Setting the right LDAP search base in Entourage

[Beavis2121]

Hi, I'm looking to allow my Entourage users to search our Users and
Distribution List objects in our Active Directory database, but I
can't seem to get the search base to search the "cn" and "ou"
attributes at the same time. Here's how my Entourage Directory window
looks:

LDAP server: abc
Search Base: cn=users,dc=xyz,dc=com
This allows users to search our Users folder without getting the
outside Contacts to pop up (the reason for not setting it to search
the entire GAL in the first place), but it doesn't search the
Distribution Lists

I can swap the cn=users for ou=distributionlists to get it to search
the Distribution Lists, but than it doesn't search the Users. I want
to search both.

When I set the Search Base to
ou=distributionlist,cn=users,dc=xyz,dc=com I get a "An unknown error
(-17766) occurred"...sometimes it's -17768 or even -17799.

Any help would be great.

 

[Chris Ridd]

Hi, I'm looking to allow my Entourage users to search our Users and
Distribution List objects in our Active Directory database, but I
can't seem to get the search base to search the "cn" and "ou"
attributes at the same time. Here's how my Entourage Directory window
looks:

LDAP server: abc
Search Base: cn=users,dc=xyz,dc=com
This allows users to search our Users folder without getting the
outside Contacts to pop up (the reason for not setting it to search
the entire GAL in the first place), but it doesn't search the
Distribution Lists

I can swap the cn=users for ou=distributionlists to get it to search
the Distribution Lists, but than it doesn't search the Users. I want
to search both.

When I set the Search Base to
ou=distributionlist,cn=users,dc=xyz,dc=com I get a "An unknown error
(-17766) occurred"...sometimes it's -17768 or even -17799.

Try setting your search base to "dc=xyz,dc=com" instead, as that is a parent
to both "cn=users,dc=xyz,dc=com" and "ou=distributionlist,dc=xyz,dc=com".

If there's other entries below "dc=xyz,dc=com" then there's no way to say in
a single LDAP search to search two different subtrees. You've got to do two
separate searches.

As a workaround you could set up two account entries for your directory
server, one with a search base of cn=users,... and one with a search base of
ou=distributionlist,.... You'd then have to choose what you're searching for
in advance.

Does using the simple vs non-simple search filter change anything?

Any help would be great.

More information about your DIT structure would be useful.

Cheers,

Chris

 

[Beavis2121]

Try setting your search base to "dc=xyz,dc=com" instead, as that is a parent
to both "cn=users,dc=xyz,dc=com" and "ou=distributionlist,dc=xyz,dc=com".

If there's other entries below "dc=xyz,dc=com" then there's no way to say in
a single LDAP search to search two different subtrees. You've got to do two
separate searches.

I guess that's the problem I have, I want to search two different
subtrees at the same time... doesn't look like I can.

Basically, I have three subtrees being populated in our DIT (I'm
hoping I using the right terminology) - Users, Distribution Lists, and
Contacts. The default GAL setting in Exchange 2k3 lists them all and
our users are worried about accidentally sending sensitive company
e-mails to clients that are listed in the Contacts group, fortunately
for our PC users I've been able to setup an alternative GAL that just
lists Users and Distrib Lists and then point their client to it,
Entourage isn't that friendly though so I'm looking for a way to
search the Users and Distrib subtrees, but NOT the Contacts.

I'll try posting to the LDAP groups, as this is really more up their
ally.

 

[Chris Ridd]

I guess that's the problem I have, I want to search two different
subtrees at the same time... doesn't look like I can.

Basically, I have three subtrees being populated in our DIT (I'm
hoping I using the right terminology) - Users, Distribution Lists, and
Contacts. The default GAL setting in Exchange 2k3 lists them all and
our users are worried about accidentally sending sensitive company
e-mails to clients that are listed in the Contacts group, fortunately
for our PC users I've been able to setup an alternative GAL that just
lists Users and Distrib Lists and then point their client to it,
Entourage isn't that friendly though so I'm looking for a way to
search the Users and Distrib subtrees, but NOT the Contacts.

Ah, so if you had some access controls on the contacts tree that meant it
could be searched if you authenticated, and then set up an LDAP account in
Entourage that didn't authenticate, by setting the search base to
"dc=xyz,dc=com" you would effectively search 2 of the 3 subtrees using a
single search.

(What's a GAL? It isn't in any LDAP standards.)

Whether you can set up access controls that way on whatever Exchange is
offering I don't know.

I'll try posting to the LDAP groups, as this is really more up their
ally.

You probably want an Exchange group instead.

Cheers,

Chris