Port3101.org : Your BES Connection

Port3101.org : Your BES Connection (http://www.port3101.org/index.php)
-   Featured BlackBerry KB Articles (http://www.port3101.org/forumdisplay.php?f=3)
-   -   KB03193 - Configure LDAP for the BlackBerry Enterprise Server (http://www.port3101.org/showthread.php?t=18)

Si 11-27-2008 04:49 AM

KB03193 - Configure LDAP for the BlackBerry Enterprise Server
 
KB03193 - Configure LDAP for the BlackBerry Enterprise Server

Environment

<content>
  • BlackBerry® Enterprise Server version 3.5 to 5.0
  • Microsoft® Exchange
</content>
<hr class="section">
Overview

<content> The LDAPDomain, LDAPSearch, LDAPport, LDApssl, and LDAPALPSearch registry entries are used to configure the Lightweight Directory Access Protocol (LDAP) for the BlackBerry Enterprise Server. These registry entries allow the BlackBerry Enterprise Server to use LDAP instead of the default Messaging Application Programming Interface (MAPI) for specific functions.
Warning: The following procedure involves modifying the computer registry. This can cause substantial damage to the Windows® operating system. Document and back up the registry entries prior to implementing any changes.

<hr> LDAPDomain

The LDAPDomain entry configures the BlackBerry Enterprise Server to use a specific domain when performing LDAP searches.
Note: In an environment with multiple domains, the LDAPDomain key is required.
  1. Open the Registry Editor by clicking Start > Run.
  2. Type regedit and click OK.
  3. Go to the following path in the registry:
    • For BlackBerry Enterprise Server version 4.0 and later HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents
    • For BlackBerry Enterprise Server versions 3.5 and 3.6 HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Servers\<BlackBerry_Enterprise_Server_name>
  4. Create a new String Value called LDAPDomain and change the entry in the Value data field to the Global Catalog and Port that the BlackBerry Enterprise Server uses. If the BlackBerry Enterprise Server must connect to multiple Global Catalogs for name resolution, specify all of them in this value with their fully qualified domain names (FQDNs) as follows: <FQDN of Global Catalog 1>:<Port> <FQDN of Global Catalog 2>:<Port> <FQDN of Global Catalog X>:<Port>
  5. Press Enter.
<hr> LDAPSearch

The LDAPSearch entry is used for address resolution only.
  1. Go to the following path in the registry:
    • For BlackBerry Enterprise Server version 4.0 and later HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents
    • For BlackBerry Enterprise Server versions 3.5 and 3.6 HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Servers\<BlackBerry_Enterprise_Server_name>
  2. Create a new DWORD Value called LDAPSearch and change the entry in the Value data field to 1.
  3. Select the Hexadecimal option.
  4. Press Enter.
<hr> LDAPport

The LDAPport entry configures the BlackBerry Enterprise Server to use a specific LDAP port for searches.
  1. Go to the following path in the registry:
    • For BlackBerry Enterprise Server version 4.0 and later HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents
    • For BlackBerry Enterprise Server versions 3.5 and 3.6 HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Servers\<BlackBerry_Enterprise_Server_name>
  2. Create a new DWORD Value called LDAPport and change the entry in the Value data field to the specific LDAP port.
  3. Press Enter.
<hr> LDAPssl

The LDAPssl entry enables the use of LDAP over Secure Sockets Layer (SSL) for searches or lookups.
  1. Go to the following path in the registry:
    • For BlackBerry Enterprise Server version 4.0 and later Go to HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents
    • BlackBerry Enterprise Server versions 3.5 and 3.6 Go to HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Servers\<BlackBerry_Enterprise_Server_name>
  2. Create a new DWORD Value called LDAPssl and change the entry in the Value data field to 1.
  3. Select the Hexadecimal option.
  4. Press Enter.
<hr> LDAPALPSearch

The LDAPALPSearch entry is used for address lookups from the BlackBerry smartphone.
Note: This entry only applies to BlackBerry Enterprise Server software version 4.1 and later.
  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents.
  2. Create a new DWORD Value called LDAPALPSearch and change the entry in the Value data field to 1.
  3. Select the Hexadecimal option.
  4. Press Enter.
The BlackBerry Controller must be restarted before any changes will take effect.
Important: Restarting certain BlackBerry Enterprise Server services will delay email message delivery to BlackBerry smartphones. For more information, see KB04789.
</content><blackberry_enterprise_server_name><fqdn of="" global="" catalog="" 1=""><fqdn of="" global="" catalog="" 2=""><fqdn of="" global="" catalog="" x="">
<blackberry_enterprise_server_name><blackberry_enterprise_server_name><blackberry_enterprise_server_ name></blackberry_enterprise_server_name></blackberry_enterprise_server_name></blackberry_enterprise_server_name></fqdn></fqdn></fqdn></blackberry_enterprise_server_name>

hdawg 06-24-2009 10:59 AM

updated.

hdawg 09-16-2009 09:18 PM

updated

RadHaz75 10-19-2009 01:17 PM

All of our users are contained in 2 child domains under our parent domain. We ran into a problem where if LDAP settings were enabled on the BES (which is in Child A), the BES could not resolve users in Child B, even with DC enabled (port 3268).

My problem is we have a Load Balanced VIP in Child A that I need to point to (pointing to the parent domain is not an option for me). Thus I called RIM and they presented me with a key that is not really documented anywhere, "LDAPUseForestRootNamingContext"=dword:00000001. Since there is no way to specify your own SearchDN, enabling this key will force the SearchDN to start from the parent domain (DC=Domain,DC=com) as opposed to the child that it is in (DC=Child,DC=Domain,DC=com).

Just wanted to share this since this caused me a lot of frustration.


All times are GMT -4. The time now is 01:22 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.


SEO by vBSEO 3.3.2 PL2