I have to admit, I have not done a tremendous amount of LDAP work. I have "dabbled" in it, but have made it work for me, for what I wanted. Therefore, I will share with you, the experiences I have had.

I have used it only on SCO UnixWare7 at this point. It was unsupported in the Solaris release I have, as well as the Linux releases, and NT's as far as servers go. I have implemented client solutions, using web browsers from Netscape and Microsoft.

I began by using the Microsoft Outlook Express client (v4.0 or later) to build my database of names, addresses, phone numbers, and the like. I could have done this by command line, or flat text file, or any other number of methods, but to be honest, I liked the OE client. It worked well for me.

This is how I did it :

• To begin, just enter all the names, and any other information you want to keep. Try to keep it consistent across the board, and dont bother using "grouping" with the names.
• While still in OE client, export the data. Choose "File | Export | Address Book | Text File with Comma Sep".
• I choose to save the resultant file as "add_book.csv" somewhere safe. (I personnaly choose to save it on a shared Unix drive using Samba, and then it is right where I need it - on Unix) It is important to mention that if you use the scripts below, the file that is exported must be called "add_book.csv".
• I will leave the discussion of actually setting up the LDAP server daemon on UnixWare7 to a different page altogether.
• Once the "add_book.csv" file exists on the Unix machine, lets say in /etc/ldap/adm/test (assuming we call this occurence of LDAP "test"), we can work on it. It is not mandatory to have it in this directory, but since that is where all the LDAP files are stored on this platform, it just seems sensible.
• I have written a few scripts to help out with this process. The first is called ldap_buildit.sh and the other is ldap_convert.sh. I highly recommend keeping these in an "admin" type of bin directory, for which I use /var/adm/bin. These should be root owned, and safely permissioned, I choose perms of 500.
  • The "ldap_buildit.sh" script is used to call the other scripts and builtin utilities, to build, sort and index. In fact it actually calls the second script "ldap_convert.sh" automatically.
  • The "ldap_convert.sh" script is used to strip the default "header" line from the "add_book.csv" file, and setup some of the fields in the LDAP structure. It will place the class and other fields in their appropriate positions, and create a "ldif" format file, for import into the LDAP directory.
• After executing the "ldap_buildit.sh" script, the ldif format file is imported into the ldbm directory. Then it is indexed, and finally "catted" out to the screen to show a successful load.
• You can then query it first from the Unix side (to eliminate the network or its configuration as a possible problem), by typing :

  	  ldapsearch -h 127.0.0.1 'cn=*your name*'
  	

• That should bring about at least one response, provided you typed "your name" as a field in Outlook Express before the export.

If you have problems at this point, stay on the local machine, and dont involve the network or remote client tools yet, just stay on the Unix box. I recommend setting the logging to its max value, on the server daemon, and stop/start the daemon. Then you can read the syslog file for any errors. This is actually a neccessity to get this stuff up and running for a first time user. I had to do it often.

Just remember that once you get it all worked out, you should turn back off the logging, and stop/start the daemon again.

If all that works ok, you can begin to setup the web clients and mail reader clients. For web access, some browsers will let you type in the address bar as follows :

  ldap://ldap_server   --> (where "ldap_server" is the host name of the ldap server)

Remember, that if you have problems, you can always change the logging value again, and use the syslog to help out. It is a tremendous help in these types of situations.

For the true LDAP manual, look at the University of Michigan's LDAP Manual. This is how I got started, but be warned, printing it out, takes a ton of paper. It is about 90 pages or more.

For other good ldap pointers, look at this site on the web : http://tecfa.unige.ch/guides/ldap/pointers.html