You wouldn't expect there to be a need for yet another HOWTO describing installing and configuring OpenLDAP with Ximian Evolution and Microsoft Outlook but there is. I wasn't able to find a single source with all the necessary information so I kept notes and have posted them here for my pleasure and yours.

  1. Install OpenLDAP server and clients, for example on Fedora Core 2:

    root:~# rpm -i /mnt/cdrom1/Fedora/RPMS/openldap-2.1.29-1.i386.rpm
    root:~# rpm -i /mnt/cdrom2/Fedora/RPMS/openldap-devel-2.1.29-1.i386.rpm
    root:~# rpm -i /mnt/cdrom3/Fedora/RPMS/openldap-clients-2.1.29-1.i386.rpm
    root:~# rpm -i /mnt/cdrom3/Fedora/RPMS/openldap-servers-2.1.29-1.i386.rpm



  2. I like to start off with a minimal configuration and evolve from there, so copy off the default /etc/openldap/slapd.conf file and create this basic file (replacing YourDomain with something useful to you and the rootpw with one you create):

    root:/etc/openldap# slappasswd
    New password:
    Re-enter new password:
    {SSHA}QfqT5otglGriTUUKVm3CneeZf9XxN6xj
    root:/etc/openldap# cp slapd.conf slapd.conf_original
    root:/etc/openldap# cat slapd.conf
    # /etc/openldap/slapd.conf

    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /usr/share/evolution/1.4/evolutionperson.schema

    pidfile /var/run/slapd.pid
    argsfile /var/run/slapd.args

    database bdb
    suffix "dc=YourDomain,dc=com"
    rootdn "cn=Manager,dc=YourDomain,dc=com"
    rootpw {SSHA}Vt0VDUy886qaEAy282oneQrA2HeGDp9J

    # necessary for evolution writes
    allow bind_v2

    directory /var/lib/ldap

    Note: Some versions of OpenLDAP require the directory directive follow the database directive.



  3. Start OpenLDAP:

    /etc/rc.d/init.d/ldap start



  4. Add Domain and Manager entries to the LDAP directory (LDAP Password is the password you entered earlier using slappasswd and you continue to replace YourDomain every time you see it):

    root:/etc/openldap# cat DomainManagerEntries.ldif
    # Domain entry
    dn: dc=YourDomain,dc=com
    objectclass: dcObject
    objectclass: organization
    o: YourDomain
    dc: YourDomain

    # Manager entry
    dn: cn=Manager,dc=YourDomain,dc=com
    objectclass: organizationalRole
    cn: Manager
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f DomainManagerEntries.ldif
    Enter LDAP Password:
    adding new entry "dc=YourDomain,dc=com"

    adding new entry "cn=Manager,dc=YourDomain,dc=com"


    Note: LDIF requires the distinguished name (dn) to be on the first line of each entry and that each entry is separated by a blank line. Thank Benjamin for this note.



  5. Run a test query to confirm everything is working:

    root:/etc/openldap# ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Manager,dc=YourDomain,dc=com" '(objectclass=*)' -W
    Enter LDAP Password:
    # extended LDIF
    #
    # LDAPv3
    # base <dc=YourDomain,dc=com> with scope sub
    # filter: (objectclass=*)
    # requesting: ALL
    #

    # YourDomain.com
    dn: dc=YourDomain,dc=com
    objectClass: dcObject
    objectClass: organization
    o: YourDomain
    dc: YourDomain

    # Manager, YourDomain.com
    dn: cn=Manager,dc=YourDomain,dc=com
    objectClass: organizationalRole
    cn: Manager

    # search result
    search: 2
    result: 0 Success

    # numResponses: 3
    # numEntries: 2



  6. Create an organizationalUnit as a container for your AddressBook:

    root:/etc/openldap# cat AddressBook.ldif
    dn: ou=AddressBook,dc=YourDomain,dc=com
    objectClass: top
    objectClass: organizationalUnit
    ou: AddressBook
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f AddressBook.ldif
    Enter LDAP Password:
    adding new entry "ou=AddressBook,dc=YourDomain,dc=com"



  7. Add yourself to the AddressBook (userPassword is generated with slappasswd and I'm now giving you credit for figuring out what needs to be edited for you local configuration):

    root:/etc/openldap# more Me.ldif
    dn: cn=FirstName LastName,ou=AddressBook,dc=YourDomain,dc=com
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    objectclass: evolutionPerson
    cn: FirstName LastName
    givenname: FirstName LastName
    sn: LastName
    userPassword: {SSHA}nfRuGtDtiC3xoxpjK5mspUttHVyCCTP/
    mail: Me@YourDomain.com
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f Me.ldif
    Enter LDAP Password:
    adding new entry "cn=FirstName LastName,ou=AddressBook,dc=YourDomain,dc=com"

    Note: You can run a query like before using ldapsearch to view new entries if you happen to be as neurotic as I am...



  8. Time to configure Evolution:

    From the menu: Tools -> Settings -> Directory Servers -> Add




    Forward




    Enter Server name, Change Log in method, Enter Distinguished name, Forward




    Change Use SSL/TLS, Forward




    Enter Search base, Forward




    Enter Display name, Forward




    Apply



    Note: You will need to click Clear on the Contact Search bar to get the addresses from OpenLDAP to appear in the Other Contacts:YourHost.YourDomain.com Folder.



  9. Time to configure Outlook:

    From the menu: Tools -> E-mail Accounts... -> Add a new directory or address book -> Next




    Select Internet Directory Server (LDAP)




    Enter Server Name, Select This server requires me to log on, Enter User Name, Enter Password, Click on the More Settings... button




    Click OK (this is telling you the address book your adding won't be available until you restart - it is a Microsoft product after all - you should expect to have to restart or reboot)




    Click on the Search Tab, Enter Search base, Click OK




    Click Finish, Don't forget to restart Outlook



    Note: To look up OpenLDAP address in Outlook:

    From the Outlook menu: Tools -> Address Book...
    From the Address Book menu: Tools -> Find

    Substring Matching at the bottom of the dialog box allows Begins with and Contains searching. Double click the search results to view address book details or to add the entry to the local Outlook Contacts Folder.




  10. Import existing Evolution addresses from the Contact Folder to OpenLDAP:

    root:/etc/openldap# wget http://variant.ch/papers/vcard2ldif.zip
    --19:11:00-- http://variant.ch/papers/vcard2ldif.zip
               => `vcard2ldif.zip'
    Resolving variant.ch... 212.103.67.40
    Connecting to variant.ch[212.103.67.40]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2,827 [application/zip]

    100%[====================================>] 2,827 --.--K/s
    19:11:01 (32.99 KB/s) - `vcard2ldif.zip' saved [2827/2827]
    root:/etc/openldap# unzip vcard2ldif.zip
    Archive: vcard2ldif.zip
    inflating: vcard2ldif.php
    root:/etc/openldap# sed -e 's/ou=addressbook,uid=nikee,dc=variant,dc=ch/ou=AddressBook,dc=YourDomain,dc=com/' vcard2ldif.php > vcard2ldifLocal.php
    root:/etc/openldap# evolution &
        From the menu: File -> Go to folder -> Select Contacts -> Click OK
        From the menu: Edit -> Select All
        From the menu: File -> Save As VCard -> Click OK

    root:/etc/openldap# php vcard2ldifLocal.php > EvolutionAddresses.ldif
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f EvolutionAddresses.ldif
    Enter LDAP Password:
    adding new entry...




  11. Import existing Outlook addresses from the Contact Folder to OpenLDAP:

    root:/etc/openldap# wget http://feldt.com/work/projects/openLDAP/code/csv2ldif.pl.php
    --19:28:39-- http://feldt.com/work/projects/openLDAP/code/csv2ldif.pl.php
               => `csv2ldif.pl.php'
    Resolving feldt.com... 67.38.239.158
    Connecting to feldt.com[67.38.239.158]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 6,690 [text/plain]

    100%[====================================>] 6,690 --.--K/s
    19:28:39 (503.37 KB/s) - `csv2ldif.pl.php' saved [6690/6690]
    # Note: this next command looks silly but you know what to do...
    sed -e 's/ou=AddressBook,dc=YourDomain,dc=com/ou=AddressBook,dc=YourDomain,dc=com/' csv2ldif.pl.php > csv2ldifLocal.pl
    root:/etc/openldap# chmod 700 csv2ldifLocal.pl

    Launch Outlook
        From the menu: Go -> Contacts
        From the menu: Edit -> Select All
        From the menu: File -> Import and Export..., Select Export to a file, Click Next
        Select Comma Separated Values (DOS), Click Next
        Select the Contacts Folder, Click Next
        Enter a filename, Click Next
        Click Finish

    root:/etc/openldap# ./csv2ldifLocal.pl < YourDomain.CSV > OutlookContacts.ldif
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f OutlookContacts.ldif
    Enter LDAP Password:
    adding new entry...




  12. ToDos:
    • Enable SSL/TLS connections
    • Create Access Control Lists (ACLs)
    • Authenticate UNIX (/etc/passwd) accounts to OpenLDAP
    • Authenticate SAMBA accounts from OpenLDAP



  13. Resources:



  14. Software Versions Tested:
    • OpenLDAP v2.1.22, v2.1.25, v2.1.29
    • Evolution v1.4.5, v1.4.6
    • Outlook v2003