You wouldn't expect there to be a need for yet another HOWTO describing installing and configuring OpenLDAP with Ximian Evolution and Microsoft Outlook but there is. I wasn't able to find a single source with all the necessary information so I kept notes and have posted them here for my pleasure and yours.

  1. Install OpenLDAP server and clients, for example on Fedora Core 2:

    root:~# rpm -i /mnt/cdrom1/Fedora/RPMS/openldap-2.1.29-1.i386.rpm
    root:~# rpm -i /mnt/cdrom2/Fedora/RPMS/openldap-devel-2.1.29-1.i386.rpm
    root:~# rpm -i /mnt/cdrom3/Fedora/RPMS/openldap-clients-2.1.29-1.i386.rpm
    root:~# rpm -i /mnt/cdrom3/Fedora/RPMS/openldap-servers-2.1.29-1.i386.rpm

  2. I like to start off with a minimal configuration and evolve from there, so copy off the default /etc/openldap/slapd.conf file and create this basic file (replacing YourDomain with something useful to you and the rootpw with one you create):

    root:/etc/openldap# slappasswd
    New password:
    Re-enter new password:
    root:/etc/openldap# cp slapd.conf slapd.conf_original
    root:/etc/openldap# cat slapd.conf
    # /etc/openldap/slapd.conf

    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/nis.schema
    include /usr/share/evolution/1.4/evolutionperson.schema

    pidfile /var/run/
    argsfile /var/run/slapd.args

    database bdb
    suffix "dc=YourDomain,dc=com"
    rootdn "cn=Manager,dc=YourDomain,dc=com"
    rootpw {SSHA}Vt0VDUy886qaEAy282oneQrA2HeGDp9J

    # necessary for evolution writes
    allow bind_v2

    directory /var/lib/ldap

    Note: Some versions of OpenLDAP require the directory directive follow the database directive.

  3. Start OpenLDAP:

    /etc/rc.d/init.d/ldap start

  4. Add Domain and Manager entries to the LDAP directory (LDAP Password is the password you entered earlier using slappasswd and you continue to replace YourDomain every time you see it):

    root:/etc/openldap# cat DomainManagerEntries.ldif
    # Domain entry
    dn: dc=YourDomain,dc=com
    objectclass: dcObject
    objectclass: organization
    o: YourDomain
    dc: YourDomain

    # Manager entry
    dn: cn=Manager,dc=YourDomain,dc=com
    objectclass: organizationalRole
    cn: Manager
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f DomainManagerEntries.ldif
    Enter LDAP Password:
    adding new entry "dc=YourDomain,dc=com"

    adding new entry "cn=Manager,dc=YourDomain,dc=com"

    Note: LDIF requires the distinguished name (dn) to be on the first line of each entry and that each entry is separated by a blank line. Thank Benjamin for this note.

  5. Run a test query to confirm everything is working:

    root:/etc/openldap# ldapsearch -x -b 'dc=YourDomain,dc=com' -D "cn=Manager,dc=YourDomain,dc=com" '(objectclass=*)' -W
    Enter LDAP Password:
    # extended LDIF
    # LDAPv3
    # base <dc=YourDomain,dc=com> with scope sub
    # filter: (objectclass=*)
    # requesting: ALL

    dn: dc=YourDomain,dc=com
    objectClass: dcObject
    objectClass: organization
    o: YourDomain
    dc: YourDomain

    # Manager,
    dn: cn=Manager,dc=YourDomain,dc=com
    objectClass: organizationalRole
    cn: Manager

    # search result
    search: 2
    result: 0 Success

    # numResponses: 3
    # numEntries: 2

  6. Create an organizationalUnit as a container for your AddressBook:

    root:/etc/openldap# cat AddressBook.ldif
    dn: ou=AddressBook,dc=YourDomain,dc=com
    objectClass: top
    objectClass: organizationalUnit
    ou: AddressBook
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f AddressBook.ldif
    Enter LDAP Password:
    adding new entry "ou=AddressBook,dc=YourDomain,dc=com"

  7. Add yourself to the AddressBook (userPassword is generated with slappasswd and I'm now giving you credit for figuring out what needs to be edited for you local configuration):

    root:/etc/openldap# more Me.ldif
    dn: cn=FirstName LastName,ou=AddressBook,dc=YourDomain,dc=com
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    objectclass: evolutionPerson
    cn: FirstName LastName
    givenname: FirstName LastName
    sn: LastName
    userPassword: {SSHA}nfRuGtDtiC3xoxpjK5mspUttHVyCCTP/
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f Me.ldif
    Enter LDAP Password:
    adding new entry "cn=FirstName LastName,ou=AddressBook,dc=YourDomain,dc=com"

    Note: You can run a query like before using ldapsearch to view new entries if you happen to be as neurotic as I am...

  8. Time to configure Evolution:

    From the menu: Tools -> Settings -> Directory Servers -> Add


    Enter Server name, Change Log in method, Enter Distinguished name, Forward

    Change Use SSL/TLS, Forward

    Enter Search base, Forward

    Enter Display name, Forward


    Note: You will need to click Clear on the Contact Search bar to get the addresses from OpenLDAP to appear in the Other Folder.

  9. Time to configure Outlook:

    From the menu: Tools -> E-mail Accounts... -> Add a new directory or address book -> Next

    Select Internet Directory Server (LDAP)

    Enter Server Name, Select This server requires me to log on, Enter User Name, Enter Password, Click on the More Settings... button

    Click OK (this is telling you the address book your adding won't be available until you restart - it is a Microsoft product after all - you should expect to have to restart or reboot)

    Click on the Search Tab, Enter Search base, Click OK

    Click Finish, Don't forget to restart Outlook

    Note: To look up OpenLDAP address in Outlook:

    From the Outlook menu: Tools -> Address Book...
    From the Address Book menu: Tools -> Find

    Substring Matching at the bottom of the dialog box allows Begins with and Contains searching. Double click the search results to view address book details or to add the entry to the local Outlook Contacts Folder.

  10. Import existing Evolution addresses from the Contact Folder to OpenLDAP:

    root:/etc/openldap# wget
               => `'
    Connecting to[]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 2,827 [application/zip]

    100%[====================================>] 2,827 --.--K/s
    19:11:01 (32.99 KB/s) - `' saved [2827/2827]
    root:/etc/openldap# unzip
    inflating: vcard2ldif.php
    root:/etc/openldap# sed -e 's/ou=addressbook,uid=nikee,dc=variant,dc=ch/ou=AddressBook,dc=YourDomain,dc=com/' vcard2ldif.php > vcard2ldifLocal.php
    root:/etc/openldap# evolution &
        From the menu: File -> Go to folder -> Select Contacts -> Click OK
        From the menu: Edit -> Select All
        From the menu: File -> Save As VCard -> Click OK

    root:/etc/openldap# php vcard2ldifLocal.php > EvolutionAddresses.ldif
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f EvolutionAddresses.ldif
    Enter LDAP Password:
    adding new entry...

  11. Import existing Outlook addresses from the Contact Folder to OpenLDAP:

    root:/etc/openldap# wget
               => `'
    Connecting to[]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 6,690 [text/plain]

    100%[====================================>] 6,690 --.--K/s
    19:28:39 (503.37 KB/s) - `' saved [6690/6690]
    # Note: this next command looks silly but you know what to do...
    sed -e 's/ou=AddressBook,dc=YourDomain,dc=com/ou=AddressBook,dc=YourDomain,dc=com/' >
    root:/etc/openldap# chmod 700

    Launch Outlook
        From the menu: Go -> Contacts
        From the menu: Edit -> Select All
        From the menu: File -> Import and Export..., Select Export to a file, Click Next
        Select Comma Separated Values (DOS), Click Next
        Select the Contacts Folder, Click Next
        Enter a filename, Click Next
        Click Finish

    root:/etc/openldap# ./ < YourDomain.CSV > OutlookContacts.ldif
    root:/etc/openldap# ldapadd -x -D "cn=Manager,dc=YourDomain,dc=com" -W -f OutlookContacts.ldif
    Enter LDAP Password:
    adding new entry...

  12. ToDos:
    • Enable SSL/TLS connections
    • Create Access Control Lists (ACLs)
    • Authenticate UNIX (/etc/passwd) accounts to OpenLDAP
    • Authenticate SAMBA accounts from OpenLDAP

  13. Resources:

  14. Software Versions Tested:
    • OpenLDAP v2.1.22, v2.1.25, v2.1.29
    • Evolution v1.4.5, v1.4.6
    • Outlook v2003