[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP Architecture for CardDAV/OpenLDAP interface
Hello,
I'm using both an OpenLDAP server and an owncloud server, both for
different but convergent purposes.
The OpenLDAP manages an addressbook that is used by all mail client
(Thunderbird, Horde, etc.), and the owncloud server also manages an
addressbook for phone numbers, addresses and stuff, this one is a
CardDAV one with VCard files.
My goal is to converge these 2 different back-ends into one, all the
data would be stored in the LDAP server.
I did some research about how to do it and I have some clue that I would
like to submit to you for feedbacks.
The first interrogation is about the VCard/LDAP interface.
After studying the VCard format and the different LDAP schemas, mostly
RFC 6350 and 2256 and the schema files in the OpenLDAP conf folder in a
Debian Stable server.
I think that a new schema would do the connection.
All the VCard properties can be easily linked to an existing person or
inetOrgPerson or another *person objectClass. And the properties that
doesn't exist yet are to be created in a schema extension.
Also, one or two additional properties fields per property are to be
created for the VCard parameters.
Actually, there are different objectClass that might be extended:
person, inetOrgPerson, organizationalPerson and residentialPerson.
Considering that inetOrgPerson, organizationalPerson and
residentialPerson are designed for specific purposes, I think that
extending the person objectClass would be the best guess, what do you
think ?
The second question is more about the OpenLDAP configuration to handle
this need. Right now, the OpenLDAP server is only used by me as an
addressbook and an authentication server, the directory looks like this:
dc=babelouest,dc=org
|
|-ou=addressbook
| |
| |-cn=Address1
| |-cn=Address2
| |-[...]
|
|-ou=users
| |
| |-uid=user1
| |-uid=user2
| |[...]
I would like to add another branch to allow users to add their own
addressbook entries, these entries would be in read/write mode only for
the owner, no one else but him should have access.
The new directory would look like this:
dc=babelouest,dc=org
|
|-ou=addressbook (global, read-only for all users)
| |
| |-cn=Address1
| |-cn=Address2
| |-[...]
|
|-ou=users
| |
| |-uid=user1
| |-uid=user2
| |[...]
|
|-ou=personnalAddressbooks (personnal addressbook entries)
| |
| |-uid=user1
| | |
| | |-cn=Address1
| | |-cn=Address2
| | |-cn=Address3
| |
| |-uid=user2
| | |
| | |-cn=Address1
| | |-cn=Address2
I took a look at the Access control help page but I couldn't find how to
properly set the OpenLDAP configuration like this. Can you help me
configuring the slapd.conf ?
Thanks in advance.
/Nicolas