > to this!
> >
> > Any recommendations for LDAP server for this particular purpose? I see
> > there's sl[a]pd and courier-ldap
> >
> > Michael
> >
> > debian etch stable:
> > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ uname -a
> > Linux ratty 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686
> > GNU/Linux
> >

> OK, you have to setup a LDAP server for that intention. I think that
> the most used free LDAP Server is OpenLDAP (aptitude install slapd).
> After configure the LDAP server, you can configure evolution to use
> this server: File -> New -> Address Book (LDAP).

I'm missing something here... I've installed slapd and it's running:
michael@ratty:~/SMOKE/2.1/subsys/ioapi$ ps -elf|grep slap
1 S openldap 2457 1 0 78 0 - 3650 stext 16:32 ?
00:00:00 /usr/sbin/slapd -g openldap -u openldap

and if create a new LDAP address book with my domainname as server &
login anonmously then I still can't seem to add to said address book

thanks for your patience
M

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

15/06/2007, 16h00

On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote:
> OK, OpenLDAP allows anonymous connections for reading by default, but
> it doesn't allow writes on the tree, you have to specify rights on
> slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think
> that maybe isn't a good idea allow to everybody write on your LDAP
> tree (Can you imagine the conflicts betwen the users?). Usually, LDAP
> is used like a read-only address book (only the administrator is who
> have writing rights).
>

That makes sense. Unfortunately I've never used LDAP before so I've no
idea what I need to do. I've played with slapd.conf but haven't got
anywhere (and do I need to create an empty LDAP file initially?)...
again, ptrs to an idiots' guide would be most welcome

michael

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

16/06/2007, 01h00

michael wrote:
> On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote:
>> OK, OpenLDAP allows anonymous connections for reading by default, but
>> it doesn't allow writes on the tree, you have to specify rights on
>> slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think
>> that maybe isn't a good idea allow to everybody write on your LDAP
>> tree (Can you imagine the conflicts betwen the users?). Usually, LDAP
>> is used like a read-only address book (only the administrator is who
>> have writing rights).
>
> That makes sense. Unfortunately I've never used LDAP before so I've no
> idea what I need to do. I've played with slapd.conf but haven't got
> anywhere (and do I need to create an empty LDAP file initially?)...
> again, ptrs to an idiots' guide would be most welcome

This one worked well for me:
http://www.brennan.id.au/20-Shared_A...Book_LDAP.html
You can skip the "Basic Configuration" section on Debian.

Another (I have not used):
http://www.sudleyplace.com/LDAP/index.en.html

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

16/06/2007, 15h40

On Fri, 2007-06-15 at 10:38 -0400, Roberto D'Oliveira wrote:
> 2007/6/15, michael <cs@networkingnewsletter.org.uk>:
> > On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote:
> > > OK, OpenLDAP allows anonymous connections for reading by default, but
> > > it doesn't allow writes on the tree, you have to specify rights on
> > > slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think
> > > that maybe isn't a good idea allow to everybody write on your LDAP
> > > tree (Can you imagine the conflicts betwen the users?). Usually, LDAP
> > > is used like a read-only address book (only the administrator is who
> > > have writing rights).
> > >
> >
> > That makes sense. Unfortunately I've never used LDAP before so I've no
> > idea what I need to do. I've played with slapd.conf but haven't got
> > anywhere (and do I need to create an empty LDAP file initially?)...
> > again, ptrs to an idiots' guide would be most welcome
> >

>
> I found this on google:
> http://www.brennan.id.au/20-Shared_A...Book_LDAP.html
> I used this keywords: addressbook ldap howto linux. Maybe you can find
> others things with a little effort.

I should have said in prev email that I had indeed tried searching
(about an hour) - but obviously your terms may have been better

Thanks for looking! (although that links not as quite an "idiots guide"
as I'd liked) I'll see how I get on with it

Also thanks to Owen for other suggested links.

Now to play...

M

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

16/06/2007, 17h50

On Fri, 2007-06-15 at 17:56 -0500, Owen Heisler wrote:
> michael wrote:
> > On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote:
> >> OK, OpenLDAP allows anonymous connections for reading by default, but
> >> it doesn't allow writes on the tree, you have to specify rights on
> >> slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think
> >> that maybe isn't a good idea allow to everybody write on your LDAP
> >> tree (Can you imagine the conflicts betwen the users?). Usually, LDAP
> >> is used like a read-only address book (only the administrator is who
> >> have writing rights).
> >
> > That makes sense. Unfortunately I've never used LDAP before so I've no
> > idea what I need to do. I've played with slapd.conf but haven't got
> > anywhere (and do I need to create an empty LDAP file initially?)...
> > again, ptrs to an idiots' guide would be most welcome
>
> This one worked well for me:
> http://www.brennan.id.au/20-Shared_A...Book_LDAP.html
> You can skip the "Basic Configuration" section on Debian.
>
> Another (I have not used):
> http://www.sudleyplace.com/LDAP/index.en.html
>
>

Argh, either I'm being very thick or I'm missing something. I've been
following the former but using 'admin' instead of 'Manager' and my
suffix is 'dc=phy,dc=umist,dc=ac,dc=uk' (I guess it doesn't matter that
it's not my full domainname ratty.phy.umist.ac.uk as long as I
consitently use the same?). When I try ldapmodify (I made a mistake with
the first ldapadd so I guess I now need ldapmodify) I get the follow
error which I don't understand. My slapd.conf and addressbook.ldif are
below. All /corrections welcome!

Script started on Sat 16 Jun 2007 16:42:53 BST
]0;michael@ratty: /etc/ldap
michael@ratty:/etc/ldap$ sudo ldapmodify -v -x -D
'cn=admin,dc=phy,dc=umist,dc=ac,dc=uk' -W -f /etc/ldap/address
sbook.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
replace objectclass:
dcObject
organization
replace o:
Home LDAP Server
replace dc:
phy
modifying entry "dc=phy,dc=umist,dc=ac,dc=uk"
modify complete

replace objectclass:
organizationalRole
replace cn:
admin
modifying entry "cn=admin,dc=phy,dc=umist,dc=ac,dc=uk"
modify complete
ldap_modify: Object class violation (65)
additional info: attribute 'userPassword' not allowed

]0;michael@ratty: /etc/ldap
michael@ratty:/etc/ldap$ ;sudo cat slapd.conf addressbook.ldif
bash: syntax error near unexpected token `;'
]0;michael@ratty: /etc/ldap
michael@ratty:/etc/ldap$ sudo cat slapd.conf addressbook.ldif
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

################################################## #####################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel 9

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb

# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is
used
# for indexing.
tool-threads 1

################################################## #####################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30

################################################## #####################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>

################################################## #####################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb

# The base of your directory in database #1
suffix "dc=phy,dc=umist,dc=ac,dc=uk"

# rootdn directive for specifying a superuser on the database. This is
needed
# for syncrepl.

### MKB: uncommented rootdn and added rootpw
rootdn "cn=admin,dc=phy,dc=umist,dc=ac,dc=uk"
rootpw {SSHA}/z08peHHolxG3RzNGVsW/CdeqCLOIHHN

# Where the database file are physically stored for database #1
directory "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update
this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
###MKB: added 'pres'
index objectClass eq, pres

# Save the time that the entry gets modified, for database #1
lastmod on

# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog

### MKB: commented out all of below
### MKB:
### MKB: # The userPassword by default can be changed
### MKB: # by the entry owning it if they are authenticated.
### MKB: # Others should not be able to see it, except the
### MKB: # admin entry below
### MKB: # These access lines apply to database #1 only
### MKB: access to attrs=userPassword,shadowLastChange
### MKB: by dn="cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" write
### MKB: by anonymous auth
### MKB: by self write
### MKB: by * none
### MKB:
### MKB: # Ensure read access to the base for things like
### MKB: # supportedSASLMechanisms. Without this you may
### MKB: # have problems with SASL not knowing what
### MKB: # mechanisms are available and the like.
### MKB: # Note that this is covered by the 'access to *'
### MKB: # ACL below too but if you change that as people
### MKB: # are wont to do you'll still need this if you
### MKB: # want SASL (and possible other things) to work
### MKB: # happily.
### MKB: access to dn.base="" by * read
### MKB:
### MKB: # The admin dn has full write access, everyone else
### MKB: # can read everything.
### MKB: access to *
### MKB: by dn="cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" write
### MKB: by * read
### MKB:
### MKB: # For Netscape Roaming support, each user gets a roaming
### MKB: # profile for which they have write access to
### MKB: #access to dn=".*,ou=Roaming,o=morsnet"
### MKB: # by dn="cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" write
### MKB: # by dnattr=owner write

################################################## #####################
# Specific Directives for database #2, of type 'other' (can be bdb
too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>

# The base of your directory for database #2
#suffix "dc=debian,dc=org"
dn: dc=phy,dc=umist,dc=ac,dc=uk
objectclass: dcObject
objectclass: organization
o: Home LDAP Server
dc: phy

dn: cn=admin,dc=phy,dc=umist,dc=ac,dc=uk
objectclass: organizationalRole
cn: admin

dn: ou=users,dc=phy,dc=umist,dc=ac,dc=uk
ou: users
objectClass: top
objectClass: organizationalUnit

dn: ou=addressbook,dc=phy,dc=umist,dc=ac,dc=uk
ou: addressbook
objectClass: top
objectClass: organizationalUnit
]0;michael@ratty: /etc/ldap
michael@ratty:/etc/ldap$ exit

Script done on Sat 16 Jun 2007 16:43:30 BST

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 16h00	#3
michael Messages: n/a Hébergeur:	Re: evolution and LDAP On Thu, 2007-06-14 at 09:21 -0400, Roberto D'Oliveira wrote: > 2007/6/14, michael <cs@networkingnewsletter.org.uk>: > > Having gone in circles with the Evolution '', I was wondering if > > anybody here could give me a pointer as to how to set up an LDAP address > > book such that I can access it from Evo on different Debian boxes? > > Thanks, Michael > > > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l \| grep -i -e evolution > > -e ldap > > ii evolution 2.6.3-6 groupware > > suite with mail client and org anizer > > > > ii evolution-common 2.6.3-6 > > architecture independent files for Evolu tion > > > > ii evolution-data-server 1.6.3-5 evolution > > database backend server > > > > ii evolution-data-server-common 1.6.3-5 > > architecture independent files for Evolu tion Data Server > > > > ii evolution-dbg 2.6.3-6 debugging > > symbols for Evolution > > > > ii evolution-plugins 2.6.3-6 standard > > plugins for Evolution > > > > ii libcamel1.2-8 1.6.3-5 The > > Evolution MIME message handling libr ary > > > > ii libebook1.2-5 1.6.3-5 Client > > library for evolution address boo ks > > > > rc libebook8 1.0.4-1 Client > > library for evolution address boo ks > > > > ii libecal1.2-6 1.6.3-5 Client > > library for evolution calendars > > > > rc libecal6 1.0.4-1 Client > > library for evolution calendars > > > > rc libedata-book1 1.0.4-1 Backend > > library for evolution address bo oks > > > > ii libedata-book1.2-2 1.6.3-5 Backend > > library for evolution address bo oks > > > > ii libedata-cal1.2-5 1.6.3-5 Backend > > library for evolution calendars > > > > rc libedata-cal5 1.0.4-1 Backend > > library for evolution calendars > > > > ii libedataserver1.2-7 1.6.3-5 Utility > > library for evolution data serve rs > > > > rc libedataserver3 1.0.4-1 Utily > > library for evolution data servers > > > > ii libedataserverui1.2-6 1.6.3-5 GUI > > utility library for evolution data s ervers > > > > ii libexchange-storage1.2-1 1.6.3-5 Backend > > library for evolution calendars > > > > ii libldap2 2.1.30-13.3 OpenLDAP > > libraries > > > > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution > > support for mail notification > > > > {} > > Did you try to install a LDAP Server? Not explicitly... I wasn't sure if I needed that or could use another server (but how to get an account?)... as I should have said, a newbie to this! Any recommendations for LDAP server for this particular purpose? I see there's sl[a]pd and courier-ldap Michael debian etch stable: michael@ratty:~/SMOKE/2.1/subsys/ioapi$ uname -a Linux ratty 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686 GNU/Linux -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 17h20	#4
Roberto D'Oliveira Messages: n/a Hébergeur:	Re: evolution and LDAP 2007/6/14, michael <cs@networkingnewsletter.org.uk>: > On Thu, 2007-06-14 at 09:21 -0400, Roberto D'Oliveira wrote: > > 2007/6/14, michael <cs@networkingnewsletter.org.uk>: > > > Having gone in circles with the Evolution '', I was wondering if > > > anybody here could give me a pointer as to how to set up an LDAP address > > > book such that I can access it from Evo on different Debian boxes? > > > Thanks, Michael > > > > > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l \| grep -i -e evolution > > > -e ldap > > > ii evolution 2.6.3-6 groupware > > > suite with mail client and org anizer > > > > > > ii evolution-common 2.6.3-6 > > > architecture independent files for Evolu tion > > > > > > ii evolution-data-server 1.6.3-5 evolution > > > database backend server > > > > > > ii evolution-data-server-common 1.6.3-5 > > > architecture independent files for Evolu tion Data Server > > > > > > ii evolution-dbg 2.6.3-6 debugging > > > symbols for Evolution > > > > > > ii evolution-plugins 2.6.3-6 standard > > > plugins for Evolution > > > > > > ii libcamel1.2-8 1.6.3-5 The > > > Evolution MIME message handling libr ary > > > > > > ii libebook1.2-5 1.6.3-5 Client > > > library for evolution address boo ks > > > > > > rc libebook8 1.0.4-1 Client > > > library for evolution address boo ks > > > > > > ii libecal1.2-6 1.6.3-5 Client > > > library for evolution calendars > > > > > > rc libecal6 1.0.4-1 Client > > > library for evolution calendars > > > > > > rc libedata-book1 1.0.4-1 Backend > > > library for evolution address bo oks > > > > > > ii libedata-book1.2-2 1.6.3-5 Backend > > > library for evolution address bo oks > > > > > > ii libedata-cal1.2-5 1.6.3-5 Backend > > > library for evolution calendars > > > > > > rc libedata-cal5 1.0.4-1 Backend > > > library for evolution calendars > > > > > > ii libedataserver1.2-7 1.6.3-5 Utility > > > library for evolution data serve rs > > > > > > rc libedataserver3 1.0.4-1 Utily > > > library for evolution data servers > > > > > > ii libedataserverui1.2-6 1.6.3-5 GUI > > > utility library for evolution data s ervers > > > > > > ii libexchange-storage1.2-1 1.6.3-5 Backend > > > library for evolution calendars > > > > > > ii libldap2 2.1.30-13.3 OpenLDAP > > > libraries > > > > > > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution > > > support for mail notification > > > > > > > {} > > > > Did you try to install a LDAP Server? > > Not explicitly... I wasn't sure if I needed that or could use another > server (but how to get an account?)... as I should have said, a newbie > to this! > > Any recommendations for LDAP server for this particular purpose? I see > there's sl[a]pd and courier-ldap > > Michael > > debian etch stable: > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ uname -a > Linux ratty 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686 > GNU/Linux > > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > OK, you have to setup a LDAP server for that intention. I think that the most used free LDAP Server is OpenLDAP (aptitude install slapd). After configure the LDAP server, you can configure evolution to use this server: File -> New -> Address Book (LDAP). -- Saludos, Roberto D'Oliveira -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 17h40	#5
michael Messages: n/a Hébergeur:	Re: evolution and LDAP On Thu, 2007-06-14 at 11:10 -0400, Roberto D'Oliveira wrote: > 2007/6/14, michael <cs@networkingnewsletter.org.uk>: > > On Thu, 2007-06-14 at 09:21 -0400, Roberto D'Oliveira wrote: > > > 2007/6/14, michael <cs@networkingnewsletter.org.uk>: > > > > Having gone in circles with the Evolution '', I was wondering if > > > > anybody here could give me a pointer as to how to set up an LDAP address > > > > book such that I can access it from Evo on different Debian boxes? > > > > Thanks, Michael > > > > > > > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l \| grep -i -e evolution > > > > -e ldap > > > > ii evolution 2.6.3-6 groupware > > > > suite with mail client and org anizer > > > > > > > > ii evolution-common 2.6.3-6 > > > > architecture independent files for Evolu tion > > > > > > > > ii evolution-data-server 1.6.3-5 evolution > > > > database backend server > > > > > > > > ii evolution-data-server-common 1.6.3-5 > > > > architecture independent files for Evolu tion Data Server > > > > > > > > ii evolution-dbg 2.6.3-6 debugging > > > > symbols for Evolution > > > > > > > > ii evolution-plugins 2.6.3-6 standard > > > > plugins for Evolution > > > > > > > > ii libcamel1.2-8 1.6.3-5 The > > > > Evolution MIME message handling libr ary > > > > > > > > ii libebook1.2-5 1.6.3-5 Client > > > > library for evolution address boo ks > > > > > > > > rc libebook8 1.0.4-1 Client > > > > library for evolution address boo ks > > > > > > > > ii libecal1.2-6 1.6.3-5 Client > > > > library for evolution calendars > > > > > > > > rc libecal6 1.0.4-1 Client > > > > library for evolution calendars > > > > > > > > rc libedata-book1 1.0.4-1 Backend > > > > library for evolution address bo oks > > > > > > > > ii libedata-book1.2-2 1.6.3-5 Backend > > > > library for evolution address bo oks > > > > > > > > ii libedata-cal1.2-5 1.6.3-5 Backend > > > > library for evolution calendars > > > > > > > > rc libedata-cal5 1.0.4-1 Backend > > > > library for evolution calendars > > > > > > > > ii libedataserver1.2-7 1.6.3-5 Utility > > > > library for evolution data serve rs > > > > > > > > rc libedataserver3 1.0.4-1 Utily > > > > library for evolution data servers > > > > > > > > ii libedataserverui1.2-6 1.6.3-5 GUI > > > > utility library for evolution data s ervers > > > > > > > > ii libexchange-storage1.2-1 1.6.3-5 Backend > > > > library for evolution calendars > > > > > > > > ii libldap2 2.1.30-13.3 OpenLDAP > > > > libraries > > > > > > > > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution > > > > support for mail notification > > > > > > > > > > {} > > > > > > Did you try to install a LDAP Server? > > > > Not explicitly... I wasn't sure if I needed that or could use another > > server (but how to get an account?)... as I should have said, a newbie > > to this! > > > > Any recommendations for LDAP server for this particular purpose? I see > > there's sl[a]pd and courier-ldap > > > > Michael > > > > debian etch stable: > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ uname -a > > Linux ratty 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686 > > GNU/Linux > > > OK, you have to setup a LDAP server for that intention. I think that > the most used free LDAP Server is OpenLDAP (aptitude install slapd). > After configure the LDAP server, you can configure evolution to use > this server: File -> New -> Address Book (LDAP). I'm missing something here... I've installed slapd and it's running: michael@ratty:~/SMOKE/2.1/subsys/ioapi$ ps -elf\|grep slap 1 S openldap 2457 1 0 78 0 - 3650 stext 16:32 ? 00:00:00 /usr/sbin/slapd -g openldap -u openldap and if create a new LDAP address book with my domainname as server & login anonmously then I still can't seem to add to said address book thanks for your patience M -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

15/06/2007, 16h00	#6
michael Messages: n/a Hébergeur:	Re: evolution and LDAP On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote: > OK, OpenLDAP allows anonymous connections for reading by default, but > it doesn't allow writes on the tree, you have to specify rights on > slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think > that maybe isn't a good idea allow to everybody write on your LDAP > tree (Can you imagine the conflicts betwen the users?). Usually, LDAP > is used like a read-only address book (only the administrator is who > have writing rights). > That makes sense. Unfortunately I've never used LDAP before so I've no idea what I need to do. I've played with slapd.conf but haven't got anywhere (and do I need to create an empty LDAP file initially?)... again, ptrs to an idiots' guide would be most welcome michael -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

16/06/2007, 01h00	#7
Owen Heisler Messages: n/a Hébergeur:	Re: evolution and LDAP michael wrote: > On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote: >> OK, OpenLDAP allows anonymous connections for reading by default, but >> it doesn't allow writes on the tree, you have to specify rights on >> slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think >> that maybe isn't a good idea allow to everybody write on your LDAP >> tree (Can you imagine the conflicts betwen the users?). Usually, LDAP >> is used like a read-only address book (only the administrator is who >> have writing rights). > > That makes sense. Unfortunately I've never used LDAP before so I've no > idea what I need to do. I've played with slapd.conf but haven't got > anywhere (and do I need to create an empty LDAP file initially?)... > again, ptrs to an idiots' guide would be most welcome This one worked well for me: http://www.brennan.id.au/20-Shared_A...Book_LDAP.html You can skip the "Basic Configuration" section on Debian. Another (I have not used): http://www.sudleyplace.com/LDAP/index.en.html -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 15h10	#1
michael Messages: n/a Hébergeur:	evolution and LDAP Having gone in circles with the Evolution '', I was wondering if anybody here could give me a pointer as to how to set up an LDAP address book such that I can access it from Evo on different Debian boxes? Thanks, Michael michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l \| grep -i -e evolution -e ldap ii evolution 2.6.3-6 groupware suite with mail client and org anizer ii evolution-common 2.6.3-6 architecture independent files for Evolu tion ii evolution-data-server 1.6.3-5 evolution database backend server ii evolution-data-server-common 1.6.3-5 architecture independent files for Evolu tion Data Server ii evolution-dbg 2.6.3-6 debugging symbols for Evolution ii evolution-plugins 2.6.3-6 standard plugins for Evolution ii libcamel1.2-8 1.6.3-5 The Evolution MIME message handling libr ary ii libebook1.2-5 1.6.3-5 Client library for evolution address boo ks rc libebook8 1.0.4-1 Client library for evolution address boo ks ii libecal1.2-6 1.6.3-5 Client library for evolution calendars rc libecal6 1.0.4-1 Client library for evolution calendars rc libedata-book1 1.0.4-1 Backend library for evolution address bo oks ii libedata-book1.2-2 1.6.3-5 Backend library for evolution address bo oks ii libedata-cal1.2-5 1.6.3-5 Backend library for evolution calendars rc libedata-cal5 1.0.4-1 Backend library for evolution calendars ii libedataserver1.2-7 1.6.3-5 Utility library for evolution data serve rs rc libedataserver3 1.0.4-1 Utily library for evolution data servers ii libedataserverui1.2-6 1.6.3-5 GUI utility library for evolution data s ervers ii libexchange-storage1.2-1 1.6.3-5 Backend library for evolution calendars ii libldap2 2.1.30-13.3 OpenLDAP libraries ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution support for mail notification -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

14/06/2007, 15h30	#2
Roberto D'Oliveira Messages: n/a Hébergeur:	Re: evolution and LDAP 2007/6/14, michael <cs@networkingnewsletter.org.uk>: > Having gone in circles with the Evolution '', I was wondering if > anybody here could give me a pointer as to how to set up an LDAP address > book such that I can access it from Evo on different Debian boxes? > Thanks, Michael > > michael@ratty:~/SMOKE/2.1/subsys/ioapi$ dpkg -l \| grep -i -e evolution > -e ldap > ii evolution 2.6.3-6 groupware > suite with mail client and org anizer > > ii evolution-common 2.6.3-6 > architecture independent files for Evolu tion > > ii evolution-data-server 1.6.3-5 evolution > database backend server > > ii evolution-data-server-common 1.6.3-5 > architecture independent files for Evolu tion Data Server > > ii evolution-dbg 2.6.3-6 debugging > symbols for Evolution > > ii evolution-plugins 2.6.3-6 standard > plugins for Evolution > > ii libcamel1.2-8 1.6.3-5 The > Evolution MIME message handling libr ary > > ii libebook1.2-5 1.6.3-5 Client > library for evolution address boo ks > > rc libebook8 1.0.4-1 Client > library for evolution address boo ks > > ii libecal1.2-6 1.6.3-5 Client > library for evolution calendars > > rc libecal6 1.0.4-1 Client > library for evolution calendars > > rc libedata-book1 1.0.4-1 Backend > library for evolution address bo oks > > ii libedata-book1.2-2 1.6.3-5 Backend > library for evolution address bo oks > > ii libedata-cal1.2-5 1.6.3-5 Backend > library for evolution calendars > > rc libedata-cal5 1.0.4-1 Backend > library for evolution calendars > > ii libedataserver1.2-7 1.6.3-5 Utility > library for evolution data serve rs > > rc libedataserver3 1.0.4-1 Utily > library for evolution data servers > > ii libedataserverui1.2-6 1.6.3-5 GUI > utility library for evolution data s ervers > > ii libexchange-storage1.2-1 1.6.3-5 Backend > library for evolution calendars > > ii libldap2 2.1.30-13.3 OpenLDAP > libraries > > ii mail-notification-evolution 3.0.dfsg.1-10+b1 evolution > support for mail notification > > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > Did you try to install a LDAP Server? -- Saludos, Roberto D'Oliveira -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

16/06/2007, 15h40	#8
michael Messages: n/a Hébergeur:	Re: evolution and LDAP On Fri, 2007-06-15 at 10:38 -0400, Roberto D'Oliveira wrote: > 2007/6/15, michael <cs@networkingnewsletter.org.uk>: > > On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote: > > > OK, OpenLDAP allows anonymous connections for reading by default, but > > > it doesn't allow writes on the tree, you have to specify rights on > > > slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think > > > that maybe isn't a good idea allow to everybody write on your LDAP > > > tree (Can you imagine the conflicts betwen the users?). Usually, LDAP > > > is used like a read-only address book (only the administrator is who > > > have writing rights). > > > > > > > That makes sense. Unfortunately I've never used LDAP before so I've no > > idea what I need to do. I've played with slapd.conf but haven't got > > anywhere (and do I need to create an empty LDAP file initially?)... > > again, ptrs to an idiots' guide would be most welcome > > > > I found this on google: > http://www.brennan.id.au/20-Shared_A...Book_LDAP.html > I used this keywords: addressbook ldap howto linux. Maybe you can find > others things with a little effort. I should have said in prev email that I had indeed tried searching (about an hour) - but obviously your terms may have been better Thanks for looking! (although that links not as quite an "idiots guide" as I'd liked) I'll see how I get on with it Also thanks to Owen for other suggested links. Now to play... M -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

16/06/2007, 17h50	#9
michael Messages: n/a Hébergeur:	Re: evolution and LDAP On Fri, 2007-06-15 at 17:56 -0500, Owen Heisler wrote: > michael wrote: > > On Thu, 2007-06-14 at 14:00 -0400, Roberto D'Oliveira wrote: > >> OK, OpenLDAP allows anonymous connections for reading by default, but > >> it doesn't allow writes on the tree, you have to specify rights on > >> slapd.conf (WHO can do WHAT on WHERE). Aditional, you have to think > >> that maybe isn't a good idea allow to everybody write on your LDAP > >> tree (Can you imagine the conflicts betwen the users?). Usually, LDAP > >> is used like a read-only address book (only the administrator is who > >> have writing rights). > > > > That makes sense. Unfortunately I've never used LDAP before so I've no > > idea what I need to do. I've played with slapd.conf but haven't got > > anywhere (and do I need to create an empty LDAP file initially?)... > > again, ptrs to an idiots' guide would be most welcome > > This one worked well for me: > http://www.brennan.id.au/20-Shared_A...Book_LDAP.html > You can skip the "Basic Configuration" section on Debian. > > Another (I have not used): > http://www.sudleyplace.com/LDAP/index.en.html > > Argh, either I'm being very thick or I'm missing something. I've been following the former but using 'admin' instead of 'Manager' and my suffix is 'dc=phy,dc=umist,dc=ac,dc=uk' (I guess it doesn't matter that it's not my full domainname ratty.phy.umist.ac.uk as long as I consitently use the same?). When I try ldapmodify (I made a mistake with the first ldapadd so I guess I now need ldapmodify) I get the follow error which I don't understand. My slapd.conf and addressbook.ldif are below. All /corrections welcome! Script started on Sat 16 Jun 2007 16:42:53 BST ]0;michael@ratty: /etc/ldap michael@ratty:/etc/ldap$ sudo ldapmodify -v -x -D 'cn=admin,dc=phy,dc=umist,dc=ac,dc=uk' -W -f /etc/ldap/address sbook.ldif ldap_initialize( <DEFAULT> ) Enter LDAP Password: replace objectclass: dcObject organization replace o: Home LDAP Server replace dc: phy modifying entry "dc=phy,dc=umist,dc=ac,dc=uk" modify complete replace objectclass: organizationalRole replace cn: admin modifying entry "cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" modify complete ldap_modify: Object class violation (65) additional info: attribute 'userPassword' not allowed ]0;michael@ratty: /etc/ldap michael@ratty:/etc/ldap$ ;sudo cat slapd.conf addressbook.ldif bash: syntax error near unexpected token `;' ]0;michael@ratty: /etc/ldap michael@ratty:/etc/ldap$ sudo cat slapd.conf addressbook.ldif # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ################################################## ##################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel 9 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 ################################################## ##################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30 ################################################## ##################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ################################################## ##################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb # The base of your directory in database #1 suffix "dc=phy,dc=umist,dc=ac,dc=uk" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. ### MKB: uncommented rootdn and added rootpw rootdn "cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" rootpw {SSHA}/z08peHHolxG3RzNGVsW/CdeqCLOIHHN # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 ###MKB: added 'pres' index objectClass eq, pres # Save the time that the entry gets modified, for database #1 lastmod on # Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog ### MKB: commented out all of below ### MKB: ### MKB: # The userPassword by default can be changed ### MKB: # by the entry owning it if they are authenticated. ### MKB: # Others should not be able to see it, except the ### MKB: # admin entry below ### MKB: # These access lines apply to database #1 only ### MKB: access to attrs=userPassword,shadowLastChange ### MKB: by dn="cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" write ### MKB: by anonymous auth ### MKB: by self write ### MKB: by * none ### MKB: ### MKB: # Ensure read access to the base for things like ### MKB: # supportedSASLMechanisms. Without this you may ### MKB: # have problems with SASL not knowing what ### MKB: # mechanisms are available and the like. ### MKB: # Note that this is covered by the 'access to ' ### MKB: # ACL below too but if you change that as people ### MKB: # are wont to do you'll still need this if you ### MKB: # want SASL (and possible other things) to work ### MKB: # happily. ### MKB: access to dn.base="" by read ### MKB: ### MKB: # The admin dn has full write access, everyone else ### MKB: # can read everything. ### MKB: access to * ### MKB: by dn="cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" write ### MKB: by * read ### MKB: ### MKB: # For Netscape Roaming support, each user gets a roaming ### MKB: # profile for which they have write access to ### MKB: #access to dn=".*,ou=Roaming,o=morsnet" ### MKB: # by dn="cn=admin,dc=phy,dc=umist,dc=ac,dc=uk" write ### MKB: # by dnattr=owner write ################################################## ##################### # Specific Directives for database #2, of type 'other' (can be bdb too): # Database specific directives apply to this databasse until another # 'database' directive occurs #database <other> # The base of your directory for database #2 #suffix "dc=debian,dc=org" dn: dc=phy,dc=umist,dc=ac,dc=uk objectclass: dcObject objectclass: organization o: Home LDAP Server dc: phy dn: cn=admin,dc=phy,dc=umist,dc=ac,dc=uk objectclass: organizationalRole cn: admin dn: ou=users,dc=phy,dc=umist,dc=ac,dc=uk ou: users objectClass: top objectClass: organizationalUnit dn: ou=addressbook,dc=phy,dc=umist,dc=ac,dc=uk ou: addressbook objectClass: top objectClass: organizationalUnit ]0;michael@ratty: /etc/ldap michael@ratty:/etc/ldap$ exit Script done on Sat 16 Jun 2007 16:43:30 BST -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email