Addressbook in LDAP ... should be simple right?

[Adam Goryachev <mailinglists@websitemanagers.com.au>]

I've been messing with LDAP for the past couple of days, and following 
various online tutorials on how to create an addressbook for Thunderbird 
in openldap. Sure, this isn't too difficult, and I have it working as a 
proof of concept. I can use phpldapadmin to create new entries in my 
addressbook, and these will show up in Thunderbird's addressbook.

I've also spent the day reading most of the openldap admin guide (250 
pages), which eventually I noticed is missing section E, where I'm sure 
something simple like this would appear.

However, now I want to organise the addresses into groups.
eg, say we have the following staff:
John Smith works in the head office and is the CEO
Ann Johnson works in the head office and is a general admin person
Mary Brown works in the branch office and is the state manager
Jane Martin works in the branch office and is a general admin person

I want everybody to be listed in a People group...
I want all four people listed in a Staff group...
I want John Smith and Mary Brown in a Managers group
I want John Smith and Ann Johnson in a Head Office group
I want Mary Brown and Jane Martin in a Branch Office group

So, I could do this like this:
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: My Organization
dc: example

dn: ou=People,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
description: All the people

dn: ou=Staff,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Staff

dn: cn=John Smith+mail=jsmith@example.com,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: mozillaAbPersonAlpha
givenName: John
sn: Smith
cn: John Smitih
mail: jsmith@example.com

etc for other people

Then I can configure the groups like this:

dn: cn=Managers,dc=example,dc=com
cn: Managers of example.com
objectclass: groupofNames
member: cn=John Smith+mail=jsmith@example.com,ou=People,dc=example,dc=com
member: cn=Mary Brown+mail=mbrown@example.com,ou=People,dc=example,dc=com

However, thunderbird doesn't seem to have any smart way to show this 
group...
So, I thought, maybe I could duplicate the "People" and put complete 
addressbook records into the Managers ou, but then it complains that the 
same CN already exists, besides the fact that this just seems like a 
kludge, and not a very "nice" way to achieve this.

PS, the context is to try and replace MS Outlook with Mozilla 
Thunderbird. With email in IMAP4, that works well. I can share the 
calendar from thunderbird to iphones/android phones with 
http://calendarserver.org/. Now I'm just trying to resolve the "shared 
contacts" issue, which is currently solved by copying (at login) a pst 
file from a share to the local users profile, and having that configured 
to open in outlook (add pst data file). I'd prefer to replace all that 
with ldap, since thunderbird supports ldap for an addressbook, and it 
would then update immediately (instead of after next login). Also, long 
term it would be useful to use ldap for other web based login 
authentication, squid proxy auth, and/or even windows authentication, 
but, one step/problem at a time.

Thank you for any advise or suggestions, or pointers to documentation.

Regards,
Adam

--
Adam Goryachev Website Managers www.websitemanagers.com.au