[Fed-Talk] Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
[Fed-Talk] Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
- Subject: [Fed-Talk] Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
- From: "Blumenthal, Uri" <email@hidden>
- Date: Fri, 28 Aug 2009 10:15:03 -0400
- Acceptlanguage: en-US
- Thread-topic: Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
Title: Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
In Oct 2008 Shawn answered a question about certificate retrieval with the following:
By design, the “Search Directory Services for Certificates” will attempt to pull certs from any LDAP Accessible server configured on the Mac by way of the userCertificate and userSMIMECertificate attributes as you noted. Currently, there is an outstanding regression that is blocking the successful gathering/parsing of those certificates for use by services like Mail (for S/MIME). This is a regression in the LDAP DL (Data Library) component (/System/Library/Security/ldapdl.bundle) which would require a fix on Apple's end. There is no tweaking you can do on your end to make this work against any other server right now unfortunately. Enhancements would also need to be made to extend this to every DS type supported by Mac OS X.
Leaving alone what I think about it – I want to ask if this issue has been taken care of in Snow Leopard?
I.e. can I pull certs now from LDAP servers?
If not – why, and when will it work?
------------------------------------------------------
Uri Blumenthal Voice: (781) 981-1638
Information Systems Technology Fax: (781) 981-0186
MIT Lincoln Laboratory DSN: 478-5980 and ask for Lincoln ext. 1638
244 Wood Street Email: <mailto:email@hidden>
Lexington, MA 02420-9185
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden