D
Don Stocks
Does anybody know if it's possible to get Outlook LDAP Address Books to
truly utilize integrated Windows authentication for AD LDAP queries?
I have configured Outlook 2002 on Windows XP in Corporate Workgroup mode to
access our Windows 2003 Active Directory via LDAP over SSL. This works well
except for on small problem. The credentials used for LDAP access are not
the currently logged on user's credentials. Instead I have to configure the
LDAP address book in Outlook 2002 for a specific username. If I set the
user name to domain\username and I leave the password blank, Outlook prompts
for a password the fist time it is launched. This set of credentials is
then cached for future Outlook sessions. The problem arises when the user
changes their AD password LDAP access then fails. Having users reconfigure
the LDAP address book is an option but not a very good one. I definitely
want to avoid that to make it easy for my users. It would be much better if
Outlook could use the currently logged in user's credentials the way the
Windows Address Book does.
If I configure the Windows Address Book like below, Windows uses the
currently logged in user's credentials the way I wish Outlook would. It
works perfectly.
Windows Address Book - Active Directory Account
Server Name: NULL
This servers requires me to log on : checked
Account Name : NULL
Log on using Secure Password Authentication : checked
Advanced settings:
Directory service (LDAP) : 636
This server requires SSL : checked
Search Base : ou=MyOU,dc=my,dc=domain,dc=net
I have tried configuring the LDAP Outlook Address Book using every possible
combination of NULL values and I cannot get Outlook to behave the way the
WAB works. When I use NULL as the user name (even if I configure the client
to query the Global Catalog) I get LDAP connection failures; probably
related to authentication failures. I also tried NULL, the FQDN and the
NetBIOS name for the server entry.
I have to believe that MS has a way to make this work for people who are not
using Exchange but want to use AD for a shared address book via LDAP.
Thanks for the help.
- Don
truly utilize integrated Windows authentication for AD LDAP queries?
I have configured Outlook 2002 on Windows XP in Corporate Workgroup mode to
access our Windows 2003 Active Directory via LDAP over SSL. This works well
except for on small problem. The credentials used for LDAP access are not
the currently logged on user's credentials. Instead I have to configure the
LDAP address book in Outlook 2002 for a specific username. If I set the
user name to domain\username and I leave the password blank, Outlook prompts
for a password the fist time it is launched. This set of credentials is
then cached for future Outlook sessions. The problem arises when the user
changes their AD password LDAP access then fails. Having users reconfigure
the LDAP address book is an option but not a very good one. I definitely
want to avoid that to make it easy for my users. It would be much better if
Outlook could use the currently logged in user's credentials the way the
Windows Address Book does.
If I configure the Windows Address Book like below, Windows uses the
currently logged in user's credentials the way I wish Outlook would. It
works perfectly.
Windows Address Book - Active Directory Account
Server Name: NULL
This servers requires me to log on : checked
Account Name : NULL
Log on using Secure Password Authentication : checked
Advanced settings:
Directory service (LDAP) : 636
This server requires SSL : checked
Search Base : ou=MyOU,dc=my,dc=domain,dc=net
I have tried configuring the LDAP Outlook Address Book using every possible
combination of NULL values and I cannot get Outlook to behave the way the
WAB works. When I use NULL as the user name (even if I configure the client
to query the Global Catalog) I get LDAP connection failures; probably
related to authentication failures. I also tried NULL, the FQDN and the
NetBIOS name for the server entry.
I have to believe that MS has a way to make this work for people who are not
using Exchange but want to use AD for a shared address book via LDAP.
Thanks for the help.
- Don