Mayflower LDAP at Barcamp

At the Barcamp 2009 Alex, Michele, Michel, Markus, Sven and I continued a project that had already begun at the Barcamp 2008 – Creating an LDAP structure for internal Mayflower use and implementing a basic tool set for the administration.

A new LDAP scheme was created, a maintenance tool based on Zend Framework and Dojo was created and the tool was embedded as addon in the current PHProjekt 5

A first step was to analyze requirements – what data sources and sinks should be connected through the LDAP server.

  • PHProjekt – we want to be able to have parts of the database available elsewhere
  • Telephones – our innovaphone devices support looking up numbers from LDAP
  • Mailclients – we want to be able to have the addresses of colleagues and customers
  • CRM – Marketing personnel has even more contacts that need to be called or emailed
  • Computer Accounts – We’d like to have login data centralized
  • … and a couple more

Since this is a lot to do, we decided to start with a quick win – the address data for email and telephone. The goal is to have all employees in the system and let everyone not only look up contacts but also have a favorite list to let them choose a subset of all available data.

Then, a schema was created especially suited to our needs, put toghther from a list of standard and custom schemes:

  • top
  • person
  • organizationPerson
  • inetOrgPerson
  • mozillaAbPersonAlpha
  • MayflowerPerson
  • MayflowerPersonal
  • shadowAccount
  • posixAccount

The maintenance tool will eventually allow the user to add, modify and remove contact entries on an LDAP server running with our schema. It’s currently work in progress, but it already allows viewing of contact lists, contact details and offers a form for modification.

Technically, it utilizes Zend Framework 1.8 (which was brand-new at the time of the barcamp) as well as Dojo. It implements an MVC pattern and utilizes AJAX to fill Dojo components like the grid. Since the Zend Framework does not have sophisticated LDAP classes yet, we had to implement custom classes to get our tool to authenticate against, read from and write to the LDAP server.

A simple PHProjekt addon allows the tool to be embedded in the current PHProjekt 5.

At the end of the Barcamp we could demonstrate access to our data set via some mail clients (Evolution and Thunderbird), although it should work with most LDAP-capable programs. Back in the office we were able to verify that also the telephone devices are already working with our setup. A small setback was the fact that the LDAP implementation in Thunderbird has some problems with LDAP aliases.

The structure of the problem allowed us to work in parallel, and we were quite proud to have managed to proceed the project so far that it is already in an early usable state. We are looking forward to having an official company LDAP server that can help everyone with their daily work.

Für neue Blogupdates anmelden:


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.