OUs are not groups. OUs are organizational units. For groups, consider creating entities
with the ObjectClass groupOfNames, part of RFC 2256 (section 7.10) and included in
OpenLDAP’s core schema. This requires the attribute “member”, which accepts a list of DNs
as group members.
There’s other solutions (posixGroup from the NIS schema, for example), but that’s the
low-hanging fruit approach.
On Jul 8, 2014, at 12:28 AM, Adam Goryachev <mailinglists(a)websitemanagers.com.au>
I've been messing with LDAP for the past couple of days, and
following various online tutorials on how to create an addressbook for Thunderbird in
openldap. Sure, this isn't too difficult, and I have it working as a proof of concept.
I can use phpldapadmin to create new entries in my addressbook, and these will show up in
I've also spent the day reading most of the openldap admin guide (250 pages), which
eventually I noticed is missing section E, where I'm sure something simple like this
However, now I want to organise the addresses into groups.
eg, say we have the following staff:
John Smith works in the head office and is the CEO
Ann Johnson works in the head office and is a general admin person
Mary Brown works in the branch office and is the state manager
Jane Martin works in the branch office and is a general admin person
I want everybody to be listed in a People group...
I want all four people listed in a Staff group...
I want John Smith and Mary Brown in a Managers group
I want John Smith and Ann Johnson in a Head Office group
I want Mary Brown and Jane Martin in a Branch Office group
So, I could do this like this:
o: My Organization
description: All the people
dn: cn=John Smith+mail=jsmith(a)example.com,ou=People,dc=example,dc=com
cn: John Smitih
etc for other people
Then I can configure the groups like this:
cn: Managers of example.com
member: cn=John Smith+mail=jsmith(a)example.com,ou=People,dc=example,dc=com
member: cn=Mary Brown+mail=mbrown(a)example.com,ou=People,dc=example,dc=com
However, thunderbird doesn't seem to have any smart way to show this group...
So, I thought, maybe I could duplicate the "People" and put complete
addressbook records into the Managers ou, but then it complains that the same CN already
exists, besides the fact that this just seems like a kludge, and not a very
"nice" way to achieve this.
PS, the context is to try and replace MS Outlook with Mozilla Thunderbird. With email in
IMAP4, that works well. I can share the calendar from thunderbird to iphones/android
phones with http://calendarserver.org/
. Now I'm just trying to resolve the
"shared contacts" issue, which is currently solved by copying (at login) a pst
file from a share to the local users profile, and having that configured to open in
outlook (add pst data file). I'd prefer to replace all that with ldap, since
thunderbird supports ldap for an addressbook, and it would then update immediately
(instead of after next login). Also, long term it would be useful to use ldap for other
web based login authentication, squid proxy auth, and/or even windows authentication, but,
one step/problem at a time.
Thank you for any advise or suggestions, or pointers to documentation.
Adam Goryachev Website Managers www.websitemanagers.com.au