11. Ldap schema's

Warning: this section is terribly incomplete and outdated. I should be updating it, adding the various rfc's or other authoritive sources of schematic data.

This is a proposition of a schema that can be used to accommodate all the data needed for the previously listed functions. It should under no circumstances be regarded as authoritative. It is an example that should serve it's purpose, but it is likely you have to adapt it to match your specific needs.

Because it has been a lot of work (for me, maybe it's out there but I don't know where?) to find out the specific meaning of each entry, and what information it should contain, I'll try to do this as well. It should be noted, however, that it doesn't fit together seamlessly. The Microsoft Addressbook does not seem to use some of the fields it is presenting. I suspect that for the "Title", "Nickname", "Home City", "Home State/Province", "Home ZIP Code", "Home Country/Region" and "Home Web Page" entries no information is requested. For the "Personal", "Netmeeting" and "Digital IDs" I didn't yet bother to figure out how it should be put in the Ldap database. Any information is welcome. The netscape address book has a similar problem. When a record is copied from an LDap directory to a local address book, some of the fields are lost. As the nature of an company-wide addressbook should discourage users to copy addresses locally, this is not a big problem though. But netscape address book has another little oddity though. In a normal address record, the Ldap attribute associated with "Nickname" is xmozillanickname. When searching for addresses however, the associated attribute is simple nickname. That is the reason why the nickname entry shows up twice in the schema.

This schema is known to work with Microsoft Outlook 2000, and Netscape 4.73. If you find I'm wrong about a description, function, or neccessity of an entry, please do let me know!

The schema file that represent this schema can be found in Section 12.1.

Table 1. Ldap attributes and objectclasses - quick description

FunctionObjectclassAttributesDescription(Default) value
User accountstop default 
ouOrganizational UnitUsers
person Owner is a person 
uidunix login namefoo
cnCommon NameFoo Bar
account Owner has an account 
posixaccount Owner has a Unix account 
homedirectoryHome directory/home/users/foo
userpasswordunix passwordS3cr3t
sambaaccount Owner has a samba account 
lmpasswordLanman password hashUnused
ntpasswdNT password hashUnused
loginshellUsers shell/bin/pleurop
Machine accountstop default 
ouOrganizational UnitMachines
posixaccount Owner has a unix account 
uidlogin namespeed$
uidnumberunix uid514
homedirectoryHome directoryUnused
Microsoft Address Booktop default 
ouOrganizational UnitAddressbook
microsoftaddressbook Owner has Microsofts Addressbook properties 
cBusiness country 
departmentBusiness department 
facsimiletelephonenumberBusiness fax number 
givennameFirst name 
homephoneHome phone number 
homepostaladdressHome postal address 
lBusiness city 
mailEmail address 
mobileHome cellphone number 
organizationnameCompany name 
otherfacsimiletelephonenumberHome fax number 
otherpagerBusiness pager numbercan be "pager" too?
physicaldeliveryofficenameLocation of office at work 
postaladdressBusiness postal address 
postalcodeBusiness postal code 
snLast Name 
stBusiness state/province 
telephonenumberBusiness phone number 
titleJob title 
urlBusiness web page 
Netscape Address Booktop default 
ouOrganizational UnitAddressbook
netscapeaddressbook Owner has Netscape's properties 
cellphoneCellphone number 
facsimiletelephonenumberFax number 
givennameFirst Name 
homephoneHome phone number 
homeurlPersonal web page 
localityHome city 
mailEmail address 
pagerphonePager number 
postalcodeHome postal code 
snLast name 
streetaddressHome postal address 
telephonenumberBusiness phone number 
xmozillaanyphoneBusiness phone number 
xmozillanicknameNicknameSame as nickname
xmozillausehtmlmailClient uses html mailTRUE
Netscape roaming accesstop default 
ouOrganizational UnitRoaming

Note: Netscape and Microsoft use the addressbook entries in a slightly different way. Netscape stores a postal address in the streetaddress entry in a base64 encoded string, while Microsoft uses the postaladdress entry. However, when a streetaddress entry is present, Microsoft uses this instead of the postaladdress entry, but it's value is stored plaintext, not base64 encoded. So you cannot use them at the same time.

More information about Ldap schema's in general can be found on Linux Center. I found a document describing Microsoft Addressbook's properties on the Microsoft Developers Network.

Beware, the description given on the Microsoft page doesn't match the fields where the content shows up in address book. Also, not all fields in address book contain information, but if the listed keys don't work I wouldn't know which keys do work.