Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Querying Active Directory for groups
  •  
Jean-Christophe_V

Messages: 11
Karma: 0
Send a private message to this user
I know the problem is not really involving KMS but as KMS can use Active Directory users and Groups it would be a good thing to continue using Active directory for LDAP (as Oulook seems to catch more informations from a AD user account than KMS does).

So, with Outlook 2003, it's easy to add an LDAP account querying the users with a search string like ou=MyDomainUsers,dc=mydomain,dc=com

But this query returns only users not the groups even those with an email account.

If someone knows how to do this, please post the answer.
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
I don't use Outlook, but I imagine Outlook has an LDAP filter in place. If its not hard-coded, it would be in the preferences somewhere and probably look like:

(&(objectClass=person)(objectCategory=user))


You would need to modify this filter to something else. I'm not in a position to get you that information at this time, though ;)

If you see something like this in your preferences, let me know and I'll dig up the LDAP filter you'll probably need. You could erase the entire filter for now, but stuff like computer accounts would show up in queries. But at least that would help you test things out.

HTH,
Jacob


Jean-Christophe_V wrote on Fri, 23 July 2004 13:58

I know the problem is not really involving KMS but as KMS can use Active Directory users and Groups it would be a good thing to continue using Active directory for LDAP (as Oulook seems to catch more informations from a AD user account than KMS does).

So, with Outlook 2003, it's easy to add an LDAP account querying the users with a search string like ou=MyDomainUsers,dc=mydomain,dc=com

But this query returns only users not the groups even those with an email account.

If someone knows how to do this, please post the answer.


Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
Jean-Christophe_V

Messages: 11
Karma: 0
Send a private message to this user
In Outlook, the only way I know to specify the query is to go to the search tab of the LDAP account.

But if you look in the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Default Outlook Profile,
you will see 2 REG_SZ value in a sub-folder, one of them is the search string saved in the LDAP search tab : ou=MyUsers,dc=MyCompany,dc=com

the other one is : (&(mail=*)(|(mail=%s*)(|(cn=%s*)(|(sn=%s*)(givenName=%s* )))))

May be this one could be hacked...
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
The key containing the value:

(&(mail=*)(|(mail=%s*)(|(cn=%s*)(|(sn=%s*)(givenName=%s* )))))


... would be it. That's a really odd filter. I'll have to parse that into my brain when I get a chance... no, okay, let's try now:

(&
  (mail=*)
  (|
    (mail=%s*)
      (|
        (cn=%s*)
        (|
          (sn=%s*)
          (givenName=%s*)
        )
      )
  )
)


& = and
| = or

Yep, need more coffee, but it looks like they want an object with an email address and a full name of some sort.

Examining one of our AD groups with a "KMS email address", using Microsoft's LDP.EXE, I see both the mail and cn attributes are set, so an AD group with an email address SHOULD show up in searches.

Just to double-check, are these groups under the ou=MyUsers,dc=MyCompany,dc=com OU?

Jacob


Jean-Christophe_V wrote on Tue, 27 July 2004 10:43

In Outlook, the only way I know to specify the query is to go to the search tab of the LDAP account.

But if you look in the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Default Outlook Profile,
you will see 2 REG_SZ value in a sub-folder, one of them is the search string saved in the LDAP search tab : ou=MyUsers,dc=MyCompany,dc=com

the other one is : (&(mail=*)(|(mail=%s*)(|(cn=%s*)(|(sn=%s*)(givenName=%s* )))))

May be this one could be hacked...

[Updated on: Tue, 27 July 2004 20:01]


Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
Jean-Christophe_V

Messages: 11
Karma: 0
Send a private message to this user
jshaw541 wrote on Tue, 27 July 2004 20:00


Just to double-check, are these groups under the ou=MyUsers,dc=MyCompany,dc=com OU?





Yes they are some groups there and also in the others ou below MyUsers.


I think I've also discovered where the " (&(mail=*)(|(mail=%s*)(|(cn=%s*)(|(sn=%s*)(givenName=%s* )))))" comes from. It's in in the [EMABLT] section of the MAPISVC.INF file located at C:\Program Files\Fichiers communs\System\MSMAPI\1036 (for a french user). So we know how to change it :-)
Previous Topic: Removed FreeBusy function in Office 2003 SP1
Next Topic: Entourage 2004 vs VX
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 01:28:43 CET 2017

Total time taken to generate the page: 0.00449 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.