Note to self: explore FreeIPA. Someone on Serverfault suggested it and said it was what AD is for Windows. If it is, it would relieve me of LDAP hell. Too long for this blog post, but I spent about a week (or more) full-time to get an LDAP setup working, with all security measures in place. It involved diving into source code, discovering and reporting Ubuntu documentation bugs, etc. An experience I don’t care to repeat.
Tag: LDAP
When configuring an LDAP addressbook, one thing that has given me a lot of trouble, is the LDAP filter. Here are two I use.
For thunderbird:
(|(cn=%v*)(mail=%v*)(sn=%v*)(displayName=%v*)(givenName=%v*))
For Zimbra:
(|(cn=%s*)(mail=%s*)(sn=%s*)(displayName=%s*)(givenName=%s*))
In Zimbra, I had to configure our ruby-ldapserver to never return more than 50 results, because in the configuration panel, it runs a test based on a search query which goes fine, but it does another query with the %s literally repeated. This causes the SQL condition that is generated to be %s% and that gives a whole lot of results, hanging Zimbra. It is beyond me why Zimbra runs this second query, but I guess it’s a bug.
Recent Comments