• From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
  • Date: Tue, 22 Jul 2003 09:27:57 +0100

Comments inline...

> -----Original Message-----
> From: Magnus [mailto:magnus@xxxxxxxx] 
> Sent: 21 July 2003 18:00
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: LDAP
> Although LDAP is LDAP  Microsoft implementation of it is a 
> bit different than the open standard of LDAP.  

I'll ask again, in what *salient* manner?

MS AD is LDAP v2 and v3 compliant - I have not had any specific *LDAP*
issues accessing MS AD via other platforms.

> Specifically what is different, I would have to check, but I 
> was under the impression that there are objects in MS LDAP 
> that you cannot access or change using a different LDAP 
> client (such as UNIX's implementation of LDAP) I might be wrong.

The only difference I can think you are referring to, here, is the inetorg
thing - and that is an object / class thing, as opposed to a protocol thing.

The structure and security of the underlying directory behind the LDAP
protocol is not fully part of the spec.

I'll say again, I know of no protocol issues in accessing MS AD using pure
LDAP - and I say this with experience.

Unfounded or groundless accusations mean nothing, if they're not borne out,
or experienced in practice.

> I havent tried it myself so I couldn't give you specific 
> examples of the differences.

Then try it yourself, and then come back if you still have the same

In the meantime, accept the word of somebody doing this in the real world
(ie accessing MS AD using pure LDAP from diverse platforms), who's telling
you I've not encountered any protocol or access issues.

> In order to use DL's that are defined in an AD domain the 
> mail server would have to authenicate  to AD LDAP right?

You could either authenticate, or bind anonymously depending on the
configured security (which is outside of the spec of LDAP) in your AD.

Regardless, this is the same issue you'd have with *any* LDAP directory - I
urge you, if you truly are convinced there are such problems, then try it
for yourself, and report back.

In the meantime, I'll just say that your raised concerns are mostly
unfounded - unless you have very specific needs - and even then, they can be

I've not yet encountered *any* protocol issues with MS AD using LDAP.


This e-mail and its attachments are confidential and are intended for 
the above named recipient only. If this has come to you in error, 
please notify the sender immediately and delete this email from your
system. You must take no action based on this, nor must you copy or
disclose it or any part of its contents to any person or organisation.

Statements and opinions contained in this email may not necessarily 
represent those of Littlewoods. Please note that email communications 
may be monitored. 

The registered office of Littlewoods Limited and its  subsidiaries
is 100 Old Hall Street, Liverpool, L70 1AB. 
Registered number of Littlewoods Limited is 262152 
This weeks sponsor - IDP ServerBoss
Restrict, Manage and Control Access to your applications 
and other valuable Citrix,  Windows NT, 2000 
and 2003 Server Resources 
Useful Thin Client Computing Links are available at:

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:

Other related posts: