By John C. Welch, MacworldMAR 11, 2009 9:03 am PDT
At a glance
Like a lot of IT people in a mostly-Mac company, my organization has a directory service set up to help manage our users and computers. In our case, it’s Apple’s Open Directory, which is based on LDAP, or the
Lightweight Directory Access Protocol.
Open Directory is pretty cool, especially for maintaining the company contact list. Since we enter in work-related information for everyone when they start, everything we need as far as e-mail addresses, postal addresses, phone numbers, and so forth is right there. In Mac OS X 10.5, with
Apple’s Directory application, adding people’s pictures is as easy as adding them in iChat.
This is all great, until you want to use this on the iPhone. It is immensely frustrating to have all this power in your iPhone, but still have to manually sync with iTunes (and re-sync regularly if you want to keep up to date), or run a third-party groupware server just to get access to the company directory listing. If you have 20 to 30 people, the iTunes requirement can be annoying. If you have a few hundred? Or more? Ugh-o-la.
Luckily, there’s a product that helps you handle this lack of iPhone support from Apple: LDAPeople from
Boneware. LDAPeople is a $4 iPhone and iPod touch application that allows you to search and use contact information from your LDAP directory on your iPhone. That means you can access contact info on your iPhone without having to copy that data from your directory. You can also copy entries from your LDAP directory to your iPhone, if you want to save them for offline access.
Setting up LDAPeople to work in an Apple Open Directory environment is simple. You enter in a name for the configuration, the DNS name for the server, and the searchbase. So, with Open Directory, if your Open Directory Master’s DNS name is odmaster.company.com, your LDAPeople searchbase would be cn=users,dc=odmaster,dc=company,dc=com. Including the “users” container makes it easier for LDAPeople to search for contact information, as it limits the amount of data needed, but it’s not required.
If you have more advanced requirements, like authenticated binding, custom queries, custom base filters, and so on, there’s an Advanced settings window where you can set these values as well. One point: LDAPeople does not yet support SSL, although Neoos is working on it. Nor does it support Kerberos as of yet, so if you need either of those for read-only access to your directory, then you’ll have to wait to use LDAPeople.
If you don’t need SSL or Kerberos for read-only access to your LDAP contact information, then LDAP people is a decent tool. You punch in a name, and it returns basic contact info. You can customize the LDAP attributes LDAPeople uses, (but not the LDAPeople fields), and LDAPeople will use the Open Directory picture for people, if you have them. A sample of what you get with LDAPeople is shown on the right. The screenshot doesn’t show a postal address or URL, and I’ve blurred out some other information.
Using the contact information LDAPeople gives you access to is intuitive. Tap on an e-mail entry, you get a new mail message to that person. Tap on the phone number, you call that number. Tap on the URL, you go to that web site, tap on a postal address, and you get Google Maps for that address. So there’s a fairly high level of integration between LDAPeople and the rest of the iPhone applications. One thing to keep in mind is that none of this is cached, unless you manually import an entry into your iPhone address book. If you can’t connect to your LDAP server, LDAPeople is not able to function.
There are a few things I’d like to see changed, mostly fit and finish. First, you can’t browse an LDAP contact list, you have to search. That’s somewhat minor, but it can be annoying. There’s no auto-complete, and if you have extensions in your phone number—say (555) 555-5555 ext. 333—then LDAPeople shows it as “5555555555ext333”. It will try to dial all 13 numbers if you tap on it, which, in the U.S., means you still have to dial the extension manually. It would also be nice if I could add custom fields to LDAPeople itself, instead of just mapping fields to the list of what LDAPeople ships with. Finally, it would be nice to be able to better handle Open Directory’s multiple value per attribute fields.
However, in spite of its shortcomings, and assuming you can consistently connect to your LDAP server, LDAPeople has been a really useful tool for me, and it’s one that lets me actually get to my Apple Open Directory contacts from my Apple iPhone, something that Apple still can’t manage to do.
LDAPeople is compatible with any iPhone or iPod touch running the iPhone 2.x software update.
[John C. Welch is a senior systems administrator for The Zimmerman Agency, and a long-time Mac IT pundit.]