A Microsoft® Outlook or Microsoft Outlook Express user performs a search for a user or group through Lightweight Directory Access Protocol (LDAP) to the Domino® server. The user or group is not found. The Domino server was just upgraded from Release 5.x, where the exact same search did find the user or group.

This condition arises due to a change in how Domino 6 or Domino 7 processes queries that include a base DN of c=us. Some Outlook/Outlook Express clients will automatically send a base DN of c=us if none is specified. R5 would ignore this particular base dn search.
Some users may note that an LDAP lookup in the browser fails when they enter cn="First Last" in the lookup window. This is because the Domino LDAP server assumes that the name being entered is some part of the common name already and will add cn= to the lookup; therefore, no matches will be returned for cn=cn="First Last".

Note: This information also relates to the People Finder in Windows. If the People Finder is launched by typing ldap://servername/ in either a browser, Notes address bar or in the Start -> Run menu in Windows.

From the Domino 6 Administrator Help:

• In Lotus Domino 5, the LDAP service converted a search base of country ("c=xx") to root ("") by default. This conversion accommodates releases of Microsoft Outlook Express earlier than 5.5, which supply a default country search base when users do not specify a search base. In Lotus Domino 5, you can use the NOTES.INI setting LDAP_CountryCheck=1 to prevent the LDAP service from making this conversion.
  By default, the Domino 6 LDAP service does not convert a search base of country to root. Use the NOTES.INI setting LDAPPre55Outlook=1 to revert to the Domino 5 LDAP service behavior of converting a search base of country to root to accommodate releases of Microsoft Outlook Express earlier than 5.5. The LDAP_CountryCheck setting is obsolete in Lotus Domino 6.