At work we’ve got all of our user account information Active Directory running on MS Windows 2003 servers. Since Active Directory makes this data available via LDAP you can use it as an address book back end for Thunderbird, Outlook and Maill.app (the built in email client on Mac OS X). I recently wrote up step by step instructions on how to setup each of these and thought others might benefit from this.
The instructions below assume that your Active Directory forest was setup using the domain example.com and that your username is billg, so be sure to replace that with your own information. The instructions also assume that you haven’t setup SSL/TLS on your Active Directory servers. If you have then please make use of that.
Thunderbird (version 1.5)
Tools -> Options -> Composition -> Addressing
Address Autocompletion: check "Local Address Book" and "Directory Server"
Edit Directories -> Add
General:
Name: EXAMPLE.COM
Hostname: ldap.example.com
Base DN: cn=users,dc=example,dc=com
Port Number: 389
Bind DN: billg@example.com
(SSL is left unchecked)
Click Ok
Click Ok
Make sure the new EXAMPLE.COM directory is selected for "Directory Server"
Click Ok
Tools -> Account Settings
(Under the EXAMPLE.COM users account section) -> Composition & Addressing
Addressing: select "Use a different LDAP server."
Set it to the new EXAMPLE.COM directory.
Click Ok
Address Book: Select the EXAMPLE.COM directory, perform a search.
It might prompt you for a password.
Outlook (version 2003 SP2)
Tools -> Email Accounts
Directory: Select "Add a new directory or address book"
Click Next
Select "Internet Directory Server (LDAP)"
Click Next
"Server Information": Server Name: ldap.example.com
"Logon Information": Check "This server requires me to log on"
"User Name": billg
"Password": B1lLGpW
Click More Settings ...
(It will probably warn you about not being available until after your
restart Outlook. That is fine, click OK)
"Search" tab -> "Search Options": cn=users,dc=example,dc=com
Click OK
Click Next
Click Finish
(Close Outlook and open it up again)
Mail (Mail 2.0.5 / Mac OS X 10.4)
Mail -> Preferences -> Composing "Addressing": Check "Automatically complete addresses" Click Configure LDAP ... Click + "Server Info": "Name": EXAMPLE.COM "Server": ldap.example.com "Search Base": cn=users,dc=example,dc=com "Port": 389 (leave "Use SSL" unchecked) "Scope": Subtree "Authtype": Simple "User Name": billg@example.com "Password": B1lLGpW Click Save Click Done Close the Preferences window
I noted the version of each software that I tried this on. It many cases these same instructions will work with other versions of the same software, but I can’t guarantee that. Please remember to substitute example.com along with the billg user account and password with your own details.
For those of you that are concerned about having to enter your password to access your Active Directory/LDAP address book, there is another method that I should mention. In order to get around this at work I created an Active Directory user called anonymous, with the password of anonymous. This account has limited abilities and doesn’t have permissions to any files or shares. The only thing this account does is provide a way to get LDAP user account info. Once you’ve created this account you can follow the same instructions as above substituting the username/password billg@example/B1lLGpW with anonymous@example.com/anonymous.
If you have any other tips about this subject please leave a comment. If for some reason you don’t feel comfortable with that please drop me a note via my contact form and I’ll add the details to this article.
21 replies on “Active Directory as LDAP Address Book For Thunderbird, Outlook and Mail.app”
[…] Joseph Scott has posted instructions on how to use the information in an Active Directory in Windows Server 2003 as a back-end address book for Mail.app and Thunderbird, using its LDAP facility. […]
Worked nicely 🙂
Thanks.
Took a couple of tries to get this working so hopefully my detailed experiences below may help, I have used the above details to help explain. I was tying this in Outlook 2003 SP2 (Build 8010) with a domain user in our Microsoft Active Directory domain on Windows Server 2003. I had the following couple of error messages.
As an authenticated domain user I expected it wouldn’t require any login information so I never ticked or completed this section (Doh!). With this configuration, Outlook had the error:
No such object. Possibly your specified Search Base is invalid.
So I then ticked the ‘This server requires me to logon’ and entered ‘User Name: billg’ and ‘Password: B1lLGpW’. With this configuration, Outlook had the error:
Failed to connect to ‘ldap.example.com’ due to invalid authentication.
Ensure a valid user name and password has been entered on the Microsoft LDAP configuration page for the “ldap.example.com” account.
The final configuration which ‘Worked nicely’ was by using a domainusername logon as shown below.
User Name: examplebillg
Password : B1lLGpW
Interestingly the configuration for both Thunderbird (version 1.5) and Mail (Mail 2.0.5 / Mac OS X 10.4) required the domain information tagged to the username so maybe this is a typo on the Outlook (version 2003 SP2) information detailed above.
Hope this helps, BoyFrary.
BoyFray,
obviously the system you are talking about is a Mac. In Mac (and linux, as my desktop choice) there’s no Domain user’s ID and you dont log in the domain on boot as XP machines does. So you dont have a “precatched/stored/default” domain user that’s why you have to specify the domain/user to work properly.
Thank for this post, it’s what I was looking for.
Take a look at AddressbookXLDAP http://j2anywhere.com which allows the transfer of contact from the Addressbook to a centrally shared LDAP directory. Several other applications such as Thunderbird, Outlook or Mail have support for LDAP / Active directory.
[…] Active Directory as LDAP Address Book For Thunderbird, Outlook and Mail.app | Joseph Scott’s B… […]
important: dc and dn are case sensitive.
Kanashii, no, he’s definitely on Windows, as I’m seeing the exact same thing. Office 2003 on Windows demands the domain name with username. In fact, if you read closely, the author later uses the “username@example.com” format for the username. The problem is that Windows 2003 has anonymous LDAP connections turned off by default, and the LDAP doesn’t assume existing credentials. I don’t know why, but its obvious in practice.
Lawrence, Kanashii,
He is on windows and actually his pc is a member of the domain, or he is on top of the server 😉
I did not try this, but I find if valuabe because it gave me some noce ideas…
thanx to all
I tried it with Thunderbird 2 and works nicely.
But when i create a new OU in my AD and point the Address Book there, it validate my account but shows nothing…
@Octavio –
Any luck figuring out why it wasn’t showing anything? Perhaps there was an incorrect search filter?
This post was such a great find, it is really helpful for me since I do use my contacts constantly. I have since forwarded this to my coworkers, hoping they will find as much use in this as I did.
Have anybody figured out why it is not working if you changes the searchbase to f.ex an ou=users2?
In my thunderbird setup I set my LDAP directory as hostname = 10.22.140.69 . with search filter properties as (objectclass=*). It is working fine in thunderbird. I want to configure the same thing in MS Outlook 2007, but i am unsuccessful doing it. Please suggesst me what i m doing wrong.
Thank you for sharing this!
This is very good article, but how can we do ldap authentication in unix with connecting the active directory in Primary Domain Server?
Buhar Kazan?
This works for OS X 10.5 (Leopard) in both addressbook and mail.app:
For the search base, capitalization counts: CN=Users,DC=company,DC=com
For the username, use your email address:me@company.com
After modifying the search base and username, the directions in this article worked great!
However, with Snow Leopard, this will no longer be an issue as Exchange support will be built-in.
Hello
Maybe someone know how to edit contacts on LDAP server (AD) from Outlook.
I can list contacts but can not update or add new one.
Via AD users and Computers this task is unproblematic – i delagate control to add and change contact objects.
Regards
Rafal
Hi,
I tried this recipe on tb 2.0.19 on linux with a 2003R2 AD. At first I thought it doesn’T work, but the integration in thunderbird seems only half-ready:
– addressbook can’t query the directory and show the addresses in the overview
– addressbook doesn’t send correct auth, when asking for offline download
– the first time password is asked for is while adding recipients to a new mail.
BTW: the passwords are send in plain text!!
In this state it’s not usable for me. I will file bugs for LDAP support in TB.
Hope that helps…
Nikolaus #19,
LDAP sends thing in plain text on port 389 that is by protocol it has to send it clear text. You have to enable SSL to stop that.
Thanks
Robert
Hi on Outlook 2003 and Thunderbird works nicely. But unfortunately not on Outlook 2010.
Iit’s can connect to the Server but the adressbook is empty.
Can anyone help?