Using Windows LDAP Server to Retrieve Address Book

George Sas
Categories : Windows platform ,Computing
Tags : Computing windows platform topics internet explorer

Page content

LDAP Server

LDAP (Lightweight Directory Access Protocol) it is an Internet standard protocol used by LDAP-aware applications to retrieve information in a directory. LDAP directory service it is composed of multiple entries with a collection of attributes. This directory it is optimized for lookups. LDAP it is used to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

The LDAP directory it is simply organized by a tree structure as follows :

The root directory (the starting place or the source of the tree)
Countries
Organizations
Organizational units
Individuals

More and more digital sending devices and multifunction printers today are using LDAP protocol in order to retrieve e-mail address information and Address Book entries from the Active Directory in a Microsoft domain structured environment. Most of the devices come from the factory with empty configuration fields and the administrators will have to manually configure the address book retrieval parameters.

When looking for the LDAP settings on a multifunction printer, or a digital sender device usually this can be found under the “Digital Sending Tab” and “LDAP Settings” or “Address Book Settings”.

Configure Address Book Retrieval

Before you can configure the device to retrieve the Address Book information the device will need to know a few details about your domain. You will need an user that has the rights to read all the attributes in the LDAP directory and you will need to know the domain name and a server that will accept LDAP queries. Depending on your domain configuration you might also need some additional settings as “Bind Prefix” or “Bind and Search Root”.

When talking about a server that accepts LDAP queries, we are usually talking about a domain controller. In order to be able to read all the directory attributes, we will need an user that is able to read from the directory and it is a best practice to use a separate user that you will use an all the devices, that has the read rights on the directory. So you can just create a new user on your domain and give it read permissions on all the objects in the domain.

Setting up the Address Book require you to configure the LDAP settings on the printer will require you to “Allow Device to directly access an LDAP Address Book”. So please enable this first. Then on the “LDAP Server Bind Method” select the “Simple” method. Then use the credentials for the user you just created in order to bind to the LDAP Directory. I called this user “Ldapuser”. So under the username type “Ldapuser@yourdomain.com” and type in the password. For the “LDAP Server” type the IP address of one of your Domain Controllers and at the port let the standard port “389”. If your domain name is “yourdomain.com” when you need to search the database type in the search root field:

dc=yourdomain,dc=com

At the “Device user information retrieval method:” you can select “Active Directory Defaults”, with the “Match the name entered with the LDAP attribute of " of “cn”, and “Retrieve the recipient’s email address using attribute” of “mail”. Then press “Apply” and you can also perform a test to check the settings.

Getting Address Book With a Script

Alternatively if you would like to get the Address Book for a custom application with a script you can define the following custom LDAP query in order to get all the users and groups with an associated e-mail address:

(|(&(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectClass=group)(showInAddressBook=*)))

This script will return all the users and groups that have an e-mail address.

References

Screenshots by author and references from Microsoft LDAP