[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Netscape Roaming Addressbook problem - Solved - New Schema to replace mull.schema
- To: Markt <Markt@govirtual.com.au>
- Subject: Netscape Roaming Addressbook problem - Solved - New Schema to replace mull.schema
- From: Benjamin Baez <bbaez@biospectra.com>
- Date: Wed, 28 Nov 2001 21:47:12 -0800
- Cc: openldap-software@OpenLDAP.org
- In-reply-to: <3C058D19.A231D904@govirtual.com.au>
- References: <3C058D19.A231D904@govirtual.com.au>
- User-agent: Internet Messaging Program (IMP) 2.3.7-cvs
Yes,
First of all, I like to thank everyone that maintains
troubleshooting/faqs/tips/etc. information on the net. Without those, we would
be totally up Micro$oft creek :)
I am posting my fix. The problem that I was having was that only bookmarks,
liprefs,cookies, and IMAP mail filters were being transferred to the LDAP
server. I looked at the logs and noticed that there were problems transferring
the binary form of the address books. From Listing 7.6 of Netscape
Communicator Deployment Guide I noticed the nsLIData was not defined as a
binary attribute in mull.schema when the Netscape Guide
(http://www.mit.edu/afs/athena/astaff/project/infoagentsdev/nmc/online_docs/dg/
index.htm) was saying that it should be. I created the following schema using
Netscape's OIDs:
# Corrected mull.schema (Maaslandse Unix & Linux Laboratorium)
# This schema file is experimental and may change
# All OID's use the MULL PEN of 7081 as assigned by IANA
# Version 20000920
# Thanks for the important imput and improvements goes to:
# Laurent ARNAL <laurent@arnal.fr.eu.org>
# Netscape roaming Profiles
# Kurt D. Zeilenga <Kurt@OpenLDAP.org>
# Corrections and general remarks that brought me up to speed
# with LDAP and the way OpenLDAP uses schema files and such.
# This schema requires that the core schema is loaded
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
# This stores what?
attributeType ( 2.16.840.1.113730.3.1.399
NAME 'nsLIPtrURL'
DESC 'Store Netscape Roaming Something'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.400
NAME 'nsLIPrefs'
DESC 'Store Netscape Roaming Profile preferences'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# This stores the actual profile name into the database.
attributeType ( 2.16.840.1.113730.3.1.401
NAME 'nsLIProfileName'
DESC 'Store Netscape Roaming Profile name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.402
NAME 'nsLIData'
DESC 'Store the actual data blocks'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.403
NAME 'nsLIElementType'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.404
NAME 'nsLIServerType'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.405
NAME 'nsLIVersion'
DESC 'Store Netscape Roaming Profile version'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
# Unknown use.
objectClass ( 2.16.840.1.113730.3.2.74
NAME 'nsLIPtr'
DESC 'Contains something'
SUP top
MUST ( objectClass )
MAY ( nsLIPtrURL $ owner )
)
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
# This is the base holder of the Roaming Profile and must be created before
# you try to store information into the LDAP database.
objectClass ( 2.16.840.1.113730.3.2.75
NAME 'nsLIProfile'
DESC 'Base holder of the NetScape Roaming Profile'
SUP top
MUST ( objectClass $ nsLIProfileName )
MAY ( nsLIPrefs $ uid $ owner )
)
# Used to store Netscape Roaming Profile information into OpenLDAP v2.
# This object class will store the actual data.
objectClass ( 2.16.840.1.113730.3.2.76
NAME 'nsLIProfileElement'
DESC 'Contains the actual Roaming Profile data'
SUP top
MUST ( objectClass $ nsLIElementType )
MAY ( owner $ nsLIData $ nsLIVersion )
)
# Unknown use.
objectClass ( 2.16.840.1.113730.3.2.77
NAME 'nsLIServer'
DESC 'Contains something - Removed attributes that were undefined'
SUP top
MUST ( objectClass )
MAY ( description $ cn $ nsLIServerType )
)
# EOF
Now the Roaming profile is populated with the addressbook(s), history, etc.
However, I imported my rather large Outlook Addresses into Netscape and
although netscape created the appropiate element in LDAP, LDAP is still choking
on something during the transfer. My other test roaming system at work is
working ok, so it may be some weird character in one of the addresses or size,
or ?? . I will be checking that tonight or this coming Sunday. One gotcha that
I read on the net is not to checkmark History, Java Security, Certificates...
for initial transfer since it kills the LDAP synchro. First syncho without
them, then enable them if you wish.
Does anyone have a working GPL/Freeware netscape calendar system working?
[root@mail openldap]# more slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43
kur
t Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
#include /etc/openldap/schema/mull.schema
include /etc/openldap/schema/netscape-roaming.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile //var/run/slapd.pid
#argsfile //var/run/slapd.args
# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile /var/lib/ldap/master-slapd.replog
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
lastmod on # Sets modification field
suffix "dc=biospectra,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=biospectra,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw
# rootpw {SSHA}ESC0nZlkkSVlEpCPaq/m94ogDEcQSIpY
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap/biospectra
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
# Replicas to which we should propagate changes
#replica ldap-1.example.com:389 tls=yes
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
# Include the access lists
include /etc/openldap/slapd.access
# Test Database
database ldbm
lastmod on # Sets modification field
suffix "o=Biospectra,c=US"
rootdn "cn=Manager,o=Biospectra,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw
directory /var/lib/ldap/biospectra-tech
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
# Include the access lists
include /etc/openldap/slapd-2.access
[root@mail openldap]# more slapd.access
# Access Control
access to dn=".*,ou=Roaming,dc=biospectra,dc=com"
by dnattr=owner write
by * none
access to attr=userPassword
by self write
by anonymous auth
by dn="cn=Admin,dc=biospectra,dc=com" write
by * none
# Netscape's Directory Server
access to attr=mail
by self write
by users read
by * search
access to attr=entry
by * read
#access to attrs=cn,sn,telephonenumber
# by self write
# by users read
# by * none
# End Netscape's Directory Server
access to *
by self write
by dn="cn=Admin,dc=biospectra,dc=com" write
by users read
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/