Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection

LinkBack Thread Tools Display Modes
KB15951 - What are the benefits and disadvantages of LDAP in a BES environment
  #1 (permalink)  
Old 08-16-2009, 06:47 PM
hdawg's Avatar
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default KB15951 - What are the benefits and disadvantages of LDAP in a BES environment

KB15951 - What are the benefits and disadvantages of LDAP in a BlackBerry Enterprise Server environment


  • BlackBerry® Enterprise Server software version 4.0 and later
  • Microsoft® Exchange
  • Microsoft® Active Directory®


This article is a high-level overview of the pros and cons of using Lightweight Directory Access Protocol (LDAP) for address lookup functionality with BlackBerry® Enterprise Server for Microsoft® Exchange. It also includes information on how LDAP works in the BlackBerry Enterprise Server environment, how to configure certain options, and a list of available registry keys.
Benefits of using LDAP:
  • LDAP reduces the load on the Messaging Application Programming Interface (MAPI) subsystem, especially where the MAPI subsystem is saturated.
  • LDAP uses cleaner and more efficient queries.
  • BlackBerry Enterprise Server receives LDAP attributes rather than MAPI attributes, which require reduced data transfer and are thus more efficient.
How LDAP works with BlackBerry Enterprise Server:
  • LDAP affects the ResolveProxy and ScanGAL functions when implemented.
  • LDAP does not have a Global Catalog (GC) referral mechanism, which Microsoft Exchange uses with MAPI.
  • Name resolution and user discovery occurs through LDAP and its direct communication with Microsoft Active Directory, rather than resolution requests from the BlackBerry Enterprise Server being proxied through Microsoft Exchange when MAPI performs this function.
  • When using MAPI for resolution and user discovery, the BlackBerry Enterprise Server sends requests to Microsoft Exchange, which then sends the request to Microsoft Active Directory. When using LDAP for resolution and user discovery, the BlackBerry Enterprise Server sends requests directly to Microsoft Active Directory for a response.
  • The LDAP failover is not initiated for failed searches, but rather for failed attempts to contact a host in the LDAPDomain sequence.
  • If no hosts are specified in LDAPDomain, a blank BaseDN query is performed, and when an LDAP server is identified, it is used for the next query.
  • If every attempt to resolve a user through LDAP fails, the BlackBerry Enterprise Server is designed to switch to MAPI to continue efforts to resolve the user.
Failover support when using LDAP:
To configure failover support, leave spaces between host names in the LDAPDomain key. The BlackBerry Enterprise Server will fail over to the listed hosts in the order they appear.
When specifying multiple hosts, use the following syntax:
<hostname> <hostname> <hostname> <hostname>
If a specific port is required for each host, use the following syntax:
<host;port> <host;port> <host;port> <host;port>
Note: If the LDAPDomain key is implemented without specifying hosts, the BlackBerry Enterprise Server is designed to search locally for an LDAP server.
Quantifying what work is being offloaded to LDAP:
  • The functions that are occurring through LDAP rather than MAPI are not expected to be very significant.
  • The BlackBerry Enterprise Server ScanGAL component will still initiate with the same frequency as before the LDAP implementation; the requests and results are simply going through LDAP rather than MAPI.
  • The amount of load on LDAP will depend upon user activities.
  • You can run this configuration in a pilot environment before implementing the change in your live environment.
The available LDAP registry keys:
  • LDAPDomain - The LDAPDomain entry configures the BlackBerry Enterprise Server to use a specific domain when performing LDAP searches.
  • LDAPSearch - The LDAPSearch entry is used for address resolution only.
  • LDAPport - The LDAPport entry configures the BlackBerry Enterprise Server to use a specific LDAP port for searches.
  • LDAPssl - The LDAPssl entry enables the use of LDAP over Secure Sockets Layer (SSL) for searches or lookups.
  • LDAPALPSearch - The LDAPALPSearch entry is used for address lookups from the BlackBerry smartphone.
Please refer to KB03193 for more information on how to implement these keys.
Disadvantages of using LDAP:
LDAP queries are Microsoft Active Directory queries that the BlackBerry Enterprise Server makes directly instead of passing them through Microsoft Exchange. Thus, it may put some extra stress on Microsoft Active Directory, depending on network environment factors such as user activity, time of day, network bandwidth, slower wide area network (WAN) queries, etc. Before implementing LDAP in a live environment, consider creating a test environment to gather information on potential system loads.
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
KB03193 - Configure LDAP for the BlackBerry Enterprise Server Si Featured BlackBerry KB Articles 3 10-19-2009 01:17 PM
KB05174 - LDAP address lookup hdawg Featured BlackBerry KB Articles 0 08-16-2009 06:47 PM
BAS and LDAP / AD Auth nothin2seehere Port 3101: The BES Admin Bar & Grill 8 08-07-2009 12:21 PM
KB18197 - "Error writing to Database" message occurs after the LDAP portion of setup hdawg Featured BlackBerry KB Articles 0 05-26-2009 01:34 PM
KB15825 - Error Connecting to LDAP Server hdawg Featured BlackBerry KB Articles 0 01-22-2009 07:13 PM

All times are GMT -4. The time now is 05:16 PM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


SEO by vBSEO 3.3.2 PL2