XADM: Attributes Not Available to LDAP Users with Admin Rights

ID: Q196491


The information in this article applies to:
  • Microsoft Exchange Server, version 5.5


SYMPTOMS

If you configure the Attributes tab in the properties for the DS Site Configuration object so that some attributes are not available to authenticated Lightweight Directory Access Protocol (LDAP) requests, you are not able to access those attributes even if you log on with a user account that has Admin or View Only Admin rights. If you attempt to perform an LDAP operation (such as a search or compare operation) that uses these attributes, the operation fails. Note that this also applies to LDAP programs with permissions that are equivalent to Admin or View Only Admin rights.


CAUSE

When processing LDAP requests, the directory service does not distinguish between authenticated users that have Admin or View Only Admin rights and authenticated users that do not have these rights. If the DS Site Configuration object is configured so that some attributes are not available to authenticated LDAP requests, no authenticated users are able to access those attributes.


RESOLUTION

To resolve this problem, obtain the latest service pack for Exchange Server version 5.5. For more information, please see the following article in the Microsoft Knowledge Base:

Q191014 XGEN: How to Obtain the Latest Exchange Server 5.5 Service Pack

The English version of this fix should have the following file attributes or later:
Component: Directory Service

   File Name     Version
   ------------------------
   Dsamain.exe   5.5.2419.0 


STATUS

Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 5.5.

Keywords : exc55sp2fix
Version : WinNT:5.5
Platform : winnt
Issue type : kbbug


Last Reviewed: May 3, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.