Next Previous Contents

6. Aditional Informations and Features

On this section you will find information about the Netscape Address Book, a LDAP client that can be used to query your Directory. Also is presented details on how to implement Roaming Access using the Netscape Navigator, version 4.5 or above and your LDAP server. There have been a lot of talk on the OpenLDAP mailing lists about the Roaming Access, since this is a feature that is not totally implemented. Most part of the people don't like the way Netscape Navigator operates with the LDAP server while making downloads and uploads to it. So, if after reading this you find that the Roaming Access is not working the way you would like, nevermind, a lot of people passed through this situation already. The purpose of introducing this feature here is more for giving people an idea about the capabilities of the LDAP protocol. To finish you will see some information about killing safely the slapd process and about slapd logs.

6.1 Roaming Access

The goal of Roaming Access is that wherever you are on the Net, you can retrieve your bookmarks, preferences, mail filters, etc. using a Netscape Navigator and a LDAP server. This is a very nice feature, imagine that wherever you access the Web, you can have your own settings on the browser. If you will travell and you need to access that currency site that is stored on your local bookmarks, don't worry, upload the bookmarks and other configuration files to a LDAP server and you can retrieve them all later independent of the place you will be.

To implement the Roaming Access you have to follow these steps :

- Changing the attributes file : You need to add new attributes on the attribute list present on the file slapd.at.conf (this is a file you include on your slapd.conf and it's normally located at /usr/local/etc/openldap) :

attribute       nsLIPtrURL              ces 
attribute       nsLIPrefs               ces 
attribute       nsLIProfileName         cis 
attribute       nsLIData                bin 
attribute       nsLIElementType         cis 
attribute       nsLIServerType          cis 
attribute       nsLIVersion             cis 

- Changing the objectclass file : You also have to add some new classes to your slapd.oc.conf (this is another file you include on your slapd.conf and it's normally located at /usr/local/etc/openldap) in order to enable the roaming access :

objectclass nsLIPtr 
requires 
        objectclass 
allows 
        nsliptrurl, 
        owner 

objectclass nsLIProfile 
requires 
        objectclass, 
        nsliprofilename 
allows 
        nsliprefs, 
        uid, 
        owner 

objectclass nsLIProfileElement 
requires 
        objectclass, 
        nslielementtype 
allows 
        owner, 
        nslidata, 
        nsliversion 

objectclass nsLIServer 
requires 
        objectclass, 
        serverhostname 
allows 
        description, 
        cn, 
        nsserverport, 
        nsliservertype, 
        serverroot 

- Changing the LDIF file : Now you have to modify your LDIF file, adding profiles entries to each user that wish to try the Roaming Access feature of Netscape. Look an example of a simple LDIF file with profiles entries :

dn: o=myOrg,c=NL 
o: myOrg 
objectclass: organization 

dn: cn=seallers,ou=People,o=myOrg,c=NL 
cn: seallers 
userpassword: myPassword 
objectclass: top 
objectclass: person 

dn: nsLIProfileName=seallers,ou=Roaming,o=myOrg,c=NL 
changetype: add 
objectclass: top 
owner: cn=seallers,ou=People,o=myOrg,c=NL 
objectclass: top 
objectclass: nsLIProfile 
The next step is to configure Netscape to enable the Roaming Access against your LDAP server. Just follow the sequence :

- Go to Menu Edit -> Preferences -> Roaming User

Now you have to first Enable the Roaming Access for this profile, clicking on the checkbox correspondent to this option.

- Fill the username box with an appropiate value, for instance john

Pull down the arrow of the Roaming User option on the left side of the Preferences Window, so see the suboptions of Roaming Access.

- Click on Server Information and enable the option LDAP Server and fill the boxes with the following information :

Address: ldap://myHost/nsLIProfileName=$USERID,ou=Roaming,o=myOrg,c=NL

User DN: cn=$USERID,ou=People,o=myOrg,c=NL

IMPORTANT : Netscape automatically substitutes the $USERID variable for the name of the profile you selected before running the browser. So if you selected the profile seallers, it will substitute $USERID for seallers, if you selected profile gonzales, if will substitute $USERID for gonzales. If you are not familiar with profiles, run the Profile Manager aplication that comes on the Netscape Comunicator package. It's an application designed to satisfy the multiple users of a browser on the same machine, so each one can have their on settings on the browser.

The final step is to restart the server, take a look on the section 6.3 to see how you do that safely and on section 4 to see how to start it again.

6.2 Netscape Address Book

Once you have your LDAP server up and running, you can access it with many diferent clients (e.g. ldapsearch command line utility). A very interesting one is the Netscape Address Book. It's avaiable from version 4.x of Netscape but you have to use the 4.5 or above version for a stable interoperation with your LDAP server.

Just follow the sequence :

Open Netscape Navigator -> Go to Communicator Menu -> Address Book

The Netscape Address Book will be launched with some default LDAP directories. You have to add your own LDAP directory too !

Go to File Menu -> New Directory

Fill the boxes with your server information. For example :

- Description : TUDelft

- LDAP Server : dutedin.et.tudelft.nl

- Server Root : o=TUDelft, c=NL

The default LDAP port is 389, don't change it, at least if you changed this option while building your server.

Now, make simple queries to your server, using the box Show Names Containing, or advanced queries, using the Search for button

6.3 Killing the LDAP server

To kill off slapd safely, you should give a command like this

kill -TERM `cat $(ETCDIR)/slapd.pid`

Killing slapd by a more drastic method may cause its LDBM databases to be corrupted, as it may need to flush various buffers before it exits. Note that slapd writes its pid to a file called slapd.pid in the directory you configured in slapd.conf file, for example : /usr/local/var/slapd.pid

You can change the location of this pid file by changing the SLAPD_PIDFILE variable in include/ldapconfig.h.edit

Slapd will also write its arguments to a file called slapd.args in the directory you configured in slapd.conf file, for example /usr/local/var/slapd.args

You can change the location of the args file by changing the SLAPD_ARGSFILE variable in include/ldapconfig.h.edit.

6.4 Logs

Slapd uses the syslog(8) facility to generate logs. The default user of the syslog(8) facility is LOCAL4, but values from LOCAL0, LOCAL1, up to LOCAL7 are allowed.

In order to enable the generation of logs you have to edit your syslog.conf file, usually located at /etc directory.

Create a line like this :

local4.*     /usr/adm/ldalog

This will use the default user LOCAL4 for the syslog facility. If you are not familiar with the sintax of this line, take a look at the man pages of syslog, syslog.conf and syslogd. If you want to change the default user or to specify the level of the logs generated, you have the following options while starting slapd :

-s syslog-level This option tells slapd at what level debugging statements should be logged to the syslog(8) facility. The level describes the severity of the message, and is a keyword from the following ordered list (higher to lower): emerg, alert, crit, err, warning, notice, info, and debug. Ex : slapd -f myslapd.conf -s debug

-l syslog-local-user Selects the local user of the syslog(8) facility. Values can be LOCAL0, LOCAL1, and so on, up to LOCAL7. The default is LOCAL4. However, this option is only permitted on systems that support local users with the syslog(8) facility.

Now take a look at the logs generated, they can help you a lot to solve problems with queries, updates, binding, etc.


Next Previous Contents