- Contents
Using LDAP for CIC Contact Lists Technical Reference
Private contact considerations
When implementing a private contact list, you should be aware of the following.
User ID values
The only information CIC has when distinguishing one user's private
contact data from another user's private contact data is the CIC user's
ID value. If the CIC user's ID does not directly correspond to an LDAP
attribute (such as userid) then a mapping file must be created.
For more information, see Creating
a contact list source USERNAME_MAPPING_FILE= attribute.
The following example scenarios show how the link between an CIC user's ID and its corresponding LDAP attribute can be used:
-
As a user ID substitution variable in the search DN. The search DN would most likely be the DN of the user's actual LDAP user entry. Create private contacts directly beneath this base.
-
As a user ID substitution variable in the search DN. The search DN would most likely be the DN of the user's actual LDAP user entry. Create a folder object beneath this base to contain the contacts.
-
As a user ID substitution variable in the search filter. The contacts would be contained in a folder object with other users' private contacts.
-
As a user ID substitution variable in the search filter. The contacts would be contained in a folder object with other users' private contacts as well as public contacts.
-
As a user ID substitution variable in the search filter. The contacts would be under an organizational unit, like People.
Access control
You will want to make private contacts available only to the contact owner. This means you must prevent outsider users from accessing them. Typically, in an LDAP directory, even anonymous users have read access to many of the contact attributes. Therefore, special access control must be established through the use of Netscape Directory Server's access control instructions (ACIs).
If you are using a folder dedicated to a single user's private contacts, then ACI just needs to be established for the folder. Note that this is CIC's default configuration, and CIC will automatically insert the correct ACI values when it creates the folder objects.
If you are not using a folder, or if you're using a folder that contains private contact entries for multiple users, then you must establish ACI in the contact entry instead of the folder entry. The sample attribute mapping file, i3person_map.txt, has an example of how to set up ACI for the contacts; the sample folder attribute file, i3genfolder_map.txt, has an example of how to set up ACI set up for folders. For more information, see i3person_map.txt example file; inetorgperson_map.txt example file; and i3genfolder_map.txt file.
For more information about ACI's, see any authoritative documentation on LDAP.