Topic: Outlook and LDAP Aaargghhh!

[Gary Owen]

Before I'm flamed I have searched and read these forums to death - there is no definitive answer on how to get Outlook to work with SME LDAP.

I use Outlook XP and use SME 5.6U4 as a pop3 server for the company. I desperately need to have a centralised address book - I know that the Outlook solution with LDAP is not an elegant one but I can't get it to work at all. The search base is correct as per the Directory information on SME, IP and port number correct - I've tried everything - each time I try a search I get 'Invalid DN Syntax (34)'

Please don't ask me to switch to Mozilla or Netscape etc. like other posts have - I had a hard time migrating the users from MS Small Business Server 2000 to SME which they've coped with but taking Outlook from them will hurt a lot!

Appreciate info from anyone who has been successful with this

[Charlie Brady]

Gary Owen wrote:

> I've tried everything - each time I try a
> search I get 'Invalid DN Syntax (34)'

Chances are you have used an invalid DN syntax.
That's where I'd concentrate my search. Have you tried google?

Charlie

[Gary Owen]

Yep - that was the first thing I did. Google turned up a lot of answers but none of them fitted the bill.

[Peter]

What errors do you see in the messages log file?

Peter.

[Gary Owen]

Hi Peter,

This is what I get:

Dec  5 10:20:54 s1 slapd[1647]: daemon: conn=113 fd=9 .

Dec  5 10:20:54 s1 slapd[8627]: conn=113 op=0 BIND dn="" method=128
 
Dec  5 10:20:54 s1 slapd[8627]: conn=113 op=0 RESULT tag=97 err=0 text=

Dec  5 10:20:54 s1 slapd[7237]: conn=113 op=1 SRCH base="" scope=0 filter="(objectClass=*)"

Dec  5 10:20:55 s1 slapd[7237]: conn=113 op=1 RESULT tag=101 err=0 text=

Dec  5 10:20:59 s1 slapd[1647]: daemon: conn=114 fd=11 connection from IP=192.168.1.120:1308 (IP=0.0.0.0:34049) accepted.

Dec  5 10:20:59 s1 slapd[8627]: conn=114 op=0 BIND dn="" method=128

Dec  5 10:20:59 s1 slapd[8627]: conn=114 op=0 RESULT tag=97 err=0 text=

Dec  5 10:20:59 s1 slapd[7237]: conn=114 op=1 SRCH
base="dc=mydomainname,dc=com" scope=0 filter="(objectClass=*)"

Dec  5 10:21:00 s1 slapd[7237]: conn=114 op=1 RESULT tag=101 err=32 text=

Dec  5 10:21:02 s1 slapd[8627]: conn=113 op=2 UNBIND

Dec  5 10:21:02 s1 slapd[8627]: conn=-1 fd=9 closed connection from IP=192.168.1.120:1307 (IP=0.0.0.0:34049) accepted


I've replaced my real domain with mydomain for privacy purposes. Any help appreciated

[Peter]

I have tested mine with Softerra LDAP Browser 2.5 that you can get from here...


 http://www.softerra.com/download

Start downloadig it now...

I am having the same problems as you, but with netscape, so it's not just Outlook.

Using the LDAP browser I can see the entries in my address book. HOWEVER, when I select the properties of the directory entry I have created in the LDAP browser and click the server monitor tab I get an 'error32 no such object' error message.

Likewise if I change the User DN to, say, admin  with the correct password, it generates the same error and I can no longer see the addresses in the list

As a wild guess I think that we need some sort of user DN entry to get the browser working.

What do you think?


Peter.

[Gary Owen]

Yeah I'd go for that too - tried a few combinations. Thing is Twiggi is working fine on the server and reads all the users via LDAP without a problem so I may look into the source code of that and see how it's doing it - will report back

[Peter]

I started sldap in debug mode and got this...


daemon: activity on 1 descriptors
daemon: new connection on 14
daemon: added 14r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 14r
daemon: read activity on 14
connection_get(14): got connid=1
connection_read(14): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 24 contents:
ber_get_next
ber_get_next on fd 14 failed errno=11 (Resource temporarily unavailable)
do_bind
daemon: select: listen=6 active_threads=1 tvp=NULL
ber_scanf fmt ({iat) ber:
ber_scanf fmt (o}) ber:
bind: invalid dn (peter)
send_ldap_result: conn=1 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=34
ber_flush: 24 bytes to sd 14
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
do_unbind
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9

So it loks like for what ever reason it rejects the dn when using a valid user, could this be linked to the fact that user logons are disabled by default?

Puzzled.

[Peter]

Just tried Netscape again and is does allow you to search the database e.g. pet*, but not add anything to it. It does not allow a wildcard search either.


Peter.

[Peter]

These are the two entries from the messages log file when I type part of a user on the servers name into the to field -

Dec  5 14:31:52 pogo6b3 slapd[1919]: daemon: conn=9 fd=21 connection from IP=192.168.3.65:4438 (IP=0.0.0.0:389) accepted.
Dec  5 14:31:52 pogo6b3 slapd[3098]: bind: invalid dn (peter)
Dec  5 14:31:52 pogo6b3 slapd[3098]: conn=9 op=0 RESULT tag=97 err=34 text=invalid DN
Dec  5 14:31:53 pogo6b3 slapd[3098]: conn=9 op=1 UNBIND
Dec  5 14:31:53 pogo6b3 slapd[3098]: conn=-1 fd=21 closed



Dec  5 14:32:31 pogo6b3 slapd[1919]: daemon: conn=10 fd=21 connection from IP=192.168.3.65:4451 (IP=0.0.0.0:389) accepted.
Dec  5 14:32:31 pogo6b3 slapd[3098]: conn=10 op=0 BIND dn="" method=128
Dec  5 14:32:31 pogo6b3 slapd[3098]: conn=10 op=0 RESULT tag=97 err=0 text=
Dec  5 14:32:31 pogo6b3 slapd[3098]: conn=10 op=1 SRCH base="dc=wibble,dc=co,dc=uk" scope=2 filter="(|(cn=helen*)(mail=helen*)(sn=helen*))"
Dec  5 14:32:31 pogo6b3 slapd[3098]: conn=10 op=1 SEARCH RESULT tag=101 err=0 text=

So its quite happy to accept an anonymous dn but not a 'valid?' one.

This must be something really stupid.


Peter.

[%sig%]

[Peter]

Hmmm, comming to the opinion that Netscape does not have the ability to add entries to an ldap server anyway!

To clarify one point, is the ldap addressbook only for internal use I wonder? Will it only contain the user information within the orgaisation?


hmmm


Peter.

[ryan]

Gary,

I am using Outlook XP and SME 5.6u4 at home and was able to use Outlook LDAP.  First off, not to flame you, but the LDAP capablities of Outlook are crap.  I find Outlook Express to be more powerful.  Search:  dc=domain,dc=com    (that is all, just like shown in Directory on server-manager).

I was able to search for names by using either 'begins with' or 'contains' in the first name field.  If I typed "ryan" Outlook found my ldap entry.  I was able to send an email using the ldap address book search for 'ryan'.  

The only way I could get Outlook to display everything in SME ldap was to use the 'contains' option and enter either the city or state name in the 'City' field in Outlook.  This dumps all users and groups from SME ldap.  The 'City' feild in Outlook ldap search corresponds to the 'Default City' in your server-manager Directory.  I am able to pull up all data on any user and transfer it to the personal address book in Outlook with a couple of clicks.

Bout a 10 months ago, I discovered that restoring a 5.6 server with a 5.5 backup will wreck the scehma and result in failed searches.  I can't remember the errors I was getting in Outlook, but I had to resort to installing 5.5 fresh, restore my 5.5 backup, then perform an upgrade to 5.6.  

I don't use Twiggi, but IMP was not able to read the ldap directory either when I was having trouble with Outlook ldap searches due to the 5.6 restore from 5.5 backup.

Hope that helps.

ryan

[Peter]

Nice one Ryan, good info.

Are you able to add data to the directory too?

I can't  figure out how you do it from netscape I had a quick look at the mozzila pages and that sort of hints that you can't add data to an ldap directory using it.

It would be truly pants if the only way to get data into the directory is to generate a file with all the addresses and using the command line to import it into the directory.


Peter.

[ryan]

Nope, never used a client that can add to the directory, only read from it.  I would guess that would take an ldap client of some sort and SME would require root access I am guessing...but if all your users are on SME, you would already have all users in ldap....what are you wanting to do?  I don't think regular users can add to or edit the ldap directory.  I am not a linux guru, so I could be totally wrong here, just applying what I know about linux and security...users editing or adding to ldap would be a security risk in my opinion.

ryan

[Peter]

Maybe I got the wrong end of the stick...


I thought that you could use and LDAP directory as a central e-mail address book for all your comapany e-mail addresses, i.e. both internal and external.

Maybe not though, in which case what would could be used to do this instead?

Peter.

off to look at some more ldap pages..