File: LDAP

package info (click to toggle)
turba2 2.0.2-1sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 3,996 kB
  • ctags: 1,071
  • sloc: php: 4,725; xml: 617; sql: 136; makefile: 62; sh: 46; perl: 17
file content (130 lines) | stat: -rw-r--r-- 4,387 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
Turba LDAP personal addressbook HOWTO
=====================================

This HOWTO is a bare bones list of what has to be done to implement a personal
adressbook through ldap for turba.

The howto is based on a setup where both the addressbook and the users are
stored on the same LDAP server.

This is not comprehensive, but it notes how some users have implemented
personal LDAP address books.

1. Configure ``turba/config/sources.php``.

   Note that OpenLDAP and some other LDAP servers use UTF8 to encode its data,
   so you should have ``encoding = 'utf8'`` set in the parameters for your
   LDAP address book source.

   There is an example of personal address books in
   ``turba/config/sources.php.dist``.  You will have to modify it to to match
   the fields, settings, and schema of your LDAP server, but it's a solid
   place to start.

2. Patch your ``core.schema`` file in the ``/etc/openldap/schema`` directory.

   This patch is located in ``turba/scripts/ldap/core.schema.patch``.

   .. Note:: The patch adds the ``organizationName`` to the ``orgperson``
             objectclass and removes the MUST ``sn`` to the person ``oc``.

3. Enforce ACL's to personal address books.

   Add this to your LDAP ACL so users can only see their own address book::

     access to dn="ou=(.+), ou=personal_addressbook, dc=example, dc=com"
         by dn="uid=$1, dc=example, dc=com" write
         by * none

   .. Note:: This assumes that you store your users in the same LDAP
             directory. If not, modify appropriately for your setup.

4. Make ``ou``'s for all of your users.

   You'll also have to add this to the script you use to add users to your
   LDAP directory.

   ``turba/scripts/ldap/addou.pl`` is a starting point; you will need to edit
   it to fit your needs. Copy both it and the ``addou`` shell script to
   ``/home``.  Then run ``./addou`` and all the different names of the
   catalogues will be added to the ldap tree as new ``ou``'s to store
   addresses in. You should probably delete any entries that do not belong
   there (for instance, ``/home`` directories for mysql and other daemons
   created by some distributions).


Entries for calendaring information (free/busy, etc.) from RFC 2739::

   attribute (1.2.840.113556.1.4.478
     NAME 'calCalURI'
     DESC 'Snapshot of users entire default calendar'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.479
     NAME 'calFBURL'
     DESC 'URI of the uses free and busy information'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.480
     NAME 'calCAPURI'
     DESC 'URI used to communicate with the users calendar'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.481
     NAME 'calCalAdrURI'
     DESC 'URI to which event requests should be sent for the user'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.482
     NAME 'calOtherCalURIs'
     DESC 'URIs to non-default calendars belonging to the user'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.483
     NAME 'calOtherFBURLs'
     DESC 'URIs to non-default free and busy information files'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.484
     NAME 'calOtherCAPURIs'
     DESC 'URIs for communicating with non-default calendars'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   attribute (1.2.840.113556.1.4.485
     NAME 'calOtherCalAdrURIs'
     DESC 'Destinations for event requests to non-default calendars'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )

   objectclass (1.2.840.113556.1.5.87
    NAME 'calEntry'
    DESC 'Calendering and Free Busy information'
    SUP top AUXILIARY
    MAY (calCalURI $ calFBURL $ calCAPURI $ calCalAdrURI $
         calOtherCalURIs $ calOtherFBURLs $ calOtherCAPURIs $
         calOtherCalAdrURIs
        )
    )