[Date Prev][Date Next] [Chronological] [Thread] [Top]
Netscape Roaming Addressbook problem - Solved - New Schema to replace mull.schema

To: Markt <Markt@govirtual.com.au>
Subject: Netscape Roaming Addressbook problem - Solved - New Schema to replace mull.schema
From: Benjamin Baez <bbaez@biospectra.com>
Date: Wed, 28 Nov 2001 21:47:12 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3C058D19.A231D904@govirtual.com.au>
References: <3C058D19.A231D904@govirtual.com.au>
User-agent: Internet Messaging Program (IMP) 2.3.7-cvs
Yes,

First of all, I like to thank everyone that maintains 
troubleshooting/faqs/tips/etc. information on the net.  Without those, we would 
be totally up Micro$oft creek :)

I am posting my fix.  The problem that I was having was that only bookmarks, 
liprefs,cookies, and IMAP mail filters were being transferred to the LDAP 
server.  I looked at the logs and noticed that there were problems transferring 
the binary form of the address books.  From Listing 7.6 of Netscape 
Communicator Deployment Guide I noticed the nsLIData was not defined as a 
binary attribute in mull.schema when the Netscape Guide 
(http://www.mit.edu/afs/athena/astaff/project/infoagentsdev/nmc/online_docs/dg/
index.htm) was saying that it should be.  I created the following schema using 
Netscape's OIDs:

#	Corrected mull.schema	(Maaslandse Unix & Linux Laboratorium)

#	This schema file is experimental and may change
#	All OID's use the MULL PEN of 7081 as assigned by IANA
#	Version 20000920

#	Thanks for the important imput and improvements goes to:
#	Laurent ARNAL <laurent@arnal.fr.eu.org>
#		Netscape roaming Profiles
#	Kurt D. Zeilenga <Kurt@OpenLDAP.org>
#		Corrections and general remarks that brought me up to speed
#		with LDAP and the way OpenLDAP uses schema files and such.

#	This schema requires that the core schema is loaded


# Used to store Netscape Roaming Profile information into OpenLDAP v2.

# This stores what?
attributeType ( 2.16.840.1.113730.3.1.399
	NAME 'nsLIPtrURL'
	DESC 'Store Netscape Roaming Something'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.400
	NAME 'nsLIPrefs'
	DESC 'Store Netscape Roaming Profile preferences'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

# This stores the actual profile name into the database.
attributeType ( 2.16.840.1.113730.3.1.401
	NAME 'nsLIProfileName'
	DESC 'Store Netscape Roaming Profile name'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.402
	NAME 'nsLIData'
	DESC 'Store the actual data blocks'
	EQUALITY bitStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.403
	NAME 'nsLIElementType'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.404
	NAME 'nsLIServerType'
	DESC ''
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
attributeType ( 2.16.840.1.113730.3.1.405
	NAME 'nsLIVersion'
	DESC 'Store Netscape Roaming Profile version'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

# Unknown use.
objectClass ( 2.16.840.1.113730.3.2.74
	NAME 'nsLIPtr'
	DESC 'Contains something'
	SUP top
	MUST ( objectClass ) 
	MAY ( nsLIPtrURL $ owner )
	)

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
# This is the base holder of the Roaming Profile and must be created before
# you try to store information into the LDAP database.
objectClass ( 2.16.840.1.113730.3.2.75
	NAME 'nsLIProfile'
	DESC 'Base holder of the NetScape Roaming Profile'
	SUP top
	MUST ( objectClass $ nsLIProfileName ) 
	MAY ( nsLIPrefs $ uid $ owner )
	)

# Used to store Netscape Roaming Profile information into OpenLDAP v2.
# This object class will store the actual data.
objectClass ( 2.16.840.1.113730.3.2.76
	NAME 'nsLIProfileElement'
	DESC 'Contains the actual Roaming Profile data'
	SUP top
	MUST ( objectClass $ nsLIElementType ) 
	MAY ( owner $ nsLIData $ nsLIVersion )
	)

# Unknown use.
objectClass ( 2.16.840.1.113730.3.2.77
	NAME 'nsLIServer'
	DESC 'Contains something - Removed attributes that were undefined'
	SUP top
	MUST ( objectClass ) 
	MAY ( description $ cn $ nsLIServerType )
	)

# EOF


Now the Roaming profile is populated with the addressbook(s), history, etc.  
However, I imported my rather large Outlook Addresses into Netscape and 
although netscape created the appropiate element in LDAP, LDAP is still choking 
on something during the transfer.  My other test roaming system at work is 
working ok, so it may be some weird character in one of the addresses or size, 
or ?? . I will be checking that tonight or this coming Sunday.  One gotcha that 
I read on the net is not to checkmark History, Java Security, Certificates... 
for initial transfer since it kills the LDAP synchro.  First syncho without 
them, then enable them if you wish.

Does anyone have a working GPL/Freeware netscape calendar system working?

[root@mail openldap]# more slapd.conf 
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 
kur
t Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
include         /etc/openldap/schema/redhat/autofs.schema
include         /etc/openldap/schema/redhat/kerberosobject.schema
#include         /etc/openldap/schema/mull.schema
include         /etc/openldap/schema/netscape-roaming.schema


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

#pidfile        //var/run/slapd.pid
#argsfile       //var/run/slapd.args

# Create a replication log in /var/lib/ldap for use by slurpd.
#replogfile     /var/lib/ldap/master-slapd.replog

# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
lastmod         on      # Sets modification field
suffix          "dc=biospectra,dc=com"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=Manager,dc=biospectra,dc=com"
#rootdn         "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          
# rootpw        {SSHA}ESC0nZlkkSVlEpCPaq/m94ogDEcQSIpY
# rootpw        {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap/biospectra
# Indices to maintain
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
# Replicas to which we should propagate changes
#replica ldap-1.example.com:389 tls=yes
#       bindmethod=sasl saslmech=GSSAPI
#       authcId=host/ldap-master.example.com@EXAMPLE.COM
# Include the access lists
include                 /etc/openldap/slapd.access

# Test Database

database        ldbm
lastmod         on      # Sets modification field
suffix         "o=Biospectra,c=US"
rootdn          "cn=Manager,o=Biospectra,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          
directory       /var/lib/ldap/biospectra-tech
# Indices to maintain
index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname                       eq,subinitial
# Include the access lists
include                 /etc/openldap/slapd-2.access

[root@mail openldap]# more slapd.access 
# Access Control
access to dn=".*,ou=Roaming,dc=biospectra,dc=com"
        by dnattr=owner write
        by * none
access to attr=userPassword
        by self write
        by anonymous auth
        by dn="cn=Admin,dc=biospectra,dc=com" write
        by * none
# Netscape's Directory Server
access to attr=mail
        by self write
        by users read
        by * search
access to attr=entry
        by * read
#access to attrs=cn,sn,telephonenumber
#       by self write
#       by users read
#       by * none
# End Netscape's Directory Server
access to * 
        by self write
        by dn="cn=Admin,dc=biospectra,dc=com" write
        by users read

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
Prev by Date: Re: RE: Help with openldap!
Next by Date: whic fuction and variable is used ?
Index(es):
- Chronological
- Thread