[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Importing Netscape LDIF address book into OpenLDAP

Yes, it does seem that the inetOrgPerson objectclass is the most
appropriate for this type of entry.  Unfortunately, Netscape has
taken a Microsoftish approach of creating funky custom LDIF
entries when you export an address book.  For instance, here is a
sample exported LDIF entry with all possible fields filled in:

dn: cn=DisplayName,mail=email@address.net
modifytimestamp: 20020215201642Z
cn: DisplayName
mail: email@address.net
xmozillausehtmlmail: TRUE
givenname: FirstName
sn: LastName
o: Organization
xmozillanickname: Nickname
description:: Tm90ZXMNCk5vdGVzDQpOb3Rlcw==
locality: City
st: State
title: Title
streetaddress: Address
postalcode: Zip
countryname: Country
telephonenumber: Work
homephone: Home
facsimiletelephonenumber: Fax
pagerphone: Pager
cellphone: Cellular
ou: Department
homeurl: URL
xmozillaanyphone: Work
objectclass: top
objectclass: person

The first thing you'll notice is the DN with the "mail=" field,
which would automatically have to be modified to fit into any
sort of LDAP tree.  Then there are all the "xmozillablahblahblah"
entries, locality, cellphone, etc.  Also, 'inetOrgPerson'
requires a sn: entry, which may not exist in all cases.  I
suppose one would have to steal the inetOrgPerson schema which
Netscape supplies with its Directory Server product.  They
describe it here:


It looks like the only way to make a an address book exported by
Netscape Communicator available for public consumption in an LDAP
tree is to write a script to hack the DN by including some unique
serial number and adding a suffix to the end, at least for

I think reality is starting to set in.  :-(


Philip Kizer wrote:
> Thomas Brown <twb0@lymenet.org> wrote:
> >I suspect there is something that needs to be tweaked in the schema before
> >that can happen, as the 'ldifadd' command chokes on the 'mail' field:
> >
> ># /opt/openldap/bin/ldapadd -f import.ldif -x -D
> >"cn=Manager,o=mydomain.com" -W
> >Enter LDAP Password:
> >adding new entry "o=mydomain.com"
> >adding new entry "cn=Manager, o=mydomain.com"
> >adding new entry "cn=username, o=mydomain.com"
> >ldap_add: Object class violation
> >        additional info: attribute 'mail' not allowed
> >dn: cn=username, o=mydomain.com
> >cn: username
> >sn: Firstname
> >mail: username@mydomain.com
> >objectclass: person
> >The business-end of my slapd.conf file looks like this:
> >
> >include         /opt/ldap/etc/openldap/schema/core.schema
> Note that core.schema defines 'person' as:
>         MUST ( sn $ cn )
>         MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
> There's no 'mail' (which is also rfc822mailbox) in there at all.
> I think the most direct route would be to add to your LDIF as such:
>   dn: cn=username, o=mydomain.com
>   [ ... ]
>   objectClass: inetOrgPerson
> since that objectClass (inetOrgPerson) includes a:
>   MAY ( mail )
> although you would then need to include in your slapd.conf:
>   include         /opt/ldap/etc/openldap/schema/inetorgperson.schema
> Note:
>   inetOrgPerson is in inetorgperson.schema, and
>   depends on (from the SUP): organizationalPerson
> and:
>   organizationalPerson is in core.schema, and
>   depends on (from it's SUP): person
> which is already included with your include of core.schema.
> Make sense?
> -philip
> --
> Philip Kizer, Senior Lead Systems Engineer, Texas A&M University
> USENIX Liaison to Texas A&M University         <usenix@tamu.edu>
> Texas A&M CIS Operating Systems Group, Unix   <pckizer@tamu.edu>