Hi, we have no problem using outlook to browse LDAP as you describe it. We
have approximately 10000 entries in our LDAP. The only additional tuning we
have made is the optimisation by VLV index and a little change in the ACI
for the VLV Request Control:
# Replace ldap:///all (authentified users) by ldap:///anyone (everyone,
including anonymous)
# old aci: (targetattr != "aci")(version 3.0; acl "VLV Request
Control";
allow(read ,search, compare) userdn = "ldap:///all";)
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
changetype: modify
replace: aci
aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control";
allow(read,search,compare) userdn = "ldap:///anyone";)
# Add a special index for Outlook VLV
dn: cn=Outlook Browse,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
changetype: add
cn: Outlook Browse
objectClass: top
objectClass: vlvsearch
aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control";
allow(read,search,compare) userdn = "ldap:///anyone";)
vlvBase: ou=Users,dc=example,dc=com
vlvFilter: (&(mail=*)(cn=*))
vlvScope: 2
dn: cn=Outlook Browse Index,cn=Outlook Browse,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config
changetype: add
cn: Outlook Browse Index
objectClass: top
objectClass: vlvindex
aci: (targetattr != "aci")(version 3.0; acl "VLV Request Control";
allow(read,search,compare) userdn = "ldap:///anyone";)
vlvEnabled: 1
vlvSort: cn
@+
2009/11/5 Chris Bryant <cbryant-ical(a)corp.usa.net>
When configuring Microsoft Outlook (not Outlook Express) to access
an
LDAP directory, there is an option to 'Enable Browsing (requires server
support)'. If this option is chosen and the directory server supports it,
then you should be able to open the LDAP address book and page up and down
through the results. I have been unable to get this working properly with
389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able
to see the first page of results perfectly. However, if I move to the next
page, only the first object returned will have any attributes included, and
all of the rest of the objects in the page will have no attributes. I have
a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory
Server, and I can get it working with OpenDS. Since 389 DS advertises
support for the controls that are required for this to work, just like the
other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share
if there was anything special that you needed to do to get this to work?
I'm trying to determine if this is a bug in the server, or if I'm just
missing something in the configuration.
Thanks,
Chris
* USA.NET*
*You Run Your Business. We'll Run Your Email.®*
This message is for the sole use of the intended recipient(s) and may
contain confidential and/or privileged information of
USA.NET<http://www.usa.net/>,
Inc. Any unauthorized review, use, copying, disclosure, or distribution is
prohibited. If you are not the intended recipient, please immediately
contact the sender by reply email and delete all copies of the original
message.
--
389 users mailing list
389-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users