Hi
this is quite easy, once you've done the "step behind".
Anyhow I'm still not a ldap professional!
There might be security holes which I didn't recognize, yet!
If you'll fild one, please tell me!
1.
Install a ldap-server such as openladp or similar.
Grab phpLDAPadmin from sourceforge and do it's install procedure as described there.
2.
With phpldapadmin I've created the ldap sutucture like this:
version: 1
# LDIF Export for: dc=yourserver,dc=com
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on May 12, 2009 9:41 am
# Server: My LDAP Server (localhost)
# Search Scope: sub
# Search Filter: (objectClass=*)
dn: dc=yourserver,dc=com
objectClass: top
objectClass: domain
dc: nameofyourservice
dn: cn=mailusers,dc=yourserver,dc=com
cn: mailusers
gidNumber: 1000
objectClass: posixGroup
objectClass: top
# example mailuser entry for address email@address.com
dn: cn=email@address.com,cn=mailusers,dc=yourserver,dc=com
sn: Test
cn: User
uid: email@address.com
userPassword: {MD5}passwd
uidNumber: 1002
gidNumber: 1000
homeDirectory: /dev/null
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
# example addressbook entry for user email@address.com
dn: mail=somebody@domain.com,cn=email@address.com,cn=mailusers,dc=yourserver,dc=com
objectClass: top
objectClass: inetOrgPerson
cn: Somebody
givenName: Body
sn: Some
mail: somebody@domain.com
3.
The ldap section in /config/main.inc.php file of roundcube 0.2.1 looks like this:
$rcmail_config['ldap_public']['addressbook'] = array(
'name' => 'Personal Addressbook',
'hosts' => array('yourldapserver.com'),
'port' => 389,
'use_tls' => false,
'user_specific' => true,
'base_dn' => 'cn=%fu,cn=mailusers,dc=yourserver,dc=com',
'bind_dn' => 'cn=%fu,cn=mailusers,dc=yourserver,dc=com',
'bind_pass' => 'PASSWORD',
'LDAP_Object_Classes' => array("top", "inetOrgPerson"),
'required_fields' => array("cn", "sn", "mail"),
'LDAP_rdn' => 'mail',
'ldap_version' => 3,
'search_fields' => array('givenName', 'cn', 'sn', 'mail'),
'name_field' => 'cn',
'email_field' => 'mail',
'surname_field' => 'sn',
'firstname_field' => 'givenName',
'sort' => 'cn',
'scope' => 'sub',
'filter' => 'givenName=*',
'fuzzy_search' => true);
Every mail user has got the same password (entry
userPassword = ... in ldap directory) for ldap, because the bind_pass is always the same. This might be a security hole because anybody could access others addressbooks simply by choosing another
cn=, if he could guess one.
4.
In Thunderbird you've got to create a new directory-server entry.
The steps are as follows (in German language because this is how my Thunderbird is speaking to me
):
- Extras -> Konten (or under Linux: Bearbeiten -> Konten)
- Verfassen & Adressieren
- Einen anderen LDAP-Verzeichnisserver verwenden: -> Bearbeiten...
- Hinzufügen
- Name: choose one
- Server-Adresse: IP or domainname of your ldap server
- Basis-DN: cn=email@address.com,cn=mailusers,dc=yourserver,dc=com
- Port-Nummer: 389
- Bind-DN: cn=email@address.com,cn=mailusers,dc=yourserver,dc=com
5.
Next steps (if I can find time to do so):
- I'm looking forward to replace the bind_pass with some php code and sql query to lookup each users password and protect the adressbooks against spy.
- Figuring out why Thunderbird (2.0.0.21 running on ubuntu 8.10) is only able to read but not able to add entries to addressbook. Seems that there is no function for adding contacts to a ldap directory.
Your comments will be welcome.