<HTML
><HEAD
><TITLE
>NetMeeting directory kit</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
"><LINK
REL="HOME"
TITLE="Linux NETMEETING HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="OpenH323"
HREF="openh323.html"><LINK
REL="NEXT"
TITLE="Using the Software"
HREF="using.html"></HEAD
><BODY
CLASS="SECTION"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux NETMEETING HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="openh323.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="using.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECTION"
><H1
CLASS="SECTION"
><A
NAME="NETMEETSERVER"
>3. NetMeeting directory kit</A
></H1
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="WHATISNETMEET"
>3.1. What is it?</A
></H2
><P
> Each NetMeeting client can register with an LDAP server and
has a directory window that lists other
NetMeeting clients registered with the same server.
The NetMeeting directory kit is an extension to the OpenLDAP server
that provides directory service to NetMeeting clients.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="WHYNEEDNETMEET"
>3.2. Why is it needed?</A
></H2
><P
> While NetMeeting can connect directly to another H.323 device by
specifying an IP address or DNS name, normally you'll want to use
an LDAP directory server. Using an LDAP server lets users see
a directory listing of available destinations, and is required
if you need to resolve aliases, for example if you want to serve
multiple H.323 destinations from a single IP address. A directory
server isn't required to connect directly from Linux
to a NetMeeting client; use OpenH323 for this.
</P
><P
> The NetMeeting client violates the LDAP protocol in several ways,
so you'll have problems if you try using a standard LDAP server.
The NetMeeting directory kit corrects for these problems and allows
an OpenLDAP server to be used for NetMeeting directory service.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="HOWITWORKS"
>3.3. How it works</A
></H2
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> Block diagram of NetMeeting directory kit
___________________ _______ __________________ ______________
| LDAP server | request | | | LDAP server | request| |
| | <-------| Perl |<--| | <------| NetMeeting |
| on private port | |script| | on public port | | client |
| (i.e, 2345) |-------> | |-->| 389 |------->| |
| | reply -------- | | reply --------------
| | | |
------------------- ------------------</PRE
></FONT
></TD
></TR
></TABLE
><P
> The directory server consists of a 'master' LDAP server to
receive requests, a Perl script to correctly interpret
the Microsoft NetMeeting requests and, after interrogation
of a 'hidden' LDAP server, formats the results in a way that the
NetMeeting client can understand.
OpenLDAP's 'shell backend' is used to call the Perl script.
A custom schema is also required.
The script presently handles all of the above problems, with the
exception of timing out entries, which it doesn't do.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="WHERETOGETSOFTWARE"
>3.4. Where to get the software</A
></H2
><P
> First of all you need to get the OpenLDAP software.
</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Pre-built OpenLDAP software (i.e, RPMs) won't work unless
configured with support for the shell backend.
</P
></TD
></TR
></TABLE
></DIV
><P
> You can download OpenLDAP from the main site located at
<A
HREF="ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/"
TARGET="_top"
>ftp://ftp.OpenLDAP.org/pub/OpenLDAP/openldap-release/</A
>
or any mirror.
I've successfully used OpenLDAP 2.0.7.
</P
><P
> The NetMeeting directory kit is available from
<A
HREF="http://www.freesoft.org/software/NetMeeting/download"
TARGET="_top"
>http://www.freesoft.org/software/NetMeeting/download</A
>.
</P
><P
> You need Perl 5, available from
<A
HREF="http://www.perl.org/"
TARGET="_top"
>http://www.perl.org</A
>,
but already included in all common Linux distributions.
You will also need the Net::LDAP module from the Perl CPAN archive,
which can be downloaded and installed directly from Perl:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>[root@y2k baccala]# <TT
CLASS="USERINPUT"
><B
>perl -MCPAN -e shell</B
></TT
>
cpan shell -- CPAN exploration and modules installation (v1.58)
ReadLine support enabled
cpan> <TT
CLASS="USERINPUT"
><B
>install Net::LDAP</B
></TT
>
... much output omitted ...
/usr/bin/make install -- OK
cpan></PRE
></FONT
></TD
></TR
></TABLE
><P
> If you've never used CPAN before, you will be prompted first with
a series of configuration questions. Once CPAN is configured,
the Net::LDAP module will be downloaded, compiled, and installed
automatically.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="INSTALLSOFTWARE"
>3.5. Installation</A
></H2
><P
> Building OpenLDAP will require approximately 60 MB of free disk
space. Untar OpenLDAP and configure it.
</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
> Be sure to specify the shell backend function "--enable-shell"
</P
></TD
></TR
></TABLE
></DIV
><P
> I also recommend specifying "--disable-debug" to prevent OpenLDAP
from exiting if an assertion fails.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>bash$ <TT
CLASS="USERINPUT"
><B
>./configure --enable-shell --disable-debug</B
></TT
>
</PRE
></FONT
></TD
></TR
></TABLE
><P
> Now build and install it with:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>bash$ <TT
CLASS="USERINPUT"
><B
>make</B
></TT
>
... much output omitted ...
bash# <TT
CLASS="USERINPUT"
><B
>make install</B
></TT
>
</PRE
></FONT
></TD
></TR
></TABLE
><P
> It will normally install under <TT
CLASS="FILENAME"
>/usr/local</TT
>:
</P
><DIV
CLASS="TABLE"
><A
NAME="AEN174"
></A
><P
><B
>Table 2. Directories used by OpenLDAP
</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/lib</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Shared and static libraries
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/bin</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Client binaries for adding, deleting,
and searching LDAP servers
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/sbin</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Utility programs for manipulating the raw database files.
Not needed for normal operation.
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/libexec</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Various server programs,
including the <B
CLASS="COMMAND"
>slapd</B
> binary
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/etc/openldap</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Contains the default configuration files
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/etc/openldap/schema</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> The different schemas used by the LDAP servers.
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/var/...</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> The location of the LDAP databases (in subdirectories)
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/usr/local/man/...</TT
>
</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Documentation
</TD
></TR
></TBODY
></TABLE
></DIV
><P
> Once OpenLDAP has been installed, next install the NetMeeting
directory kit.
Untar <TT
CLASS="FILENAME"
>ndk.tgz</TT
>.
It contains these files:
</P
><DIV
CLASS="TABLE"
><A
NAME="AEN213"
></A
><P
><B
>Table 3. NetMeeting directory kit files
</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><TBODY
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>netmeeting.perl</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Perl script used to correct NetMeeting protocol violations
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>netmeeting.schema</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Custom NetMeeting schema used by the LDAP server
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>core.schema.patch</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Patch to LDAP server's core schema
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>slapd.conf</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Sample config file for the master LDAP server
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>slapd2.conf</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Sample config file for the slave LDAP server
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>initialize</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Shell script used once to initialize the slave LDAP database
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>slapd.rc</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> <TT
CLASS="FILENAME"
>/etc/rc.d/</TT
> script
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>nmaddentry</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Perl script to add entries to the NetMeeting directory
</TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="FILENAME"
>nmdirectory</TT
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
> Perl/Tk script to query the NetMeeting directory
</TD
></TR
></TBODY
></TABLE
></DIV
><P
> Copy <TT
CLASS="FILENAME"
>netmeeting.perl</TT
> to the
<TT
CLASS="FILENAME"
>/usr/local/libexec</TT
> directory,
<TT
CLASS="FILENAME"
>netmeeting.schema</TT
> to the
<TT
CLASS="FILENAME"
>/usr/local/etc/openldap/schema</TT
>
directory,
and copy both <TT
CLASS="FILENAME"
>slapd.conf</TT
>
and <TT
CLASS="FILENAME"
>slapd2.conf</TT
> to the
<TT
CLASS="FILENAME"
>/usr/local/etc/openldap</TT
> directory.
</P
><P
> Be sure to use <TT
CLASS="FILENAME"
>core.schema.patch</TT
> to patch
openldap's core schema in the
<TT
CLASS="FILENAME"
>/usr/local/etc/openldap/schema</TT
>
directory:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>bash$ <TT
CLASS="USERINPUT"
><B
>cd /usr/local/etc/openldap/schema</B
></TT
>
bash$ <TT
CLASS="USERINPUT"
><B
>ls</B
></TT
>
corba.schema inetorgperson.schema misc.schema nis.schema
core.schema java.schema nadf.schema openldap.schema
cosine.schema krb5-kdc.schema netmeeting.schema
bash$ <TT
CLASS="USERINPUT"
><B
>cp core.schema core.schema.bak</B
></TT
>
bash$ <TT
CLASS="USERINPUT"
><B
>patch core.schema < ~/core.schema.patch</B
></TT
>
</PRE
></FONT
></TD
></TR
></TABLE
><P
> Create the directory
<TT
CLASS="FILENAME"
>/usr/local/var/openldap-netmeeting</TT
>
to store the LDAP database, and make it world writable.
</P
><P
> Especially if you're using directories from the samples, edit
<TT
CLASS="FILENAME"
>slapd.conf</TT
> and <TT
CLASS="FILENAME"
>slapd2.conf</TT
>
and verify their configuration settings.
</P
><P
> You will need to run two copies of <B
CLASS="COMMAND"
>slapd</B
>.
One uses <TT
CLASS="FILENAME"
>slapd.conf</TT
>
and must be started as root, since it binds to port 389.
The <TT
CLASS="OPTION"
>-u</TT
> option can be specified to cause
<B
CLASS="COMMAND"
>slapd</B
> to <TT
CLASS="FUNCTION"
>chown</TT
>
to an unprivileged user after binding the port (a wise precaution).
The other <B
CLASS="COMMAND"
>slapd</B
>
uses <TT
CLASS="FILENAME"
>slapd2.conf</TT
>, binds to an unprivileged
port, and only needs
sufficient privilege to write the database directory.
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>bash# <TT
CLASS="USERINPUT"
><B
>/usr/local/libexec/slapd -f /usr/local/etc/openldap/slapd.conf -u nobody</B
></TT
>
bash$ <TT
CLASS="USERINPUT"
><B
>/usr/local/libexec/slapd -h ldap://localhost:2345/ -f /usr/local/etc/openldap/slapd2.conf</B
></TT
>
</PRE
></FONT
></TD
></TR
></TABLE
><P
> You now have to initialize the slave database with a single entry.
This is only done once, by running the <TT
CLASS="FILENAME"
>initialize</TT
>
script
included in the kit. The "rootdn" and "rootpw" entries are
in the slave config file to allow access for the initialization
script, and must match the <TT
CLASS="OPTION"
>-D</TT
> and <TT
CLASS="OPTION"
>-w</TT
>
options in the script.
Once you've initialized the database with a single parent
entry, you can comment out the "rootdn" and "rootpw" lines
from <TT
CLASS="FILENAME"
>slapd2.conf</TT
>, though this is not critical.
</P
><P
> The server should now be up and running.
For systems with <TT
CLASS="FILENAME"
>/etc/rc.d/</TT
>
style initialization scripts (like RedHat),
the <TT
CLASS="FILENAME"
>slapd.rc</TT
> is provided to automate the
starting and stopping of the <B
CLASS="COMMAND"
>slapd</B
>s.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="SECURITY"
>3.6. Server Security</A
></H2
><P
> As shown above, I run both <B
CLASS="COMMAND"
>slapd</B
>s
as an unprivileged user, minimizing the possibility of compromised
security due to a bug in either the server software or the Perl
script. Of course, this requires the database directory
to be world writable so that the unprivileged slave server can
update it. This isn't as glaring a hole as it might first appear,
since the NetMeeting clients themselves use no authentication.
Thus, even if the database directory were better protected,
anyone on a local or remote host could use LDAP client
programs to delete or modify any of the database entries.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="WINDOWS2000LDAP"
>3.7. LDAP issues with Windows 2000</A
></H2
><P
> Recent NetMeeting releases initially attempt to connect
to the LDAP directory server on port 1002. As described in a
<A
HREF="http://www.microsoft.com/TechNet/chats/trans/iis1208.asp"
TARGET="_top"
>TechNet chat</A
>,
<A
NAME="AEN303"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
><P
>Prior to Windows
2000, an ILS server would listen on port 389 for NetMeeting clients. When an
ILS server is set up on a Windows 2000 machine, it will default to port 1002.
</P
></BLOCKQUOTE
>
If a connection to port 1002 is rejected, NetMeeting will fall back
on the standard LDAP port 389. However, at least one user has reported
trouble with a firewall that blocks port 1002, discards the
connection attempts, and thus no replies are received to
reject the connection. In this case, NetMeeting takes about a minute
to timeout and fall back to port 389. Opening the firewall to
port 1002 allowed the rejects through and triggered a rapid fallback.
</P
></DIV
><DIV
CLASS="SECTION"
><H2
CLASS="SECTION"
><A
NAME="INTEROPERATION"
>3.8. Interoperation with other LDAP service</A
></H2
><P
> The instructions above assume that your LDAP server is only
being used for NetMeeting directory service. Yet what if you
want to use a single server for both NetMeeting directory service
and other LDAP service? Only one server can be bound to port 389,
but OpenLDAP allows multiple database sections to be specified
in its configuration file, each serving different parts of the
LDAP namespace. NetMeeting uses only the "objectClass=RTPerson"
subtree, so as long as you avoid this subtree, you can configure
additional database sections to serve other subtrees with other
databases. The biggest problem you are likely to encounter is
the custom NetMeeting schema, which conflicts slightly with the
standard schema. Since the NetMeeting schema is more liberal
than the standard schema, I'd suggest commenting out the conflicting
parts of the standard schema. NetMeeting clients won't work with
the standard schema. See the LDAP RFCs and the OpenLDAP documentation
for more information about configuring LDAP servers.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="openh323.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="using.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>OpenH323</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> </TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Using the Software</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
