One of the great things about starting a new job at an open source company is having the freedom to use the tools that suit your workflow, rather than having to suffer the indignity of whatever the IT department consider to be the lowest comon denominator. Suffice to say, I have had a lot of fun this week setting up my working environment—and the ocassional hiccough as I was forced to learn something new…

One of those “learning opportunities” consisted of trying to get my mail client, Mutt to talk to the LDAP directory over SSL so that I could query the shared address book. There are a number of helpful blog posts that describe using lbdb with mutt¹. Unfortunately, after a lot of searching, I was unable to find any documentation on achieving this integration over a secure connection. I kept seeing this error:

1
2

Error: Search failed. LDAP server returned an error : 13, description: TLS
confidentiality required at /usr/lib/mutt_ldap_query line 198, <DATA> line 558.

Several hours later, and with some help from @ibeardslee, I managed to set it up, and it was definitely worth the effort.

You will need to install lbdb from the AUR:

1

cowerd lbdb     # 2

…and a couple of packages from the repos to make it all work:

1

pacman -S perl-ldap perl-io-socket-ssl netkit-bsd-finger

Then it is a matter of configuring lbdb to both query the LDAP directory and be able to be called from mutt. First, copy the config files into your $HOME:

1
2
3

mkdir .lbdb
cp /etc/lbdb.rc .lbdb/lbdbrc
cp /etc/lbdb_ldap.rc .lbdb/ldap.rc

And then modify the two configuration files to suit your setup: The first, $HOME/.lbdb/lbdbrc, is well commented and self-explanatory; add ldap to the methods and the nickname of your server:

1
2

METHODS="m_abook m_ldap"
LDAP_NICKS="catalyst"

The second config file, $HOME/.lbdb/ldap.rc is written in Perl and is a bit of a shocker:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

%ldap_server_db = (
    'catalyst' => ['ldaps://ldap.catalyst.net.nz:636',
                    'ou=Staff,ou=People,dc=catalyst,dc=net,dc=nz',
                    'givenname sn cn mail', 'givenname sn cn mail',
                    '${mail}', '${givenname} ${sn}']
);

# hostname of your ldap server
$ldap_server = 'ldaps://ldap.catalyst.net.nz:636';
$search_base = 'ou=Staff,ou=People,dc=catalyst,dc=net,dc=nz';
$ldap_search_fields    = 'givenname sn cn mail';
$ldap_expected_answers = 'givenname sn cn mail';
$ldap_result_email     = '${mail}';
$ldap_result_realname  = '${givenname} ${sn}';
$ignorant = 0;
$ldap_bind_dn = '';
$ldap_bind_password = '';
1;

The key is to ensure that you use both the ldaps prefix and explicitely specify the SSL port, 636. Without both of these, you will get the TLS confidentiality error.

You can then test that it is working correctly by running a query:

1

lbdbq jemima

All going well, if there is indeed a Jemima in the shared address book, you will see her contact details miraculously appear before you. If there is more than one, you will have a list to choose from.

Finally, you just need to set up mutt to query lbdb. In your muttrc, add the following:

1

set query_command = "lbdbq %s 2>/dev/null"

I found that suppressing the errors made the whole experience a little smoother. You may not require it… Now, hitting Shiftq in mutt brings up a prompt to query the LDAP directory (and my abook address book that I share via dropbox). You can also access the directory by starting to type an email address and then hitting Ctrlt to see a list of possible completions.

Notes

1. Christian Schenk’s post got me started.
2. A wrapper script for cower

Creative Commons image by bertop on Flickr