Allowing Anonymous Access to the Corporate Directory

The Connector for Microsoft Outlook can be configured to bind using a DN and password or to bind as anonymous. To enable anonymous access to the corporate directory, add an Access Control Instruction (ACI) at the root level of the ou=people/ou=group sub-trees.

For example, if the root level is dc=red,dc=sesta,dc=com, add the following ACI:

ldapmodify -D "cn=Directory manager" 
dn: dc=red,dc=sesta,dc=com 
changetype: modify 
add: aci 
aci: (targetattr != "userPassword") 
  (version 3.0;acl "Anonymous access"; 
  allow (read,compare,search)
  (userdn = "ldap:///anyone");)

For more information about ACI issues and limitations with Connector for Microsoft Outlook see Avoiding ACI Problems with Outlook Connector

Previous: Setting up International Searches
Next: Allowing Directory Browsing