Huh, I’m in Walter’s boat. Natively joined Macs, Contacts configured with connection to GAL, Exchange 2010 (not sure on SP level). I’ve never seen Contacts or Mail able to grab certs along with contacts or addressing. Maybe there’s something unique about Lee’s
exchange?
Lee, on your AD schema, is the user’s certificate stored in the value “UserCertificate”?
You can test by going to Directory Utility > Directory Editor > Search Users for yourself, scroll through the attributes on the right for your cert.
--
Paul Campbell | Senior Macintosh Systems Administrator
ASRC Federal Research and Technology Solutions
NASA Ames Research Center
Moffett Field, CA 94035
email@hidden
W: 650.604.4014 | F: 650.604.3323
ASRC Federal | Customer-Focused. Operationally Excellent.
On Jul 24, 2015, at 9:36 AM, Neely, Lee < email@hidden> wrote:
Natively joined to AD.
Is your Mac joined to AD natively through OS X or through are you using a third-party product like Thursby or Centrify?
My experience is that OS X 10.10 and below natively joined to AD does not find certs in the GAL.
Not disputing your experience. Just conveying my own.
On Jul 24, 2015, at 11:51 AM, Neely, Lee < email@hidden> wrote:
1) We’re
using 10.10, 10.9
What is your setup like that works? What version of the OS / exchange, etc.? Is the Mac joined on the windows domain or only Mail is configured with exchange?
On Jul 23, 2015, at 2:10 PM, Neely, Lee < email@hidden> wrote:
Apple Mail will retrieve certificates from the GAL. I’ve tested and it works.
What it won’t do is retrieve them from other directory services, even if other products, say Outlook 2011, can/do.
On Jul 23, 2015, at 3:59 PM, VaibhaV Sharma <email@hidden>
wrote:
The other aspect is how this would work from outside a secure network if only activesync (https) port is reachable from the client. On OS X, it does a ldap lookup but I don’t remember
if keychain on iOS was able to follow activesync or required ldap access.
Activesync provides protocol exchanges for getting certificates from the GAL. Sounds like Apple just doesn’t use them.
Thursby Software Systems, Inc.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do
not post admin requests to the list. They will be ignored.
Fed-talk
mailing list (email@hidden)
Help/Unsubscribe/Update
your Subscription:
This
email sent to email@hidden
|