Funambol and LDAP
December 11, 2011 in contact-engine
This is a howto to install and configure a funambol server with LDAP support
References:
- - Funambol Mobile Open Source – ebook
- - Funambol with Mysql: how to install
- - Funambol LDAP connector official page
What’s the Funambol LDAP Connector
It’s a funambol module capable to connect Funambol to one or more LDAP databases.
Behind the scene
The documentation of the LDAP Connector is not well organized and, above all, lacks to describe how the connector is meant to be used and what are the principles behind it. As a newbie it took me a lot of time to understand how it works.
As far as I can understand the LDAP connector plugin works in this 2 ways:
simple way: uses SyncSource Module
- - The Ldap SynSource connector can be configured to point to one or more already existent LDAP branches containing contacts (typically inetOrgPerson Class)
- - Every ldap branch becomes an addressbook source and it’s labeled with a unique name (label)
- - The label will be used by the Funambol clients to specify which is the addressbook they want to connect to
complex way: uses Lupo Module
- - The so called LUPO module performs users authentication against one LDAP server. So an user already present in the LDAP branch can authenticate using one of his LDAP attributes (you can specify it in the config file) and the userPassword attribute
- - if the user is authenticated then his data are copied and stored into the Funambol users table (I don’t know yet if the are kept in sync over the time)
- - once the user logs in, Funambol gets the path of his own calendar and addressbook from some LDAP fields (psRoot for the addressbook, calCapUri for the calendar)
- - For each user Funambol handles the specified addressbook and calendar as a resource
The Funambol server can be configured to use one of the two or even both.
Building the Funambol LDAP connector
The ldap connector for funambol doesn’t come already built so I did it by myself and I make it available here so that you can jump to the Funambol configuration part.
Download and build the Ldap connector
If you prefer to build the connector by yourself, then the maven compiler is required => on Debian Squezee 64 we can install maven (version 2.2.1) in this way:
apt-get install maven2 javacc
root@funambol:/opt/Funambol# mvn -version Apache Maven 2.2.1 (rdebian-4) Java version: 1.6.0_18 Java home: /usr/lib/jvm/java-6-openjdk/jre Default locale: en_US, platform encoding: UTF-8 OS name: "linux" version: "2.6.32-5-amd64" arch: "amd64" Family: "unix"
NOTE:
It looks like that mvn version 2.0.8 can’t build the current Ldap connector
apt-get instal subversion
cd /opt/Funambol/Download svn checkout https://ldap-connector.forge.funambol.org/svn/ldap-connector/trunk ldap-connector --username guest
(the password is guest too)
Edit the pom.xml file to remove SNAP from the version tag
vim /opt/Funambol/Downloads/ldap-connector/pom.xml <version>7.1.0</version>
Building the module:
cd ldap-connector mvn -Dmaven.test.skip=true install
The installation process will download several files and will produce a huge output. If everything goes well, this should be the final output:
[INFO] ————————————————————————
[INFO] BUILD SUCCESSFUL
[INFO] ————————————————————————
[INFO] Total time: 25 seconds
[INFO] Finished at: Sun Dec 11 20:42:30 CET 2011
[INFO] Final Memory: 41M/99M
[INFO] ————————————————————————
Finally in /opt/Funambol/Downloads/ldap-connector/target there is a “ldap-connector-7.1.0.s4j” file.
Funambol configuration
/etc/init.d/funambol start chown funambol:funambol -fR /opt/Funambol
The s4j file must be copied in the module folder and then Funambol must be configured to install the module.
cp /opt/Funambol/Downloads/ldap-connector/target/ldap-connector-7.1.0.s4j /opt/Funambol/ds-server/modules
Edit /opt/Funambol/ds-server/install.properties and add ,ldap-connector-7.1.0 at the line
modules-to-install=content-provider-10.0.0,email-connector-10.0.0,foundation-10.0.0,phones-support-10.0.0,webdemo-10.0.0
Now it’s the time to install the connector in Funambol with the command
/opt/Funambol/bin/install-modules
NOTE: during the process, for each module described in the modules-to-install line, you will be asked to recreate the database. If there are already data in the funambol server be careful. If it’s the first installation or not a production server then the answer should be y all the times.
Example:
[echo] Database installation for module content-provider-10.0.0 on hypersonic (/opt/Funambol/ds-server) [iterate] The Funambol Data Synchronization Server installation program can now create [iterate] the database required by the module content-provider-10.0.0 (if any is needed). [iterate] You can skip this step if you have already a valid database created [iterate] or the module does not require a database. [iterate] If you choose 'y' your existing data will be deleted. [iterate] Do you want to recreate the database? [iterate] (y,n) n
When the process asks to recreate the database for the ldap-connector then answer “y”
[iterate] The Funambol Data Synchronization Server installation program can now create [iterate] the database required by the module ldap-connector-7.1.0 (if any is needed). ...
/etc/init.d/funambol start
Configuring the “Simple way”
Now that the Ldap module is installed in Funambol, the Administration Tool interface should show a panel to configure the ldap settings for each LDAP branch that we want to use an addressbook resource.
/opt/Funambol/admin/bin/funamboladmin
NOTE: be sure to click on the red marked icons!! That wasn’t so obvious for me the first time.
Add the configuration for the LDAP server in the right panel and save it:
Note:
- Be sure to put fnblds in the “Funambol DBMS Name:” field
- The Source URI field is the label of the resource and it will be used by the Funambol clients to specify to which resource they want to connect to. In this example is “test”.
The configuration saved goes into the file /opt/Funambol/config/ldap/ldap/ldap-71/ldap-test.xml
Synchronizing a Funambol client with the LDAP resource
In the Funambol Windows Client: Tools -> Options -> Contacts Details change Remote Name with the name of the label set in the LDAP settings. Then start the synchronization 
I don’t know yet how to change the sync-way between the server and the client but if you are concerned by the fact that the client can delete and update the server resources then I suggest to user a LDAP read-only user.
Configuring the “Complex way”
Not yet