Re: Outlook LDAP Addressbook Browsing - Add ORDERING caseIgnoreOrderingMatch on CN or NAME core attributes without source code modification and re-compilition
On Thu, Jul 10, 2014 at 10:00 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Thursday, July 10, 2014 2:58 PM +0100 Richard LEGER < richard.leger@gmail.com> wrote:
Is there other way(s) via a local schema or else to modify/extend
definition of OpenLDAP core attributes without modifying source code and recompiling?
No. You shouldn't be using the garbage OpenLDAP build shipped with Ubuntu anyway.
--Quanah
For information to those that may interested (and for the record)...
Here is a simple description of the openldap <-> Outlook ldap addressbook issue: Source: http://victor-sudakov.livejournal.com/124269.html Translation: http://translate.google.co.uk/translate?hl=en&sl=ru&u=http://victor-...
In addition, for the address list organization to be displayed in Outlook, it seems necessary to patch the file /etc/openldap/schema/core.schema in order to add 'company' attribute as alias to 'o', something like:
attributetype ( 2.5.4.10 NAME ( 'company' 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name )
Source: http://habrahabr.ru/post/183996/ Translation: http://translate.google.co.uk/translate?hl=en&sl=ru&u=http://habraha...
Not sure to which version of Outlook this would apply...
Also it seems possible to modify the LDAP core schema attributes without recompiling...
Please note that the following: - has not been tested and may not be fully accurate - is not recommended as you loose RFC compliance - does not apply directly to CN attribute as required for Outlook addressbook ( http://www.openldap.org/cgi-bin/wilma_hiliter/openldap-technical/201001/msg0...) but process would be very similar... - may require an openldap version that allow core schema modification (2.4 or upper)
=== *Method1* (update core schema attribute via ldapmodify)
Something like... Source: https://lists.forgerock.org/pipermail/opendj/2013-May/002995.html
"...
ldapmodify -D cn=root -w password -p 1389 dn: cn=schema changetype: modify delete: attributetypes attributetypes: ( 2.5.4.42 NAME 'givenName' SUP name X-ORIGIN 'RFC 4519' ) - add: attributetypes attributetypes: ( 2.5.4.42 NAME 'givenName' SUP name ORDERING caseIgnoreOrderingMatch X-ORIGIN 'RFC 4519' )
..."
Of course that would need to be adapted to the openldap process and schema definition, as per version in use...
=== *Method2 *(edit core schema file core.ldif) - Obviously it is not recommended to directly edit core schema ldif files. Source: https://freeswitch.org/confluence/display/FREESWITCH/Polycom+Corporate+Direc...
"... Add caseIgnoreOrderingMatch to core.schema
We now have to add "ORDERING caseIgnoreOrderingMatch" to the surname- and givenName-Attributes, because Polycom uses simple search expressions like '>=' and '<=' when querying the LDAP-addressbook.
root# /etc/init.d/slapd stop root# vim /etc/ldap/sapd.d/cn=config/cn=schema/cn={0}core.ldif In this file,
substitute surname original olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name )
with surname ORDERING olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) by which the entity is known' SUP name ORDERING caseIgnoreOrderingMatch)
Replace givenName original olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name )
with givenName ORDERING olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) by which the entity is known' SUP name ORDERING caseIgnoreOrderingMatch)
start slapd root# /etc/init.d/slapd start ..."
Just thought that may be helpful to know and record on the forum...
Richard LEGER wrote:
On Thu, Jul 10, 2014 at 10:00 PM, Quanah Gibson-Mount <quanah@zimbra.com mailto:quanah@zimbra.com> wrote:
--On Thursday, July 10, 2014 2:58 PM +0100 Richard LEGER <richard.leger@gmail.com <mailto:richard.leger@gmail.com>> wrote: Is there other way(s) via a local schema or else to modify/extend definition of OpenLDAP core attributes without modifying source code and recompiling? No. You shouldn't be using the garbage OpenLDAP build shipped with Ubuntu anyway. --QuanahFor information to those that may interested (and for the record)...
Here is a simple description of the openldap <-> Outlook ldap addressbook issue: Source: http://victor-sudakov.livejournal.com/124269.html Translation: http://translate.google.co.uk/translate?hl=en&sl=ru&u=http://victor-...
In addition, for the address list organization to be displayed in Outlook, it seems necessary to patch the file /etc/openldap/schema/core.schema in order to add 'company' attribute as alias to 'o', something like:
attributetype ( 2.5.4.10 NAME ( 'company' 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name )
Nonsense. This is why we have the rewrite module and attribute mapping functions.
Modifying IETF published schema is prohibited.
Just thought that may be helpful to know and record on the forum...
No. Breaking the server is not the way to adapt schema for broken clients.
On Fri, Dec 5, 2014 at 1:23 PM, Howard Chu hyc@symas.com wrote:
Richard LEGER wrote:
On Thu, Jul 10, 2014 at 10:00 PM, Quanah Gibson-Mount <quanah@zimbra.com mailto:quanah@zimbra.com> wrote:
--On Thursday, July 10, 2014 2:58 PM +0100 Richard LEGER <richard.leger@gmail.com <mailto:richard.leger@gmail.com>> wrote: Is there other way(s) via a local schema or else to modify/extend definition of OpenLDAP core attributes without modifying source code and recompiling? No. You shouldn't be using the garbage OpenLDAP build shipped with Ubuntu anyway. --QuanahFor information to those that may interested (and for the record)...
Here is a simple description of the openldap <-> Outlook ldap addressbook issue: Source: http://victor-sudakov.livejournal.com/124269.html Translation: http://translate.google.co.uk/translate?hl=en&sl=ru&u=http:/ /victor-sudakov.livejournal.com/124269.html&prev=search
In addition, for the address list organization to be displayed in Outlook, it seems necessary to patch the file /etc/openldap/schema/core.schema in order to add 'company' attribute as alias to 'o', something like:
attributetype ( 2.5.4.10 NAME ( 'company' 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name )
Nonsense. This is why we have the rewrite module and attribute mapping functions.
Modifying IETF published schema is prohibited.
Thanks for the info. That make sense. I wasn't aware of this functionality.
Just thought that may be helpful to know and record on the forum...
No. Breaking the server is not the way to adapt schema for broken clients.
I understand this policy and I agree with it in theory but in practice once sometime has to be pragmatic when it needs to implement local exceptional work around for the sake of functionality and end-users life :)
They are situations where you have no control over the broken client nor you can have it changed. Therefore you can only try to apply solution via what is in your control, the server side in a given environment.
Those minor changes in core.schema discussed here won't really break the server, only remove full compliance with RFC while adding interoperability with some broken clients.
In a closed private managed environment without external interaction that can be viewed as an acceptable temporary solution until broken clients are fixed.
Thanks for your support.
openldap-technical@openldap.org
-
Howard Chu -
Richard LEGER