You wouldn't expect there to be a need for yet another HOWTO describing installing and configuring OpenLDAP with Ximian Evolution and Microsoft Outlook but there is. I wasn't able to find a single source with all the necessary information so I kept notes and have posted them here for my pleasure and yours.

1. Install OpenLDAP server and clients, for example on Fedora Core 2:
   
   

   root:~# rpm -i /mnt/cdrom1/Fedora/RPMS/openldap-2.1.29-1.i386.rpm root:~# rpm -i /mnt/cdrom2/Fedora/RPMS/openldap-devel-2.1.29-1.i386.rpm root:~# rpm -i /mnt/cdrom3/Fedora/RPMS/openldap-clients-2.1.29-1.i386.rpm root:~# rpm -i /mnt/cdrom3/Fedora/RPMS/openldap-servers-2.1.29-1.i386.rpm

   
   
   
   
2. I like to start off with a minimal configuration and evolve from there, so copy off the default /etc/openldap/slapd.conf file and create this basic file (replacing YourDomain with something useful to you and the rootpw with one you create):
   
   

   root:/etc/openldap# slappasswd New password: Re-enter new password: {SSHA}QfqT5otglGriTUUKVm3CneeZf9XxN6xj root:/etc/openldap# cp slapd.conf slapd.conf_original root:/etc/openldap# cat slapd.conf # /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /usr/share/evolution/1.4/evolutionperson.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=YourDomain,dc=com" rootdn "cn=Manager,dc=YourDomain,dc=com" rootpw {SSHA}Vt0VDUy886qaEAy282oneQrA2HeGDp9J # necessary for evolution writes allow bind_v2 directory /var/lib/ldap

   
   Note: Some versions of OpenLDAP require the directory directive follow the database directive.
   
   
   
3. Start OpenLDAP:
   
   

   /etc/rc.d/init.d/ldap start

   
   
   
   
4. Add Domain and Manager entries to the LDAP directory (LDAP Password is the password you entered earlier using slappasswd and you continue to replace YourDomain every time you see it):
   
   

   root:/etc/openldap# cat DomainManagerEntries.ldif # Domain entry dn: dc=YourDomain,dc=com objectclass: dcObject objectclass: organization o: YourDomain dc: YourDomain # Manager entry dn: cn=Manager,dc=YourDomain,dc=com objectclass: organizationalRole cn: Manager root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f DomainManagerEntries.ldif Enter LDAP Password: adding new entry "dc=YourDomain,dc=com" adding new entry "cn=Manager,dc=YourDomain,dc=com"

   
   Note: LDIF requires the distinguished name (dn) to be on the first line of each entry and that each entry is separated by a blank line. Thank Benjamin for this note.
   
   
   
5. Run a test query to confirm everything is working:
   
   

   root:/etc/openldap# ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Manager,dc=YourDomain,dc=com" '(objectclass=*)' -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=YourDomain,dc=com> with scope sub # filter: (objectclass=*) # requesting: ALL # # YourDomain.com dn: dc=YourDomain,dc=com objectClass: dcObject objectClass: organization o: YourDomain dc: YourDomain # Manager, YourDomain.com dn: cn=Manager,dc=YourDomain,dc=com objectClass: organizationalRole cn: Manager # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2

   
   
   
   
6. Create an organizationalUnit as a container for your AddressBook:
   
   

   root:/etc/openldap# cat AddressBook.ldif dn: ou=AddressBook,dc=YourDomain,dc=com objectClass: top objectClass: organizationalUnit ou: AddressBook root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f AddressBook.ldif Enter LDAP Password: adding new entry "ou=AddressBook,dc=YourDomain,dc=com"

   
   
   
   
7. Add yourself to the AddressBook (userPassword is generated with slappasswd and I'm now giving you credit for figuring out what needs to be edited for you local configuration):
   
   

   root:/etc/openldap# more Me.ldif dn: cn=FirstName LastName,ou=AddressBook,dc=YourDomain,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: evolutionPerson cn: FirstName LastName givenname: FirstName LastName sn: LastName userPassword: {SSHA}nfRuGtDtiC3xoxpjK5mspUttHVyCCTP/ mail: Me@YourDomain.com root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f Me.ldif Enter LDAP Password: adding new entry "cn=FirstName LastName,ou=AddressBook,dc=YourDomain,dc=com"

   
   Note: You can run a query like before using ldapsearch to view new entries if you happen to be as neurotic as I am...
   
   
   
8. Time to configure Evolution:
   
   

   From the menu: Tools -> Settings -> Directory Servers -> Add

   
   
   
   
   

   Forward

   
   
   
   
   

   Enter Server name, Change Log in method, Enter Distinguished name, Forward

   
   
   
   
   

   Change Use SSL/TLS, Forward

   
   
   
   
   

   Enter Search base, Forward

   
   
   
   
   

   Enter Display name, Forward

   
   
   
   
   

   Apply

   
   
   
   Note: You will need to click Clear on the Contact Search bar to get the addresses from OpenLDAP to appear in the Other Contacts:YourHost.YourDomain.com Folder.
   
   
   
9. Time to configure Outlook:
   
   

   From the menu: Tools -> E-mail Accounts... -> Add a new directory or address book -> Next

   
   
   
   
   

   Select Internet Directory Server (LDAP)

   
   
   
   
   

   Enter Server Name, Select This server requires me to log on, Enter User Name, Enter Password, Click on the More Settings... button

   
   
   
   
   

   Click OK (this is telling you the address book your adding won't be available until you restart - it is a Microsoft product after all - you should expect to have to restart or reboot)

   
   
   
   
   

   Click on the Search Tab, Enter Search base, Click OK

   
   
   
   
   

   Click Finish, Don't forget to restart Outlook

   
   
   
   Note: To look up OpenLDAP address in Outlook:
   
   

   From the Outlook menu: Tools -> Address Book... From the Address Book menu: Tools -> Find

   
   Substring Matching at the bottom of the dialog box allows Begins with and Contains searching. Double click the search results to view address book details or to add the entry to the local Outlook Contacts Folder.
   
   
   
   
   
10. Import existing Evolution addresses from the Contact Folder to OpenLDAP:
    
    

    root:/etc/openldap# wget http://variant.ch/papers/vcard2ldif.zip --19:11:00-- http://variant.ch/papers/vcard2ldif.zip            => `vcard2ldif.zip' Resolving variant.ch... 212.103.67.40 Connecting to variant.ch[212.103.67.40]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2,827 [application/zip] 100%[====================================>] 2,827 --.--K/s 19:11:01 (32.99 KB/s) - `vcard2ldif.zip' saved [2827/2827] root:/etc/openldap# unzip vcard2ldif.zip Archive: vcard2ldif.zip inflating: vcard2ldif.php root:/etc/openldap# sed -e 's/ou=addressbook,uid=nikee,dc=variant,dc=ch/ou=AddressBook,dc=YourDomain,dc=com/' vcard2ldif.php > vcard2ldifLocal.php root:/etc/openldap# evolution &     From the menu: File -> Go to folder -> Select Contacts -> Click OK     From the menu: Edit -> Select All     From the menu: File -> Save As VCard -> Click OK root:/etc/openldap# php vcard2ldifLocal.php > EvolutionAddresses.ldif root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f EvolutionAddresses.ldif Enter LDAP Password: adding new entry...

    
    
    
    
    
11. Import existing Outlook addresses from the Contact Folder to OpenLDAP:
    
    

    root:/etc/openldap# wget http://feldt.com/work/projects/openLDAP/code/csv2ldif.pl --19:28:39-- http://feldt.com/work/projects/openLDAP/code/csv2ldif.pl            => `csv2ldif.pl' Resolving feldt.com... 67.38.239.158 Connecting to feldt.com[67.38.239.158]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 6,690 [text/plain] 100%[====================================>] 6,690 --.--K/s 19:28:39 (503.37 KB/s) - `csv2ldif.pl' saved [6690/6690] # Note: this next command looks silly but you know what to do... sed -e 's/ou=AddressBook,dc=YourDomain,dc=com/ou=AddressBook,dc=YourDomain,dc=com/' csv2ldif.pl > csv2ldifLocal.pl root:/etc/openldap# chmod 700 csv2ldifLocal.pl Launch Outlook     From the menu: Go -> Contacts     From the menu: Edit -> Select All     From the menu: File -> Import and Export..., Select Export to a file, Click Next     Select Comma Separated Values (DOS), Click Next     Select the Contacts Folder, Click Next     Enter a filename, Click Next     Click Finish root:/etc/openldap# ./csv2ldifLocal.pl < YourDomain.CSV > OutlookContacts.ldif root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f OutlookContacts.ldif Enter LDAP Password: adding new entry...

    
    
    
    
    
12. ToDos:
    
    • Enable SSL/TLS connections
    • Create Access Control Lists (ACLs)
    • Authenticate UNIX (/etc/passwd) accounts to OpenLDAP
    • Authenticate SAMBA accounts from OpenLDAP
    
    
    
    
13. Resources:
    
    • Perl script to convert a comma separated export file from Outlook 2003 to LDIF: csv2ldif.pl
    • Original perl script that inspired my csv2ldif.pl: http://ranger.dnsalias.com/mandrake/scripts/csv2ldif.pl
    • PHP script to convert VCard export file from Evolution to LDIF: http://variant.ch/papers/vcard2ldif.zip
    • OpenLDAP Administrator's Guide: http://www.openldap.org/devel/admin/
    • OpenLDAP SSL/TLS How-To: http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
    • Don't forget the always useful man pages...
    
    
    
    
14. Software Versions Tested:
    
    • OpenLDAP v2.1.22, v2.1.25, v2.1.29
    • Evolution v1.4.5, v1.4.6
    • Outlook v2003

© 2005-2007 matthew feldt. all rights reserved.
rss feed