RE: Exchange Server 2003 user list
- From: John Mason <John.Mason.Jr@xxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 16 Feb 2004 15:13:20 -0500
> Thanks! very useful. That also leads me to another LDAP
> question (which I posted as few days ago). How do you
> prevent "everybody" from running LDAP queries on your server?
>
> For example, I have multiple domain names on my exchange
> server, each one being a separate, independent company. It
> seems all I need is a valid user account on my exchange
> server (like any of the users) and I can run LDAP queries to
> list out the entire user names and email addresses etc. There
> has to be a way to prevent that! I just did that with SmartR
> and it's scary.
>
> PS: Please excuse my ignorance on LDAP, I am still learning :-)
>
Well is no other workstation needs LDAP then only allow connections from
your workstation.
I looked on my exchange 5.5 box and don't see a method to limit the query to
a domain.
I do see the ability to set the search base in Outlook XP.
My guess would be that the permissions need to be set within AD itself, but
I don't have a place to test the theory.
As a side note you may need to use cn=admin to identify your login if you
need to return objects that are hidden.
John
Other related posts:
