LDAP access for kOOL addresses
The whole address database in kOOL can be configured to be available in real time through an LDAP server. In order to use this feature, you have to have an LDAP server setup and running. The following installation instructions have been tested on OpenLDAP 2.3.30 on a GNU/Linux system (Debian sarge and etch).
It is beyond the scope of these instructions to describe the whole process of setting up and maintaining an LDAP server. Please refer to the appropriate documentations of your LDAP server software.
You should include the following shemas:
(moz.schema might not have come with your LDAP server. In this case you'll have to download this manually from Mozilla's wiki and store it as a file in /etc/ldap/schema/moz.schema)
With your LDAP admin account you have to import the following ldif file to get the necessary base structure. Additionally you have to create an LDAP login, for the kOOL process to be able to add, alter and delete entries on the LDAP server. In this example, this login ist called "kOOL_ldapadmin". The password for this login can be encrypted with the command "slappassword" and pasted into the below given ldif file.
Now you can import this structure into your LDAP server with the following command:
ldapadd -x -v -D cn=admin,dc=your.ldap.server,dc=com -W < kool.ldif
As the last step you have to set the access permissions to your LDAP server for the users. To do this, you have to edit your /etc/ldap/slapd.conf:
(You might have to remove access lines from your default config file if present, as they might overwrite your settings below them.)
access to attrs=userPassword
access to dn.subtree="ou=login,ou=kOOL_demo,dc=your.ldap.server,dc=com"
This allows the kOOL_ldapadmin login to have write access to the login section, and grant auth rights to anybody else. The last section grants read access to all kOOL users and write access for kOOL_ldapadmin to the actual addresses.
Enable LDAP support in kOOL
After your LDAP server is running and prepared for the kOOL addresses you can enable the LDAP support in config/ko-config.inc:
$ldap_enabled = TRUE;
From now on, all addresses in kOOL will also be available in the LDAP directory. And also all the kOOL logins, that have access to the addresses module, will be authorized to access the data through LDAP.