On this section you will find information about the Netscape Address Book, a LDAP client that can be used to query your Directory. Also is presented details on how to implement Roaming Access using the Netscape Navigator, version 4.5 or above and your LDAP server. There have been a lot of talk on the OpenLDAP mailing lists about the Roaming Access, since this is a feature that is not totally implemented. Most part of the people don't like the way Netscape Navigator operates with the LDAP server while making downloads and uploads to it. So, if after reading this you find that the Roaming Access is not working the way you would like, nevermind, a lot of people passed through this situation already. The purpose of introducing this feature here is more for giving people an idea about the capabilities of the LDAP protocol. To finish you will see some information about killing safely the slapd process and about slapd logs.
The goal of Roaming Access is that wherever you are on the Net, you can retrieve your bookmarks, preferences, mail filters, etc. using a Netscape Navigator and a LDAP server. This is a very nice feature, imagine that wherever you access the Web, you can have your own settings on the browser. If you will travell and you need to access that currency site that is stored on your local bookmarks, don't worry, upload the bookmarks and other configuration files to a LDAP server and you can retrieve them all later independent of the place you will be.
To implement the Roaming Access you have to follow these steps :
- Changing the attributes file : You need to add new attributes on the attribute list present on the file slapd.at.conf (this is a file you include on your slapd.conf and it's normally located at /usr/local/etc/openldap) :
attribute nsLIPtrURL ces
attribute nsLIPrefs ces
attribute nsLIProfileName cis
attribute nsLIData bin
attribute nsLIElementType cis
attribute nsLIServerType cis
attribute nsLIVersion cis
- Changing the objectclass file : You also have to add some new classes to your slapd.oc.conf (this is another file you include on your slapd.conf and it's normally located at /usr/local/etc/openldap) in order to enable the roaming access :
objectclass nsLIPtr
requires
objectclass
allows
nsliptrurl,
owner
objectclass nsLIProfile
requires
objectclass,
nsliprofilename
allows
nsliprefs,
uid,
owner
objectclass nsLIProfileElement
requires
objectclass,
nslielementtype
allows
owner,
nslidata,
nsliversion
objectclass nsLIServer
requires
objectclass,
serverhostname
allows
description,
cn,
nsserverport,
nsliservertype,
serverroot
- Changing the LDIF file : Now you have to modify your LDIF file, adding profiles entries to each user that wish to try the Roaming Access feature of Netscape. Look an example of a simple LDIF file with profiles entries :
dn: o=myOrg,c=NL
o: myOrg
objectclass: organization
dn: cn=seallers,ou=People,o=myOrg,c=NL
cn: seallers
userpassword: myPassword
objectclass: top
objectclass: person
dn: nsLIProfileName=seallers,ou=Roaming,o=myOrg,c=NL
changetype: add
objectclass: top
owner: cn=seallers,ou=People,o=myOrg,c=NL
objectclass: top
objectclass: nsLIProfile
- Go to Menu Edit -> Preferences -> Roaming User
Now you have to first Enable the Roaming Access for this profile, clicking on the checkbox correspondent to this option.
- Fill the username box with an appropiate value, for instance john
Pull down the arrow of the Roaming User option on the left side of the Preferences Window, so see the suboptions of Roaming Access.
- Click on Server Information and enable the option LDAP Server and fill the boxes with the following information :
Address: ldap://myHost/nsLIProfileName=$USERID,ou=Roaming,o=myOrg,c=NL
User DN: cn=$USERID,ou=People,o=myOrg,c=NL
IMPORTANT : Netscape automatically substitutes the $USERID variable for the name of the profile you selected before running the browser. So if you selected the profile seallers, it will substitute $USERID for seallers, if you selected profile gonzales, if will substitute $USERID for gonzales. If you are not familiar with profiles, run the Profile Manager aplication that comes on the Netscape Comunicator package. It's an application designed to satisfy the multiple users of a browser on the same machine, so each one can have their on settings on the browser.
The final step is to restart the server, take a look on the section 6.3 to see how you do that safely and on section 4 to see how to start it again.
Once you have your LDAP server up and running, you can access it with many diferent clients (e.g. ldapsearch command line utility). A very interesting one is the Netscape Address Book. It's avaiable from version 4.x of Netscape but you have to use the 4.5 or above version for a stable interoperation with your LDAP server.
Just follow the sequence :
Open Netscape Navigator -> Go to Communicator Menu -> Address Book
The Netscape Address Book will be launched with some default LDAP directories. You have to add your own LDAP directory too !
Go to File Menu -> New Directory
Fill the boxes with your server information. For example :
- Description : TUDelft
- LDAP Server : dutedin.et.tudelft.nl
- Server Root : o=TUDelft, c=NL
The default LDAP port is 389, don't change it, at least if you changed this option while building your server.
Now, make simple queries to your server, using the box Show Names Containing, or advanced queries, using the Search for button
To kill off slapd safely, you should give a command like this
kill -TERM `cat $(ETCDIR)/slapd.pid`
Killing slapd by a more drastic method may cause its LDBM databases to be corrupted, as it may need to flush various buffers before it exits. Note that slapd writes its pid to a file called slapd.pid in the directory you configured in slapd.conf file, for example : /usr/local/var/slapd.pid
You can change the location of this pid file by changing the SLAPD_PIDFILE variable in include/ldapconfig.h.edit
Slapd will also write its arguments to a file called slapd.args in the directory you configured in slapd.conf file, for example /usr/local/var/slapd.args
You can change the location of the args file by changing the SLAPD_ARGSFILE variable in include/ldapconfig.h.edit.
Slapd uses the syslog(8) facility to generate logs. The default user of the syslog(8) facility is LOCAL4, but values from LOCAL0, LOCAL1, up to LOCAL7 are allowed.
In order to enable the generation of logs you have to edit your syslog.conf file, usually located at /etc directory.
Create a line like this :
local4.* /usr/adm/ldalog
This will use the default user LOCAL4 for the syslog facility. If you are not familiar with the sintax of this line, take a look at the man pages of syslog, syslog.conf and syslogd. If you want to change the default user or to specify the level of the logs generated, you have the following options while starting slapd :
-s syslog-level This option tells slapd at what level debugging statements should be logged to the syslog(8) facility. The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err, warning, notice, info, and debug. Ex : slapd -f myslapd.conf -s debug
-l syslog-local-user Selects the local user of the syslog(8) facility. Values can be LOCAL0, LOCAL1, and so on, up to LOCAL7. The default is LOCAL4. However, this option is only permitted on systems that support local users with the syslog(8) facility.
Now take a look at the logs generated, they can help you a lot to solve problems with queries, updates, binding, etc.