Addressbook / LDAP users database

[hvilppola]

Hello !

We received the following message from GZ. I would appreciate if you could clear his doubts and share the information with everybody else who is interested. I'll re-direct him here. Thanks again ! Heidi

Please develop something so that we can use global address book like MS Exchange server which should be automatically taken from LDAP users database. Please also consider to develop some schema and way out for horde framework to work with ebox. Need urgent support for addressbook.

[jcanfield]

This has come up more than once:

http://forum.ebox-platform.com/index.php?topic=567.0

It a great feature request, but I think it's one of those features that needs a lot of thought and consideration in terms of how it's done.  Personally I feel there should be a separate OU specifically used for public access and have it's own access control, but then you also have to consider existing users and how it might also be useful that they appear in the directory as well. Perhaps a 'check_box' under the user that says something like "Add to directory."  Currently Ebox doesn't collect much demographic information on a user basis other than First and Last Name.  I'm sure it would be trivial to collect more info, but is this the right place to collect it?

Devices that might use this feature directly:

E-mail
SIP phones (For company directory)
Copiers/Fax Machines: (Directory Access)

I'm sure there are many more....this is something I would like to work on this summer.

-Jim

 

[bhonermann]

I agree that it should be more thought out and someone should implement an address book feature in a comprehensive manner.  However, for those needing a quick and ugly way to implement a simple global address book you can do as below.

Before doing this, I HIGHLY recommend that you run a configuration backup first.

New Organizational Unit

Create a new organizational unit and call it whatever you want. (For this example, it will be abook). If you don't know how to do this, you can install phpldapadmin or another ldapbrowser and add a new ou through there. Login as cn=admin,dc=ebox your password is shown in plain text in slapd.conf or ldap.secret.

Setup the ACL

ssh into your ebox server. Use your favorite editor to edit slapd.conf.  Scroll down and add the lines

access to dn.subtree="ou=abook,dc=ebox"
        by users write
        by anonymous none

between the lines:

access to dn.base="" by * read

and

access to *
        by dn="cn=admin,dc=ebox" write
                by * read

This allows all your users to have write access to the whole of the global address book "abook".  If you only want them to have read access, change "write" to "read" in the line you add. You could also allow different groups to have different levels of access.

Restart slapd

Restart slapd. On an Ubuntu or Debian box, type:

sudo /etc/init.d/slapd restart

That's it! Your users should be able to bind to the address book using uid=<userid>,ou=Users,dc=ebox with the address book dn as ou=abook,dc=ebox.

P.S. If someone wants to improve on this, please do so! I know very little about ldap, I only know enough to have gotten this working for my small organization.

[javi]

The address book has been in our wishlist for a long time

In the meantime, if you are using ebox-egroupware, that's an easy way to share the address book as it's a feature that works out of the box with it.