I live  in canada , so I dont have problem to download  this software, But we have already installed MS active  Directory and we are using that.

1- why do I need to install  this software? what are benefits of switching to penLDAP ?

2- I could access to AD and I could list users in each department . but I dont know how to fetch their emails? I am getting errors when I use any string  filter .It means I am just able to list not search(doesnt make sense to me either)

3- How can I know which kind of microsoft active directory  I am using?

I'm so happy because my info. was usefull. you asked
me 3 questions and I try  to answer  them respectively.

1. as I mentioned in my prevous mail, openLDAP is an
open source, so you shouldnt pay. another benefit is,
it is a lightweight directory, it needs almost 20MB
disk and over 3MB memory space. In addition, it
installs easily. Furthermore, you can add and modify
its schemas easitly.also, backup and recovery is fast
and easy(slapcat).the most important point is, it
works on every platforms(windows, linux,...) and it
can work on home edition version  of windows. general
speaking it is light, fast, free and secure. However,
it doesnt support RDN(Relative Distingush Name)and in
comparision with AD, ACL configuration is not so easy
in openLDAP.

2. I dont understand it exactly, could you plz, give
me more details about it. you can conn. to AC with
JNDI or via its browser? and can you list your users
by using JNDI? if you remember, I wrote in my last
mail a search  class(SearchFilter), it fetchs all of
info.; please mail me your codes.
may be below link can help you:
forum.java.sun.com/thread.jspa

3. I'm not sure because I'm not expert in MSAC and I
can help you a little. in AC you can see windows
authenticate window, but ADAM(App. mode) dosent have
this one. you can find  good info. on this site:
www.microsoft.com/windowsserver2003/
technologies/directory/activedirectory

- unfortunatly, I couldnt import data from AD to
openLDAP, owing to deferences of their schemas.if
anyone know anythings about it plz tell me.

I should say about filtering in directories  briefly,
they use Polish(prefix) algorithm to filter  their
data. for example if you want to find  a person with
this DN: cn=button, o=x.org
(it is a serialazable object)or ou=developers, o=x.org
you have to write:

...

Name compoundName = parser.parse("");
String filter = "(|(ou=dev*)(cn=button))";

You don't add groups to users, you add users (or groups, or computers ..) to groups !

One of the attributes of a user object is "memberOf" and conversely one of the attributes of a group is "member"

memberOf is not a "real" attribute per se, meaning that it is read only, it contains "links" to groups and that it is constructed from all the groups that the user is a member of in that domain.

The reason why it has links to groups is to ensure referential integrity Eg. if you delete, rename or move a user, the group's membership is correctly maintained.

it is read-only, and if you attempt to modify it's values you wil get a ldap  Error of the form:
javax.naming.OperationNotSupportedException: [LDAP: error code  53 - 0000209A: SvcErr: DSID-031A0DD1, problem 5003 (WILL_NOT_PERFORM),data 0];

One other phenonema is that the user's membership only reflects the groups that are known on the domain controller that is being queried. In a multi-domain or multi-forest environment, a domain controller will only have knowledge of groups in it's own domain.

If the domain controller is a Global Catalog, it will have knowledge of all groups in the forest so it will reflect the list of groups in the forest that a user is a member of.

This is a slight simplification, with Windows Server 2003, branch office scenarios enable caching of group memberships without the need for a global catalog. (Me thinks a description of the Global Catalog is a future forum topic).

Therefore viewing a user's memberOf attribute may not reveal the full list of groups that a user is a member of. In addition, memberOf does not contain the user's Primary Group membership, nor does it reflect groups in other forests that the user may belong to.

The following code demonstrates viewing a user's memberOf attribute

import java.util.Hashtable; 
import javax.naming.*; 
import javax.naming.ldap.*; 
import javax.naming.directory.*; 

public class  memberof    { 
    public  static void  main (String[] args)    { 

        Hashtable env  = new Hashtable(); 
        String adminName = "CN=Administrator,CN=Users,DC=ANTIPODES,DC=COM"; 
        String adminPassword = "XXXXXXX"; 
        String ldapURL = "ldap://mydc.antipodes.com:389"; 
        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); 
        //set security credentials, note using simple cleartext authentication 
        env.put(Context.SECURITY_AUTHENTICATION,"simple"); 
        env.put(Context.SECURITY_PRINCIPAL,adminName); 
        env.put(Context.SECURITY_CREDENTIALS,adminPassword); 

        //connect to my domain controller 
        env.put(Context.PROVIDER_URL,ldapURL); 

        try  { 

            //Create the initial directory  context 
            LdapContext ctx = new InitialLdapContext(env,null); 

            //Create the search  controls          
            SearchControls searchCtls = new SearchControls(); 

            //Specify the search scope 
            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); 

            //specify the LDAP search filter  
            String searchFilter = "(&(objectClass=user)(CN=Andrew Anderson))"; 

            //Specify the Base for the search 
            String searchBase = "DC=antipodes,DC=com"; 

            //initialize counter to total the group members 
            int totalResults = 0; 

            //Specify the attributes to return 
            String returnedAtts[]={"memberOf"}; 
            searchCtls.setReturningAttributes(returnedAtts); 

            //Search for objects using the filter 
            NamingEnumeration answer  = ctx.search(searchBase, searchFilter, searchCtls); 

            //Loop through the search results 
            while (answer.hasMoreElements()) { 
                SearchResult sr = (SearchResult)answer.next(); 

                System.out.println(">>>" + sr.getName()); 

                //Print out the groups 

                Attributes attrs = sr.getAttributes(); 
                if (attrs != null) { 

                    try { 
                        for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) { 
                            Attribute attr = (Attribute)ae.next(); 
                            System.out.println("Attribute: " + attr.getID()); 
                            for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) { 

                                System.out.println(" " +  totalResults + ". " +  e.next()); 
                            } 

                        } 

                    }      
                    catch  (NamingException e)    { 
                        System.err.println("Problem listing membership: " + e); 
                    } 

                } 
            } 

            System.out.println("Total groups: " + totalResults); 
            ctx.close(); 

        }  

        catch (NamingException e) { 
            System.err.println("Problem searching directory: " + e); 
               } 
    } 
}  

//Specify the search scope 
searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE); 

//specify the LDAP search filter 
String searchFilter = "(objectClass=user)"; 

//Specify the Base for the search 
String searchBase = "CN=Andrew Anderson,OU=Research,DC=antipodes,DC=com";