This document describes how to configure the LDAP Address Book program for use with different LDAP directories supporting various schemas. It is aimed at Directory Administrators who are assumed to have extensive knowledge of LDAP and XML.
The program uses an XML file config.xml to hold its configuration data. This is stored in a directory called .LdapAddressBook created in the user's 'home' directory (e.g. in Windows this is normally "C:\Documents and Settings\user\.LdapAddressBook"). The file is created the first time the program is run, and updated whenever the program exits. This file can be edited manually (while the program is not running) to adapt the program as required.
The Java archive contains an XML file default.xml which contains initial default values for the configuration. This file can be replaced with a version tailored for the requirements of your organisation, and the modified Java archive distributed to all your users pre-configured for their use. If you follow this approach it is recommended that the help file (help.html) is also replaced by a tailored version reflecting the changes to the configuration. You can use the Java Archive Tool to extract and replace these files in the archive.
Each tab on the entry editing panel is defined by a <tab> element in the configuration file. Each <tab> element has a title attribute defining the title to be displayed at its head, and contains <field> elements defining the fields displayed on the tab, in order from top to bottom.
Each <field> element has an id attribute, which uniquely identifies the field; this is used to refer to the field in other parts of the configuration file. Each <field> element must contain the following elements:
|
<label> |
The label to be displayed next to the field on the tab. |
|
<ldapattribute> |
The name of the LDAP directory attribute this field is stored in. |
|
<required> |
A flag (0 or 1) indicating if a value must be entered in this field. |
Each <field> element may also contain some or all of the following elements:
|
<numlines> |
The height of the box for a multi-line field. If omitted the field is displayed in a single line text box. |
|
<defaultvalue> |
The default value for the field. This can contain references to other fields enclosed in % characters, in which case the field value is updated dynamically as the referenced fields are modified. For example in the default configuration the <defaultvalue> for the DisplayName field is "%LastName%, %FirstName%", so if "John" & "Smith" are entered for FirstName and LastName then "Smith, John" is displayed in the DisplayName field. Multi-line fields cannot have default values |
|
<validation> |
A regular expression which the entire contents of the field must match in order to be valid. If omitted no validation is performed on the field. Multi-line fields cannot have validation expressions. |
|
<validationprompt> |
A phrase to be used in an error prompt displayed when the user has entered invalid text in the field, describing the required form for input. For example in the default configuration the <validationprompt> for the Home Number field is "a telephone number in national or international format", which results in the following message being displayed for invalid input: "Please enter a telephone number in national or international format in the Home Number field". |
|
<imagefield> |
A flag (0 or 1) indicating if this is an image field, used to display and select JPEG images. |
|
<imagewidth> |
The width of an image field (in pixels). |
|
<imageheight> |
The height of an image field (in pixels). |
The
The <dnfield> elements identify the components which appear in the distinguished name of each directory entry, excluding those in the directory base DN. This allows entries to be created in different branches of the directory according to values entered by the user. The components are listed in order with the terminal component first. Each <dnfield> element must contain the following elements:
|
<field> |
This is the id of the field which provides the value for this component of the distinguished name and defines the corresponding LDAP attribute. |
|
<objectclass> |
For the terminal component these define the values required for the objectclass attributes when creating new entries in the directory. For other (intermediate) components they define the values required for the objectclass attributes when creating an intermediate entry at the corresponding level in the directory structure. These intermediate entries are created automatically as required, i.e. when creating an entry in a branch of the directory that doesn't yet exist. |
These elements define the connection to the directory server. The values can all be edited using a dialogue in the program.
|
<ldapserver> |
The host name of the LDAP directory server. |
|
<ldapport> |
The port number for the LDAP directory server. |
|
<ldapsecurityprotocol> |
Has value "ssl" if a secure connection is required. |
|
<ldapsecurityauthentication> |
The type of authentication required by the server. Typical values are "simple" for authentication with a standard user name and password or "none" if no authentication is required. |
|
<ldapsecurityprincipal> |
The bind name (user name) for connecting to the server. |
|
<ldapsecuritycredentials> |
The password for connecting to the server. This is encrypted using the password set by the user on the first run (if any), or otherwise using a default hard coded password. |
|
<ldapbasedn> |
The distinguished name for the base of the directory structure where entries will be searched for and inserted. |
|
<ldapfilter> |
A valid LDAP query which will be used to search the directory. The placeholder %s will be replaced with the text typed by the user into the search box. |
|
<ldapkeepaliveinterval> |
If this element is present then the program will send regular dummy queries to the server to keep the connection open. This can speed up searches as otherwise there may be delays as the connection is re-negotiated after a period of idleness. It can be disabled if the overhead on the network or server is unacceptable. The value is the interval in minutes between queries. |
Each provider is defined by a <provider> element, which has a name attribute uniquely identifying it. A <provider> element contains the following elements:
|
<posturl> |
The URL for the POST request used to set up the call. |
|
<okresponse> |
A regular expression matching the response received from the server if the request was successful. |
|
<postusernameparameter> |
The name of the parameter to the POST request which is used to specify the username (if required). |
|
<postpasswordparameter> |
The name of the parameter to the POST request which is used to specify the password (if required). |
|
<postextensionnumberparameter> |
The name of the parameter to the POST request which is used to specify the extension making the call. |
|
<postnumbertocallparameter> |
The name of the parameter to the POST request which is used to specify the telephone number to be called.. |
|
<sanitise> |
If "1" then all non-digit characters are stripped from the telephone number before it is included in the parameter string. |
Each extension is defined by an <extension> element, which is nested inside the related <provider> element and has a name attribute uniquely identifying it. An <extension> element contains the following elements:
|
<extensionnumber> |
The extension number or identifier. |
|
<username> |
The value for the username parameter, if required. |
|
<password> |
The value for the password parameter, if required. |
|
<usepassword> |
This determines whether the user is allowed/forced to set a password for access to the program. If the value is "none" the user is not prompted to set the password, and a default hard coded password is used to encrypt the LDAP password. Otherwise the user is prompted to set a password. If the value is "optional" the user can leave the password blank or cancel the dialogue, and the default password is used for encryption. If the value is "required" the user must set a password; the program exits if the dialogue is cancelled. |
|
<addressbookpassword> |
The MD5 hash of the program access password (if set by the user); used to validate the password entered by the user on subsequent program invocations. |
|
<allowmodifications> |
If the value is 0 then the user can only view entries in the directory. If the value is 1 the user can also update, create and delete entries. Since this setting can be easily overridden by a savvy user it is recommended that it is backed up by appropriate access controls in the directory to prevent unauthorised updates. |
The program will use a local copy of the Java trust store (cacerts) file (if available) to validate the certificates used for SSL connections. This file must be located in the same directory as the configuration file (note NOT the ssl subdirectory). A copy of the cacerts file containing the certificates required for the LDAP and/or telephony servers can be included in the JAR file, and will be automatically deployed to a user's directory the first time they run the program.
The Java Archive Tool included in the Java Development Kit (JDK) can be used to store the cacerts file in the JAR file. The cacerts file should be in a subdirectory named ssl, and the the following command used (example for Windows):
"C:\Program Files\Java\jdk<version>\bin\jar" ufv LdapAddressBook.jar ssl/cacerts
where <version> is the JDK version.