Re: [Fed-Talk] Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
Re: [Fed-Talk] Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
- Subject: Re: [Fed-Talk] Keychain Access (or Mail or Entourage) unable to retrieve SMIME certificates from LDAP?
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 31 Aug 2009 12:54:22 -0500
On 8/30/2009 7:16 PM, Wm. Cerniuk wrote:
And just to make sure I understand, we are talking about "joining" the
system to AD, not just the "bind" to LDAP we do with the Address Book
which allows Apple Mail to access the "GAL" functionality of AD...
Term overloading. Joining an AD domain is two steps: creating the
machine account and binding the machine to that account. Binding is
also the term used to authN to an LDAP directory as a principal (usually
identified in the directory).
The latter is not easy as it requires an AD admin to gen an object for
the system in AD (aka mod the AD OU). The former, the Address Book
"GAL" functionality is trivial as anyone can read the AD LDAP tree...
Well, not so much. Joining an AD domain typically does the machine
account creation and binding in one step. Macs do this too. And
anonymous LDAP bind is off by default in all AD after Windows 2000.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden