How To Access LDAP Directories In iPhone OS 3.0

Along with native over-the-air CalDAV and ICS support, iPhone OS 3.0 also introduces LDAP integration. Although LDAP is somewhat less common than the calendaring features, it still has a significant share of the directory market and is found in all sorts of products. Home users are unlikely to encounter it, since Google, Yahoo, MobileMe, and the like don’t use LDAP, but corporate users have long requested this feature so they could access their Microsoft Active Directory or Apple Open Directory server. Indeed, third-party applciations like LDAPeople were already providing support before iPhone OS 3.0 appeared.

Note that if you are using Exchange ActiveSync for your corporate email, the iPhone will probably already be able to search the Global Address List (GAL) without setting up LDAP. This didn’t work for me under 2.0, but now that I’m using 3.0 I can search the GAL through ActiveSync. Even if you can do this already, there may be other LDAP servers you need to access. Here’s how!

How To Set Up LDAP Access

Setting up LDAP is simple. Follow these steps:

1. On the iPhone, select “Settings”
2. Select “Mail, Contacts, Calendars”
3. Select”Add Account…” under “Accounts”
4. Select “Other” at the bottom
5. Select “Add LDAP Account”
6. Enter your LDAP Server’s name (e.f. “ldap.example.com”)
7. You will probably have to enter a user name (e.g. “sfoskett”) for “User Name” and a password for “Password”
8. Optionally modify the description
9. Select “Next” and you’re done!

Your LDAP server should now show up in the Contacts application. You can search and use addresses directly from here, but you can’t edit them or add them to the phone’s address book. LDAP addresses are also integrated into the mail, phone, and SMS apps – just start typing a name and the iPhone will query LDAP as well as any local or synced contacts!

If you have a large LDAP server, you may also have to enter a “search base” to limit the scope of your search queries. You can do this only after you have set up the LDAP account.

1. Go back to “Settings”
2. Select “Mail, Contacts, Calendars”
3. Select the LDAP account
4. Select “Add Search Settings…”
5. Enter your search base string under “Base” (e.g. “ou=people,dc=example,dc=com”)
6. Optionally enter a description
7. Select “Base”, “One Level”, or “Subtree” depending on where you want to search
8. The iPhone tries to use SSL by default. If your server doesn’t support this, it will time out and try to connect without.

You can set multiple Search Settings to allow searches in different search bases from the same LDAP server.

There are some limitations to the iPhone’s LDAP implementation, however:

1. You have to enter the search base manually rather than having it automatically filled in by the software. Cut and paste is very helpful here!
2. It doesn’t appear to support Kerberos authentication
3. You can’t browse the directory (it’s search-only) so you have to know who you’re looking for ahead of time
4. LDAP information is limited to phone numbers, a single work addresses, and a single email address

There you have it! Is anyone aware of a useful public LDAP server? I can imagine all sorts of info that would be nice to have while on the go – airline phone numbers, taxi companies, etc.