[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Outlook Express/Address Book certificate question

To: "'Pete Palmer'" <pete.palmer@visionshareinc.com>, openldap-software@OpenLDAP.org
Subject: AW: Outlook Express/Address Book certificate question
From: "Wald, Matthias" <Matthias.Wald@atm-computer.de>
Date: Fri, 4 May 2001 09:28:43 +0200

Hi Pete,

generaly the email address in the certificate field SAN
(subject alternativ name) should be the same like the
email address in the directory record. You have to control
this equality. I am wondering why you are able to insert
a userCertificate attribute without the strongAuthenticationUser
objectclass. The normal case is that for a userCertificate you
must have strongAuthenticationUser!

Ciao!
Matthias


> -----Ursprüngliche Nachricht-----
> Von:	Pete Palmer [SMTP:pete.palmer@visionshareinc.com]
> Gesendet am:	Freitag, 4. Mai 2001 00:45
> An:	openldap-software@OpenLDAP.org
> Betreff:	Outlook Express/Address Book certificate question
> 
> 
> I'm having some trouble getting Outlook Express' Address book  to
> automatically associate the certificate for a given user that was
> retrieved from my OpenLDAP directory (inetOrgPerson object).
> 
> It does the look up O.K., finds the user profile details, but doesn't
> associate the cert it finds with the e-mail address.  I've attached the
> LDIF for this record for reference.
> 
> Here is the play-by-play:
> 
> I open Outlook Express, go to Address Book, select Find People, select
> my OpenLDAP server's name in the Look In box.
> 
> I search on my name, Pete, and it finds my inetOrgPerson record.
> 
> I highlight my name, click Properties, and underneath the Digital IDs
> tab it has pete.palmer@visionshareinc.com selected, but no digital IDs
> associated with my email address.
> 
> Now, when I pull down the arrow and select "None- digital IDs without
> Associated E-mail addresses", voila, my certificate is there.  I can
> click on Properties see all of the certificate's details.
> 
> Question:  how do I get this certificate to be associated with my email
> address contained in the LDAP record?
> 
> Thanks.
> 
> Here is the LDIF entry
> 
> dn: cn=Pete Palmer, ou=VisionShare, o=VisionShare, c=US
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: Pete Palmer
> sn: Palmer
> givenName: Pete
> initials: PLP
> uid: petepalmer
> mail: pete.palmer@visionshareinc.com
> telephoneNumber: +1 555 555 5555
> preferredLanguage: en
> labeledURI: http://www.visionshareinc.com/
> userCertificate;binary::
> MIIFkjCCBHqgAwIBAgIBDTANBgkqhkiG9w0BAQQFADCBwjELMAkGA1UEBhMCVVMx
>  EjAQBgNVBAgTCU1pbm5lc290YTETMBEGA1UEBxMKU2FpbnQgUGF1bDEYMBYGA1UE
>  ChMPVmlzaW9uU2hhcmUgSW5jMRkwFwYDVQQLExBWaXNpb25TaGFyZSBDQSAxMSow
>  KAYDVQQDEyFWaXNpb25TaGFyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxKTAnBgkq
>  hkiG9w0BCQEWGnN1cHBvcnRAdmlzaW9uc2hhcmVpbmMuY29tMB4XDTAxMDQwNjE4
>  NTQ0MFoXDTAzMDQwNjE4NTQ0MFowgbExCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlN
>  aW5uZXNvdGExEzARBgNVBAcTClNhaW50IFBhdWwxHjAcBgNVBAoTFVZpc2lvblNo
>  YXJlIENvbW11bml0eTEUMBIGA1UECxMLVmlzaW9uU2hhcmUxFDASBgNVBAMTC1Bl
>  dGUgUGFsbWVyMS0wKwYJKoZIhvcNAQkBFh5wZXRlLnBhbG1lckB2aXNpb25zaGFy
>  ZWluYy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMy5rU/LKxSloG9x
>  /3lM9UMYCZdOC3FvlyHSzuuNB1q4PiOqJvGmRMxSmcHXTdG6gNDi6kvOMrE76TJx
>  pbhhEX+GPk7jmXCNp26foUqbvJ7hNjAE7GDljNFjLxYajI3p2sgP/uN7qJedT+XU
>  VJWV5GEtrsjKphJdRES8vx9/caL1AgMBAAGjggIkMIICIDAJBgNVHRMEAjAAMBEG
>  CWCGSAGG+EIBAQQEAwIE8DALBgNVHQ8EBAMCBeAwMAYJYIZIAYb4QgENBCMWIVZp
>  c2lvblNoYXJlIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUa8zeM0mx
>  dm1vVhDdiA8PyTnYPL4wge8GA1UdIwSB5zCB5IAUJXoTCO3csp7mFm1UhUXIbBO5
>  BnChgcikgcUwgcIxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlNaW5uZXNvdGExEzAR
>  BgNVBAcTClNhaW50IFBhdWwxGDAWBgNVBAoTD1Zpc2lvblNoYXJlIEluYzEZMBcG
>  A1UECxMQVmlzaW9uU2hhcmUgQ0EgMTEqMCgGA1UEAxMhVmlzaW9uU2hhcmUgQ2Vy
>  dGlmaWNhdGUgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QHZpc2lv
>  bnNoYXJlaW5jLmNvbYIBADA+BglghkgBhvhCAQQEMRYvaHR0cHM6Ly91c2Vycy52
>  aXNpb25zaGFyZWluYy5jb20vY2dpLWJpbi9nZXRjcmwwPgYJYIZIAYb4QgEDBDEW
>  L2h0dHBzOi8vdXNlcnMudmlzaW9uc2hhcmVpbmMuY29tL2NnaS1iaW4vZ2V0Y3Js
>  MDAGCWCGSAGG+EIBBwQjFiFodHRwczovL3VzZXJzLnZpc2lvbnNoYXJlaW5jLmNv
>  bS8wDQYJKoZIhvcNAQEEBQADggEBADtdqN4FXPD98vt0ndMdYpDjLDrWlB5R0WMe
>  N/SXGoPQ8feTARvFsg/0Lk5IcG1SGzQ050UqyUoDwJ01wvekZiv00EN2wp5ythM5
>  hyhwg1dC6GkA0bwboK17pMD61LSKppcMzxLcmQ8p/6d0Y5uuAeFV4Rp3PS/Dl4Pa
>  Kkkn/9wsPljckQYWDCwohrEGfqpMlFwbLnzsW4gatHkmrq1IZuNlET/BDYdPgGU6
>  fOLuBuq3LVR9HceZBIuQvxnG7xhYflctxLep4Va9ZKootfriOYFaCYFBWnkcvSLi
>  RBCFnIWz5nlzKrtZAvbJmkVa/9iQnqskRnm9zq6XTkwc58SaOgQ=
> 
> 
> 
> 
>

Prev by Date: AW: ldapsearch on Exchange
Next by Date: Re: Object class violation
Index(es):
- Chronological
- Thread