access to OpenLDAP-server from Windows-based clients

S

Serg

I had install fresh Berkeley DB and OpenLDAP on FreeBSD 4.10.
It works, but service could be achieved only locally by 'ldapsearch' utility.
Primary reason to start LDAP-server was to give users the way to access shared
'Address Book' from its LDAP enabled mail clients like Mozilla or Outlook.
This time its impossible and I have no way to solve this puzzle.
Please, point me.

Logz do not generating and LDAP protocol version 2 does not supported - daemon
sillently does not started if it option figured in main configuration file.
------------------------------------------------------------
Installing Berkeley DB:

mkdir BDB
cd BDB
fetch http://downloads.sleepycat.com/db-4.3.28.tar.gz
fetch ftp://ftp.sleepycat.com/releases/db-4.3.28.tar.gz
tar zxf db-4.3.28.tar.gz
../db-4.3.28/dist/configure
make
make install
cd ..
rehash
------------------------------------------------------------
Installing OpenLDAP:

fetch ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.6.tgz
tar zxf openldap-2.3.6.tgz
cd openldap-2.3.6
# ./configure
env CPPFLAGS=-I/usr/local/BerkeleyDB.4.3/include
LDFLAGS=-L/usr/local/BerkeleyDB.4.3/lib ./configure --enable-ldap
make depend
make
make test
make install
rehash
------------------------------------------------------------
Configuring LDAP-server by editing /usr/local/etc/openldap/slapd.conf :

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read"
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database bdb
#suffix "dc=my-domain,dc=com"
#rootdn "cn=Manager,dc=my-domain,dc=com"
suffix "dc=example,dc=com"
rootdn "dc=example,dc=com"

# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq

loglevel 4095

#allow bind_v2 /usr/local/libexec/slapd even does not start with it option!
------------------------------------------------------------
Running LDAP-server:

/usr/local/libexec/slapd
------------------------------------------------------------
Editing /usr/local/etc/openldap/contact.ldif and putting it to database
/usr/local/bin/ldapadd -D 'dc=example, dc=com' -f
/usr/local/etc/openldap/contact.ldif -w secret

dn: cn=Jane Doe, ou=addressbook, dc=example, dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Jane Doe
gn: Jane
sn: Doe
mail: (e-mail address removed)
physicalDeliveryOfficeName: Conglomo, Inc., Financial Services
postalAddress: PO BOX 55555
l: Baton Rouge
ou: addressbook
st: LA
postalCode: 70555
telephoneNumber: 555-555-5555
facsimileTelephoneNumber: 555-555-5556
pager: 555-555-5557
mobile: 555-555-5558
homePhone: 555-555-5559
------------------------------------------------------------
Fetching result locally:

/usr/local/bin/ldapsearch -b 'dc=example, dc=com' '(objectclass=*)'

# extended LDIF
#
# LDAPv3
# base <dc=example, dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: Conglomo, Inc.

# addressbook, example.com
dn: ou=addressbook,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: addressbook

# accounting, addressbook, example.com
dn: ou=accounting,ou=addressbook,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: accounting

# Jane Doe, addressbook, example.com
dn: cn=Jane Doe,ou=addressbook,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Jane Doe
givenName: Jane
sn: Doe
mail: (e-mail address removed)
physicalDeliveryOfficeName: Conglomo, Inc., Financial Services
postalAddress: PO BOX 55555
l: Baton Rouge
ou: addressbook
st: LA
postalCode: 70555
telephoneNumber: 555-555-5555
facsimileTelephoneNumber: 555-555-5556
pager: 555-555-5557
mobile: 555-555-5558
homePhone: 555-555-5559

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4
 
C

Chris Ridd

I had install fresh Berkeley DB and OpenLDAP on FreeBSD 4.10.
It works, but service could be achieved only locally by 'ldapsearch' utility.
Primary reason to start LDAP-server was to give users the way to access shared
'Address Book' from its LDAP enabled mail clients like Mozilla or Outlook.
This time its impossible and I have no way to solve this puzzle.
Please, point me.

Try another more applicable newsgroup or mailing list? If you have to use
OpenLDAP's server, then maybe they have a mailing list that can help?

There are also likely to be mailing lists and newsgroups that will be more
useful than an Entourage (hint, a Mac program) group.

Cheers,

Chris
 
S

Serg

Thanks for your advice, but I did not find out any newsgroup about OpenLDAP :-(
Entourage is M$ Outlook for Macintosh. So it's possible anyone faced like problem.
 
N

Nathan Herring [MSFT]

There are a number of mailing lists for OpenLDAP. See
<http://www.openldap.org/lists/>.

MS Outlook for Macintosh is not Entourage. MS Outlook is an Exchange client,
largely inheriting from the Windows Outlook codebase, written by the Outlook
team at Microsoft and discontinued at Outlook 2001.

Entourage is an evolution of Outlook Express for Macintosh, written by the
Macintosh Business Unit, and has been adding Exchange support since the
discontinuation of Outlook to fill the gap in Exchange functionality
available on the Mac, especially running natively on OS X.

Entourage doesn't have all the features of Outlook, and doesn't implement
them all the same way (even from the user's perspective). It is not a clone,
and we have no desire to make it one, though we do add features (in priority
order) to address feature compatibility concerns.

-nh
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top