Re: OpenLDAP as an address book for MS Outlook

[Howard Chu <hyc@symas.com>]

Victor Sudakov wrote:
> Victor Sudakov wrote:
> > I have been trying to investigate what is needed in OpenLDAP to have
> > Microsoft Outlook 2007 display a list of names in the addressbook when
> > first accessed in the same way that it does with ActiveDirectory/Exchange.
>
> Here is a dump of an LDAP session between Microsoft Outlook and a
> CommunigatePro server: http://zalil.ru/34017194 where a list of names
> is being displayed.
>
> Could someone with sufficient LDAP knowledge look at it and advise how to
> configure OpenLDAP to achieve the same result?

Your trace shows two supportedControls and two supportedCapabilities. The 
controls are for server-side sorting and paged results. OpenLDAP supports 
paged results intrinsically, and server-side sorting when the sssvlv overlay 
is configured. If those aren't sufficient to make Outlook behave, then things 
get trickier.

supportedCapabilities is not a standard attribute, it appears to be specific 
to M$AD. The two supportedCapabilities in your trace are:
1.2.840.113556.1.4.800	LDAP_CAP_ACTIVE_DIRECTORY_OID
1.2.840.113556.1.4.1791	LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID

If your sssvlv is configured correctly, and Outlook sees both Server Side 
Sorting and Paged Results in the supportedControls that OpenLDAP returns, but 
it still doesn't do what you want, then apparently Outlook requires the server 
to claim to be Active Directory.

You could fake this, by copying the schema definition of the 
supportedCapabilities attribute and loading it into slapd. You would also need 
to populate the values. You can use the "rootdse" directive to do that. I 
would guess you only need the first capability, but I don't use Outlook so 
have no way to verify this.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/