Building an Address Book with OpenLDAP

Listen Print Discuss

Building an Address Book with OpenLDAP
Pages: 1, 2, 3

Configuring Netscape 7 and Outlook 2002 as LDAP Clients

Now that we have an LDAP server set up and ready to go, our next step is to configure our LDAP clients to use the directory. This article uses Netscape 7 under Linux and Microsoft Outlook 2002 under, not surprisingly, Windows. Let's begin with Netscape 7.

In my opinion, Netscape has a much better interface for LDAP-based directories than Outlook. To some extent, that is understandable. Outlook is built to work with Exchange as both a mail client and groupware application. How is Netscape better? For one thing, Netscape Address Book can import all of the entries in an LDAP directory into your address book and keep those entries synchronized with the directory. Essentially, you can disconnect from the local network and use the LDAP-based address book even if you no longer have access to the actual LDAP server. Now that's nifty.

Let's configure Netscape Address Book to use our LDAP server.

Begin by opening Netscape Address Book, either directly or from Netscape Communicator.
Choose File->New->LDAP Directory.
Netscape Address Book will open up the properties page for an LDAP directory. First, enter a friendly name in the Name field, such as "Company LDAP Directory."
In the Hostname field, enter either the LDAP server's hostname or IP address.
The Base DN is simply the base search path specified for ldapsearch with the -b option, so enter ou=addressbook, dc=example, dc=com.
Choose OK.
Restart Netscape, and you should see the new LDAP entry in the Address Books pane.

That's all there is to it. To test the search feature, type "Jane" into the search field labeled "Name or Email contains:," and then press Enter. Jane Doe's listing should come up. Select that listing to see all of the properties we defined for Jane that the Netscape Address Book recognizes. To look up an LDAP contact when composing an email message, do the following:

Choose Compose.
Select the Address icon.
In the "Look in:" drop-down menu, choose your LDAP server entry defined earlier in the Netscape Address Book.
Enter "Jane" in the text field labeled "for:" and press Enter.

Next, let's configure Microsoft Outlook 2002 to use our LDAP server:

Start Outlook and then select Tools->Email Accounts.
Choose "Add a new directory or address book" under the "Directory" label and then choose Next.
Choose "Internet Directory Service (LDAP)" as the address book type and then choose Next.
For "Server Name" specify the IP address or the hostname of the LDAP server.
Choose "More Settings" and then select the "Search" tab. Here you need to specify the base search path, which we also specified to ldapsearch using the -b option. Type ou=addressbook, dc=example, dc=com in the text field labeled "Search base" and then choose OK.
Choose Next.
Outlook will present a congratulations screen. Choose Finish to close the Wizard.
Restart Outlook to be able to use the LDAP directory you just specified.

There are two ways to test Outlook's LDAP directory access. First, let's try the fast and easy way:

Click the New Mail icon to bring up the New Mail window.
In the To: field, enter "Jane". (Outlook may try to auto-complete Jane's name or address if you have ever emailed another Jane before. Be sure to not use this entry, as that will short-circuit the LDAP lookup.)
You can now either tab to the next field or enter Ctrl-K to force an address lookup. If you do not enter Ctrl-K, then Outlook will perform the lookup while you are doing another operation, such as entering the text of the message.

Concluding Remarks

OpenLDAP continues to make inroads in small and medium-sized businesses as an easy, cost-effective way to manage data. This article gave just one small example of how you can use OpenLDAP, and indeed any LDAP server, to fine-tune the level of control you have over the information required by your business and by your users.

I'd like to say thank you to Howard Chu of the OpenLDAP team for helping to debug this article.

Additional Resources

OpenLDAP.
LDAP Schemas.
An Introduction to LDAP.
Aeleen Frisch's LDAP article "Top Five Open Source Packages for System Administrators."

Dustin Puryear is a consultant providing expertise in managing and integrating UNIX and Windows systems and services, with a strong focus on open source.

Return to ONLamp.com.

Do you have instructions for another address book or e-mail client? Post or link them below.
You must be logged in to the O'Reilly Network to post a talkback.

Showing messages 1 through 25 of 25.

address book sharing for macs
2009-03-06 04:50:31 tombino [Reply | View]

I work in a small office using Macs. We use Apples Addressbook programme. Is there any way of sharing addresses accross the local network- amoungst office computers. I understand an LDAP server would achieve this. Can you point me in the right direction please.

Distribution Lists
2008-05-05 11:54:50 wgrant [Reply | View]

Thanks for the excellent article. How would one go about creating Distribution Lists?

Modify LDAP whit Outlook
2007-08-16 03:40:45 bronco0 [Reply | View]

Hi,

I followed your howto, to set up an address book on LDAP. I can with outlook, to consult the addresses recorded in LDAP, but I cannot add new addresses, using outlook.

Is this possible?

Modify LDAP whit Outlook
2007-08-16 07:00:04 Dustin Puryear | [Reply | View]

It is not currently possible to modify entries in LDAP with Outlook. I doubt that will ever be possible as Microsoft prefers that this information be managed directly via Exchange.

--
Dustin Puryear
Author, Best Practices for Managing Linux and UNIX Servers (http://www.puryear-it.com/pubs/linux-unix-best-practices)
http://www.puryear-it.com (http://www.puryear-it.com)

Unable to retrieve LDAP entries in Netscape Address Book
2004-01-17 13:38:41 anonymous2 [Reply | View]

I tried the tutorial with the latest version of OpenLDAP (2.1.22 at time of this post on Jan 17). I followed the steps with Netscape 7.1. The steps are basically the same as in the article with some minor changes in the newer versions. No matter what I tried, Netscape would not retrieve an entry. It even asks for a password and says that 0 entries were find. The ldapbrowser tool worked fine. So I knew that LDAP was working and that it was accessible across the Network. I finally decided to use YATT to monitor the TCP/IP connection. I found "requested protocol version not allowed" in the trace. Once I had this piece of information in hand, a google search quickly revealed that the solution is to add:

allow bind_v2.

Netscape works fine.

Unable to retrieve LDAP entries in Netscape Address Book
2004-01-17 13:40:41 anonymous2 [Reply | View]

... in slapd.conf.

load users in outlook at startup
2003-09-18 00:36:39 anonymous2 [Reply | View]

i have configured my ldap addressbook in redhat 9 and tried to access users from outlook. when i search users i can see them but how do i make all the users load to the addressbook at startup like M$ exchange addressbook does?

load users in outlook at startup
2005-01-31 02:25:22 remco1506 [Reply | View]

Hi,

I am experiening the exact same problem. Did you figure this one out yet?

Thanks,
Remco.

load users in outlook at startup
2005-01-31 14:24:12 Dustin Puryear | [Reply | View]

I'm sure this can be done via a registry value that you distribute via Windows logon scripts.

You need blank lines between entries in an LDIF-formatted file.
2003-05-06 20:42:41 Dustin Puryear | [Reply | View]

I have been asked via email a few times about errors produced when creating all of the records via one LDIF-formatted file:

dn: ...
ou=...
...
dn: ...
ou=...

You should use blank lines between records:

dn: ...
ou=...

dn: ...
ou=...

I did not make this clear in the article.

Mozilla 1.3 Client
2003-05-06 19:11:42 anonymous2 [Reply | View]

Apparently Mozilla 1.3 only supports ldapv2 protocol connections. I added "allow bind_v2" to slapd.conf
and all is well.

Well written article, Thanks Dustin!

Kelly D. Grills

Mozilla 1.3 Client
2003-05-06 20:42:41 Dustin Puryear | [Reply | View]

No problem. I'm glad you found the article to be helpful.

Active Directory?
2003-04-14 10:07:20 anonymous2 [Reply | View]

Does this work with Active Directory?

Active Directory?
2003-04-24 08:14:08 Dustin Puryear | [Reply | View]

I don't believe so, but I could be wrong. You need to authenticate against AD.

Active Directory?
2003-06-02 09:49:04 Dustin Puryear | [Reply | View]

Speaking of AD, you can use pam_ldap to authenticate against one. Just a note.

still no joy
2003-04-05 12:08:39 jcphil [Reply | View]

My ldapadd of your examples indicated success. But this is the result ldapsearch:

version: 2

#
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

And I was able to add the directory in Netscape Address Book, but it says there are zero cards and the search for "Jane" fails. I tried ldpadd again and it says the record already exists. So, it exists, but nothing can find it?

still no joy
2003-04-06 11:07:09 Dustin Puryear | [Reply | View]

Try posting the complete ldapadd (include all arguments) and ldapsearch (include all arguments).

still no joy
2003-04-12 11:10:59 jcphil [Reply | View]

Sorry to respond so late. No time during the week. The ldapadd command was as you have it in your article, except that I added the "-x" option. Without that, I get this error:

ldap_sasl_interactive_bind_s: No such attribute

The same goes for the search. I have to use this string to search:

ldapsearch -x -b 'dc=example, dc=com' 'objectclass=*'

And the output is as I posted before. Here it is again:

version: 2

#
# filter: objectclass=*
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

still no joy
2003-05-12 19:54:29 anonymous2 [Reply | View]

Hi jcphil,

I had the same problem last weekend. Now after going through the slapd.conf, I found that it was the access control creating the problem. Since there was nothing mentioned in the article about "access to" in slapd.conf, I commented it out, restarted slapd and everything working fine. Need to read more details about access to..... Have fun.

--KC.

hey, don't forget Mail.app
2003-04-04 13:11:51 anonymous2 [Reply | View]

Adding ldap support in mail.app is even easier.

Just go to preferences->Composing->Configure LDAP... and enter the name and server parts of the ldap server and click add.

This adds the directory to directory services so you can also use your new ldap directory from the os X address book as well!

hey, don't forget Mail.app
2003-04-24 07:25:54 anonymous2 [Reply | View]

I've followed this "tutorial" but couldn't get the data into Mail.app nor the Addressbook. Nevertheless when I `ldapsearch`I see all the data. Any ideas?

TIA

hey, don't forget Mail.app
2003-04-24 08:10:51 Dustin Puryear | [Reply | View]

I don't use a Mac nor do I have access to one. I hope you can find the solution and post it here.

rootdn in slapd.conf
2003-03-29 09:54:30 anonymous2 [Reply | View]

I'm wondering if the rootdn in the sample slapd.conf is a sensible one:
rootdn "dc=example, dc=com"
is the same as the base of the LDAP tree - basically, this is NOT a distinguished name, I'd think.
Christian Kirsch
ck@ix.heise.de

rootdn in slapd.conf
2003-03-31 17:23:18 Dustin Puryear | [Reply | View]

The rootdn is used only to authenticate the LDAP administrator. You can use "cn=Manager, dc=example, dc=com" but using "dc=example, dc=com" is equally correct and requires less typing.

Quick Correction for last page..
2003-03-29 08:29:48 anonymous2 [Reply | View]

You may read this before the correction reaches the article. On the third page the search base for Outlook should be:

ou=addressbook, dc=example, dc=com

Instead of:

dc=addressbook, dc=example, dc=com

Dustin Puryear

-->

Configuring Netscape 7 and Outlook 2002 as LDAP Clients

Concluding Remarks

Additional Resources

Sponsored Resources

Related to this Article