querying MS-Exchange Server ?

[SSL <ssl@iguana.internexo.co.cr>]

I know this question has been asked (and answered) before,
but 

I've got openldap 2.0.18 running on FreeBSD 4.4, and 
sitting next to the FreeBSD box is a Win2k server
running MS-Exchange Server 5.0.2195.2966.  (Don't you
love these MS software version numbers?)

Using "ldapsearch" I am able to query the Exchange Server 
from the FreeBSD box, and get what appears to be the
whole directory:

 ldapsearch -h w2khost -b 'dc=xxxxx,dc=yyy' '(objectClass=*)'

(where w2khost, xxxxx and yyy are what you'd expect
for my particular setup)

However, the "whole directory" is really about 46 records, most
of which are the DNS root servers and two or three users, and
some other things.

The Win2000 techie said, "Oh, you're not getting the MS-Exchange
users because it's acting as an Active Directory server" (or
something like that), and told me to do the search based
on the Global Catalog called "blahblah" (this is a made-up
name).  It happens that one of the records returned by
the generic query (objectClass=*) has DC=blahblah.

Now, I'm lost as to how to set the "Global Catalog" in
an ldapsearch query.

He also said that the the directory (based on Global Catalog
blahblah) wasn't publicly viewable, and that only MS-Exchange
users could query it, using "secure password authentication".
By this I presume he means SASL, is this correct?  (If so,
then I'll have to reinstall openssl, as the FreeBSD pre-compiled
"port" is apparently compiled without SASL.)

Thanks in advance for any tips or pointers.
Regards and a Peaceful 2002,
 -Ted.