[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP Architecture for CardDAV/OpenLDAP interface

To: openldap-technical@openldap.org
Subject: LDAP Architecture for CardDAV/OpenLDAP interface
From: Nicolas Mora <nicolas@babelouest.org>
Date: Sat, 20 Oct 2012 14:33:23 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1

Hello,

I'm using both an OpenLDAP server and an owncloud server, both fordifferent but convergent purposes.

The OpenLDAP manages an addressbook that is used by all mail client(Thunderbird, Horde, etc.), and the owncloud server also manages anaddressbook for phone numbers, addresses and stuff, this one is aCardDAV one with VCard files.

My goal is to converge these 2 different back-ends into one, all thedata would be stored in the LDAP server.

I did some research about how to do it and I have some clue that I wouldlike to submit to you for feedbacks.


The first interrogation is about the VCard/LDAP interface.

After studying the VCard format and the different LDAP schemas, mostlyRFC 6350 and 2256 and the schema files in the OpenLDAP conf folder in aDebian Stable server.

I think that a new schema would do the connection.

All the VCard properties can be easily linked to an existing person orinetOrgPerson or another *person objectClass. And the properties thatdoesn't exist yet are to be created in a schema extension.Also, one or two additional properties fields per property are to becreated for the VCard parameters.

Actually, there are different objectClass that might be extended:person, inetOrgPerson, organizationalPerson and residentialPerson.Considering that inetOrgPerson, organizationalPerson andresidentialPerson are designed for specific purposes, I think thatextending the person objectClass would be the best guess, what do youthink ?

The second question is more about the OpenLDAP configuration to handlethis need. Right now, the OpenLDAP server is only used by me as anaddressbook and an authentication server, the directory looks like this:


dc=babelouest,dc=org
|
|-ou=addressbook
|  |
|  |-cn=Address1
|  |-cn=Address2
|  |-[...]
|
|-ou=users
|  |
|  |-uid=user1
|  |-uid=user2
|  |[...]

I would like to add another branch to allow users to add their ownaddressbook entries, these entries would be in read/write mode only forthe owner, no one else but him should have access.


The new directory would look like this:
dc=babelouest,dc=org
|
|-ou=addressbook (global, read-only for all users)
|  |
|  |-cn=Address1
|  |-cn=Address2
|  |-[...]
|
|-ou=users
|  |
|  |-uid=user1
|  |-uid=user2
|  |[...]
|
|-ou=personnalAddressbooks (personnal addressbook entries)
|  |
|  |-uid=user1
|  |  |
|  |  |-cn=Address1
|  |  |-cn=Address2
|  |  |-cn=Address3
|  |
|  |-uid=user2
|  |  |
|  |  |-cn=Address1
|  |  |-cn=Address2

I took a look at the Access control help page but I couldn't find how toproperly set the OpenLDAP configuration like this. Can you help meconfiguring the slapd.conf ?


Thanks in advance.

/Nicolas

Follow-Ups:
- Re: LDAP Architecture for CardDAV/OpenLDAP interface
  - From: Roman Rybalko <openldap@romanr.name>

Prev by Date: Re: Dynamic configuration / admin users
Next by Date: Re: LDAP Architecture for CardDAV/OpenLDAP interface
Index(es):
- Chronological
- Thread