[jitsi-dev] LDAP filter


#1

Hiya,

recently on the "users" ML, I enquired about the possibility to
choose which LDAP attribute to use for the "display name" of the
contact.

Another useful one would be to be able to specify a LDAP filter
to select which entries to return.

···

--
Stephane


#2

Hi Stephane,

Le 01/11/11 12:06, Stephane Chazelas a �crit :

Hiya,

recently on the "users" ML, I enquired about the possibility to
choose which LDAP attribute to use for the "display name" of the
contact.

Another useful one would be to be able to specify a LDAP filter
to select which entries to return.

In LDAP contact source we use a specific filter to get attributes that will be reused to display name, phone, mail, ... If you change the filter and omit to retrieve some attributes, some info will never be displayed (mail, ...) and I think it is not desired. Or at least you may redefine all "display information <-> LDAP attributes" relation which will be painful.

I think it is possible to add extra attributes retrieval in addition to standard ones and link it to an _existing_ display information.

Regards,

···

--
Seb


#3

2011-11-02 09:48:49 +0100, Sebastien Vincent:

Hi Stephane,

Le 01/11/11 12:06, Stephane Chazelas a �crit :
>Hiya,
>
>recently on the "users" ML, I enquired about the possibility to
>choose which LDAP attribute to use for the "display name" of the
>contact.
>
>Another useful one would be to be able to specify a LDAP filter
>to select which entries to return.
>

In LDAP contact source we use a specific filter to get attributes
that will be reused to display name, phone, mail, ... If you change
the filter and omit to retrieve some attributes, some info will
never be displayed (mail, ...) and I think it is not desired. Or at
least you may redefine all "display information <-> LDAP attributes"
relation which will be painful.

I think it is possible to add extra attributes retrieval in addition
to standard ones and link it to an _existing_ display information.

[...]

Hi Seb, thanks for getting back to me on that.

(note that "filter" and "retrieved attributes" are two different
and independant things).

The way I see it ideally:

- 2 new configuration parameter: "LDAP display attribute(s)"
  (whose value could be like "cn displayName") and "LDAP filter"
  (whose value could be like
  "(&(objectClass=myContactClass)(mail=*))"

- Then jitsi would merge that filter with its own filter:
  (&(user-filter)(jitsi-filter)) and merge the list of requested
  attributes and perform the query.

- When it comes to defining the "display name" for a contact,
  first look for the user provided attributes in turn, and if
  none is present, implement the usual logic.

···

--
Stephane


#4

2011-11-03, 10:41(+01), Sebastien Vincent:
[...]

- 2 new configuration parameter: "LDAP display attribute(s)"
   (whose value could be like "cn displayName") and "LDAP filter"
   (whose value could be like
   "(&(objectClass=myContactClass)(mail=*))"

- Then jitsi would merge that filter with its own filter:
   (&(user-filter)(jitsi-filter)) and merge the list of requested
   attributes and perform the query.

- When it comes to defining the "display name" for a contact,
   first look for the user provided attributes in turn, and if
   none is present, implement the usual logic.

For the "LDAP display attribute(s)" configuration value, you mean each
"system" attribute named "cn" should be replaced by user-provided
"displayName". Otherwise how can we match the user-provided attribute
with the original atttribute for the display ?

[...]

I'm not too sure what you mean, but I suspect that's because I
didn't express myself correctly in the first place. What I meant
is: when I enter a name in jitsi (let's say "Stephane"), jitsi
does a query to the LDAP server looking for "Stephane" in a
number of LDAP attributes (I don't know which ones, and that was
not the subject of my query, though I agree it's linked).

Then, for each returned entry it displays a little box with the
name of the contact (and when you hover over it, it tells you
about phone numbers and email addresses). Now, my problem is
what is used to display that contact. Jitsi uses the
"displayName" LDAP attribute when available which is going to be
fine with most users but not for some.

In my case, it will display "S. Chazelas". What I would like to
be able to do is tell it to display "Stephane Chazelas" which is
to be found in the "cn" attribute of my entry in the LDAP
directory.

Also, it will return entries that I don't want because they are
not real users, so giving me the ability to filter out those
would be useful.

The SNOM 300 phone configuration is good in that regard, they
have:

        LDAP name filter: (&(objectClass=myContact)(|(sn=%)(givenName=%)(mail=%)))
        LDAP number filter: (|(telephoneNumber=%))
        Server Address: 10.10.10.10
        Port: 389
        Base: dc=example,dc=com
        Username:
        Password:
        Max. Hits: 50
        LDAP name attributes: givenName displayName cn
        LDAP number attributes: mobile telephoneNumber
        LDAP name attributes: givenName displayName cn
        LDAP number attributes: mobile telephoneNumber
        LDAP display name: %givenName %sn

With those settings, if I enter "Stephane", it will look for
(&(objectClass=myContact)(|(sn=Stephane*)(givenName=Stephane*)(mail=Stephane*)))
and display the entry as "Stephane Chazelas"

It's not critical, rather minor, I might give it a go and send a patch, but
probably not in the next two weeks at least. Are you OK with me
creating a feature request on jira?

···

--
Stephane


#5

Hi Stephane,

Le 02/11/11 12:17, Stephane Chazelas a �crit :

[...]

Hi Seb, thanks for getting back to me on that.

(note that "filter" and "retrieved attributes" are two different
and independant things).

The way I see it ideally:

- 2 new configuration parameter: "LDAP display attribute(s)"
   (whose value could be like "cn displayName") and "LDAP filter"
   (whose value could be like
   "(&(objectClass=myContactClass)(mail=*))"

- Then jitsi would merge that filter with its own filter:
   (&(user-filter)(jitsi-filter)) and merge the list of requested
   attributes and perform the query.

- When it comes to defining the "display name" for a contact,
   first look for the user provided attributes in turn, and if
   none is present, implement the usual logic.

For the "LDAP display attribute(s)" configuration value, you mean each "system" attribute named "cn" should be replaced by user-provided "displayName". Otherwise how can we match the user-provided attribute with the original atttribute for the display ?

I personally think more about something like : "system parameter to replace" - "list of possible user-provided parameters" - "filter with attributes to compare and retrieved attributes". All of this line will be placed in a UI list. WDYT ? I think it will be more clearer for user.

Anyway we have a lot of high priority tasks on our TODO list so I don't expect this feature will be implemented soon but we will be glad to review any patchs.

Regards,

···

--
Seb


#6

Hi Stephane,

Le 03/11/11 11:55, Stephane Chazelas a �crit :

2011-11-03, 10:41(+01), Sebastien Vincent:
[...]

- 2 new configuration parameter: "LDAP display attribute(s)"
    (whose value could be like "cn displayName") and "LDAP filter"
    (whose value could be like
    "(&(objectClass=myContactClass)(mail=*))"

- Then jitsi would merge that filter with its own filter:
    (&(user-filter)(jitsi-filter)) and merge the list of requested
    attributes and perform the query.

- When it comes to defining the "display name" for a contact,
    first look for the user provided attributes in turn, and if
    none is present, implement the usual logic.

For the "LDAP display attribute(s)" configuration value, you mean each
"system" attribute named "cn" should be replaced by user-provided
"displayName". Otherwise how can we match the user-provided attribute
with the original atttribute for the display ?

[...]

I'm not too sure what you mean, but I suspect that's because I
didn't express myself correctly in the first place. What I meant
is: when I enter a name in jitsi (let's say "Stephane"), jitsi
does a query to the LDAP server looking for "Stephane" in a
number of LDAP attributes (I don't know which ones, and that was
not the subject of my query, though I agree it's linked).

Then, for each returned entry it displays a little box with the
name of the contact (and when you hover over it, it tells you
about phone numbers and email addresses). Now, my problem is
what is used to display that contact. Jitsi uses the
"displayName" LDAP attribute when available which is going to be
fine with most users but not for some.

In my case, it will display "S. Chazelas". What I would like to
be able to do is tell it to display "Stephane Chazelas" which is
to be found in the "cn" attribute of my entry in the LDAP
directory.

Also, it will return entries that I don't want because they are
not real users, so giving me the ability to filter out those
would be useful.

The SNOM 300 phone configuration is good in that regard, they
have:

         LDAP name filter: (&(objectClass=myContact)(|(sn=%)(givenName=%)(mail=%)))
         LDAP number filter: (|(telephoneNumber=%))
         Server Address: 10.10.10.10
         Port: 389
         Base: dc=example,dc=com
         Username:
         Password:
         Max. Hits: 50
         LDAP name attributes: givenName displayName cn
         LDAP number attributes: mobile telephoneNumber
         LDAP name attributes: givenName displayName cn
         LDAP number attributes: mobile telephoneNumber
         LDAP display name: %givenName %sn

With those settings, if I enter "Stephane", it will look for
(&(objectClass=myContact)(|(sn=Stephane*)(givenName=Stephane*)(mail=Stephane*)))
and display the entry as "Stephane Chazelas"

OK it is much clearer.

It's not critical, rather minor, I might give it a go and send a patch, but
probably not in the next two weeks at least. Are you OK with me
creating a feature request on jira?

Yes, you can open a feature request.

Regards,

···

--
Seb