Outlook connector unable to bind to ldap

We are running outlook connector 7.3.106.4. with a JES 2005Q4 backend.
Over the weekend we have restarted the whole environment due to upgrades. no configuration changes where made.
Today we have users of the outlook connector getting the message 'unable to bind to "servername"' when going to access the global address book within outlook.
Can anyone give me some pointers on where i might start looking.
I've verified that services are running and there are errors in the slapd logs
-- i've sanitised the logs to remove identifying values --
[15/Jun/2009:12:13:58 +1000] conn=551 op=-1 msgId=-1 - fd=121 slot=121 LDAP connection from xx.xx.xx.xx to nn.nn.nn.nn
[15/Jun/2009:12:13:58 +1000] conn=551 op=0 msgId=1 - BIND dn="uid=username,ou=Staff,o=nnn.nnn.nn,dc=nn,dc=nn,dc=nn" method=128 version=3
[15/Jun/2009:12:13:58 +1000] conn=551 op=0 msgId=1 - RESULT err=32 tag=97 nentries=0 etime=0
[15/Jun/2009:12:13:58 +1000] conn=551 op=1 msgId=2 - UNBIND
[15/Jun/2009:12:13:58 +1000] conn=551 op=1 msgId=-1 - closing - U1
[15/Jun/2009:12:13:59 +1000] conn=551 op=-1 msgId=-1 - closed.
The only thing that is standing out for me right now is that users who are binding using their ldap uid seem to work and those who are binding with their 'iplanet-am-user-alias-list' name are failing. I'm not sure that makes sense though.
Cheers,
ram.

Hi,
I have a message rule set up through the webmail view
that moves mail with [-SPAM-] in the subject (picked
up by our edge filters) into the Junk Email
folder. This rule works fine, I can view the
messages in there through webamil, if i log in over
IMAP using thunderbird or whatever I can see the
messages...
The problem is that through the outlook connector,
there are no messages in there. The folder exists, I
can copy messages in there using outlook and they are
visible, but all the mail that is there already is
effectively invisible?Are the messages you copy via Outlook visible via IMAP (Thunderbird) or webmail?
Have you tried re-syncing the folder, to do this:
1. Within Outlook, right-click on the folder
2. Select "Properties"
3. Click on the "Advanced" tab
4. Click on "Empty and resync" button.
Regards,
Shane.

Similar Messages

  • Outlook Connector - Unable to view messages in IMAP folders

    Hi,
    I am trying to get the outlook connector (version 7.2.310.1) and it is fine for collecting mail, calenders etc.
    The problem I am having is with IMAP folders.
    I have a message rule set up through the webmail view that moves mail with [-SPAM-] in the subject (picked up by our edge filters) into the Junk Email folder. This rule works fine, I can view the messages in there through webamil, if i log in over IMAP using thunderbird or whatever I can see the messages...
    The problem is that through the outlook connector, there are no messages in there. The folder exists, I can copy messages in there using outlook and they are visible, but all the mail that is there already is effectively invisible?
    Any ideas or have I just missed something?
    Josh

    Hi,
    I have a message rule set up through the webmail view
    that moves mail with [-SPAM-] in the subject (picked
    up by our edge filters) into the Junk Email
    folder. This rule works fine, I can view the
    messages in there through webamil, if i log in over
    IMAP using thunderbird or whatever I can see the
    messages...
    The problem is that through the outlook connector,
    there are no messages in there. The folder exists, I
    can copy messages in there using outlook and they are
    visible, but all the mail that is there already is
    effectively invisible?Are the messages you copy via Outlook visible via IMAP (Thunderbird) or webmail?
    Have you tried re-syncing the folder, to do this:
    1. Within Outlook, right-click on the folder
    2. Select "Properties"
    3. Click on the "Advanced" tab
    4. Click on "Empty and resync" button.
    Regards,
    Shane.

  • Outlook Connector User DN Pattern Syntax

    Hi,
    Please let me know if I have posted this in the wrong place.
    We have recently setup Comm Suite 5 and are in the process of testing the Sun Java System Connector for Microsoft Outlook.
    We are trying to use the option in the Deployment Configurator under the LDAP tab that says "Require Authentication" and then specify a "User Dn Pattern". We can get it to work by using something like the following:
    uid=%s,ou=People,o=domain.edu,o=ku
    but it only works if the uid is directly under ou=People.
    We have our users broken out into multiple ou's under the People OU.
    so we have something like:
    uid=demo1,ou=staff,ou=people,o=domain.edu,o=ku
    uid=demo2,ou=off-campus,ou=grad,ou=student,ou=People,o=domain.edu,o=ku
    So my question is, is there a pattern that can be used to accomodate this? Maybe using a wildcard or ?sub? somewhere? uid=%s,*,ou=People, o=domain.edu,o=ku doesn't seem to work. We've tried other patterns but we keep getting the message in outlook of "Unable to Bind to LDAP Server" when trying to do a lookup in the Address book.
    As mentioned above, it does work for the following case (so we are pretty sure we have the infrastructure working and comm express, calendar express, and messenger express all work fine)
    User DN Pattern:uid=%s,ou=People,o=domain.edu,o=ku
    Directory entry:uid=demo1,ou=People,o=domain.edu,o=ku
    The versions of the connector we are using is:
    Sun Java System Connector for Microsoft Outlook Deployment Configuration Program Version: 7.2.310.1
    Sun Java System Connector for Microsoft Outlook Version: 7.2.310.1
    I am going through the docs for the pattern syntax but it doesn't seem to mention something that will work in our case but I could have missed it so any help would be greatly appreciated.
    thanks

    Hi,
    Please let me know if I have posted this in the wrong place.
    We have recently setup Comm Suite 5 and are in the process of testing the Sun Java System Connector for Microsoft Outlook.
    We are trying to use the option in the Deployment Configurator under the LDAP tab that says "Require Authentication" and then specify a "User Dn Pattern". We can get it to work by using something like the following:
    uid=%s,ou=People,o=domain.edu,o=ku
    but it only works if the uid is directly under ou=People.
    We have our users broken out into multiple ou's under the People OU.
    so we have something like:
    uid=demo1,ou=staff,ou=people,o=domain.edu,o=ku
    uid=demo2,ou=off-campus,ou=grad,ou=student,ou=People,o=domain.edu,o=ku
    So my question is, is there a pattern that can be used to accomodate this? Maybe using a wildcard or ?sub? somewhere? uid=%s,*,ou=People, o=domain.edu,o=ku doesn't seem to work. We've tried other patterns but we keep getting the message in outlook of "Unable to Bind to LDAP Server" when trying to do a lookup in the Address book.
    As mentioned above, it does work for the following case (so we are pretty sure we have the infrastructure working and comm express, calendar express, and messenger express all work fine)
    User DN Pattern:uid=%s,ou=People,o=domain.edu,o=ku
    Directory entry:uid=demo1,ou=People,o=domain.edu,o=ku
    The versions of the connector we are using is:
    Sun Java System Connector for Microsoft Outlook Deployment Configuration Program Version: 7.2.310.1
    Sun Java System Connector for Microsoft Outlook Version: 7.2.310.1
    I am going through the docs for the pattern syntax but it doesn't seem to mention something that will work in our case but I could have missed it so any help would be greatly appreciated.
    thanks

  • Problem with sun outlook connector,  Microsoft LDAP services

    Dear All
    I have big problem with sun outlook connector and I can find any way to fix the problem,
    I am using sun java system connector deployment to create installation script for my clients.
    in the tool I have specify the location of Microsoft LDAP services, I am using outlook 2003 and sun say this option is not needed for outlook 2003, if I try to create the script and run the script on target client I will receive below error,
    I tried the office CD-ROM as path for LDAP services but the outlook connector says there is no LDAP services on the CD and I receive same error,
    19:02:29 [5365] Outlook version is 11.0.5608.0.
    19:02:29 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
    19:02:29 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
    19:02:31 [5362] Checking Windows version.
    19:02:31 [5363] Windows version is 5.1.
    19:02:31 [5364] Checking Outlook version.
    19:02:31 [5509] Checking default mail client.
    19:02:31 [5508] Default mail client is 'Microsoft Outlook'.
    19:02:31 [5178] Verifying that Outlook is not running.
    19:02:31 [5179] Trying to login to shared session.
    19:02:31 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
    19:02:32 [5502] Upgrading the Sun Java System MAPI Service Providers.
    19:02:40 [5370] Finished installing Sun Java System MAPI Service Providers.
    19:02:40 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
    19:02:40 [5367] Sun Java System MAPI Service Providers are installed.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:41 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
    Best regards
    Mo

    This is likely to depend on the version of the OC you have. The released one isn't supposed to work with Outlook 2003. Please contact Tech Support for the latest version and help.

  • Problem with Sun Outlook connector Microsoft LDAP Directory MAPI Service Pr

    Dear All
    I have big problem with sun outlook connector and I can find any way to fix the problem,
    I am using sun java system connector deployment to create installation script for my clients.
    in the tool I have specify the location of Microsoft LDAP services, I am using outlook 2003 and sun say this option is not needed for outlook 2003, if I try to create the script and run the script on target client I will receive below error,
    I tried the office CD-ROM as path for LDAP services but the outlook connector says there is no LDAP services on the CD and I receive same error,
    19:02:29 [5365] Outlook version is 11.0.5608.0.
    19:02:29 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
    19:02:29 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
    19:02:31 [5362] Checking Windows version.
    19:02:31 [5363] Windows version is 5.1.
    19:02:31 [5364] Checking Outlook version.
    19:02:31 [5509] Checking default mail client.
    19:02:31 [5508] Default mail client is 'Microsoft Outlook'.
    19:02:31 [5178] Verifying that Outlook is not running.
    19:02:31 [5179] Trying to login to shared session.
    19:02:31 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
    19:02:32 [5502] Upgrading the Sun Java System MAPI Service Providers.
    19:02:40 [5370] Finished installing Sun Java System MAPI Service Providers.
    19:02:40 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
    19:02:40 [5367] Sun Java System MAPI Service Providers are installed.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    19:02:41 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
    Best regards
    Mo

    Hi,
    Have a look at:
    http://forum.java.sun.com/thread.jspa?messageID=9320116
    Directions on the installation/configuration and requirements of the outlook connector (for 2005Q4 since you haven't told us what version of the comm suite you are using) are available at docs.sun.com e.g.
    http://docs.sun.com/app/docs/prod/2783#hic
    Outlook connector requires that you have UWC (a.k.a communication express) installed and configured, which has it's own requirements. UWC provides the single web-interface to mail & calendar & address-book. Outlook uses the address-book functionality via UWC, IMAP and SMTP for messaging/email, plus WCAP for calendar.
    Regards,
    Shane.

  • User not found error with Outlook Connector

    Hi all
    I am having some issues with the Outlook Connector (Version 7.1.222.4 JES2005Q4 running on Microsoft Outlook 2003) when trying to subscribe to a users calendar.
    Details:
    (SJES2005Q4)
    Server 1 - Access Manager
    Server 1 - Delegated Administrator
    Server 2 - Directory Server 5.2
    Server 3 - Messenger Server
    Server 3 - Calendar Server
    Server 3 - Access Manager SDK
    Server 3 - Communications Express
    Server 3 - Messenger Express
    My setup works fine, I can subscribe to users calendars in Communications Express and modify/delete etc; however, when I try to subscribe to this same users calendar in Outlook I get the following error:
    "User not found. Either enter the email id of the user OR click on Search and then click on Find to locate the user."
    If I click on search, I get a list of my corporate directory, here I am able to select the user but again clicking ok gives the same result.
    Looking at the logs it seems that the search at the point where I click ok is missing the "organizational unit" element of the user DN, logs below:
    WHEN INITIATING SEARCH (not enterng userid; instead clicking on SEARCH in the ADD CALENDAR BOX)
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=-1 msgId=-1 - fd=175 slot=175 LDAP connection from 172.16.7.132 to 192.168.170.97
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=0 msgId=1 - BIND dn="uid=me,ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk" method=128 version=3
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=me,ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk"
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=1 msgId=2 - SRCH base="ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk" scope=2 filter="(&(mail=*)(cn=*))" attrs="cn mail uid objectClass"
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=1 msgId=2 - SORT cn (5)
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=1 msgId=2 - VLV 1:1:1:0 2:5 (0)
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0 notes=U
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=2 msgId=3 - SRCH base="ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk" scope=2 filter="(&(mail=*)(cn=*))" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=2 msgId=3 - SORT cn (5)
    [14/Feb/2006:11:23:06 +0000] conn=20255 op=2 msgId=3 - VLV 0:4:0:0 1:5 (0)
    [14/Feb/2006:11:23:07 +0000] conn=20255 op=2 msgId=3 - RESULT err=0 tag=101 nentries=5 etime=1 notes=U
    NOW SELECTING USERID
    [14/Feb/2006:11:23:50 +0000] conn=20255 op=3 msgId=4 - SRCH base="uid=testmail,ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk" scope=0 filter="(&(mail=*)(cn=*))" attrs="cn displayName givenName sn initials uid departmentNumber title homePhone mail manager mobile company pager secretary description facsimileTelephoneNumber l physicalDeliveryOfficeName postalCode st street c telephoneNumber mailAlternateAddress objectClass"
    [14/Feb/2006:11:23:50 +0000] conn=20255 op=3 msgId=4 - RESULT err=0 tag=101 nentries=1 etime=0
    PRESSING OK (WITH USER ID SELECTED)
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=-1 msgId=-1 - fd=225 slot=225 LDAP connection from 192.168.170.99 to 192.168.170.97
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=0 msgId=1 - BIND dn="" method=128 version=2
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=1 msgId=2 - SRCH base="o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk" scope=2 filter="(uid=testmail)" attrs="cn uid mail givenName sn icsCalendar"
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=2 msgId=3 - UNBIND
    [14/Feb/2006:11:24:20 +0000] conn=20256 op=2 msgId=-1 - closing - U1
    [14/Feb/2006:11:24:21 +0000] conn=20256 op=-1 msgId=-1 - closed.
    NOW WHEN ENTERING USER ID DIRECTLY (that is NOT clicking on SEARCH in the ADD CALENDAR BOX)
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=-1 msgId=-1 - fd=225 slot=225 LDAP connection from 192.168.170.99 to 192.168.170.97
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=0 msgId=1 - BIND dn="" method=128 version=2
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=1 msgId=2 - SRCH base="o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk" scope=2 filter="(uid=testmail)" attrs="cn uid mail givenName sn icsCalendar"
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=2 msgId=3 - UNBIND
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=2 msgId=-1 - closing - U1
    [14/Feb/2006:11:25:16 +0000] conn=20257 op=-1 msgId=-1 - closed.
    OUTLOOK CONNECTOR LOGS
    02/14/2006 11:25:16.223 (0x0e34) {Addin } [Error  ]: wc /get_userprefs.wcap?userid=testmail&id=bo3bn0u68x8sb5rb&fmt-out=text%2Fcalendar
    02/14/2006 11:25:16.223 (0x0e34) {Addin } [Error  ]: wcap returned errno: 61
    02/14/2006 11:25:16.223 (0x0e34) {Addin } [Warning]: LookUpUser getUserPropertiesByEmailID failed : Denied Access
    Initially I thought that it maybe something to do with ACI but then the search parameters are not correct at the point of clicking ok.
    My Outlook Connector deployment configuration for the "LDAP" tab is as follows:
    Search base (root of LDAP directory): ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk
    VLV Search filter: (&(mail=*)(cn=*))
    Advanced search filter: (cn=%s*),(givenName=%s*),(sn=%s*),(title=%s*),(uid=%s*),(company=%s*),(departmentNumber=%s*),(physicalDeliveryOfficeName=%s*),(l=*%s*)
    Name resolution filter: (&(mail=*)(|(mail=%s*)(|(cn=%s*)(|(sn=%s*)(givenName=%s*)))))
    VLV sort attribute: cn
    Search timeout after: 1minute
    Maximum number of search results returned: 10
    Require authentification (See Help for LDAP syntax examples): (User DN pattern) uid=%S,ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk
    Retrieve user settings from LDAP (User DN pattern): uid=%S,ou=people,o=domain-dev.co.uk,dc=domain-dev,dc=co,dc=uk
    Does anyone have any ideas?
    Thanks
    PS: This is also posted in the IMS mailing list, so apologises for duplication to people who visit both forums.

    The error was fixed by setting the "Authenticated proxy binding: service.wcap.userprefs.ldapproxyauth" to "yes", this is in the release notes as pointed out by Arnaud Quillaud.
    Link: http://docs.sun.com/app/docs/doc/819-5200/6n7a49o0b?a=view

  • Problem with outlook connector LDAP Directory MAPI Service Provider is not

    Hi,
    I have very basic problem with sun outlook connector client.
    I am using sun java system connector deployment tools to create client installation script, on first page I have to supply the location for web publisher and Microsoft LDAP service, I can find web publisher and I don't have any clue about location of LDAP services and without this my client instaltion script keep failing with following error.
    The Microsoft LDAP Directory MAPI Service Provider is not installed.
    --- 2006/09/25 14:14 ---
    14:14:25 [5365] Outlook version is 11.0.5608.0.
    14:14:25 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
    14:14:25 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
    14:14:26 [5362] Checking Windows version.
    14:14:26 [5363] Windows version is 5.1.
    14:14:26 [5364] Checking Outlook version.
    14:14:26 [5509] Checking default mail client.
    14:14:26 [5508] Default mail client is 'Microsoft Outlook'.
    14:14:26 [5178] Verifying that Outlook is not running.
    14:14:26 [5179] Trying to login to shared session.
    14:14:26 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
    14:14:28 [5502] Upgrading the Sun Java System MAPI Service Providers.
    14:14:38 [5370] Finished installing Sun Java System MAPI Service Providers.
    14:14:38 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
    14:14:38 [5367] Sun Java System MAPI Service Providers are installed.
    14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
    14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
    14:14:38 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
    Thank you for your help.
    Best regards
    Mo

    Hi,
    If memory serves, Outlook XP offered the ability to set what address-book connectors were installed, one of which was LDAP (by default enabled). It may be a similar situation with Outlook 2003 (which I assume you are using based on the version number in the debug logs). Try using the Office '03 install CD and see if you can find the LDAP addressbook option and install it.
    Regards,
    Shane.

  • Secure LDAP lookup with 2005Q4 Outlook Connector 7 not working

    Hello all,
    I have Sun Java(TM) System Directory Server/5.2_Patch_4 B2005.230.0041 (64-bit) installed and the latest 2005Q4 Calendar, Messaging and UWC Server. When testing the Outlook Connector, I can get the 2005Q1 version 7 connector to work just fine with all features. I uninstalled the 2005Q1 connector and installed the 2005Q4 connector into a new profile and everyting works expect if I try to make the LDAP lookups secure for the global address list. Changing the port to 636 for ldap causes Outlook to timeout on the lookup. I checked the directory server logs and noticed that the secure connection is being made without errors, but after a minute an ABANDON operation takes place on the secure connection and Outlook gives up. When using port 389 for lookups, the Connector has no issues.

    Jay,
    I think I found the fix. I upgraded the 2005Q1 -> 2005Q4 Sun Java Connectory Deployment Tool. After I uninstalled the deployment tool and then reinstalled the 2005Q4 I was able to create and .exe and create an Outlook profile that did not have any LDAP over SSL problems.

  • Outlook Connector shared calendar lookup doesn't work for non-admins

    First the version info:
    JMS 6.2-8.04, Directory Server 5.2, Connector 7.2.402.1
    Non-admin users are not able to retrieve a list of users from the GAL with Outlook Connector. I, as an admin, do get the list. Here is the the access log for a non-admin user. Note that in the RESULT, nentries is always zero.
    mwilson=535258100062018 (non-admin)
    -bash-3.00$ grep -i "conn=425940" access.20080923-112603
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=-1 msgId=-1 - fd=93 slot=93 LDAP connection from 209.152.33.8 to 10.10.3.3
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=0 msgId=1 - BIND dn="uid=535258100062018,ou=people,o=pcc.edu,o=cp" method=128 version=3
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=535258100062018,ou=people,o=pcc.edu,o=cp"
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="cn mail uid objectClass"
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - SORT cn
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - VLV 1:1:1:0 2:19201 (0)
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - SORT cn
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - VLV 0:8:0:0 1:19201 (0)
    [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
    [23/Sep/2008:11:39:26 -0700] conn=425940 op=3 msgId=4 - UNBIND
    [23/Sep/2008:11:39:26 -0700] conn=425940 op=3 msgId=-1 - closing - U1
    [23/Sep/2008:11:39:26 -0700] conn=425940 op=-1 msgId=-1 - closed.
    Next, I followed the steps outlined in http://docs.sun.com/app/docs/doc/819-5200/gbnse?l=en&a=view&q=shared+calendar+ldap+lookup.
    I set service.wcap.userprefs.ldapproxyauth = "yes"
    I have the ACI entries as specified in that document.
    (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
    (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
    (version 3.0;acl "Allow Calendar administrators to proxy - product=ics,class=admin,num=2,version=1";
    allow (proxy)(groupdn = "ldap:///cn=Calendar Administrators, ou=Groups, o=cp");)
    (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
    (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
    (version 3.0;
    acl "Allow Calendar users to read and search other users - product=ics,class=admin,num=3,version=1";
    allow (read,search)
    (userdn = "ldap:///uid=*,ou=People,o=pcc.edu,o=cp")
    The only oddity I see is that the ACI entries are not passed down to the next directory levels.
    Any thoughts?
    David.

    I reviewed the document and I believe the VLV browsing indexes are setup and functional. I've also checked the ACI entries and they look correct. (The document doesn't mention the ACI entries for proxy authentication.) As I said, an admin user can retrieve names from the GAL, a non-admin user cannot. The only difference in the access log is the returned nentries value.
    ./ldapsearch -h vmpt1 -p 389 -D "uid={uid},ou=People,o=pcc.edu,o=cp" -w {passwd} \
    -b "ou=People,o=pcc.edu,o=cp" -x -s "sub" -S "cn" \
    -G "1:1:dpelinka" "pdsRole=Employee" uid
    results for admin user
    -bash-3.00$ grep "conn=838261" access
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=-1 msgId=-1 - fd=165 slot=165 LDAP connection from 10.10.3.5 to 10.10.3.3
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=0 msgId=1 - BIND dn="uid=311914191753070,ou=People,o=pcc.edu,o=cp" method=128 version=3
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=311914191753070,ou=people,o=pcc.edu,o=cp"
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - SORT cn
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - VLV 1:1:dpelinka 4799:19235 (0)
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=2 msgId=3 - UNBIND
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=2 msgId=-1 - closing - U1
    [25/Sep/2008:14:30:30 -0700] conn=838261 op=-1 msgId=-1 - closed.
    results for non-admin user:
    -bash-3.00$ grep "conn=839346" access
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=-1 msgId=-1 - fd=226 slot=226 LDAP connection from 10.10.3.5 to 10.10.3.3
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=0 msgId=1 - BIND dn="uid=299899598658566,ou=People,o=pcc.edu,o=cp" method=128 version=3
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=299899598658566,ou=people,o=pcc.edu,o=cp"
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - SORT cn
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - VLV 1:1:dpelinka 4799:19235 (0)
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=2 msgId=3 - UNBIND
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=2 msgId=-1 - closing - U1
    [25/Sep/2008:14:32:47 -0700] conn=839346 op=-1 msgId=-1 - closed.

  • Outlook Connector - Cannot share calendars

    OK,
    I am using the outlook connector sucessfully with the calendar server, messaging server and directory manager. I can collect mail and access the GAL without problem but I am not able to share my calendar with anyone nor view other shared calendars.
    To share my calendar with another user I right click on my calendar and go to properties and then the permissions tab. On clicking the Add User button I can enter the userid or search.
    If I click search I am able to access the GAL list and select a user. From my directory server logs I can see this action like so:
    [05/Apr/2006:14:01:43 +0100] conn=3017 op=0 msgId=1 - BIND dn="uid=jberry,dc=mydomain,dc=com" method=128 version=3
    [05/Apr/2006:14:01:43 +0100] conn=3017 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jberry,dc=mydomain,dc=com"
    [05/Apr/2006:14:01:48 +0100] conn=3017 op=5 msgId=6 - SRCH base="uid=aname,dc=myname,dc=com" scope=0 filter="(&(mail=*)(cn=*))" attrs="cn displayName givenName sn initials uid departmentNumber title homePhone mail manager mobile company pager secretary description facsimileTelephoneNumber l physicalDeliveryOfficeName postalCode st street c telephoneNumber mailAlternateAddress objectClass"
    [05/Apr/2006:14:01:48 +0100] conn=3017 op=5 msgId=6 - RESULT err=0 tag=101 nentries=1 etime=0]So the search binds to the directory using the uid of my user and returns the required search result (i.e. uid=aname).
    Now, when you check your permissions and click OK to add that user as someone who can view your caledar for example it fails with the error message:
    User not found. Either enter the email id of the user OR click on Search and then click on Find to locate the user
    In the logs for the directory you now get the following:
    [05/Apr/2006:14:02:48 +0100] conn=3018 op=0 msgId=1 - BIND dn="" method=128 version=2
    [05/Apr/2006:14:02:48 +0100] conn=3018 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [05/Apr/2006:14:02:48 +0100] conn=3018 op=1 msgId=2 - SRCH base="dc=mydomain,dc=com" scope=2 filter="(uid=auser)" attrs="cn uid mail givenName sn icsCalendar"
    [05/Apr/2006:14:02:48 +0100] conn=3018 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    [05/Apr/2006:14:02:48 +0100] conn=3018 op=2 msgId=3 - UNBINDSo now, for whatever reason, the connector is trying to bind anonymously to make the changes when anonymous bind is not permitted. Surely it should try and bind with my uid as it did when I searched the GAL to get the data...
    ... or am I looking at this the wrong way?
    oh, I can share a calendar through the web interface and it will synch back down to the connector fine, and once a user is there I can change the permissions I can grant that user through the connector.
    (p.s. sorry for the sill wide post)
    Thanks
    Josh

    Check you have configured everything as mentioned in the following URL:
    http://docs.sun.com/app/docs/doc/819-2568/6n4rm7fit?a=view
    See the following section:
    "Shared Calendar LDAP Lookup Configuration"
    Pay attention to the fact that you need the following set in ics.conf:
    service.wcap.userprefs.ldapproxyauth = "yes"
    Let us know if you still have problems. BTW: What build of the connector are you running? You can find this out by selecting "Help -> About Sun Java System Connector for Microsoft Outlook". The build number is given in the top right hand corner of the about window. ie. 7.1.222.4.

  • Outlook Connector 7.3 Globa Address book problem

    Using Outlook connector 7.3 with Outlook 2003, Against Comms Suite 6; DS5.2p6 (Sun professional services install)
    I've configured the Global address book to use our 5.2p6 DS server, and added the VLV indexes as described here
    http://wikis.sun.com/display/CommSuite/Configuring+Directory+VLV+Browsing+for+Connector+for+Outlook
    But, when searching the GAB in outlook I get:
    "The action could not be completed"
    The debug log shows
    10/08/2009 15:49:59.015 (0x0a58) {Gal   } [Error  ]: XLdap::findEntryStartsWith Ldap search returned 0x32
    10/08/2009 15:49:59.015 (0x0a58) {Gal   } [Error  ]: XLdap::findEntryStartsWith ldap error : VLV Control
    10/08/2009 15:49:59.015 (0x0a58) {Gal   } [Error  ]: CLDAPConnection::FindEntry m_pXLdap->findEntryStartsWith failed 1025
    I've verified the LDAP GAB server is reachable from the client
    Any hits as to where the problem is?
    TIA

    FYI;
    It appears that a combination of anonymous binding and the search filter caused this issue

  • Outlook connector problem with Calendar server

    Hi
    I wanted to use MS outlook as the email client for my sun messaging sytem. For this I have downloaded one program, when I run it , it has created a configurable program folder. Through admin program, I have created one file named xyz.ini , in which I have specified all my sun messaging server, directory server, calendar server. And in User Profiles tab I have chosen that 'create new profile'.
    But when I run the exe file xyz.exe, it is trying to install Outlook connector for MS Outlook , but giving the following error.
    10:58:30 [5365] Outlook version is 11.0.5608.0.
    10:58:30 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
    10:58:30 [5475] TMP directory is 'C:\DOCUME~1\32980\LOCALS~1\Temp'.
    10:58:32 [5362] Checking Windows version.
    10:58:32 [5363] Windows version is 5.0.
    10:58:32 [5364] Checking Outlook version.
    10:58:32 [5509] Checking default mail client.
    10:58:32 [5508] Default mail client is 'Microsoft Outlook'.
    10:58:32 [5178] Verifying that Outlook is not running.
    10:58:32 [5179] Trying to login to shared session.
    10:58:32 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\32980\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
    10:58:36 [5502] Upgrading the Sun Java System MAPI Service Providers.
    10:59:20 [5370] Finished installing Sun Java System MAPI Service Providers.
    10:59:20 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
    10:59:21 [5367] Sun Java System MAPI Service Providers are installed.
    10:59:21 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
    10:59:21 [5417] Microsoft LDAP Directory MAPI Service Provider is installed.
    10:59:21 [5142] ######## Enumerating profiles.
    10:59:21 [5145] Examining profile '32980'.
    10:59:21 [5149] Profile '32980' has no MSEMS service.
    10:59:21 [5145] Examining profile 'Outlook'.
    10:59:21 [5146] It is the default profile.
    10:59:21 [5149] Profile 'Outlook' has no MSEMS service.
    10:59:21 [5156] ######## Selected profile 'Sun Java System': exists=0, converted=0, pstsConverted=0.
    10:59:22 [12016] Verifying password for Sun Java System calendar account '10.16.58.49:8082:32980'.
    10:59:23 ERROR: [12019] Cannot validate Sun Java System calendar account information.
    10:59:23 OpenMsgStore:
    10:59:23 Error 0x802C1034
    10:59:23 Error: ?????????????????????????????????4??????????????????????????????????????????
    10:59:23 Component: ???????????????????4???kA�l
    10:59:23 Low level error: 0x00001034
    10:59:43 [12016] Verifying password for Sun Java System calendar account '10.16.58.49:8082:32980'.
    10:59:44 ERROR: [12019] Cannot validate Sun Java System calendar account information.
    10:59:44 OpenMsgStore:
    10:59:44 Error 0x802C1034
    10:59:44 Error: ?????????????????????????????????4??????????????????????????????????????????
    10:59:44 Component: ???????????????????4???kA�l
    10:59:44 Low level error: 0x00001034
    10:59:46 ERROR: Unable to verify new account information on server 10.16.58.49:8082.
    Please suggest me in this issue. I am using Messaging server 6.3, basically installed from Sun Communicate Suite 5 sparc.
    My calendar server is running on port 8082
    prasad

    Refer to cross-post http://forum.java.sun.com/post!reply.jspa?messageID=9964809

  • Outlook Connector and shared calendar

    Hi.
    Looking for some help troubleshooting an issue with shared calendar functionality from Outlook using the Connector.
    All server bits are JES-R2. Connector version is 6.0.129.
    Connector is working for the most part, but when I try to subscribe to another users calendar from Outlook it is failing. Even when I do a search, and pick the user from the list, the lookup fails to return the user and I get "User not found. Either enter the email id of the user OR click on Search and then click Find to locate the user."
    The ldap search I'm seeing in the access logs is curious in the sense that it seems to binding with dn="".
    [23/Jun/2004:15:18:54 -0400] conn=346 op=0 msgId=1 - BIND dn="" method=128 versi
    on=2
    [23/Jun/2004:15:18:54 -0400] conn=346 op=0 msgId=1 - RESULT err=0 tag=97 nentrie
    s=0 etime=0 dn=""
    [23/Jun/2004:15:18:54 -0400] conn=346 op=1 msgId=2 - SRCH base="o=msgdemo.isdint
    egration.com,dc=msgdemo,dc=isdintegration,dc=com" scope=2 filter="(uid=test1@msg
    demo.isdintegration.com)" attrs="cn uid mail givenName sn icsCalendar"
    [23/Jun/2004:15:18:54 -0400] conn=346 op=1 msgId=2 - RESULT err=0 tag=101 nentri
    es=0 etime=0
    [23/Jun/2004:15:18:54 -0400] conn=346 op=2 msgId=3 - UNBIND
    [23/Jun/2004:15:18:54 -0400] conn=346 op=2 msgId=-1 - closing - U1
    [23/Jun/2004:15:18:55 -0400] conn=346 op=-1 msgId=-1 - closed.
    This is returning 0 entries, and I believe this is why it is failing. I believe the connector is probably using this search to retrieve the users calendar_id.
    If I type the uid into the dialog box (to subscribe) I get this in the ldap:
    ===============================================================
    [23/Jun/2004:14:12:58 -0400] conn=299 op=0 msgId=1 - BIND dn="" method=128 versi
    on=2
    [23/Jun/2004:14:12:58 -0400] conn=299 op=0 msgId=1 - RESULT err=0 tag=97 nentrie
    s=0 etime=0 dn=""
    [23/Jun/2004:14:12:58 -0400] conn=299 op=1 msgId=2 - SRCH base="o=msgdemo.isdint
    egration.com,dc=msgdemo,dc=isdintegration,dc=com" scope=2 filter="(uid=test1)" a
    ttrs="cn uid mail givenName sn icsCalendar"
    [23/Jun/2004:14:12:58 -0400] conn=299 op=2 msgId=3 - UNBIND
    [23/Jun/2004:14:12:58 -0400] conn=299 op=2 msgId=-1 - closing - U1
    [23/Jun/2004:14:12:58 -0400] conn=299 op=1 msgId=2 - RESULT err=0 tag=101 nentri
    es=0 etime=0
    =================================================================
    This time, it has a proper uid (not a mail address) but still returns 0 entries.
    Here is a section from s10c.log that accompanies this:
    06/23/2004 15:30:38.595 (1560) {Addin } [Debug  ]: calid property is missing in folder Shared Calendars with hr = 0x8004010f
    06/23/2004 15:30:38.595 (1560) {Store } [Debug  ]: S1OC FolderNotification Enter
    06/23/2004 15:30:38.606 (1560) {Store } [Debug  ]: S1OC FolderNotification GetSocsCalProps 0x80040108
    06/23/2004 15:30:38.606 (1560) {Store } [Debug  ]: S1OC FolderNotification Exit
    06/23/2004 15:30:47.028 (1560) {Addin } [Error  ]: wcap returned errno: 61
    06/23/2004 15:30:47.028 (1560) {Addin } [Debug  ]: getUserPropertiesByEmailID failed : Denied Access
    06/23/2004 15:30:51.514 (1560) {Addin } [Error  ]: wcap returned errno: 61
    06/23/2004 15:30:51.514 (1560) {Addin } [Debug  ]: getUserProperties failed : Denied Access: LDAP misconfigured?
    06/23/2004 15:30:57.663 (1560) {Addin } [Info   ]: Exit - CApplicaton::Uninit
    06/23/2004 15:30:57.843 (1560) {Addin } [Info   ]: Exit - CApplicaton::Uninit
    06/23/2004 15:30:58.074 (1560) {Store } [Debug  ]: S1OC CCalPropsList::UnInitCalPropsList Enter count(1) max(10)
    06/23/2004 15:30:58.074 (1560) {Store } [Debug  ]: S1OC CCalPropsList::UnInitCalPropsList Exit
    06/23/2004 15:30:58.074 (1560) {Genrl } [Warning]: =============== Sun ONE Outlook Connector _UnInit=============== 612
    Anyone have any clue as to what is the cause/fix???
    Thanks,
    Jeff Smith

    If someone is still following this thread:
    The problem seems to stem from the fact that the subscribe to calendar function from the connector (outlook) is searching ldap on uid, but using an email address as a value:
    [06/Jul/2004:10:11:10 -0400] conn=8 op=42 msgId=43 - SRCH base="o=msgdemo.isdint egration.com,dc=msgdemo,dc=isdintegration,dc=com" scope=2 filter="(&(uid=[email protected])(!(icsStatus=deleted)))" attrs="cn"
    [06/Jul/2004:10:11:10 -0400] conn=8 op=42 msgId=43 - RESULT err=0 tag=101 nentries=0 etime=0

  • Non-admin users can't view GAL with Outlook Connector

    Non-admin users are unable to view the Global Address List with Outlook Connector. When I give a test user admin rights (in our portal), the user can view the GAL. The VLV index is setup and functioning correctly for admin users. My versions are Directory Server 5.2 Patch 4, JES 2005Q4, Outlook Connector 7.1.222.4.
    I've reviewed the ACIs on o=cp per http://docs.sun.com/app/docs/doc/819-5200/gbnse?a=view and verified that they are getting passed down to the child entries. I added a new ACI for a specfic test user, but I see no effect when I run an ldapsearch as that user. Here are the ACIs:
    1. Allow Calendar Administrators to proxy
    (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
    (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
    (version 3.0;acl "Allow Calendar administrators to proxy - product=ics,class=admin,num=2,version=1";
    allow (proxy)(groupdn = "ldap:///cn=Calendar Administrators, ou=Groups, o=cp");)
    2. Allow Calendar users to read and search other users
    (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
    (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
    (version 3.0;acl "Allow Calendar users to read and search other users - product=ics,class=admin,num=3,version=1";
    allow (read,search)(userdn = "ldap:///uid=*,ou=People,o=pcc.edu,o=cp");)
    3. Allow test users to proxy
    (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
    (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
    (version 3.0;acl "Allow test users to proxy - product=ics,class=admin,num=2,version=1";
    allow (proxy)(userdn = "ldap:///uid=299899598658566,ou=People,o=pcc.edu,o=cp");)
    Here's the log for an ldapsearch as a non-admin user:
    -bash-3.00$ grep "conn=386080 op=1 msgId=2" access
    [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
    [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SORT cn
    [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - VLV 1:1:dpelinka 2964:11852 (0)
    [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    When the same search is run by an admin user, nentires=3.
    Here is the test ldapsearch:
    ldapsearch -h vmpt1 -p 389 -D "uid=299899598658566,ou=People,o=pcc.edu,o=cp" -w {password} \
    -b "ou=People,o=pcc.edu,o=cp" -x -s "sub" -S "cn" \
    -G "1:1:dpelinka" "pdsRole=Employee" uid
    David,

    Jay,
    Here's a full set of logs. The first set is from my test search; the second from an actual OC search. I don't see anything different between the admin and non-admin except for the number of entries returned.
    ADMIN TEST SEARCH
    -bash-3.00$ ./test_vlvindex.shl
    version: 1
    dn: uid=375308679900788,ou=People,o=pcc.edu,o=cp
    uid: 375308679900788
    dn: uid=534616896694744,ou=People,o=pcc.edu,o=cp
    uid: 534616896694744
    dn: uid=506947161967075,ou=People,o=pcc.edu,o=cp
    uid: 506947161967075
    index 2973 content count 11893
    DS log-bash-3.00$ grep "conn=1964292 op=1" access
    [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
    [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SORT cn
    [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
    [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0
    NON-ADMIN TEST SEARCH
    -bash-3.00$ ./test_vlvindex.shl
    index 2973 content count 11893
    DS log-bash-3.00$ grep "conn=1973983 op=1 msgId=2" access
    [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
    [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SORT cn
    [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
    [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    ADMIN OC SEARCH
    -bash-3.00$ grep -i vlv access
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
    -bash-3.00$ grep "conn=1000785 op=14 msgId=15" access
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SORT cn
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - RESULT err=0 tag=101 nentries=9 etime=0
    -bash-3.00$ grep "conn=1000785 op=15" access
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SORT cn
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - RESULT err=0 tag=101 nentries=11 etime=0
    -bash-3.00$ grep "conn=1000785 op=16 msgId=17" access
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SORT cn
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
    [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - RESULT err=0 tag=101 nentries=18 etime=0
    NON-ADMIN OC SEARCH
    -bash-3.00$ grep -i vlv access
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
    -bash-3.00$ grep "conn=2220710 op=1" access
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="cn mail uid objectClass"
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SORT cn
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
    -bash-3.00$ grep "conn=2220710 op=2" access.20080107-171147
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SORT cn
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
    [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
    -bash-3.00$
    David.

  • Outlook Connector error when UWC with WindowsDesktopSSO enabled

    Dear all,
    we use JES4 with current OutllookConnector. We want to use AccessManagers WindowsDesktopSSO as
    company-wide SSO solution. We played around and everything worked quite fine regarding web-based SSO.
    But we do encounter a big issue by running current Outlook Connector versions:
    After Outlook was stared we do get a Error Window regarding "unable to connect to addressbook server"
    followed by the correct URL to our UWC and 2 inputfields for username and password.
    It does not matter if we do enter correct credentials or not, this error message appears as long as
    we don't press "Cancel".
    When pressing Cancel we still have full Outlook functionality even our personal addressbooks are available
    (which is the onyl component uwc is used for, due to global addressbook is provided by ldap connects).
    We dont get any log entries within AM (even if debug is enabled) or webserver logs.
    Did anybody had some similar issues ?
    What makes this issue really strange is that not all our users do get this error. But these users
    are using the exact same version of windows/outlook/outlook-connector etc. And all users
    share the same internet explorer setting (deployed by group policies). All users can access our
    UWC via WindowsDesktopSSO without any problems.
    I am out of ideas, so propably you could provide me with new ones ?
    Many thanks in advance
    cheers
    joerg

    Hi and welcome to the forums!
    Here is an article on how to resolve the problem.
    Thanks,
    Bifocals
    http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15294&sliceId=SAL_Pub...
    Click Accept as Solution for posts that have solved your issue(s)!
    Be sure to click Like! for those who have helped you.
    Install BlackBerry Protect it's a free application designed to help find your lost BlackBerry smartphone, and keep the information on it secure.

Maybe you are looking for