XADM: How to Access the Directory Through LDAP When Search Control is Set (Exchange)ID: Q192306
|
A Lightweight Directory Access Protocol (LDAP) client querying the Exchange directory using LDAP may fail with an access denied error when the search control is set to restrict access to the Global Address List as described in the following article in the Microsoft Knowledge Base:
Q182902 XADM: How to Set Up Container Level Search ControlThis can happen even though the LDAP client authentication method appears to be correct, using either Windows NT LAN Manager (NTLM) or simple authentication (cn=<nt account>, cn=<nt domain>), and the Exchange Server computer is configured to accept those LDAP authentication methods.
On the server you see the event:The specified Directory Service has denied access. Check the Properties
for this Directory Service and verify that your Authentication Type
settings and parameters are correct.
Event ID: 1354
Source: MSExchangeDS
Description: "LDAP search request failed with error: 50."
This happens because your LDAP client tries to connect to the directory using a search base for which you don't have permissions.
To access through LDAP a directory with search control enabled, perform
the following steps:
"Cn=By City,ou=_ABVIEWS_,o=Microsoft" (orFor Outlook Express, the search base is configured in the advanced properties of the directory account.
"LDAP://SERVER:389/Cn=By City,ou=_ABVIEWS_,o=Microsoft" using ADSI)
Keywords :
Version : WinNT:5.5
Platform : winnt
Issue type : kbprb
Last Reviewed: April 15, 1999