LDAP address book trouble [was: Re: Migrate Exchange 5.0 to Kolab 2]

Martin Minkler minkler at artegic.de
Thu Aug 31 11:55:05 CEST 2006 

Alohá!

Some more information on the address book communication:

the hostname of the kolab server is hive.<domain>.local

The following came out from looking at packet dumps on the client 
machine (only excerpts limited to relevant information):

When opening the ldap server address book from Outlook2003 with the base DN

dc=hive,dc=<domain>,dc=local

the client issues the bind request:
------------------------------
ldap.bind.dn = DN: (null)
ldap.bind.auth_type = Auth Type: Simple (0x00)
ldap.bind.password = Password: (null)
------------------------------
the server accepts with bind result:
------------------------------
ldap.result.code = Result Code: success (0x00)
ldap.result.matcheddn = Matched DN: (null)
ldap.result.errormsg = Error Message: (null)
------------------------------
but then the client asks search request:
------------------------------
ldap.search.basedn = Base DN: (null)
ldap.search.scope = Scope: Base (0x00)
ldap.search.dereference = Dereference: Never (0x00)
ldap.search.typesonly = Attributes Only: False
ldap.search.filter = Filter: (objectclass=*)
ldap.attribute = Attribute: objectClass
ldap.attribute = Attribute: supportedControl
ldap.attribute = Attribute: supportedCapabilities
------------------------------
Why doesn't it ask the base DN I entered in the options field in 
outlook? Is this supposed to return the whole tree?
Now the server responds with search entry:
------------------------------
ldap.dn = Distinguished Name: (null)
ldap.attribute = Attribute: objectClass
	ldap.value = Value: top
	ldap.value = Value: OpenLDAProotDSE
	ldap.value = Value: kolab
ldap.attribute = Attribute: supportedControl
	ldap.value = Value: 2.16.840.1.113730.3.4.18
	[...]
------------------------------
and then sends the search result:
------------------------------
ldap.result.code = Result Code: success (0x00)
ldap.result.matcheddn = Matched DN: (null)
ldap.result.errormsg = Error Message: (null)
------------------------------

But now for an even more curious part, the same base DN set for a 
Thunderbird LDAP address book and Thunderbird requesting a complete 
offline copy, communication looks a bit different:

bind request and bind result are the same, so omitted here, but the 
search request shows the proper Base DN:
------------------------------
ldap.search.basedn = Base DN: dc=hive,dc=<domain>,dc=local
ldap.search.scope = Scope: Subtree (0x02)
------------------------------
the search result:
------------------------------
ldap.result.code = Result Code: noSuchObject (0x20)
------------------------------

Now, if I use the Base DN dc=<domain>,dc=<tld> that is shown in the web 
interface of kolab when creating a new external user in the address book 
(actually it shows cn=<username>,cn=external,dc=<domain>,dc=<tld>), the 
search request shows that Base DN:
------------------------------
ldap.search.basedn = Base DN: dc=<domain>,dc=de
ldap.search.scope = Scope: Subtree (0x02)
------------------------------
the search entry returns:
------------------------------
ldap.dn = Distinguished Name: dc=<domain>,dc=<tld>
ldap.attribute = Attribute: dc
	ldap.value = Value: <domain>
ldap.attribute = Attribute: objectClass
	ldap.value = Value: top
	ldap.value = Value: domain
------------------------------
a second search entry packet following right behind it:
------------------------------
ldap.dn = Distinguished Name: cn=external,dc=<domain>,dc=<tld>
ldap.attribute = Attribute: cn
	ldap.value = Value: external
ldap.attribute = Attribute: objectClass
	ldap.value = Value: top
	ldap.value = Value: kolabNamedObject
------------------------------
The same follows for cn=groups and cn=resources and after that all the 
entries of the ldap tree are returned to the client!

To make things even more frustrating Thunderbird only triggered this 
communication when requesting an offline copy of the address book, 
otherwise nothing was said between client and server and even then, 
after the server returned all the entries of the tree, the address book 
in thunderbird stayed blank, nothing, zilch.
At least it did get a response from the server and even a proper one 
(judging from my very-little-ldap-knowledge-point-of-view) after issuing 
a request while Outlook simply ignored the Base DN I set.

Does anybody have any clue as to why

- Outlook does not use the base dn set in the options

- there is no communication from Thunderbird if no full offline copy is 
requested manually (OT, I know)

- The base DN set to the server name as described in the tutorial 
(dc=hive,dc=<domain>,dc=local) returns no results

- a completely different Base DN build from the mail domain does indeed 
return _all_ entries (maybe because the users email fields contain that 
value dc=<domain>,dc=<tld>)

- even after a successful query the address book in Thunderbird still 
stays blank (again OT I guess)

Thanks for digging through this LONG post!


not giving up hope

Martin

More information about the users mailing list