An OpenLDAP addressbook/directory for Thunderbird

This guide will help you setting up an LDAP directory under RHEL 4/CentOS 4 systems, 100 % compatible with Mozilla Thunderbird 1.5. Management of the LDAP directory will be done with phpLdapAdmin.

1. Install the needed packages
# yum install openldap-servers openldap-clients

2. Download the LDAP schema for Thunderbird
# wget http://blog.wains.be/pub/thunderbird.schema -O /etc/openldap/schema/thunderbird.schema

3. Create the directory tree in which the database will be stored
# mkdir /var/lib/ldap/local

4. Change ownership
# chown ldap:ldap /var/lib/ldap/local

5. Make sure LDAP will start at boot
# chkconfig --level 345 ldap on

6. open tcp port 389 under iptables
# iptables -A INPUT -p tcp --dport 389 -j ACCEPT
# iptables-save > /etc/sysconfig/iptables

7. Make a backup of the default config
# mv /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak

8. Create and edit /etc/openldap/slapd.conf :

<code>include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
#include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/thunderbird.schema

# bind_v2 will allow compatibility with older Thunderbird clients (tested under v0.4 &amp; v0.5)
allow bind_v2

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

database bdb
suffix "dc=domain,dc=be"
rootdn "cn=AddressManager,dc=domain,dc=be"
rootpw secret

directory /var/lib/ldap/local

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
#index uidNumber,gidNumber,loginShell    eq,pres
#index uid,memberUid                     eq,pres,sub
#index nisMapName,nisMapEntry            eq,pres,sub</code>

9. Start the ldap service :
[root@server](1034)# service ldap start
Checking configuration files for : config file testing succeeded
Starting slapd: [ OK ]

10. Make sure ldap is running (IMPORTANT : if slapd crashes, you’d still get an OK when starting the service) :
[root@server](1036)# service ldap status
slapd (pid 2299) is running...

11. Create directory_def.ldif (directory structure) :
dn: dc=domain,dc=be
objectclass: top
objectclass: dcObject
objectclass: organization
dc: domain
o: Name of your company

12. Create directory.ldif (directory data) :
dn: cn=John Doe,dc=domain,dc=be
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
givenName: John
sn: Doe
cn: John Doe
mail: john.doe@domain.be

Contacts should be separated by a blank line

13. Inject the directory structure :

<code>ldapadd -xv -D "cn=AddressManager,dc=domain,dc=be" -f directory_def.ldif -W

ldap_initialize(  )
Enter LDAP Password: xxxxxx
add objectclass:
        top
        dcObject
        organization
add dc:
        domain
add o:
        Name of your company
adding new entry "dc=domain,dc=be"
modify complete</code>

14. Inject the data into the directory :
ldapadd -xv -D "cn=AddressManager,dc=domain,dc=be" -f directory.ldif -W

15. Make sure data have been correctly injected :

<code>ldapsearch -x -b "dc=domain,dc=be" "(objectclass=*)"

# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# domain.be
dn: dc=domain,dc=be
objectClass: top
objectClass: dcObject
objectClass: organization
dc: domain
o: Name of your company

# John Doe, domain.be
dn: cn=John Doe,dc=domain,dc=be
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: John
sn: Doe
cn: John Doe
mail: john.doe@domain.be</code>

16. Add the ldap addressbook server into Thunderbird :

For some reason, setting LDAP autocompletion into the general configuration did not work.
I had to add the LDAP autocompletion into the account settings

For more info : http://www.stolaf.edu/services/iit/documentation/thunderbird/ldap.html

For domain.be :
Name : domain directory
Hostname : ldap.domain.be
Base DN : dc=domain,dc=be

17. Install phpldapadmin
- yum install php-ldap
- Grab the RPM version of phpldapadmin that fits to your system on rpmfind.net

SRC RPM : ftp://rpmfind.net/linux/fedora/extras/4/SRPMS/phpldapadmin-0.9.8.2-1.fc4.src.rpm
RPM : ftp://rpmfind.net/linux/fedora/extras/4/i386/phpldapadmin-0.9.8.2-1.fc4.noarch.rpm

- Edit /etc/httpd/conf.d/phpldapadmin and allow connection from your IP
- service httpd restart
- Edit /etc/phpldapadmin/config.php and edit these values :

$ldapservers->SetValue($i,'server','name','Thunderbird LDAP Server');
$ldapservers->SetValue($i,'server','host','127.0.0.1');
$ldapservers->SetValue($i,'server','port','389');
$ldapservers->SetValue($i,'server','base',array('dc=domain,dc=be'));
$ldapservers->SetValue($i,'server','auth_type','config');
$ldapservers->SetValue($i,'login','dn','cn=AddressManager,dc=domain,dc=be');
$ldapservers->SetValue($i,'login','pass','secret');

Connect to http://host.domain.be/phpldapadmin/
You should be able to access your LDAP database, please note that this config is not the most secure scheme, you should set a password to access this directory

More info : http://applications.linux.com/article.pl?sid=05/05/18/1248224

Thunderbird can only read into LDAP directories, not write :
https://bugzilla.mozilla.org/show_bug.cgi?id=86405

23 thoughts on “An OpenLDAP addressbook/directory for Thunderbird

  1. Word press leaves slashes if you have magic quotes turned on in your php. Use an htaccess file with appropriate php_flags to turn of magic quotes. Because word press already add the quotes, you

  2. All went fine for ldap configuration, but I can’t access it with thunderbird (step 16). Do I have to put something in the “Bind DN” option? Do I have to modify my dns server to recognize the “ldap.domain.be” ? And why do you use “Base DN : dc=domain,dc=be” while the link you give (on stolaf.edu) use “Base DN : o=stolaf.edu”?

    Thank you for your help! :)

  3. Can you tell me how this is an exampke of using the thunderbird.schema ?
    You are including it in slapd.conf at the begining, but the John Doe entry doesn’t even use the objectClass from the thunderbird schema.
    Am I missing something?

  4. Hi Jean-Philippe,

    Indeed, the entry “John Doe” doesn’t use anything particular in the Thunderbird schema, but the schema gives access to some specific Mozilla entries (such as the mozilla* entries that you can find in the schema).

    I personally do not use anything specific to the Thunderbird schema.

  5. Good docs, and everything worked but how is one supposed to populate the database?
    phpldapadmin doesn’t allow you to import in “read only” mode. What does this software authenticate against???

    Thanks…

  6. Have you tried exporting your data into ldif files, and import them using the CLI ?

    I populated my DB like that with around 50 contacts, then I was using phpldapadmin to add new contacts

  7. Fletch: You have to log in as admin via phpLDAPadmin, it authenticates against slapd.

    If you’re using the default rootdn “cn=AddressManager,dc=domain,dc=be” and rootpw secret (look at your slapd.conf), those are your username and password. Note: You have to enter the complete string (cn=AdressManager,dc=domain,dc=be), not just “AdressManager”.

    After logging in, you can either add contacts by importing LDIF-files or use the phpLDAPadmin interface.

  8. Just wondering… do you find that Thunderbird opens the LDAP address book ‘empty’? That is… when you first open the address book, you have to enter a search criteria before it shows any contents. Searching for ‘.’ or ‘ ‘ populates with all contents.

    Is there a way to tell Thunderbird to use a default search criteria like a dot or a space? I don’t see a way to do that on the OpenLDAP side. It’s a minor annoyance, but the other address books (like the Personal Address Book in Thunderbird) open all contacts by default. My users would like something similar… and the directory is small enough that this is a reasonable request. I just can’t figure out how to make it happen.

    Thanks!

    - Jason

  9. Hi Jason,

    Indeed, this is a minor annoyance, but an annoyance still !

    I think you can download the content of the LDAP addressbook locally, but I’m not sure if the entries would be displayed without making a search. I don’t have a computer with an LDAP connection here so I can’t test.

    I think it’s a limitation “on purpose” in Thunderbird.. to avoid overwhelming the LDAP servers.

    You may be interested in this plugin : https://addons.mozilla.org/en-US/thunderbird/addon/70

    They boast the following :
    * Automatically populate LDAP address books with a user-defined search query (see Contacts Sidebar Options).

  10. hi sebastien,

    could you help me. i could not start my ldap service. it show bad configuration at slapd.conf

  11. once i restart my centos server the ldap was down. i try restart the ldap services but still can view the phpldapadmin…it show database lost or corrupted…how to recover back the database…

  12. can i have the full command. do i need to stop the ldap service first before i did that command.

  13. try
    slapd_db_recover -v -h /var/lib/ldap

    or just check the help or man page

  14. i got below error once try to access after install the phpldapadmin

    Internal Server Error

    File “/usr/share/phpldapadmin/htdocs/index.php” is not in document root of Vhost “/home/.sites/28/site1/web”

    how to resolve this and on my old server each time i reboot the server have to manually run slapd_db_recover

  15. Hi Sebastian, after a lot of troble, I got your site.. great.
    I had configured the ldap server in the right way.
    But, I can’t get the adresses on tb.
    When I insert a search string in the tb box (a part of the email o a part of the name), In the logs (logfile 256) I have things like this

    ***********
    Jul 5 19:03:07 dati slapd[11897]: conn=28 op=2 SRCH base=”cn=AddressManager,dc=domain,dc=be” scope=2 deref=0 filter=”(|(mail=*fabio*)(cn=*fabio*)(givenName=*fabio*)(sn=*fabio*))”
    Jul 5 19:03:07 dati slapd[11897]: conn=28 op=2 SRCH attr=birthday o company mail mozillaUseHtmlMail xmozillausehtmlmail mozillaCustom2 custom2 mozillaHomeCountryName ou department departmentnumber orgunit mobile cellphone carphone telephoneNumber title mozillaCustom1 custom1 sn surname mozillaNickname xmozillanickname mozillaWorkUrl workurl labeledURI facsimiletelephonenumber fax mozillaSecondEmail xmozillasecondemail mozillaCustom4 custom4 nsAIMid nscpaimscreenname street streetaddress postOfficeBox givenName l locality homePhone mozillaHomeUrl homeurl mozillaHomeStreet st region mozillaHomePostalCode mozillaHomeLocalityName mozillaCustom3 custom3 mozillaWorkStreet2 mozillaHomeStreet2 postalCode zip birthmonth c countryname pager pagerphone mozillaHomeState description notes birthyear modifytimestamp cn commonname objectClass
    Jul 5 19:03:07 dati slapd[11897]: conn=28 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
    *************

    but in the search TB windows I haven’t at all any result…
    I don’t know if this is related to a mistake in the position where I store the addressbook entry…
    please check this and tell me what you think

    -> ldapsearch -x -b “dc=domain,dc=be” “(objectclass=*)”
    ********************

    # extended LDIF
    #
    # LDAPv3
    # base with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # domain.be
    dn: dc=domain,dc=be
    objectClass: top
    objectClass: dcObject
    objectClass: organization
    dc: domain
    o: Name of your company

    # John Doe, domain.be
    dn: cn=John Doe,dc=domain,dc=be
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    givenName: John
    sn: Doe
    cn: John Doe
    mail: john.doe@domain.be

    # Fabio De Agostini, domain.be
    dn: cn=Fabio De Agostini,dc=domain,dc=be
    givenName: Fabio
    cn: Fabio De Agostini
    st: Italia
    postalCode: 33100
    objectClass: inetOrgPerson
    objectClass: top
    mail: test@test.it
    mobile: 333333333
    telephoneNumber: 3333333333
    sn: xxxxxxxxx

    # De Agostini Fabio, domain.be
    dn: cn=De Agostini Fabio,dc=domain,dc=be
    givenName: Fabio
    sn: De Agostini
    cn: De Agostini Fabio
    mail: test@test.it
    telephoneNumber: 111
    homePhone: 2222
    facsimileTelephoneNumber: 3333
    pager: 876
    mobile: 4444
    homePostalAddress: xxxxxxxxxx
    title: ing.
    l: Udine
    postalCode: 33100
    objectClass: inetOrgPerson
    objectClass: top
    # search result
    search: 2
    result: 0 Success
    # numResponses: 5
    # numEntries: 4
    *************************

    -> /etc/openldap/slapd.conf
    *****************************
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    #include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/thunderbird.schema

    # bind_v2 will allow compatibility with older Thunderbird clients (tested under v0.4 & v0.5)
    allow bind_v2

    pidfile /var/run/slapd/slapd.pid
    argsfile /var/run/slapd/slapd.args

    database bdb
    suffix “dc=domain,dc=be”
    rootdn “cn=AddressManager,dc=domain,dc=be”
    rootpw secret

    directory /var/lib/ldap/local

    index objectClass eq,pres
    index ou,cn,mail,surname,givenname eq,pres,sub
    #index uidNumber,gidNumber,loginShell eq,pres
    #index uid,memberUid eq,pres,sub
    #index nisMapName,nisMapEntry eq,pres,sub
    **********************

    • if ldapsearch returns a result, there’s obviously a problem with thunderbird. If the configuration is fine, make sure there’s no such bug reported in their bugzilla.

Comments are closed.