Re: [Evolution] LDAP Frustration

Quoting Pete Biggs <pete biggs org uk>:
> I'm trying to set up Evolution (v3.18.5.2, as installed by Ubuntu
> 16.04)  to pull GAL information from our Active Directory, but it is
> unbelievably frustrating.
I presume it's because the OP is trying to get information from Active
Directory and not from an Exchange server - they are different things.
TBH my experience of using AD as if it's a native LDAP server has never
been very fruitful. It always seems as if MS has tweaked it to make it
incompatible with "standard" LDAP.  But it is a few years since I tried

I have done alot with AD via LDAP. Their LDAP is pretty good - but it is a very complete LDAP configuration with detailed access control provisions, including SSF ... very unlike most Open Source LDAP installs which generally play fast-n-loose with security [likely because setting things up well in OpenLDAP is crazy tedious - and the documentation is awful]. One of ADs real advantages is that it says this-is-how-it-works-deal-with-it.

Aside: SSF is Security Strength Factor, so what you can do on a connection depends NOT ONLY on who you are authenticated as but HOW you authenticated and HOW your connection is protected [signed, sealed, TLS, etc...].

If you can't start out using the ldapsearch CLI to see what works and what doesn't you are going to have a hard time. Determining that via any kind of client is going to be a hair pulling experience.

At least make sure you have Kerberos authentication working.

However, at the end of the day LDAP makes a ***TERRIBLE*** address book solution. Terrible, just terrible. I spent countless hours trying to create a happy LDAP solution, documenting differences in schema, clients, etc... It looks great on paper, but nobody followed the rules [*1], so in practice it isn't good for anything other than a basic read-only data source.

[*1] And least of all the Open Source community. LDAP support in most Open Source projects is an i-did-not-bother-to-read-the-docs hacked-in train wreck. In defense, to really do LDAP support well a project needs to implement a myriad of configuration parameters and preferences ... which most people are going to ignore anyway - then proceed to post on the interwebz about how it doesn't work. :(

LDAP is not simple.  It, like XML, is an open ended standard.

If you can use Exchange or a WebDAV (CalDAV/CardDAV) solution you will be much better off with that.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]