LDAP and Outlook 2000 (2000 Office SP3)

Topic

New Reply

I’ve recently installed a Windows 2003 server on the network. We use MDaemon as our e-mail server software with clients connecting via POP3. This works fine, but one problem is the management and distribution of centralised e-mail lists. I’ve used Active Directory to set up users in a dedicated OU tree, and entered e-mail address and telephone details for each user and some mailing lists as contacts. Outlook is then able to connect to this directory via LDAP and retrieve the information. I’ve also created an ASP page on our intranet to use LDAP to populate an internal phone and e-mail list. All this works a treat, but I have two issues that I was hoping someone may be able to help me with.

1. Is there a way to tell Outlook 2000 to do an LDAP lookup before it looks in the users Contacts folder for e-mail addresses? Previously I was using an “internal” contacts list synchronised to Mdaemon, and it was fairly easy to alter the order the contact folders were queried. With LDAP, the system seems to only want to look up in the order “local contact folders” and then LDAP.

2. Does anyone know how to alter the authentication method used for the LDAP lookup. At the moment I can get Outlook 2000 to connect to LDAP if I change from Corporate service to Internet Only, or if I use Outlook Express. I can’t get Outlook XP to connect to the LDAP server at all. The key setting that is available with Internet Only Outlook 2000 and Outlook Express is “Log on using secure password authentication”. Without this ticked I get no connection. If I tick it and enter username/password it connects a treat. Other Outlook setups don’t seem to offer this alternative, and won’t connect.

Reply | Quote

Replies

Hi,
Re your question 2 and Outlook XP, have you tried Tools-Email accounts, then select the ‘Add a new directory or address book’ option, choose ‘Internet Directory Service (LDAP)’ and fill in the relevant information?

Reply | Quote

Yes. You can set up an LDAP connection, but it won’t connect. Outlook XP doesn’t seem to have the “Use Secure Password Authentication” option that my Win 2003 server seems ot require. I hit the same problem with the Outlook 2000 Corporate setup (which gives you “services” in the tool menu rather than “accounts”). If you go into Sevices in Outlook 2000 and set up an LDAP connection, again there is no “Use Secure Password Authentication” option and I fail to connect. Switch to Internet only and set up the connection via “Accounts” in the tools menu, put a tick in “Use Secure Password Authentication” and it works a treat.

Reply | Quote

Do you get an error message with your current setup? If so does Microsoft Knowledge Base Article 329660 have any relevance? Or do you simply get nothing happening?

Reply | Quote

I only have one user running Office XP and they are at SP2. I’ll apply SP3 and see if that helps them.

However, everyone else is on Office 2000.

Reply | Quote

Sorry to question what you have said about Secure Password Authentication. This option does exist in Outlook 2003 (and, from memory, in Outlook XP) under Tools|Options|Mail Setup|E-Mail Accounts|View or Change|Change – possibly under More Settings. HTH

Reply | Quote

In Outlook XP in Change (same path as yours) there is a tick box for “This server requires me to log on”. If I got to the More Setting, there is a tick box to use SSL. The latter does not seem to do the same as Secure Password Authentication. If you look at Outlook Express (XP SP2 version for example) you’ll see that this has both a “Secure Password Authentication” (General Tab) and “SSL” (Advanced tab) option. The two are not the same. Having played with using Outlook Express to connect to AD/LDAP I can assure you the two are different.

However, this is going off subject a little. Can anyone help me with changing the search order, so that systems check LDAP before contacts? Any suggestions on how I go about altering the LDAP access rights?

Reply | Quote

Agreed: “Secure Password Authentication” and “SSL” are not the same option. At least, however, we seem to have resolved the second of your two questions.

Reply | Quote

Ummmm. Well….. I’m still at the same point. I know how to set up Outlook 2000 (company standard) and Outlook Express to connect to AD via LDAP. However, as other Outlook set ups (XP and 2000 in Corporate mode) don’t offer the “Secure Password Authentication” option, I’d like to know how I can change the authentication method at the server so as not to require this option at the client end – perhaps I should have put that more clearly.

Also my main head ache is the search order.

I appreciare the help so far.

Reply | Quote

Edited by unkamunka to make the MSKB link “live”

I think it may make sense to split this query in two. I’ve found this article:

Microsoft Knowledge Base Article 326690

But don’t seem to have the tools it is suggesting I alter my settings with. I’ll start a new post in one of the server forums to answer this part of the query.

Therefore – Anyone any ideas for the search order in Outlook?

Reply | Quote

On looking at the MSKB article, it seems that you will need to access dsHeuristic attribute using ADSI Edit. (ADSI Edit is a powerful low level editor, supplied by Microsoft in a free Resource Kit, that should be used with caution. HTH

Reply | Quote

Thank you. I’ll have a look at that resource kit.

I’ve just found this: http://support.microsoft.com/?kbid=245830

However, changing the user name to the cn=username,cn=domain format worked, but only if the “Log on using secure authentication” was ticked. So no improvement, just a slightly more complicated username string.

Reply | Quote

Just a general point on entering web links in the Lounge – when you are making a post.

If you want to enter a link to the Microsoft Knowledge Base (article 245830), you need to enter [mskb=245830] – which produces Microsoft Knowledge Base Article 245830.

Alternatively, you can make a (“any old”) web address “live” by entering http://support.microsoft.com/?kbid=245830 – which produces http://support.microsoft.com/?kbid=245830%5B/url%5D.

More detail is at Help 19.

HTH

Reply | Quote

Thanks for the advice. I used it in post 434120 which also explains why I’m no longer looking at changing the permissions at the server.

Still looking for help with the search order – default is Contact then LDAP. I want to change it to LDAP then Contacts.

Reply | Quote

If you choose Tools-Address Book… and then select Tools-Options, there should be an option to change which one appears first.

Reply | Quote

I don’t get Tools-Options, rather Tools-Accounts. Here these is an option to change the order of LDAP directory queries, but this doesn’t include the Outlook “Contacts” address book. So users still default to the Contacts book before looking at LDAP.

Reply | Quote

Sorry, I keep forgetting that most of your machines are 2000 not 2002. I don’t have 2000 installed anywhere at the moment but am planning to set up some test machines at home next week so if you don’t get an answer from someone else before then, I will see what I can come up with. Is there a trial version of MDaemon that can be downloaded for testing purposes, do you know?

Reply | Quote

No problem at all. There is a trial version of MDaemon. You can get it from http://www.altn.com[/url%5D. However, you should be able to replicate the problem without MDaemon. I’m picking the e-mail addresses by storing them in each users details in AD and then using Outlook’s LDAP option to query AD. It works well except if people have large lists on people in the Outlook Contracts list. Then the system tends to come up with the address in the contact list rather than one from LDAP (or both).

Reply | Quote

No problem at all. There is a trial version of MDaemon. You can get it from http://www.altn.com[/url%5D. However, you should be able to replicate the problem without MDaemon. I’m picking the e-mail addresses by storing them in each users details in AD and then using Outlook’s LDAP option to query AD. It works well except if people have large lists on people in the Outlook Contracts list. Then the system tends to come up with the address in the contact list rather than one from LDAP (or both).

Reply | Quote

Sorry, I keep forgetting that most of your machines are 2000 not 2002. I don’t have 2000 installed anywhere at the moment but am planning to set up some test machines at home next week so if you don’t get an answer from someone else before then, I will see what I can come up with. Is there a trial version of MDaemon that can be downloaded for testing purposes, do you know?

Reply | Quote

I don’t get Tools-Options, rather Tools-Accounts. Here these is an option to change the order of LDAP directory queries, but this doesn’t include the Outlook “Contacts” address book. So users still default to the Contacts book before looking at LDAP.

Reply | Quote

If you choose Tools-Address Book… and then select Tools-Options, there should be an option to change which one appears first.

Reply | Quote

Thanks for the advice. I used it in post 434120 which also explains why I’m no longer looking at changing the permissions at the server.

Still looking for help with the search order – default is Contact then LDAP. I want to change it to LDAP then Contacts.

Reply | Quote

Thank you. I’ll have a look at that resource kit.

I’ve just found this: http://support.microsoft.com/?kbid=245830

However, changing the user name to the cn=username,cn=domain format worked, but only if the “Log on using secure authentication” was ticked. So no improvement, just a slightly more complicated username string.

Reply | Quote

On looking at the MSKB article, it seems that you will need to access dsHeuristic attribute using ADSI Edit. (ADSI Edit is a powerful low level editor, supplied by Microsoft in a free Resource Kit, that should be used with caution. HTH

Reply | Quote

Edited by unkamunka to make the MSKB link “live”

I think it may make sense to split this query in two. I’ve found this article:

Microsoft Knowledge Base Article 326690

But don’t seem to have the tools it is suggesting I alter my settings with. I’ll start a new post in one of the server forums to answer this part of the query.

Therefore – Anyone any ideas for the search order in Outlook?

Reply | Quote

Ummmm. Well….. I’m still at the same point. I know how to set up Outlook 2000 (company standard) and Outlook Express to connect to AD via LDAP. However, as other Outlook set ups (XP and 2000 in Corporate mode) don’t offer the “Secure Password Authentication” option, I’d like to know how I can change the authentication method at the server so as not to require this option at the client end – perhaps I should have put that more clearly.

Also my main head ache is the search order.

I appreciare the help so far.

Reply | Quote

Agreed: “Secure Password Authentication” and “SSL” are not the same option. At least, however, we seem to have resolved the second of your two questions.

Reply | Quote

In Outlook XP in Change (same path as yours) there is a tick box for “This server requires me to log on”. If I got to the More Setting, there is a tick box to use SSL. The latter does not seem to do the same as Secure Password Authentication. If you look at Outlook Express (XP SP2 version for example) you’ll see that this has both a “Secure Password Authentication” (General Tab) and “SSL” (Advanced tab) option. The two are not the same. Having played with using Outlook Express to connect to AD/LDAP I can assure you the two are different.

However, this is going off subject a little. Can anyone help me with changing the search order, so that systems check LDAP before contacts? Any suggestions on how I go about altering the LDAP access rights?

Reply | Quote

Sorry to question what you have said about Secure Password Authentication. This option does exist in Outlook 2003 (and, from memory, in Outlook XP) under Tools|Options|Mail Setup|E-Mail Accounts|View or Change|Change – possibly under More Settings. HTH

Reply | Quote

I only have one user running Office XP and they are at SP2. I’ll apply SP3 and see if that helps them.

However, everyone else is on Office 2000.

Reply | Quote

Do you get an error message with your current setup? If so does Microsoft Knowledge Base Article 329660 have any relevance? Or do you simply get nothing happening?

Reply | Quote

Yes. You can set up an LDAP connection, but it won’t connect. Outlook XP doesn’t seem to have the “Use Secure Password Authentication” option that my Win 2003 server seems ot require. I hit the same problem with the Outlook 2000 Corporate setup (which gives you “services” in the tool menu rather than “accounts”). If you go into Sevices in Outlook 2000 and set up an LDAP connection, again there is no “Use Secure Password Authentication” option and I fail to connect. Switch to Internet only and set up the connection via “Accounts” in the tools menu, put a tick in “Use Secure Password Authentication” and it works a treat.

Reply | Quote