| Author | Messages | |
ihblist
Posts:1
 | | 12/23/2005 5:08 AM |
| We have a couple Sharp copiers that we want to setup so that they can
query the name and email addresses from the GAL.
This is so that when users want to send a scanned image to another
user, the person just need to type in the first character of the
recipient first and last name, instead of the whole email address.
My question is, I have created a user in the Active Directory that
will be used just for this, since Active Directory won't allow
anonymous LDAP query, but what kind of permissions should I give to
this user in order to do this, because I'm still out of luck making
this work.
The other thing is what is the correct search base to do this, does
CN=domain,CN=name,CN=com should do it?
Thank You
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:455
| | 12/23/2005 5:24 AM |
| Depends on the security of your AD but a normal user should be able to query
a user and return an email address.
Unless you have a single domain forest I would recommend hitting the GC
(port 3268) in which case the base could be a the forest root domain or a
null base (if you have multiple trees in the forest). If a single domain,
DC=domain,DC=com would be the format for domain.com.
How are you specifying the credentials? DN, UPN, or NT style? What is the
actual query?
joe
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Irwan Hadi
Sent: Friday, December 23, 2005 12:07 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Email Address Lookup thru LDAP for external copier.
We have a couple Sharp copiers that we want to setup so that they can query
the name and email addresses from the GAL.
This is so that when users want to send a scanned image to another user, the
person just need to type in the first character of the recipient first and
last name, instead of the whole email address.
My question is, I have created a user in the Active Directory that will be
used just for this, since Active Directory won't allow anonymous LDAP query,
but what kind of permissions should I give to this user in order to do this,
because I'm still out of luck making this work.
The other thing is what is the correct search base to do this, does
CN=domain,CN=name,CN=com should do it?
Thank You
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| ihblist
Posts:1
| | 12/24/2005 3:38 AM |
| Thanks Joe, it works. The problem why it didn't work before was the
way the credentials defined. I need to define it as DOMAIN\username,
and for authentication I need to use BASIC (plain), and no NTLM or
Kerberos.
The only problem now is just if someone try to lookup email address
that starts with 's', s/he will see everybody whose email starts with
's' and also systemmailboxes@domain.
If someone try to lookup email address that starts with 'i', then s/he
will also see the inetorg@domain email.
I will try to research this further.
Thanks
On 12/23/05, joe wrote:
> Depends on the security of your AD but a normal user should be able to query
> a user and return an email address.
>
> Unless you have a single domain forest I would recommend hitting the GC
> (port 3268) in which case the base could be a the forest root domain or a
> null base (if you have multiple trees in the forest). If a single domain,
> DC=domain,DC=com would be the format for domain.com.
>
> How are you specifying the credentials? DN, UPN, or NT style? What is the
> actual query?
>
> joe
>
>
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Irwan Hadi
> Sent: Friday, December 23, 2005 12:07 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Email Address Lookup thru LDAP for external copier.
>
> We have a couple Sharp copiers that we want to setup so that they can query
> the name and email addresses from the GAL.
>
> This is so that when users want to send a scanned image to another user, the
> person just need to type in the first character of the recipient first and
> last name, instead of the whole email address.
>
> My question is, I have created a user in the Active Directory that will be
> used just for this, since Active Directory won't allow anonymous LDAP query,
> but what kind of permissions should I give to this user in order to do this,
> because I'm still out of luck making this work.
> The other thing is what is the correct search base to do this, does
> CN=domain,CN=name,CN=com should do it?
>
> Thank You
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| listmail
Posts:455
| | 12/24/2005 3:42 AM |
| What is the filter you have defined?
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Irwan Hadi
Sent: Friday, December 23, 2005 10:37 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] Email Address Lookup thru LDAP for external copier.
Thanks Joe, it works. The problem why it didn't work before was the way the
credentials defined. I need to define it as DOMAIN\username, and for
authentication I need to use BASIC (plain), and no NTLM or Kerberos.
The only problem now is just if someone try to lookup email address that
starts with 's', s/he will see everybody whose email starts with 's' and
also systemmailboxes@domain.
If someone try to lookup email address that starts with 'i', then s/he will
also see the inetorg@domain email.
I will try to research this further.
Thanks
On 12/23/05, joe wrote:
> Depends on the security of your AD but a normal user should be able to
> query a user and return an email address.
>
> Unless you have a single domain forest I would recommend hitting the
> GC (port 3268) in which case the base could be a the forest root
> domain or a null base (if you have multiple trees in the forest). If a
> single domain, DC=domain,DC=com would be the format for domain.com.
>
> How are you specifying the credentials? DN, UPN, or NT style? What is
> the actual query?
>
> joe
>
>
> -----Original Message-----
> From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
> [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Irwan Hadi
> Sent: Friday, December 23, 2005 12:07 PM
> To: ActiveDir@xxxxxxxxxxxxxxxxxx
> Subject: [ActiveDir] Email Address Lookup thru LDAP for external copier.
>
> We have a couple Sharp copiers that we want to setup so that they can
> query the name and email addresses from the GAL.
>
> This is so that when users want to send a scanned image to another
> user, the person just need to type in the first character of the
> recipient first and last name, instead of the whole email address.
>
> My question is, I have created a user in the Active Directory that
> will be used just for this, since Active Directory won't allow
> anonymous LDAP query, but what kind of permissions should I give to
> this user in order to do this, because I'm still out of luck making this
work.
> The other thing is what is the correct search base to do this, does
> CN=domain,CN=name,CN=com should do it?
>
> Thank You
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|