Using LDAP for Corp. Contact Database

[computerpros]

Have any of you actually set up LDAP as a user address book/contact database which can be accessed via e-mail, etc?

I’m currently using OSX.3 Server as my OD Master to Authenticate users and access priveleges for all my other Servers, but I would like to use it as our main Corp. Contact Database but I’m having trouble trying to understand the whole LDAP concept (Schema data structures, entries, attributes, object classes and their attributes) and how all this works so I can set up and modify my LDAP DB as needed to meet our needs.

I’ve downloaded Mr. Hartner’s wonderful “Address Book 4 LDAP” application and have the LDAP Browser java app. but I’m still not clear how to make this happen. So…can anyone help me or refer me to simple & straightforward resources that explain LDAP better so I can set this up.

MacTroll offered the following good suggestions – But can someone explain WHY you would or wouldn’t use on vs. the other:

When you move your contacts into your LDAP database there is a couple of schools of thought on where to put them.

1. In the same place as your user records. In this method you would just add LDAP info to your existing user records, and possibly add in other contact-only records. This is a reasonable solution if your contacts are primarily your users.

2. In the cn=people container. Apple already created this container in your LDAP database for the purpose of sharing contact information. Put your contacts here and you’ll keep them entirely separate from your user records. Personally, this is my preferred way of sharing contacts.

3. You can run an entirely separate LDAP database. The AB4LDAP documentation does a decent job of covering how to run OpenLDAP on a client machine just to hold addresses.

Thanks, Bill

[honestpuck]

Well, not to beat my own drum, but I wrote a couple of good articles for MacDevCenter on LDAP under 10.3. Look at
http://www.oreillynet.com/pub/a/mac/2004/06/18/ldap.html and
http://www.oreillynet.com/pub/a/mac/2004/05/25/ldap.html

I use it for keeping a company wide phone and email book and have the phone and email info kept in with the user records. I also have a customer email list kept in ‘cn=customer’ – you can use any cn you like really, just make sure that when you add it you set it to contain the right schema.

As for editing you can’t go past phpLDAPadmin. It edits the entire database and lets you browse your schemas. I have it installed on the server in a protected directory so I get double security.

For getting information into the LDAP directory quickly I use a spreadsheet to build a tab delimited table and then a Perl script to load it into the directory.

Tony Williams

[Author]

Posts