Categories
josephscott

Active Directory as LDAP Address Book For Thunderbird, Outlook and Mail.app


At work we’ve got all of our user account information Active Directory running on MS Windows 2003 servers. Since Active Directory makes this data available via LDAP you can use it as an address book back end for Thunderbird, Outlook and Maill.app (the built in email client on Mac OS X). I recently wrote up step by step instructions on how to setup each of these and thought others might benefit from this.

The instructions below assume that your Active Directory forest was setup using the domain example.com and that your username is billg, so be sure to replace that with your own information. The instructions also assume that you haven’t setup SSL/TLS on your Active Directory servers. If you have then please make use of that.

Thunderbird (version 1.5)

Tools -> Options -> Composition -> Addressing
Address Autocompletion: check "Local Address Book" and "Directory Server"
Edit Directories -> Add
General:
    Name: EXAMPLE.COM
    Hostname: ldap.example.com
    Base DN: cn=users,dc=example,dc=com
    Port Number: 389
    Bind DN: billg@example.com
    (SSL is left unchecked)
Click Ok
Click Ok
Make sure the new EXAMPLE.COM directory is selected for "Directory Server"
Click Ok
Tools -> Account Settings
(Under the EXAMPLE.COM users account section) -> Composition & Addressing
Addressing: select "Use a different LDAP server."
    Set it to the new EXAMPLE.COM directory.
Click Ok
Address Book: Select the EXAMPLE.COM directory, perform a search.
    It might prompt you for a password.

Outlook (version 2003 SP2)

Tools -> Email Accounts
Directory: Select "Add a new directory or address book"
Click Next
Select "Internet Directory Server (LDAP)"
Click Next
"Server Information": Server Name: ldap.example.com
"Logon Information": Check "This server requires me to log on"
    "User Name": billg
    "Password": B1lLGpW
Click More Settings ...
(It will probably warn you about not being available until after your
    restart Outlook.  That is fine, click OK)
"Search" tab -> "Search Options": cn=users,dc=example,dc=com
Click OK
Click Next
Click Finish
(Close Outlook and open it up again)

Mail (Mail 2.0.5 / Mac OS X 10.4)

Mail -> Preferences -> Composing
"Addressing": Check "Automatically complete addresses"
Click Configure LDAP ...
Click +
"Server Info":
	"Name": EXAMPLE.COM
	"Server": ldap.example.com
	"Search Base": cn=users,dc=example,dc=com
	"Port": 389
	(leave "Use SSL" unchecked)
	"Scope": Subtree
	"Authtype": Simple
	"User Name": billg@example.com
	"Password": B1lLGpW
Click Save
Click Done
Close the Preferences window

I noted the version of each software that I tried this on. It many cases these same instructions will work with other versions of the same software, but I can’t guarantee that. Please remember to substitute example.com along with the billg user account and password with your own details.

For those of you that are concerned about having to enter your password to access your Active Directory/LDAP address book, there is another method that I should mention. In order to get around this at work I created an Active Directory user called anonymous, with the password of anonymous. This account has limited abilities and doesn’t have permissions to any files or shares. The only thing this account does is provide a way to get LDAP user account info. Once you’ve created this account you can follow the same instructions as above substituting the username/password billg@example/B1lLGpW with anonymous@example.com/anonymous.

If you have any other tips about this subject please leave a comment. If for some reason you don’t feel comfortable with that please drop me a note via my contact form and I’ll add the details to this article.