- Complete (as I can get) OpenLDAP schema to support MS/Outlook:
MS/Outlook field name LDAP attribute Attribute Defined in Schema file Member of Object Name: cn (Common Name) core.schema objectPerson Email Address: mail core.schema inetOrgPerson Job Title: title core.schema organizationalPerson Department: ou (Organizational Unit)
Note: If no "ou" defined use "department".ou: core.schema
department: extension.schemaou: organizationalPerson
department: officePersonOffice: physicalDeliveryOfficeName core.schema organizationalPerson Company Name: o (Organization)
Note:It is not enough to reference the "o" on the DN. You must also state it explicitly.core.schema inetOrgPerson Business Web Page: URL, homeURL extension.schema officePerson First Name: givenName core.schema inetOrgPerson Middle Name: initials core.schema inetOrgPerson Last Name: sn (Surename) core.schema objectPerson Notes: comment extension.schema officePerson Netmeeting Server: conferenceInformation extension.schema officePerson Digital ID: userCertificate extension.schema inetOrgPerson Manager: manager
Note: Use a defined and fully qualified DN not just name.cosine.schema inetOrgPerson Reports: reports
Note: Use a defined and fully qualified DN not just name.
Multiple entries allowed.extension.schema officePerson Business - Street Address: postalAddress
Note: Don't use address attribute. Netscape ignores it.core.schema organizationalPerson Business - City: l (Locality) core.schema organizationalPerson Business - State/Province: st core.schema organizationalPerson Business - Zip Code: postalCode core.schema organizationalPerson Business - Country/Region: c
Note: ISO 3166 two letter code. OpenLDAP will allow full length string.core.schema officePerson Home - Street Address: homePostalAddress
Note: The entire address is held in this field. Use "$" as a cairrage return: i.e.14 Cherry St.$Dallas TX 78999cosine.schema inetOrgPerson Telephone:
Business: telephoneNumber core.schema organizationalPerson Business Fax: facsimileTelephoneNumber core.schema organizationalPerson Home: homePhone cosine.schema inetOrgPerson Home Fax: otherFacsimiletelephoneNumber extension.schema officePerson Mobile: mobile cosine.schema inetOrgPerson Pager: pager cosine.schema inetOrgPerson IPPhone: IPPhone extension.schema officePerson See: OpenLDAP faq: MS Outlook (2): How Do LDAP Attributes Map to Address Book Fields?
Extended OpenLDAP Schema: (New attributes and object required for compatability with MS/Outlook)
Create file: /etc/openldap/schema/extension.schema
(Also add reference to this file in slapd.conf)attributetype ( 1.3.6.1.4.1.4203.666.100.121 NAME ( 'rdn' ) SUP name ) attributetype ( 1.3.6.1.4.1.4203.666.100.122 NAME ( 'otherFacsimiletelephoneNumber' ) SUP telephoneNumber ) attributetype ( 1.3.6.1.4.1.4203.666.100.123 NAME ( 'IPPhone' ) SUP telephoneNumber ) # This attribute handles MS/Outlook and Netscape Communicator attributetype ( 1.3.6.1.4.1.4203.666.100.124 NAME ( 'URL' 'homeUrl' ) SUP name ) attributetype ( 1.3.6.1.4.1.4203.666.100.125 NAME ( 'comment' ) SUP name ) attributetype ( 1.3.6.1.4.1.4203.666.100.126 NAME ( 'conferenceInformation' ) SUP name ) attributetype ( 1.3.6.1.4.1.4203.666.100.127 NAME ( 'reports' ) SUP manager ) objectclass ( 1.3.6.1.4.1.4203.666.100.1 NAME 'officePerson' DESC 'Office employee or computer user' SUP inetOrgPerson STRUCTURAL MAY ( c $ rdn $ otherFacsimiletelephoneNumber $ IPPhone $ URL $ comment $ reports $ conferenceInformation ) )[Pitfall]: I could not get the following attributes to transfer to the MS/Outlook address book: Personal Web Page, Title (title) and Nickname. The home city, state, zip and country information did not have allocated attribute fields but did pass into a single address field. (Good enough!) There are no corresponding attribute fields for any of the personal info such as spouse, children, gender, birthday or aniversary as well as for "Group Membership".
- Schema extensions beyond "inetOrgPerson" and "officePerson" to support Netscape Communicator 4.5x
To maintain database normalization and avoid duplication of data, LDAP attributes allow multiple names. By assigning extra names to some existing attributes, Netscape Communicator attributes can utilize existing OpenLDAP attribute fields.
Edit file: /etc/openldap/schema/cosine.schema Change the lines:
Change: NAME ( 'mobile' 'mobileTelephoneNumber' ) to: NAME ( 'mobile' 'mobileTelephoneNumber' 'cellPhone' ) Also change: NAME ( 'pager' 'pagerTelephoneNumber' ) to: NAME ( 'pager' 'pagerTelephoneNumber' 'pagerPhone' )
Edit file: /etc/openldap/schema/core.schema Change the lines:Change: attributetype ( 2.5.4.20 NAME 'telephoneNumber'
to: attributetype ( 2.5.4.20 NAME ( 'telephoneNumber' 'xmozillaanyphone' )
Netscape Attribute Existing OpenLDAP Attribute OpenLDAP Schema File Member of Existing Object xmozillaanyphone telephoneNumber core.schema objectPerson xmozillanickname
extension.schema
xmozillausehtmlmail
extension.schema
cellPhone mobile cosine.schema inetOrgPerson pagerPhone pager cosine.schema inetOrgPerson description description core.schema
homeUrl URL (Use this one)
seeAlso (Didn't use this one)extension.schema
cosine.schemaofficePerson
inetOrgPersonNote: I preffered to use the "URL" attribute in the extension.schema. This is because the OpenLDAP "seeAlso" attribute requires that you specify a DN refering to a URL instead of directly specifying the URL. To avoid duplication I assign the names "URL" and "homeUrl" to a single LDAP attribute for use by MS/Outlook and Netscape Communicator respectively.
Extended OpenLDAP Schema: (New attributes and object required for compatability with Netscape Communicator)
attributetype ( 1.3.6.1.4.1.4203.666.100.151 NAME ( 'xmozillanickname' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) attributetype ( 1.3.6.1.4.1.4203.666.100.152 NAME 'xmozillausehtmlmail' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) objectclass ( 1.3.6.1.4.1.4203.666.100.5 NAME 'zillaPerson' DESC 'Netscape Communicator Extensions' SUP inetOrgPerson STRUCTURAL MAY ( cellPhone $ pagerPhone $ description $ homeUrl $ xmozillanickname $ xmozillausehtmlmail ) )[Pitfall]: I could not get the following attributes to transfer to the Netscape address book: Department (ou), Title (title), Country (c), URL (homeUrl), Nickname (xmozillanickname), E-mail preference (xmozillausehtmlmail) and Note. There are no corresponding attribute fields for home address fields.
This is an example configuration you can use to achieve the optimum support and compatability with the MS/Outlook and Netscape Communicator address books. See the Stooges OpenLDAP configuration example for more detailed installation instructions if necessary.
- OpenLDAP schema definitons file: /etc/openldap/schema/extension.schema
(READ THIS FILE and add reference to this file in slapd.conf) - OpenLDAP input data file: officeperson.ldif
The LDIF file was partially generated with PADL migration tools to convert /etc/group and /etc/passwd for PAM/NIS support.
Be sure to make the changes to:
- /etc/openldap/schema/cosine.schema
- /etc/openldap/schema/core.schema
Addition to file: /etc/openldap/slapd.conf
database ldbm suffix "dc=digitalpenguins,dc=com" suffix "o=digitalpenguins rootdn "cn=OfficeAdmin,o=digitalpenguins rootpw secret3 defaultaccess read schemacheck on lastmod on directory /var/lib/ldap/digitalpenguins index cn,sn pres,eq,sub
Load Data:
ldapadd -f officeperson.ldif -xv -D "cn=OfficeAdmin,o=digitalpenguins" -w tuxtux
- YoLinux LDAP Tutorial
- YoLinux Tutorial on extending and defining OpenLDAP objects and attributes
- OpenLDAP Password Protection, security and Authentication
Books:
 |
"Understanding And Deploying LDAP Directory Services",
by Timothy A. Howes,Phd, Mark C. Smith and Gordon S. Good, ISBN 0672323168, Addison-Wesley Pub Co Second edition. It is general in nature but complete in that it covers all concepts in depth. It is a good book for those wanting to understand everything about LDAP, schema development and its' capabilities. |
|
 |
"Understanding And Deploying LDAP Directory Services",
by Timothy A. Howes,Phd, Mark C. Smith and Gordon S. Good, ISBN 1-57870-070-1, MacMillan Technical Publishing First edition out of print. (Used only) See second edition above. This is the largest LDAP book I own. It is general in nature but complete in that it covers all concepts in depth. It is NOT a good programmers reference but it is good for those wanting to understand everything about LDAP, schema development and its' capabilities. Netscape centric. |
|
 |
"Programming Directory-Enabled Applications with Lightweight Directory
Access Protocol"
by Timothy A. Howes,Phd and Mark C. Smith ISBN 1-57870-000-0, MacMillan Technical Publishing Excellent programmers reference for those using the LDAP C language API. Also covers search filters and LDAP URL's. The OpenLDAP source code is so poorly commented that I found this book often was the only source for an explanation of what was happening in the code. |
|
 |
"Implementing LDAP",
Mark Wilcok ISBN 1-861002-21-1, WROK Press This book covers all aspects of LDAP from LDIF to the LDAP SDK in C, PERL and JAVA. It has a strong Netscape Directory server bias. |
|
 |
"LDAP System Administration",
Gerald Carter ISBN 1565924916, O'Reilly & Associates This book covers the use of OpenLDAP and the integration of services. |
|
 |
"LDAP Programming, Management and Integration",
Clayton Donley ISBN 1930110405, Manning Publications; 1st edition This book covers LDAP administration as well as introductory information. It covers the directory services markup language (DSML), PERL LDAP module as well as JAVA JNDI. |
|
 |
"Understanding LDAP - Design and Implementation" - IBM-Redbooks
Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis, Johan Westman IBM Redbook #SG24-4986-00 A reference to ldap, available as PDF as well. This book has a bias towards IBM's E-network LDAP Directory server. Tight, terse, but covers everything. |
|
|
"LDAP Implementation and Practical Use"
IBM Redbook #SG24-6193-00 |
Return to YoLinux LDAP Tutorial
