Ben Collins <bcollins@debian.org>, Written Feb 11, 2000.

---------------------------------------------------------------------------

This document gives a brief description of how to setup your OpenLDAP
server to support Netscape Roaming.

First, you will need to have setup your initial directory using openldapd's
configuration script. This will make sure you have all the correct base
entries.

From here you can use the template file shown below to add users. Note that
there are two entries for each user. The first is a standard user entry,
and the second is the roaming entry for that user. If you have already
added user entries to your directory (either manually, or by using one of
the migrations tools for LDAP-NS), then you will only need the second entry
for each user.

# Roaming LDIF file

# This is for normal user entries, not LDAP-NS style ones
dn: cn=Full Name, ou=People, o=Your Company, c=US
objectClass: top
objectClass: person
cn: Full Name
sn: Last Name
userPassword: {crypt}<encrypted password>
# you can copy the crypt from /etc/shadow if you want,
# or encrypt a new one

# This is the Roaming entry
dn: nsLIProfileName=Full Name, ou=Roaming, o=Your Company, c=US
objectClass: top
objectClass: nsLIProfile
owner: cn=Full Name, ou=People, o=Your Company, c=US
# Note, the owner is the DN from the entry above.

# End LDIF file

This can be added to your LDAP directory using `ldapadd' and binding as
the admin user. If you are using LDAP-NS (if you don't know what that is,
ignore it) style entries, then "Full Name" will be replaced with the
simple username, and the "owner" attribute will reflect that DN. Also
remember to change this base, "o=Your Company, c=US", to the one you have
configured your directory for (the `suffix' entry in
/etc/openldap/slapd.conf).

Now on to configuring Netscape. You will need a full version of Navigator
(not the standalone version), and atleast version 4.5.

  * Select the "Edit->Preferences" menu option.

  * Select "Roaming User" under the list on the left.

  * Enable Roaming Access

  * Enter the user name (either the "Full Name", or the username depending
    on your setup you used above). Netscape will use this to replace the
    $USERID in the other fields.

  * Select "Server Information"

  * Make sure "LDAP Directory Server" is selected

  * Under "Address" put this:

      ldap://ldapserver/nsLIProfileName=$USERID,ou=Roaming,o=Your Company,c=US

    "ldapserver" is the hostname of the server where slapd is running.
    Remember to replace the base to the same as you had above.

  * Under User DN put this:

      cn=$USERID, ou=People, o=Your Company, c=US

    This is the full DN of the main user entry (the same DN you used for
    the "owner" attribute in the LDIF above).

You should now be able to exit Netscape and start it up. It will then
prompt you for your LDAP password (the encrypted password from the LDIF).
YOU ARE NOW ROAMING :)
