Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use Address Book with Microsoft Exchange using LDAP Apps
This quick how-to deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).

Step 1: Determine the default naming context (base dn) for the search. Fire up Terminal and issue an ldapsearch to determine the default naming context:

$ ldapsearch -h your.exchange.server -x -b '' -s base '(objectclass=*)' 'namingContexts'

Search for the lines beginning with namingContexts:
namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com
The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (BTW, this will work on other LDAP servers, too). In this case, that's the first line, ie. DC=mycompany,DC=com.

Step 2: Configure Address Book to query the server. Fire up Address Book and go to the Preferences (Command-,). Select the LDAP tab, then click the "+" to add a new server. In the Server field, complete the hostname of your Exchange server (or Active Directory domain controller in the case of larger companies). In the Search Base field, use the information that you retrieved from ldapsearch earlier. It will be in the format DC=company,DC=com. Choose Simple authentication, and User Name and Password should be your standard Windows login credentials.

From now on, Address Book will automatically query the server whenever you search for a name. This will also happen whenever you type new addresses into Mail.app when composing emails. If you need more help, my original blog entry contains some additional detail and screenshots.
    •    
  • Currently 3.45 / 5
  You rated: 4 / 5 (11 votes cast)
 
[64,529 views]  

Use Address Book with Microsoft Exchange using LDAP | 31 comments | Create New Account
Click here to return to the 'Use Address Book with Microsoft Exchange using LDAP' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use Address Book with Microsoft Exchange using LDAP
Authored by: pub3abn on Apr 30, '08 07:57:06AM

I've been trying to get this to work for a long time, as our IT department is totally apathetic and clueless toward Mac users. The terminal command worked, and I configured Address Book as explained in the hint. But still no results from directory searches. :-(



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: pub3abn on Apr 30, '08 08:07:01AM

OK, I fixed it. I had the wrong port. Changed it to 389. Also had to add "DOMAIN\" before my username. Thanks for the screenshots and other info on your blog!



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: PancakeMan on Apr 30, '08 09:51:01AM

YES! I'd rate this ten stars if I could!



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: tandemrepeat on Apr 30, '08 10:01:03AM

Agreed - this is an awesome hint.



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: tandemrepeat on Apr 30, '08 10:04:14AM

Note - the data obtained from the parent hint can be plugged into Entourage. Just setup a new LDAP entry under Account Settings/Directory Services...



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: corienti on Apr 30, '08 10:05:51AM

Major clue: Address Book does NOT fetch and display all address records from the Exchange server and display them.

You MUST enter a name in the search box in Address Book, to get any results. It then searches the server and returns matching results.

Huge thanks stephanbuys - I have been trying to get this working forever, scouring Google and so forth, but it never worked for me.
I even could retrieve the entire email address list using ldapsearch.

What I was missing - the VITAL piece - was I was expecting to see a full and complete list when I clicked on the domain's entry under Directories in Address Book.
That never showed anything, so I thought it never worked.
As it turns out, it never does that - you have to enter a search string. ONLY THEN will it show you any results.
So I've not been able to use it all this time because I was not understanding that behaviour.
I finally clicked after looking at your howto that you linked to - and saw how you had search text entered.

PS, I also had to enter my username in the form DOMAIN\user.

Thanks again stephanbuys!




[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: hamarkus on Apr 30, '08 12:32:02PM

Does Outlook (on Windows) show all entries without searching? I never used Outlook (the closest I got was looking over my colleagues' shoulders using it), and for me searching a (web) server always meat typing in a search term.
(Just trying to understand why some people expect to see a list and others do not.)



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: corienti on May 01, '08 12:53:08AM

Exactly - it does. Outlook shows you a list of all entries is has - no need to enter a search term.
So that's the behavior I was expecting in Address Book, because I was used to Outlook on a PC.

I was subjected to using Outlook on windows (and windows itself) for many years before I moved to a new job where they don't force me to use windows. I highly recommend making such a move, if it is possible for your individual circumstances - it's been wonderful not to have to use windows at work any longer.
I told the old company in my exit interview that one part of why I was leaving was that I was sick of being forced to use windows, and I told the new company in the interview that I wanted to work on an iMac, and they were fine with that.




[ Reply to This | # ]
What if Exchange and Active Directory aren't on the same box?
Authored by: porkchop_d_clown on Apr 30, '08 12:27:52PM

[porkchop@shadowjack ~]> ldapsearch -h exchange.company.org -x -b '' -s base '(objectclass=*)' 'namingcontexts'
ldap_bind: Can't contact LDAP server (-1)



---
Everyone loves a clown, but no one will lend him money!



[ Reply to This | # ]
What if Exchange and Active Directory aren't on the same box?
Authored by: ScottTFrazer on Apr 30, '08 01:37:49PM

Try putting the full name of your domain controller / active directory server where the hint suggested an exchange server. That worked for me.



[ Reply to This | # ]
What if Exchange and Active Directory aren't on the same box?
Authored by: habesct on May 01, '08 09:16:22AM

I am having the same issue, but how do you determine that info? I know the exchange server from my outlook settings, but how can I possibly find the AD info without IT help?



[ Reply to This | # ]
What if Exchange and Active Directory aren't on the same box?
Authored by: corienti on May 01, '08 10:17:04AM
Try this, where "xyz" is the domain name of your company on your internal network.
(ie, if your mail server was mail.xyz.com)

dig -t SRV _ldap._tcp.xyz.com

... what should get returned is something like this:

0 100 389 domain-server.xyz.com.

And that - domain-server.xyz.com - is your AD server. That's what you need to use with ldapsearch.

[ Reply to This | # ]

What if Exchange and Active Directory aren't on the same box?
Authored by: habesct on May 01, '08 12:27:15PM

Awesome... that did it! Thank you very much for the help!



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: hamarkus on Apr 30, '08 12:36:56PM

BTW, my ldap is only ou=..., o=..., and c=....
In other words, organisational unit (ou), organisation (o), and country (c).
What does CN and DC in the original hints stand for?



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: porkchop_d_clown on Apr 30, '08 01:20:25PM

I believe CN is "common name" and DN is "distinguished name"

Distinguished names are globally unique, IIRC.

---
Everyone loves a clown, but no one will lend him money!



[ Reply to This | # ]
Can't find certain names
Authored by: sr105 on Apr 30, '08 12:45:47PM

Imagine an entry "Dave Jones <djones@company.com>":

If I search for "jones" in AddressBook using this, I get nothing back. If I search for djones, I get "Name: djones, Email: djones@company.com".

If I search (for "jones") using OWA through the web search utility (using the Display Name for searching), I get "Name: Jones, Dave, Alias: djones".

The same is true if I search for a partial name, too, like "dav". I get the result in OWA, but not in Address Book.


Any suggestions?



[ Reply to This | # ]
Can't find certain names
Authored by: morespace54 on Apr 30, '08 01:35:11PM

Ok, n00b question here but I'm getting insane.

My IT dep work with Novell (GroupWise). They did set up a Webmail and IMAP (with WebAccess) and I've finally figured out how to set up the IMAM in Mail (no ITs really want me to mess with a Mac on the Webserver... ;))

The only thing missing is the Addressbook. I did try the original hint with no luck (add a new LDAP within AB).

I keep getting (in Terminal):

# extended LDIF
#
# LDAPv3
# base <o=mail.mywebmail.org> with scope sub
# filter: (ou=People)
# requesting: uid
#

# search result
search: 3
result: 32 No such object
text: NDS error: no such entry (-601)


So I guess the only change (except the server name) is: o=mail.mywebmail.org, ou=People

But I still can't connect... Or it still doesn't give me anything... ARG!


So here is my question: Since I can access my mails messages (from my Webmail server) from within Mail and I can auto-complete the names when I'm sending emails, I guess there must be a way (different) to get addresses from my Webmail server instead of a LDAP listing? If so, How could I?

I must be close... thnks a lot



[ Reply to This | # ]
Can't find certain names
Authored by: corienti on May 01, '08 01:06:35AM

Try using wildcards in your search - ie enter as your search string:
*jones*

(noting that * is a wildcard character which means "match anything")

This worked for me.



[ Reply to This | # ]
Can't find certain names
Authored by: corienti on May 01, '08 01:08:28AM

Sorry, posted that reply to the wrong comment.



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: rpaege on Apr 30, '08 01:56:30PM

I get the error "In order to perform this operation a successful bind must be completed on the connection."

/shrug



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: corienti on May 01, '08 01:05:04AM

Yes, some AD servers may (as far as I know) not be set up to allow anonymous queries, even just to get the initial namingContext information.

A bit of terminology first - in LDAP (which is what we're talking here), "bind" simply means to authenticate yourself to the server. LDAP simply decided for some reason to introduce a new term for this - binding. Most things just say "login" or "authenticate".

So what it's saying is that you must authenticate.

The flags to ldapsearch you need to know are:
-x -- bind with simple authentication (not SASL)
-W -- prompt for the password for simple authentication
-D <blah> -- bind as this Distinguished Name (DN)

So you have to use -x to use simple bind, and -W to tell it to prompt for a password - AND "-D" and your DN to tell it your username.
Usernames in LDAP are DNs - Distinguished Names.
They include your short username (eg bob), and also the DC components of your organisation - eg "dc=company,dc=com" where "company" is the company name that LDAP uses for your company.
Unfortunately, you have to know this information in advance.
It's possible that it may also require an OU component - Organisational Unit.

So the extra flags you need to add to the ldapsearch given in this hint are:

ldapsearch -x -D "cn=myusername,ou=something,dc=mycompany,dc=com" -W

... and then the rest of the stuff in the ldapsearch in the hint.



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: LostInSpace2011 on Apr 30, '08 04:18:05PM
You can also use Address Book X LDAP (http://www.addressbookserver.com to write to the LDAP / Active Directory. ABxLDAP even has support for the M$ Contact schema. ABxLDAP will keep your directory in sync and updated.

[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: mubarak on Apr 30, '08 09:37:27PM

This is a truly great hint. I am still trying to make it work. Will have to ask my friendly Exchange admin.

Remember, you need Directory Utility to "bind" your Mac to the domain. Once bound, you don't need LDAP settings. You should have "Directory Services" under the Directory column in Address Book. You can then get all the information you need. And from the command line, you can even browse all users, printers, etc. using "dscl". See "man dscl".



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: corienti on May 01, '08 12:56:02AM

You do not need to bind to the AD domain just to make this hint work. I don't have my Mac bound to the AD domain, and the hint works just fine.

Of course there are plenty of reasons why you might want or need to bind to the AD domain, but personally I don't bother on my Mac at work because I don't any reason or need to.



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: pub3abn on May 01, '08 09:21:22AM

Once you have this set up, you can get a nearly complete listing of all entries by typing "* *" in the search field (that's asterisk-space-asterisk, without the quotes). It's won't necessarily show EVERYTHING, but in my company, it displayed probably 95% of the entries at least.



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: mubarak on May 01, '08 05:27:10PM

That's what I said. If you use Directory Utility to bind the Mac, you will have a new listing called Directory Services. If you have that, you don't need LDAP settings. If not, the LDAP settings can help. They don't seem to work in my case so far.

I agree binding to the domain has very few benefits. This would be about the only one.



[ Reply to This | # ]
Works, but...
Authored by: germ on May 04, '08 03:41:17PM

it only returns the people in one site of the company, whereas Entourage return all people from all sites within the company.

I tried the other options in "scope", but they don't work.

Anyone know how to make Address Book return all the results like Entourage does?



[ Reply to This | # ]
Works, but...
Authored by: macguitarman on Aug 15, '08 12:06:59PM

Man, this is awesome, I finally got it to work, after 1 year plus of this not working. It was working before we made the switch to AD 2003 a over a year ago, but as soon as we went AD 2003, no dice, no more lookups for Mac users. So people started turning to Entourage.

I finally was getting tired of doing lookups in Entourage, since I use Mail App and Address Book (don't we all, when compared to Entourage).

I already had all of the DC Active Directory LDAP info, but it would not work, just spin and spin.

The domain\username is the trick , had to have our domain\username

and you must authenticate

All of your DC info can be correct if you do not authenticate AD will not return the results. Ok, I get it, security.

Great find, even though I discovered the fix a year later,

thanks



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: macguitarman on Aug 15, '08 12:08:25PM

Man, this is awesome, I finally got it to work, after 1 year plus of this not working. It was working before we made the switch to AD 2003 a over a year ago, but as soon as we went AD 2003, no dice, no more lookups for Mac users. So people started turning to Entourage.

I finally was getting tired of doing lookups in Entourage, since I use Mail App and Address Book (don't we all, when compared to Entourage).

I already had all of the DC Active Directory LDAP info, but it would not work, just spin and spin.

The domain\username is the trick , had to have our domain\username

and you must authenticate

All of your DC info can be correct if you do not authenticate AD will not return the results. Ok, I get it, security.

Great find, even though I discovered the fix a year later,

thanks, mgm



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: leoeguiguren on Dec 10, '09 09:21:50AM

Shit man, so thaks for that, 5 people have been tried to fix the mail and you help a lot us.

Thanks



[ Reply to This | # ]
Use Address Book with Microsoft Exchange using LDAP
Authored by: haridsv on Feb 04, '13 11:22:42PM

OP, your information helped me to get a quick start. In my case, following your steps exactly didn't help (though I figured from the comments that I had to use DOMAIN\ prefix), but I later used the excellent jxplorer java client to browse and found the correct OU value to use, and the search works well now.



[ Reply to This | # ]