Thursday, January 10, 2008

Apple Address Book and Microsoft Exchange (LDAP)

I had a short discussion this afternoon with a fellow Mac fanatic (KMF) discussing the problem we both share and that is: Accessing Microsoft Exchange from Mac OS X.

There are three elements that you would mostly be interested in: email, calendar and contacts. This quick howto deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).

Step 1: Determine the default naming context (base dn) for the search

- Fire up Terminal and issue an ldapsearch to determine the default naming context:

$ldapsearch -h -x -b '' -s base '(objectclass=*)' 'namingContexts'

- Search for the lines beginning with "namingContexts":

namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com

namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com

The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (btw - this will work on other LDAP servers too), ie. DC=mycompany,DC=com.

Step 2: Configure Address Book to query the server

- Fire up Address Book and go to the Preferences (Command + ,). Select the LDAP tab.

- Hit the "+" to add a new server.

- In the "Server" field complete the hostname of your Exchange server or Active Directory domain controller in the case of larger companies.
- In the "Search Base" use the information that you retrieved from "ldapsearch" earlier. It will be in the format DC=company,DC=com.
- Choose "Simple" authentication.
- "User Name" should be your normal Windows logon.
- "Password" again, your Windows password.

Step 3: Searching your Global Address list.

- Address Book will automatically query the server whenever you search for a name.

This will also happen whenever you type new addresses into when composing emails.

Hope this helps!


-- O2U -- said...
This comment has been removed by the author.
Unknown said...

You rock. Thanks. Worked like a charm.

Unknown said...

I've been trying to get this to work for so long. Thanks so much!

Luke Davison said...

This is exactly what I was looking for. Thanks!!

Lorenz said...

Hi! I installed a fresh OSX 10.5 yesterday, after my 10.4 installation got on my nerves. Under 10.4 I used Mail and AddressBook in parrallel to Entourage. All of these apps worked fine with my company's global Exchange address book.

Now only Entourage works. I tried your Howto and got this:

ldapsearch -h ablncen301 -x -b '' -s base '(objectclass=*)' 'namingContexts'
# extended LDIF
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts

namingContexts: CN=Configuration,DC=asv-root,DC=local
namingContexts: CN=Schema,CN=Configuration,DC=asv-root,DC=local
namingContexts: DC=asv,DC=local
namingContexts: DC=ForestDnsZones,DC=asv-root,DC=local
namingContexts: DC=DomainDnsZones,DC=asv,DC=local

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

After that I followed your Hwoto step by step. Tried adding and removing the LDAP server from my proxy exception list... nothing.

When I enter a name in it searches for a couple seconds but never finds anything.

Any ideas?

stephanbuys said...

Hi Lorenz,

Are you usingDC=asv,DC=local for the Search Base?
Also, double check the DOMAIN... if your case it probably is something like ASV.LOCAL\username...

Hope that helps...

Lorenz said...

"DC=asv,DC=local" - yes and no. Tried both.

Also as username I tried all possible combinations of asv, ASV, asv.local, ASV.LOCAL and my username in CAPS or small... triple checked the password. I'm lost here :)

Samuele said...
This comment has been removed by the author.
Unknown said...

I notice you are using port 389. My address book defaults to port 3268. Can you provide any pointers on that?

professor said...

Is there a way to get to your personal contact list stored in exchang?e

Unknown said...

"Professor" asks if there is a way to access your personal contact list from Exchange - you can set this up in Address Book preferences. You'll need the URL of your OWA (Outlook Web Access) server.

myha said...

Hi man,

I have been trying to get this to work for quite some time now without any luck - but now it finally works!!! :)


Scott said...

Lorenz: If I had to take a completely wild guess, it's because the top-level-domain of your forest is ".local"

For a long time Microsoft was advising people that if they didn't want to purchase a "real" domain name (like .org, .com, etc...) they should use .local but this conflicts with rendezvous / zeroconf.

Macs will (I believe) refuse to query DNS servers for .local addresses, relying on a broadcast-based zeroconf resolution instead.

All this said, I could be completely wrong.

stephanbuys said...

"m prewitt" - 3268 should also work. It is the port of the "Global Catalog" and contains some information for Address Book purposes.

stephanbuys said...

"m prewitt" - 3268 should also work. It is the port of the "Global Catalog" and contains some information for Address Book purposes.

TLM said...
This comment has been removed by the author.
TLM said...

In the following, "abcd" and "company" are text replacements. In my case, terminal returns
namingContexts: CN=Configuration,DC=company,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=company,DC=com
namingContexts: DC=abcd,DC=company,DC=com
namingContexts: DC=ForestDnsZones,DC=company,DC=com
namingContexts: DC=DomainDnsZones,DC=abcd,DC=company,DC=com

I used the third from the top, and it's not working. Also, as far as the server field goes, I've tried and the name I use in Entourage for the LDAP server, which is

Address Book either comes back in seconds with no hits, or pinwheels (next to the search field) for about 3 minutes and has no hits. Any ideas?

Matt Darby said...

Thanks for the tips! Port 387 would not work for me, but port 3268 worked like a charm!

TLM said...

I figured out the issue: My "domain" was not, but just the abcd. I found some tips I wrote for myself for Mac Outlook, and I had had the same suggestions there.

Endy said...

One little glitch: it displays first names only. Any idea to solve that? Entourage works pretty well with that.

stephanbuys said...

endre, the only thing that comes to mind is that the LDAP/Exchange server does not contain the data captured correctly. Check with your Administrator.

Unknown said...

I can setup Apple mail but I can't do Address Book.
Tried your setup but nothing.
Any idea?

Wushin said...

Great !!! After different tried got it working
The trick for me was to put domain/usrname when I was trying before without domain


CuJo said...

It took me days to figure this out but I eventually got it to work by using the IP address of my exchange box on port 3268. Thanks for the help.

Anonymous said...

Awesome, awesome, awesome. Take that, IT ignoramuses!

Laurent Daudelin said...

Doesn't work at all for me. The progress spins one or two seconds, but that's it.

The Green Monster said...

Found this today. THANK YOU
added to my favs