[Fed-Talk] Re: Fed-talk Digest, Vol 6, Issue 221
[Fed-Talk] Re: Fed-talk Digest, Vol 6, Issue 221
- Subject: [Fed-Talk] Re: Fed-talk Digest, Vol 6, Issue 221
- From: "Daniel S. Hoit" <email@hidden>
- Date: Thu, 3 Sep 2009 15:38:47 -0700
On my 10.6 test box bound to AD, I can select DS in KA, type an email address, and see the cert. It only works with the complete email address though, and you get no hits for partial matches. Trying on a machine not bound to AD, setup with an LDAP connection, I couldn't make it work. It could be the port/security settings need to be fine tuned, or it could be that it just doesn't work. Can you bind to AD, but not use it for authentication? That should enable you to use the computer account to connect to the DS. --DH Date: September 1, 2009 11:13:30 AM PDT
Subject: [Fed-Talk] Searching AD for certs in 10.6 *without* binding the Mac to AD?
I saw the thread over the past few days about 10.6 allowing Macs bound to an AD to now search the directory for email certificates -- does anyone know if it's now possible in 10.6 to search an AD for certs *without* binding to the AD?
I've tried to use Directory Utility to set up the AD as a source (both as an Active Directory source and an LDAP3 source), and I've entered my authentication credentials to allow pre-binding to the AD in order to search it, but I can't seem to get Keychain Utility to ever return anything from the "Directory Services" keychain.
Will searching an LDAP data store for certificates only work if the machine itself is authenticated against the store?
Jason
Daniel S. Hoit Lawrence Livermore National Laboratory phone: 925-424-5256 |
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden