This excerpt from the admin help database explains how LDAP is expected to work. btw… I agree it would be nice to be able to browse an LDAP directory…
“To enable Notes users to address mail easily to users registered in a remote LDAP directory, you can set up directory assistance for the directory on the users’ mail servers or directory servers. Then, a Notes user can press F9 to resolve an address for a name from the LDAP directory entered in an addressing field of a Notes message. If the user doesn’t resolve the address, either the Notes client uses directory assistance to resolve the address when the user sends the mail or, if the client doesn’t resolve the address, the Router uses directory assistance to resolve the address. A Notes client doesn’t use type-ahead addressing to find names in a remote LDAP directory, and Notes users can’t use the “Select Addresses” dialog box to browse and select names from a remote LDAP directory.”
If you want the LDAP address book to appear for all your end users’ Notes clients, you CAN do it… but the solution to the problem is client-side, not server-side.
Reference “LDAP Account Record” in the documentation. Once you’ve created one of those that you’d like every client to have, you can push your copy down to all the end users via a Domino policy.
This excerpt from the admin help database explains how LDAP is expected to work. btw… I agree it would be nice to be able to browse an LDAP directory…
“To enable Notes users to address mail easily to users registered in a remote LDAP directory, you can set up directory assistance for the directory on the users’ mail servers or directory servers. Then, a Notes user can press F9 to resolve an address for a name from the LDAP directory entered in an addressing field of a Notes message. If the user doesn’t resolve the address, either the Notes client uses directory assistance to resolve the address when the user sends the mail or, if the client doesn’t resolve the address, the Router uses directory assistance to resolve the address. A Notes client doesn’t use type-ahead addressing to find names in a remote LDAP directory, and Notes users can’t use the “Select Addresses” dialog box to browse and select names from a remote LDAP directory.”
Thanks for citing the excerpt. This slide from the ID107: Getting Started With Active Directory Integration presentation that Josh and I are giving at Lotusphere next week summarizes what you can and cannot do with DA-LDAP (the last column is labelled “Name in LDAP secondary (e.g., AD)”).
Having browse capability going through your Domino server to the LDAP server would be rather expensive.
As an alternative, you can configure the Notes clients go directly to the LDAP servers (don’t overlook its desktop policies section) …
We authenticate all of our web applications against LDAP and as it is very frustrating for us when entering LDAP accounts into Domino groups, too great a possibility for fat fingering account info, we are currently working on a server-side solution that would allow you to include LDAP accounts via the address dialog box. It is designed primarily for admins to perform group maintenance on the hub (or any) server but it sounds like there are environments out there where it might be deployed throughout a domain. Our management will probably make this a salable shrinkwrap once we have it fully tested and packaged but we would probably be interested in some beta users when we reach the final stages of testing if anyone would be interested in that.