Is LDAP the answer?

Dave Smith DavidSmith at byu.net
Mon Nov 28 14:09:30 MST 2005


> Our organization currently uses Exchange Server for the sole purpose
> of sharing contacts in Outlook/Entourage on the desktop.
>
> Is there a free/os linux tool that can do the same thing Exchange
> Server is doing for us now?  Ie, just supply a way to let Outlook/
> Entourage see a shared list of contacts that everyone can update?

Short answer: yes, LDAP is the answer. You don't have any other option.

Long answer: Exchange works fine as an LDAP server with Mozilla
Thunderbird and other LDAP-enabled clients for looking up contact info. In
fact, I use Thunderbird right now with Exchange. Works like a charm! This
means that Exchange's implementation of LDAP is actually compatible with a
standards-observing LDAP client (Exchange is one MS product that is
actually quite excellent). We could thus conclude that swapping in a
"real" LDAP server would work too. And in fact, this would be just great.
I've used Entourage with Exchange, and it is most definitely just using
standard LDAP for contact management. Can't comment on Outlook, but I'm
sure it'll be fine.

You don't have a lot of real choices when it comes to Free, Linux, and
LDAP. Right now, the two big open source players are:

1. OpenLDAP

     Old, but still unstable.
     Complicated to setup and install unless your needs are VERY simple.
     Horrible support.
     No support for older, stable releases
      (the developers think 1-year is too old to support)
     http://openldap.org/

2. Fedora Directory Server

     RedHat bought it from Sun and OSS'ed it. Sun bought it from Netscape.
     I used it for testing when it was Netscape iPlanet, and it rocked.
     http://directory.fedora.redhat.com/

If I had it to do today, I would test FDS first, and if that failed to
satisfy, I would move to OpenLDAP. When I used it, iPlanet had nice admin
software for Windows. OpenLDAP has nothing but command line tools other
than third-party stuff (of the which I prefer phpLDAPadmin[1]).

Since it sounds like your company is rather small, I would recommend you
setup your tree flat like this:

  ou=people,dc=company,dc=com
     cn=Bob Jones
     cn=Freedy Johnson
     cn=Sally Smith
     ...

Then, allow anonymous read access to ou=people and below to the
appropriate fields (cn, givenName, mail, telephoneNumber, postalAddress,
etc.)

Your needs are very basic since you won't be needing authentication, which
is where LDAP gets hairy. If all you want is an address book, both
OpenLDAP and FDS should get you going quite well.

Good luck!

--Dave

[1] I used to maintain phpLDAPadmin, but don't any longer. It's a LOT
better than it was under my stewardship, and it was pretty good then.



More information about the PLUG mailing list