[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap: making clients (ie netscape, outlook, etc) happy.

To: "Johnston, Sam" <sam@unsw.edu.au>
Subject: Re: openldap: making clients (ie netscape, outlook, etc) happy.
From: Rasmus Lerdorf <rasmus@lerdorf.on.ca>
Date: Tue, 08 Sep 1998 00:10:20 -0400 (Eastern Daylight Time)
Cc: "'openldap-general@openldap.org'" <openldap-general@openldap.org>
In-reply-to: <B1E34324BFD7D111AF49004033A0FF8B066348@manager-new.newcollege.unsw.edu.au>

> Now, I have set up the sample organisation and person, as per the slapd
> administrators guide, and ldapsearch returns a sane response, BUT when i
> point netscape, outlook, etc. at it they barf with errors like LDAP
> error: no such object (0x20). I take it there is a list of things one
> should (must?) have to make LDAP clients happy, and then things above
> and beyond that are optional. Perhaps someone would care to enlighten me
> as to what I should list to keep these clients happy? Maybe the problem
> is elsewhere?

I am pretty sure they just do a simple search like: filter="(cn=*string*)"
Although, I think Outlook has an advanced search mode where it will look
at the sn as well.  

The easiest way to figure this out is to simply turn on the LOG4.LOCAL
syslog logging.  For example, in your /etc/syslog.conf file add:

local4.err      /var/log/ldap.log
local4.debug    /var/log/ldap.log
local4.notice   /var/log/ldap.log
local4.alert    /var/log/ldap.log

Then send your syslogd a HUP and start hitting your ldap server with
Netscape and Outlook requests and look at your /var/log/ldap.log file.
You will be able to tell extremely quickly what they are looking for.

Ok, here is what Outlook Express sends:

(&(mail=RASMUS*)(|(cn=LERDORF*)(|(sn=LERDORF*)(givenname=LERDORF*))))

I stuck my last name in the "Name" search field and my first name in the
"Email" search field and that is the query it sent.  Don't know if you are
familiar with the syntax of LDAP queries but they are basically in a
prefix notation.  Think of a reverse polish calculator.  That uses postfix
notation.  This is the opposite.  Operator first, then the arguments it
works on.  So this query says find all entries where the mail field starts
with "Rasmus" AND ( either the common name starts with "LERDORF" OR the
surname field starts with "LERDORF" OR the givenname field starts with
"LERDORF" )

Outlook Express has an option to use "Simple" search filters.  When I
turned that option on and used the same two strings I got:

(&(mail=RASMUS*)(cn=LERDORF*))

Not sure why they think this is all that much simpler.  Relies on less
fields being present, I suppose, but it is certainly less likely to find a
match.

-Rasmus

References:
- openldap: making clients (ie netscape, outlook, etc) happy.
  - From: "Johnston, Sam" <sam@unsw.edu.au>

Prev by Date: openldap: making clients (ie netscape, outlook, etc) happy.
Next by Date: RE: openldap: making clients (ie netscape, outlook, etc) happy.
Index(es):
- Chronological
- Thread