• BlackBerry® Enterprise Server software version 4.0 and later
• Microsoft® Exchange
• Microsoft® Active Directory®

• LDAP reduces the load on the Messaging Application Programming Interface (MAPI) subsystem, especially where the MAPI subsystem is saturated.
• LDAP uses cleaner and more efficient queries.
• BlackBerry Enterprise Server receives LDAP attributes rather than MAPI attributes, which require reduced data transfer and are thus more efficient.

How LDAP works with BlackBerry Enterprise Server:

• LDAP affects the ResolveProxy and ScanGAL functions when implemented.
• LDAP does not have a Global Catalog (GC) referral mechanism, which Microsoft Exchange uses with MAPI.
• Name resolution and user discovery occurs through LDAP and its direct communication with Microsoft Active Directory, rather than resolution requests from the BlackBerry Enterprise Server being proxied through Microsoft Exchange when MAPI performs this function.
• When using MAPI for resolution and user discovery, the BlackBerry Enterprise Server sends requests to Microsoft Exchange, which then sends the request to Microsoft Active Directory. When using LDAP for resolution and user discovery, the BlackBerry Enterprise Server sends requests directly to Microsoft Active Directory for a response.
• The LDAP failover is not initiated for failed searches, but rather for failed attempts to contact a host in the LDAPDomain sequence.
• If no hosts are specified in LDAPDomain, a blank BaseDN query is performed, and when an LDAP server is identified, it is used for the next query.
• If every attempt to resolve a user through LDAP fails, the BlackBerry Enterprise Server is designed to switch to MAPI to continue efforts to resolve the user.

Failover support when using LDAP:

To configure failover support, leave spaces between host names in the LDAPDomain key. The BlackBerry Enterprise Server will fail over to the listed hosts in the order they appear.
When specifying multiple hosts, use the following syntax:

<hostname> <hostname> <hostname> <hostname>

If a specific port is required for each host, use the following syntax:

<host;port> <host;port> <host;port> <host;port>

Note: If the LDAPDomain key is implemented without specifying hosts, the BlackBerry Enterprise Server is designed to search locally for an LDAP server.

Quantifying what work is being offloaded to LDAP:

• The functions that are occurring through LDAP rather than MAPI are not expected to be very significant.
• The BlackBerry Enterprise Server ScanGAL component will still initiate with the same frequency as before the LDAP implementation; the requests and results are simply going through LDAP rather than MAPI.
• The amount of load on LDAP will depend upon user activities.
• You can run this configuration in a pilot environment before implementing the change in your live environment.

The available LDAP registry keys:

• LDAPDomain - The LDAPDomain entry configures the BlackBerry Enterprise Server to use a specific domain when performing LDAP searches.
• LDAPSearch - The LDAPSearch entry is used for address resolution only.
• LDAPport - The LDAPport entry configures the BlackBerry Enterprise Server to use a specific LDAP port for searches.
• LDAPssl - The LDAPssl entry enables the use of LDAP over Secure Sockets Layer (SSL) for searches or lookups.
• LDAPALPSearch - The LDAPALPSearch entry is used for address lookups from the BlackBerry smartphone.

Please refer to KB03193 for more information on how to implement these keys.

LDAP queries are Microsoft Active Directory queries that the BlackBerry Enterprise Server makes directly instead of passing them through Microsoft Exchange. Thus, it may put some extra stress on Microsoft Active Directory, depending on network environment factors such as user activity, time of day, network bandwidth, slower wide area network (WAN) queries, etc. Before implementing LDAP in a live environment, consider creating a test environment to gather information on potential system loads.