Zero results for Thunderbird addressbook client quering OpenLDAP server

Jeff Tipton jeff.t at
Fri Aug 12 18:25:05 UTC 2011

On 08/12/11 13:32, Jeff Tipton wrote:
> Hi,
> I installed an OpenLDAP server for an office LAN, and the first thing I wanted it do is a shared address book for e-mail clients. My OpenLDAP server responds ok on ldapsearch, it also can be browsed with phpldapadmin and jxplorer (from a LAN desktop) but I can't get anything from it with Thunderbird and Claws mail addressbooks.
> The server OS is 7.4-RELEASE, OpenLDAP is 2.4.26.
> To trace the problem, I stripped down all the configuration to a bare minimum, removed all ACLs, and opened the port 389 on the router, so that I can continue remotely (hope I won't need this hole for long). Here's my slapd.conf:
> modulepath   /usr/local/libexec/openldap
> moduleload
> moduleload
> include         /usr/local/etc/openldap/schema/core.schema
> include       /usr/local/etc/openldap/schema/cosine.schema
> include       /usr/local/etc/openldap/schema/inetorgperson.schema
> database        hdb
> suffix          "dc=domainname,dc=tld"
> rootdn          "cn=Manager,dc=domainname,dc=tld"
> directory       /var/db/openldap-data
> index   objectClass,uid,uidNumber,gidNumber   eq
> index   cn,mail,surname,givenname             eq,subinitial
> rootpw {SSHA}95A/ZTBigrkvH349C6pM6WtI1TMoZRDe
> loglevel 256
> The database structure:
> ldapsearch -W -H ldap://localhost/ -D cn=Manager,dc=domainname,dc=tld -b 'dc=domainname,dc=tld' '(objectclass=*)'
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base<dc=domainname,dc=tld>  with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> # domainname.tld
> dn: dc=domainname,dc=tld
> objectClass: dcObject
> objectClass: organization
> o: domainname.tld
> dc: domainname
> # Manager, domainname.tld
> dn: cn=Manager,dc=domainname,dc=tld
> objectClass: organizationalRole
> cn: Manager
> # TBabook, domainname.tld
> dn: ou=TBabook,dc=domainname,dc=tld
> objectClass: organizationalUnit
> objectClass: top
> ou: TBabook
> # John User, TBabook, domainname.tld
> dn: cn=John User,ou=TBabook,dc=domainname,dc=tld
> objectClass: inetOrgPerson
> objectClass: top
> objectClass: person
> cn: John User
> givenName: John
> mail: john at domainname.tld
> sn: User
> # search result
> search: 2
> result: 0 Success
> # numResponses: 5
> # numEntries: 4
> Now, on  thunderbird-3.1.11. FreeBSD 8.2 8.2-RELEASE (also tried from other OSes with Thunderbird 3 and Claws):
> -made an account "john at domainname.tld"
> -created a "New LDAP directory" with these settings:
> Name: MyCompany Public
> Hostname: mail.domainname.tld
> Base DN: cn=TBabook,dc=domainname,dc=tld
> Port number: 389 (that's open on the company's router, pointing to the OpenLDAP server, and I can make a remote ldapsearch successfully)
> Bind DN: cn=Manager,dc=domainname,dc=tld
> When, after these settings, I press "OK", nothing happens. When I go to the "Offline" tab and press "Download", Thunderbird prompts for a password. I fill in the Manager's (rootdn) password, check the "Remember" box, then "Ok", and Thunderbird responds with "Replication succeeded". But nothing appears in the addressbook. Meanwhile these rows were appended to the server's /var/log/debug.log:
> Aug 12 12:04:36 server slapd[54734]: conn=1018 fd=14 ACCEPT from IP=xx.xx.xx.xx:65161 (IP=
> Aug 12 12:04:36 server slapd[54734]: conn=1018 op=0 BIND dn="cn=Manager,dc=domainname,dc=tld" method=128
> Aug 12 12:04:36 server slapd[54734]: conn=1018 op=0 BIND dn="cn=Manager,dc=domainname,dc=tld" mech=SIMPLE ssf=0
> Aug 12 12:04:36 server slapd[54734]: conn=1018 op=0 RESULT tag=97 err=0 text=
> Aug 12 12:04:36 server slapd[54734]: conn=1018 op=1 SRCH base="ou=TBabook,dc=domainname,dc=tld" scope=2 deref=0 filter="(objectClass=*)"
> Aug 12 12:04:36 server slapd[54734]: conn=1018 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text=
> Aug 12 12:04:38 server slapd[54734]: conn=1018 op=2 UNBIND
> Aug 12 12:04:38 server slapd[54734]: conn=1018 fd=14 closed
> I also tried to add mozillaAbPersonAlpha.schema to my OpenLDAP and its objectClass to the "John User" but that didn't change anything. There's also a perhaps unrelated thing: the /usr/local/etc/rc.d/slapd script is only able to start openldap. In order to stop it, I have to kill it by PID.
> So, very simple situation, but I can't get it work. Anyone has ideas of how to find the cause? Thanks in advance.
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"
I just analyzed my Thunderbird-OpenLDAP session with wireshark, and it 
shows an ideal conversation! Here's an outline:

T  bindRequest(1) "cn=Manager,dc=domainname,dc=tld" simple
O  bindResponse(1) success
T  searchRequest(2) "ou=TBabook,dc=domainname,dc=tld" wholeSubtree
O  searchResEntry(2) "ou=TBabook,dc=domainname,dc=tld"
O  searchResEntry(2) "cn=John User,ou=TBabook,dc=domainname,dc=tld"
O  searchResEntry(2) "cn=Jane User,ou=TBabook,dc=domainname,dc=tld"
O  searchResDone(2) success
T  unbindRequest(3)

I also browsed the contents of responses deeper, and all the expected 
data is there. So my server works ok, it's Thunderbird that shows 
nothing it receives.

More information about the freebsd-questions mailing list