by Bill Catambay (4/15/2008)
Many companies have switched over to new LDAP servers on port 3268, and turned off the old servers on port 389. With this change, trying to perform decent LDAP queries in Eudora on a Mac has been a challenge. After some help from Eudora support, and some trial and error experimenting, I have come up with the right settings to make Eudora LDAP queries behave exactly as I want.
Unlike it's Windows counterpart, Eudora for Mac does not have any input fields for LDAP port. By default it doesn't have settings for Word Wise Search or Search Filter either. I'll discuss those last two items later on. With regards to the LDAP port, there are two options for setting the port under Eudora, neither of which is very apparent. The first option is to use the x-eudora setting, <x-eudora-setting:10108>. Enter that text string into an email message, double-click on it, and you'll get an LDAP port prompt. The other way to set the port is to append it to the LDAP server name when entering the LDAP Host under Settings. For this exercise, we'll choose the latter method of setting the port.
First you must determine the LDAP server URL for your company (generally in the format of <server>.<account>.<domain>), and confirm that the LDAP server is on port 3268. Then, you'll want to specify the following under Settings->Hosts (we'll expand this later):
Ph/LDAP Server: ldap://<server>.<account>.<domain>:3268
Even with the correct server and port, there are still problems querying the LDAP server. The query returns an error, which basically means that the query times out. This has to do with the "Word Wise Search" filter, the mask the LDAP query uses against the LDAP server. To change the Word Wise Search filter, you'll need to use the x-eudora tag of <x-eudora-setting:7611>, or use the Esoteric Settings plug-in that you'll find in the Eudora Extras folder (move it into your Eudora Folder, then restart Eudora). It's easier to install the Esoteric Settings because it gives you an "LDAP" category under settings that you can use easily in the feature (and you don't have to remember the x-eudora settings numbers).
Word-wise Search Criteria
A value such as (cn=*^0*) causes the LDAP query to look for any name that contains the search word, and with the size of most large company LDAP directories, that just takes too long. By removing the first asterisk, the LDAP search will look for any name starting with the search word (versus any name containing the word). Making this change led to finally getting results on my LDAP searches.
However, just using "cn", I'm unable to search by <first name> <last name> like I used to on the port 389 LDAP server. I either have to search on just the last name, or if I want to narrow the search, I have to enter <last name>*<first name>.
To add to the frustration, the number of fields returned for each found LDAP entry is overwhelming. By default, all fields are returned, and the LDAP servers on port 3268 have A LOT of fields; hence, there are still improvements that need to be made. We'll deal with the Word-wise search first, then come back to the number of fields later.
In order to support a <first name> <last name> query, we need to search on more than just the "cn" field (which is the common name, last name first). There is the "givenName" which *may* be the employee's first name or not, and there is also "mail", the employee's email address. Since many people go by different first names from their common name (whether a nickname or middle name), using all three of these fields provides the best results. Change the Word Wise Search filter under Settings->LDAP (assuming you've already installed the Esoteric Settings):
Word-wise search filter template
Example: Now a search for "bill smith" or "william smith" will retrieve the LDAP record for William Smith (nickname Bill).
We're almost there, but we are still getting too many fields returned, most of which are not of any value. The way to refine the returned fields is by adding a qualifier on to the end of the LDAP server URL. We'll choose the fields that I find most useful: the employee's name, the "Given" name, the email address, company, department, employee number, street address, and telephone number. The way to do this is by adding the field list qualifier at the end of the LDAP server. You can set this under Settings->Hosts, or now that Esoteric Settings are installed, you can also set it under Settings->LDAP (they both change the same settings field). We'll use the latter in this example:
Directory Services Host
You can specify more fields if you prefer. The best way to determine the field names of all the available fields is by removing the field list qualifier above, and under Settings->LDAP, turn on the checkbox for "Display raw LDAP attribute names". Do a search and examine all the returned fields. From there, you can pick and choose which fields you want to use.
Full query search filter template
One last thing you may want to do is specify the LDAP search filter. This refines which domains you are searching. Usually LDAP entries are already in the <company domain>.com domain, but just in case, specify the following under Settings->LDAP:
Full query search filter template
That should do it! You are now ready to Rock 'n Roll with port 3268 LDAP searches under Eudora. Enjoy!
|Copyright ©2004 by The Mac Guild|