RE: Exchange Server 2003 user list

  • From: John Mason <John.Mason.Jr@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 16 Feb 2004 15:13:20 -0500

> Thanks!  very useful.  That also leads me to another LDAP 
> question (which I posted as few days ago).  How do you 
> prevent "everybody" from running LDAP queries on your server?
> For example, I have multiple domain names on my exchange 
> server, each one being a separate, independent company.  It 
> seems all I need is a valid user account on my exchange 
> server (like any of the users) and I can run LDAP queries to 
> list out the entire user names and email addresses etc. There 
> has to be a way to prevent that!  I just did that with SmartR 
> and it's scary.
> PS:  Please excuse my ignorance on LDAP, I am still learning :-)

Well is no other workstation needs LDAP then only allow connections from
your workstation.
I looked on my exchange 5.5 box and don't see a method to limit the query to
a domain.
I do see the ability to set the search base in Outlook XP.

My guess would be that the permissions need to be set within AD itself, but
I don't have a place to test the theory.

As a side note you may need to use cn=admin to identify your login if you
need to return objects that are hidden.



Other related posts: