YoLinux: OpenLDAP 2.x Schema Extension to support MS/Outlook, Netscape 4.5+
The basic schemas supplied with OpenLDAP follow commitee standards but do not optimally support Microsoft Outlook or Netscape Communicator. This tutorial explains and pressents an optimized schema to extend the basic OpenLDAP schemas and an example LDIF input data file.

Contents:

Related YoLinux Tutorials:

°LDAP server configuration

°LDAP client authentication

°LDAP bind authentication

°Extending LDAP an schema

°AWebDap: LDAP web interface

°YoLinux Tutorials Index

Schema Descriptions:
  • Complete (as I can get) OpenLDAP schema to support MS/Outlook:

    MS/Outlook field name LDAP attribute Attribute Defined in Schema file Member of Object
    Name: cn (Common Name) core.schema objectPerson
    Email Address: mail core.schema inetOrgPerson
    Job Title: title core.schema organizationalPerson
    Department: ou (Organizational Unit)
    Note: If no "ou" defined use "department".    		 ou: core.schema
    department: extension.schema    		 ou: organizationalPerson
    department: officePerson
    Office: physicalDeliveryOfficeName core.schema organizationalPerson
    Company Name: o (Organization)
    Note:It is not enough to reference the "o" on the DN. You must also state it explicitly.    		 core.schema inetOrgPerson
    Business Web Page: URL, homeURL extension.schema officePerson
    First Name: givenName core.schema inetOrgPerson
    Middle Name: initials core.schema inetOrgPerson
    Last Name: sn (Surename) core.schema objectPerson
    Notes: comment extension.schema officePerson
    Netmeeting Server: conferenceInformation extension.schema officePerson
    Digital ID: userCertificate extension.schema inetOrgPerson
    Manager: manager
    Note: Use a defined and fully qualified DN not just name.    		 cosine.schema inetOrgPerson
    Reports: reports
    Note: Use a defined and fully qualified DN not just name.
    Multiple entries allowed.    		 extension.schema officePerson
    Business - Street Address: postalAddress
    Note: Don't use address attribute. Netscape ignores it.    		 core.schema organizationalPerson
    Business - City: l (Locality) core.schema organizationalPerson
    Business - State/Province: st core.schema organizationalPerson
    Business - Zip Code: postalCode core.schema organizationalPerson
    Business - Country/Region: c
    Note: ISO 3166 two letter code. OpenLDAP will allow full length string.    		 core.schema officePerson
    Home - Street Address: homePostalAddress
    Note: The entire address is held in this field. Use "$" as a cairrage return: i.e.14 Cherry St.$Dallas TX 78999    		 cosine.schema inetOrgPerson
    Telephone:


    Business: telephoneNumber core.schema organizationalPerson
    Business Fax: facsimileTelephoneNumber core.schema organizationalPerson
    Home: homePhone cosine.schema inetOrgPerson
    Home Fax: otherFacsimiletelephoneNumber extension.schema officePerson
    Mobile: mobile cosine.schema inetOrgPerson
    Pager: pager cosine.schema inetOrgPerson
    IPPhone: IPPhone extension.schema officePerson

    See: OpenLDAP faq: MS Outlook (2): How Do LDAP Attributes Map to Address Book Fields?

    Extended OpenLDAP Schema: (New attributes and object required for compatability with MS/Outlook)
    Create file: /etc/openldap/schema/extension.schema
    (Also add reference to this file in slapd.conf) 

    attributetype ( 1.3.6.1.4.1.4203.666.100.121
            NAME ( 'rdn' )
            SUP name )

    attributetype ( 1.3.6.1.4.1.4203.666.100.122
            NAME ( 'otherFacsimiletelephoneNumber' )
            SUP telephoneNumber )

    attributetype ( 1.3.6.1.4.1.4203.666.100.123
            NAME ( 'IPPhone' )
            SUP telephoneNumber )

    # This attribute handles MS/Outlook and Netscape Communicator

    attributetype ( 1.3.6.1.4.1.4203.666.100.124
            NAME ( 'URL' 'homeUrl' )
            SUP name )

    attributetype ( 1.3.6.1.4.1.4203.666.100.125
            NAME ( 'comment' )
            SUP name )

    attributetype ( 1.3.6.1.4.1.4203.666.100.126
            NAME ( 'conferenceInformation' )
            SUP name )

    attributetype ( 1.3.6.1.4.1.4203.666.100.127
            NAME ( 'reports' )
            SUP manager )

    objectclass     ( 1.3.6.1.4.1.4203.666.100.1
        NAME 'officePerson'
            DESC 'Office employee or computer user'
        SUP inetOrgPerson
        STRUCTURAL
            MAY  ( c $
                   rdn $
                   otherFacsimiletelephoneNumber $
                   IPPhone $
                   URL $
                   comment $
                   reports $
                   conferenceInformation )
        )

    [Pitfall]: I could not get the following attributes to transfer to the MS/Outlook address book: Personal Web Page, Title (title) and Nickname. The home city, state, zip and country information did not have allocated attribute fields but did pass into a single address field. (Good enough!) There are no corresponding attribute fields for any of the personal info such as spouse, children, gender, birthday or aniversary as well as for "Group Membership".

  • Schema extensions beyond "inetOrgPerson" and "officePerson" to support Netscape Communicator 4.5x

    To maintain database normalization and avoid duplication of data, LDAP attributes allow multiple names. By assigning extra names to some existing attributes, Netscape Communicator attributes can utilize existing OpenLDAP attribute fields.

    Edit file: /etc/openldap/schema/cosine.schema Change the lines: 

         Change: NAME ( 'mobile' 'mobileTelephoneNumber' )
             to: NAME ( 'mobile' 'mobileTelephoneNumber' 'cellPhone' )
    Also change: NAME ( 'pager' 'pagerTelephoneNumber' )
             to: NAME ( 'pager' 'pagerTelephoneNumber' 'pagerPhone' )
    Edit file: /etc/openldap/schema/core.schema Change the lines: 
         Change: attributetype ( 2.5.4.20 NAME 'telephoneNumber'
             to: attributetype ( 2.5.4.20 NAME ( 'telephoneNumber' 'xmozillaanyphone' )

    Netscape Attribute Existing OpenLDAP Attribute OpenLDAP Schema File Member of Existing Object
    xmozillaanyphone telephoneNumber core.schema objectPerson
    xmozillanickname
    		extension.schema
    xmozillausehtmlmail
    		extension.schema
    cellPhone mobile cosine.schema inetOrgPerson
    pagerPhone pager cosine.schema inetOrgPerson
    description description core.schema
    homeUrl URL (Use this one)
    seeAlso (Didn't use this one)    		 extension.schema
    cosine.schema    		 officePerson
    inetOrgPerson

    Note: I preffered to use the "URL" attribute in the extension.schema. This is because the OpenLDAP "seeAlso" attribute requires that you specify a DN refering to a URL instead of directly specifying the URL. To avoid duplication I assign the names "URL" and "homeUrl" to a single LDAP attribute for use by MS/Outlook and Netscape Communicator respectively.

    Extended OpenLDAP Schema: (New attributes and object required for compatability with Netscape Communicator) 

    attributetype ( 1.3.6.1.4.1.4203.666.100.151
                NAME ( 'xmozillanickname' )
                EQUALITY caseIgnoreMatch
                SUBSTR caseIgnoreSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

    attributetype ( 1.3.6.1.4.1.4203.666.100.152
                NAME 'xmozillausehtmlmail'
                EQUALITY caseIgnoreMatch
                SUBSTR caseIgnoreSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )

    objectclass     ( 1.3.6.1.4.1.4203.666.100.5
        NAME 'zillaPerson'
            DESC 'Netscape Communicator Extensions'
        SUP inetOrgPerson
        STRUCTURAL
            MAY  ( cellPhone $ 
                   pagerPhone $ 
                   description $
                   homeUrl $  
                   xmozillanickname $ 
                   xmozillausehtmlmail )
            )

    [Pitfall]: I could not get the following attributes to transfer to the Netscape address book: Department (ou), Title (title), Country (c), URL (homeUrl), Nickname (xmozillanickname), E-mail preference (xmozillausehtmlmail) and Note. There are no corresponding attribute fields for home address fields.

Example:

This is an example configuration you can use to achieve the optimum support and compatability with the MS/Outlook and Netscape Communicator address books. See the Stooges OpenLDAP configuration example for more detailed installation instructions if necessary.

  • OpenLDAP schema definitons file: /etc/openldap/schema/extension.schema
    (READ THIS FILE and add reference to this file in slapd.conf)
  • OpenLDAP input data file: officeperson.ldif

The LDIF file was partially generated with PADL migration tools to convert /etc/group and /etc/passwd for PAM/NIS support.

Be sure to make the changes to:

  • /etc/openldap/schema/cosine.schema
  • /etc/openldap/schema/core.schema
as defined above.

Addition to file: /etc/openldap/slapd.conf 

database        ldbm
suffix          "dc=digitalpenguins,dc=com"
suffix          "o=digitalpenguins
rootdn          "cn=OfficeAdmin,o=digitalpenguins
rootpw          secret3
defaultaccess   read
schemacheck     on
lastmod         on
directory       /var/lib/ldap/digitalpenguins
index           cn,sn                       pres,eq,sub
Load Data: 
    ldapadd -f officeperson.ldif -xv -D "cn=OfficeAdmin,o=digitalpenguins" -w tuxtux

Links:

LDAP Book ListBooks:

Understanding And Deploying LDAP Directory Services "Understanding And Deploying LDAP Directory Services",
by Timothy A. Howes,Phd, Mark C. Smith and Gordon S. Good,
ISBN 0672323168, Addison-Wesley Pub Co

Second edition. It is general in nature but complete in that it covers all concepts in depth. It is a good book for those wanting to understand everything about LDAP, schema development and its' capabilities.

Amazon.com
Understanding And Deploying LDAP Directory Services "Understanding And Deploying LDAP Directory Services",
by Timothy A. Howes,Phd, Mark C. Smith and Gordon S. Good,
ISBN 1-57870-070-1, MacMillan Technical Publishing

First edition out of print. (Used only) See second edition above. This is the largest LDAP book I own. It is general in nature but complete in that it covers all concepts in depth. It is NOT a good programmers reference but it is good for those wanting to understand everything about LDAP, schema development and its' capabilities. Netscape centric.

Amazon.com
Programming Directory-Enabled Applications with Lightweight Directory Access Protocol "Programming Directory-Enabled Applications with Lightweight Directory Access Protocol"
by Timothy A. Howes,Phd and Mark C. Smith
ISBN 1-57870-000-0, MacMillan Technical Publishing

Excellent programmers reference for those using the LDAP C language API. Also covers search filters and LDAP URL's. The OpenLDAP source code is so poorly commented that I found this book often was the only source for an explanation of what was happening in the code.

Amazon.com
Implementing LDAP "Implementing LDAP",
Mark Wilcok
ISBN 1-861002-21-1, WROK Press

This book covers all aspects of LDAP from LDIF to the LDAP SDK in C, PERL and JAVA. It has a strong Netscape Directory server bias.

Amazon.com
LDAP System Administration "LDAP System Administration",
Gerald Carter
ISBN 1565924916, O'Reilly & Associates

This book covers the use of OpenLDAP and the integration of services.

Amazon.com
LDAP Programming, Management and Integration "LDAP Programming, Management and Integration",
Clayton Donley
ISBN 1930110405, Manning Publications; 1st edition

This book covers LDAP administration as well as introductory information. It covers the directory services markup language (DSML), PERL LDAP module as well as JAVA JNDI.

Amazon.com
"Understanding LDAP" - IBM-Redbooks
Heinz Johner, Larry Brown, Franz-Stefan Hinner, Wolfgang Reis, Johan Westman
IBM Redbook #SG24-4986-00

A reference to ldap, available as PDF as well. This book has a bias towards IBM's E-network LDAP Directory server. Tight, terse, but covers everything.

IBM Redbook #SG24-5110-00 "LDAP Implementation Cookbook"
IBM Redbook #SG24-5110-00

Return to http://YoLinux.com home page
Return to YoLinux Tutorial Index
Return to YoLinux LDAP Tutorial
Feedback Form

Copyright © 2002, 2003 by Greg Ippolito