[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP & Outlook



Brenda,

sorry for not getting back to you any sooner, was busy doing other stuff.

I have read these references to the FAQ messages, but as far as I understand them they only explain what the mapping is between certain commonly-used LDAP attributes and the 'corresponding' Outlook attributes.
But was of all those many attributes do I really need to add to my schema in order to get a 'contact' person appearing in my Outlook-Ex. ? I suppose it's no use to start adding all those attributes alltogether ...


Thanks in advance !

Rob


Brenda Bell wrote:

At 07:15 12/17/2002, you wrote:

Brenda,

I am DEFINITELY interested in the details how you made this thing working !!
Can I please (!) have the procedure for both OE and Outlook, as well as
any necessary changes on the side of the (open-)LDAP server (config,
schema, you name it) ?


Well... note that I only have ***parts*** of it working :)

Here's what I know so far -- and it's not much because I'm still learning LDAP, but I do know a good bit about Windows.

To Outlook-enable your LDAP schema, you need to read http://www.openldap.org/faq/data/cache/293.html and http://www.openldap.org/faq/data/cache/294.html and make the necessary adjustments.

Once the schema is right, you can use IE to test connectivity. Now... LDAP URL's have no security whatsoever, so "browsing" to an address book entry will only work if you have read access set up for the anonymous user on the LDAP server. I wouldn't suggest you run this way permanently, but it's awfully handy when checking to see if MS can digest the information in your openldap directory. On my server, I have the DN ou=contacts,dc=theotherbell,dc=com... in my address book, I have the contact DN cn=Bell Brenda,ou=contacts,dc=theotherbell,dc=com. From IE (or Netscape, the address bar or the Run box), the url ldap://ldap.theotherbell.com/cn=Bell%20Brenda,ou=contacts,dc=theotherbell,dc=com will display the contact properties just as if the contact were stored in ActiveDirectory.

If you can connect through IE, you should be able to do a search from OE. To set up the directory:

Launch OE and go to Tools->Accounts. Click the Add button and select Directory Service. Enter the FQN for your LDAP server; if you choose to use secured access (I didn't), you'll need to enter the right DN and password for the connection. Click Next, check Yes (do you want to check addresses using this directory service), click Next and click Finish.

On the Accounts dialog, click on the All or Directory Service tab, select the directory you just added and click the properties button. Click on the Advanced tab, enter the base DN for the search -- mine is ou=contacts,dc=theotherbell,dc=com. I left the simple search button unchecked, but you may have to play with it to see what works best for you.

To test it, click the Addresses button on the toolbar -- or go to Tools->Address Book. Clicn the Find People button. Select the directory you just added, click the Advanced tab, enter some search criteria, e.g., Name contains Bell and click the Find Now button. You should see some data.

On to Outlook -- and this is where everything is broken as far as I'm concerned.

First, Outlook runs in two modes: Internet or Corporate/Workgroup. You can easily determine which mode you're in by launching the Mail applet in the control panel. If it displays the Internet Accounts dialog, you're in Internet mode, otherwise, you're in Workgroup mode.

If you're in Internet mode, you have the same level of functionality as OE... you can follow the procedure above to add a Directory Service. But I have yet to get Outlook to actually return data... no matter what I do, it always says "there are no entries that match your search criteria".

If you're in Workgroup mode, you can add a Directory Service via the Mail applet on the control panel. This will cause your LDAP directory to correctly show up in the address book drop down. However, I haven't been able to get this configuration to connect at all.

IMHO, Outlook's LDAP access is broken... but maybe you'll pick up on something I missed.

Important note: if you change your Outlook mode and it doesn't automatically close Outlook, do it manually... otherwise, the changes don't quite kick in and you end up in a really weird state. You also have to be careful with your accounts when you reconfigure things. There's one place where Outlook sets up a default POP3 account which will automatically download all your email and delete it from the server. I use IMAP so the default is definitely not what I want... if you're going to play, best to do it with a test account that won't muck with your real email.


I would be incredibly thankful if you could provide me those ... and
would even send you flowers for it if your were not living a few
thousands miles away !


Aw, shucks... the only reason I participate in these discussions is so strange men can send me gifts :)


Cheers, Brenda