K
Kevin Sullivan (MVP Group Policy)
I have seen many posts in here about the LDAP service for alterenate address
books etc. Most replys are simply "remove the LDAP address book". Many
organizations need to use the LDAP address book and it offers them a ton of
flexibility in management. There are, however some really complex problems
with this and there appears to be little documentation regarding these
issues. I am looking for some guidance from someone who is using the LDAP
service sucessfully and knows it insinde and out.
For instance, when you create the LDAP service there are only 6 or so
properties to be set. One of these is the 'search base'. This simply limits
the scope of the address book to a specific container in the LDAP directory.
Very nice, works great, shows in the MAPI service in the registry, *perfect*.
Not in the UI but a property of the service in the MAPI profile in the
registry is called the search filter. This is intended to limit further what
is returned to the address book. For examply, the search base is
ou=sales,dc=acme,dc=com. So the address book shows all mail enabled objects
in that OU and nothing else (brilliant!). Add a search filter to say
something like (&(objectClass=user)(sn=sull*)) should only show mail enabled
objects in the Sales OU who's last name begins with sull... It doesn't seem
to work. I am not finding any docuemntation that states that this vaule is no
longer supported so I assume it is (it is there right! so it should work!). I
feel like it is a bizarre syntax issue that I can't figure out.
If anyone has any experience with this feature I would appreciate feedback.
Thanks,
Kevin
books etc. Most replys are simply "remove the LDAP address book". Many
organizations need to use the LDAP address book and it offers them a ton of
flexibility in management. There are, however some really complex problems
with this and there appears to be little documentation regarding these
issues. I am looking for some guidance from someone who is using the LDAP
service sucessfully and knows it insinde and out.
For instance, when you create the LDAP service there are only 6 or so
properties to be set. One of these is the 'search base'. This simply limits
the scope of the address book to a specific container in the LDAP directory.
Very nice, works great, shows in the MAPI service in the registry, *perfect*.
Not in the UI but a property of the service in the MAPI profile in the
registry is called the search filter. This is intended to limit further what
is returned to the address book. For examply, the search base is
ou=sales,dc=acme,dc=com. So the address book shows all mail enabled objects
in that OU and nothing else (brilliant!). Add a search filter to say
something like (&(objectClass=user)(sn=sull*)) should only show mail enabled
objects in the Sales OU who's last name begins with sull... It doesn't seem
to work. I am not finding any docuemntation that states that this vaule is no
longer supported so I assume it is (it is there right! so it should work!). I
feel like it is a bizarre syntax issue that I can't figure out.
If anyone has any experience with this feature I would appreciate feedback.
Thanks,
Kevin