Administration Guide

Local Navigation

Configuring the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data

By default, when BlackBerry® device users search for recipients' email addresses or organizer data, the BlackBerry® Enterprise Server uses MAPI to connect to the Microsoft® Exchange Server and retrieve the email addresses or organizer data that is stored in Microsoft® Active Directory®. You can configure the BlackBerry Enterprise Server to use LDAP to connect to Microsoft Active Directory directly to retrieve email addresses, organizer data, or both.

When you configure the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data, you help reduce the MAPI connections that the BlackBerry Enterprise Server requires which helps improve the performance of the BlackBerry Enterprise Server and Microsoft Exchange Server. In a Microsoft® Exchange 2010 environment, if you configure the BlackBerry Enterprise Server to use LDAP, you cannot migrate users to different forests.

If you configure Hosted BlackBerry® services, you must configure the BlackBerry Enterprise Server to use LDAP to retrieve email addresses.

You can configure the following options when you configure the BlackBerry Enterprise Server to use LDAP to retrieve email addresses and organizer data:
  • Windows® domain that the Microsoft Active Directory uses
  • whether to use LDAPS to connect to Microsoft Active Directory
  • timeout value for the connection to Microsoft Active Directory
  • which contacts the BlackBerry Enterprise Server cannot retrieve, if required
  • whether to support a Microsoft Active Directory that you configured for multi-tenancy, if required
  • custom field to use to resolve email addresses for Hosted BlackBerry services, if required
  • baseDN of the Microsoft Active Directory tree, if required

Configure the BlackBerry Enterprise Server to connect to Microsoft Active Directory

  1. On the computer that hosts the BlackBerry® Enterprise Server, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. If your organization’s environment includes multiple Windows domains, perform the following actions:
    1. Create a String value named LDAPDomain.
    2. Change the value to the FQDN of the global catalog server and the port number that the BlackBerry Enterprise Server can use to resolve the DNS name of Microsoft® Active Directory®, using the following format: <FQDN_of_GC>:<port>. If the BlackBerry Enterprise Server must connect to multiple global catalog servers for DNS name resolution, specify all of them as the value, using the following format: <FQDN_of_GC1>:<port> <FQDN_of_GC2>:<Port> <FQDN_of_GC3>:<port>. Separate multiple entries using spaces.

      Optionally, if you do not want to configure a limited list of global catalog servers, set the value to a domain name, and the port number to the global catalog server (for example, example.com:3268).

  5. If the BlackBerry Enterprise Server must use a specific port to connect to Microsoft Active Directory and you did not specify the port number in the LDAPDomain string, perform the following actions:
    1. Create a DWORD value named LDAPport.
    2. Change the value to the port number. To limit the number of LDAP queries that the BlackBerry Enterprise Server needs, use the port number of the global catalog server (port 3268).
  6. If the BlackBerry Enterprise Server must use LDAPS to connect to the Microsoft Active Directory, perform the following actions:
    1. Create a DWORD value named LDAPssl.
    2. Change the value to 1.
  7. To change the amount of time that the BlackBerry Enterprise Server waits for a response from Microsoft Active Directory before the connection times out (by default, 10 seconds), perform the following actions:
    1. Create a DWORD value named LDAPTimeout.
    2. Change the value to the timeout period, in seconds, that your organization requires.
  8. In the Windows Services, restart the BlackBerry Controller.
Back To Top

Configure the BlackBerry Enterprise Server to retrieve email addresses and organizer data using LDAP

  1. On the computer that hosts the BlackBerry® Enterprise Server, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. Create a DWORD value named LDAPSearch.
  5. Change the value to 1.
  6. To configure the BlackBerry Enterprise Server to resolve email addresses using LDAP, perform the following actions:
    1. Create a DWORD value named LDAPALPSearch.
    2. Change the value to 1.
  7. To configure the BlackBerry Enterprise Server to resolve organizer data using LDAP, perform the following actions:
    1. Create a DWORD value named LDAPPIMSearch.
    2. Change the value to 1.
  8. In the Windows Services, restart the BlackBerry Controller.
Back To Top

Prevent the BlackBerry Enterprise Server from retrieving contact information for specific users

If you are required by your organization to prevent BlackBerry® device users from finding contact information for specific users, you can specify a list of users that you want to prevent BlackBerry device users from finding contact information for or you can filter users using an attribute in Microsoft® Active Directory®.
Before you begin:
  • Configure the BlackBerry® Enterprise Server to resolve email addresses and organizer data information using LDAP.
  • If you want to filter users using an attribute, choose an attribute in Microsoft Active Directory such as Mail or any of the extensionAttributes (extensionAttribute1 through extensionAttribute15). You can use the Active Directory Users and Computers console to change the value for the attribute to HideFromBlackBerry for all users that you do not want BlackBerry device users to find.
  1. On the computer that hosts the BlackBerry Enterprise Server, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. Create a String value named LDAPALPObjectCategory.
  5. Change the value to one of the following options:
    • If your organization uses Microsoft® Exchange 2007 or Microsoft Exchange 2010, use msExchDynamicDistributionList,Group,Person))(!(<attribute>=HideFromBlackBerry, where <attribute> is the name of the attribute that you want to filter (for example, extensionAttribute1).
    • If your organization uses earlier versions of Microsoft Exchange, use Group,Person))(!(<attribute>=HideFromBlackBerry, where <attribute> is the name of the attribute that you want to filter (for example, extensionAttribute1).

    You can use an asterisk (*) as a wildcard.

  6. In the Windows Services, restart the BlackBerry Controller.
Back To Top

Restrict the location in Microsoft Active Directory that the BlackBerry Enterprise Server can retrieve email addresses and organizer data from

You can configure a BlackBerry® Enterprise Server instance so that it searches for email addresses and organizer data only in a specified BaseDN in Microsoft® Active Directory®.
  1. On the computer that hosts the BlackBerry Enterprise Server, click Start > Run.
  2. Type regedit. Click OK.
  3. Perform one of the following actions:
    • If you are running a 32-bit version of Windows®, navigate to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerry Enterprise Server\Agents.
    • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Research In Motion\BlackBerry Enterprise Server\Agents.
  4. Create a String value named LDAPBaseDN.
  5. Change the value to the BaseDN that you want the BlackBerry Enterprise Server to use (for example, ou=Waterloo,o=example,c=CA).
  6. In the Windows Services, restart the BlackBerry Controller.
Back To Top

Was this information helpful? Send us your comments.