#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    5
    Rep Power
    0

    Open LDAP and rootDSE (Outlook compatibility)


    I have been trying to investigate what is needed in openldap to have Outlook display a list of names in the addressbook when first accessed in the same way that it does with ActiveDirectory.

    It seems that the major difference is that AD supplies defaultNamingContext and several different supportedControl and supportedCapability attributes.

    I have tried adding these in using the rootDSE attribute. The file I point to looks something like this:

    dn:
    defaultNamingContext: dc=psysolutions,dc=com
    supportedControl: 1.2.840.113556.1.4.319
    ...
    supportedCapabilities: 1.2.840.113556.1.4.800
    etc

    The problem (at this stage) is that although these attributes now appear in the root DSE just fine, firstly the ones that are not defined normally (i.e. defaultNamingContext and supportedCapabilities) become capitalized (though I don't think this is an issue) in the output but worse, they appear even when not requested for. That is, if I request defaultNamingContext, I also get the supportedCapabilities. If I request nothing, I get both sets. If I request something undefined, I also get them. The only way not to get them is to request a normal attribute.

    This is now apparently also getting in the way of Outlook doing the aforementioned lookup. Looking at the conversation going on over the network, we have

    Base level
    ========
    >Outlook requests auth
    <Outlook gets auth
    >Outlook requests defaultNaming protocol
    <Outlook receives nothing
    >Outlook requests supportedControl and supportedCapabilities
    <Outlook receives the openldap supportedControls
    .converstation stops (pending further requests)

    With defaultNamingContext only defined in rootDSE
    ======================================
    >Outlook requests auth
    <Outlook gets auth
    >Outlook requests defaultNaming protocol
    <Outlook receives DEFAULTNAMINGCONTEXT
    >Outlook requests supportedControl and supportedCapabilities
    <Outlook receives the openldap supportedControls
    .converstation stops (pending further requests)

    Hmm, looking at it written down, the defaultnamingcontext doesn't appear to make much difference

    With def-name-cont and supportedControls/Caps
    ====================================
    >Outlook requests auth
    <Outlook gets auth
    >Outlook requests defaultNaming protocol
    <Outlook receives DEFAULTNAMINGCONTEXT and SUPPORTEDCAPABILITIES
    .converstation stops (pending further requests)

    So it looks like Outlook receiving the SUPPORTEDCAPABILITIES (which is didn't request) causes it to give up.

    So what I am looking for is how to specify operational attributes such that they are not returned when they are not requested. Having them returned in the case in which they are specified would be nice too. Anyone have any ideas here?

    Rich
    Attached Files
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    5
    Rep Power
    0
    OK, I took out the problem entries and it looks like Outlook is trying to use the following extensions:

    1.2.840.113556.1.4.473
    2.16.840.1.113730.3.4.9

    The former is

    LDAP_SERVER_SORT_OID

    The latter is

    VLV Request LDAPv3 control

    One of these is apparently critical for Outlook. And it's likely that there are probably other things that would be critical if things got further. Well, I guess that's as far as I'm going to get for now. Wonder is openldap is going to have these added anytime soon...

    Rich

IMN logo majestic logo threadwatch logo seochat tools logo