Support LDAP usernames
Open implementation of the Lotus Sametime protocol
Brought to you by:
jhkrischel,
taliesein
Menu
▾
▴
#16 Support LDAP usernames
Hi,
Our company uses Lotus Sametime with the IBM LDAP extensions.
This means that the usernames for the sametime service are
actually complete LDAP dn (Distinguished Name) strings.
However, they are easy to look up once you know the ldap server.
Given a userid, this ldap search gives me the correct username to
use for Sametime:
$ ldapsearch -x -h ldap.company.com -b
ou=people,o=company.com '(uid=wmertens)' dn
extended LDIF
LDAPv3
base <ou=people,o=company.com> with scope sub
filter: (uid=wmertens)
requesting: dn
wmertens, active, employees, people, company.com
dn: uid=wmertens, ou=active, ou=employees, ou=people,
o=company.com
search result
search: 2
result: 0 Success
numResponses: 2
numEntries: 1
To map a sametime username to a full name and user id, just
specify the dn as the search base:
$ ldapsearch -x -h ldap.company.com -b "uid=wmertens,
ou=active, ou=employees, ou=people, o=company.com" uid cn
extended LDIF
LDAPv3
base <uid=wmertens, ou=active, ou=employees, ou=people,
o=company.com> with scope sub
filter: (objectclass=*)
requesting: uid cn
wmertens, active, employees, people, company.com
dn: uid=wmertens, ou=active, ou=employees, ou=people,
o=company.com
uid: wmertens
cn: Wout Mertens
search result
search: 2
result: 0 Success
numResponses: 2
numEntries: 1
You can ask other info as well, of course.
Our company even has jpeg pictures available in LDAP in the
"jpegphoto" field. :-)
As you can see, the searches are easy and all that is needed is the
name of the company LDAP server and a starting search base.
I imagine the sametime protocol even has some way to pass those
on, but I wouldn't mind having to set those up myself.
Note that it is important to get the dn exactly as is stated there.
Some of the people have a dn with spaces, and others without,
and Sametime only sees the one where you get the spaces exactly
right.
Thanks for considering this,
Wout.
Discussion
Anonymous
Logged In: YES
user_id=77326
Moving this to an RFE, because that's what it is
LDAP will not be integrated into Meanwhile because it is far
outside of the project scope.
That said, there are a number of ways to get similar results
for something of the things you've requested:
The resolving of short names to long names is available in
CVS right now, through the use of the resolve service. Just
add a buddy with their short ID, and they'll automatically
be either resolved to a full ID, or if there are multiple
results, you'll be prompted to select the correct buddy from
the matches.
Support for the JPEG as a buddy image is another matter.
What you should consider is an openldap-based add-on plugin
for internal use. This is how I've implemented something
similar that IBM does internally, and the end result was a
separate plugin that would attach to signals for a
prpl-meanwhile account (such as buddy sign-on) and would
obtain and associate image data with a buddy as necessary.
You could also provide a Get Info action for buddies under
that account which would look up corporate directory
information, etc.
Logged In: YES
user_id=238228
Great news about the CVS support for resolving!
Uhm, you wouldn't want to opensource the add-on plugin you wrote so I can
adapt it for our use, by any chance?
Thanks,
Wout.
Logged In: YES
user_id=77326
Unfortunately I can't, because it was an internal project,
and it has code committed to it from other IBMers.
The gaim plugin portion is really very short. You just need
to catch the signals "buddy-signed-on" and
"blist-node-extended-menu" and handle them appropriately.
The annoying part was adapting openldap and ghttp (we only
store the url to the image in ldap, the data is retreived
via http) to glib's event loop with timeouts (Gaim is
single-threaded)
Logged In: YES
user_id=77326
closing this with 0.4.0 / 1.2.0 release