[Date Prev][Date Next] [Chronological] [Thread] [Top]

Microsoft Outlook (2011) jpegPhoto and thumbnailPhoto Suffixed With ';binary'


I am testing my tree with outlook 2011 (for mac) to see if everything
works expected. When I search a contact in address book, photo of the
user is not shown. I searched the problem and learned that outlook uses
thumbnailPhoto attribute for photos. Then, I created an outlook
compatibility schema that includes thumbnailPhoto attribute. However,
photos still not shown, at which time I started investigating the

I debugged the problem using the network analyzer and realized that
Outlook 2011 requests awkward attribute names suffixed with the word
';binary'. When searching, it requests these attributes below along with
standard ones:

- userSMIMECertificate;binary
- userCertificate;binary
- thumbnailPhoto;binary
- jpegPhoto;binary

Since these attributes are not present in my tree (though I have
'normal' ones without a suffix), they are not sent to outlook client so
photos are not shown.

I, then, tried to change my compatibility schema to use
'thumbnailPhoto;binary', but I got an error stating that the attribute
name is not valid. OpenLDAP does not seem to accept ';' character in
attribute names.

Probably, AD accepts ';' character in attribute names and outlook 2011
works with AD. Apart from not seeing photos, you cannot send encrypted
e-mail using outlook because you cannot send a user certificate with
openldap (';binary' suffix). So, if you try to use current openldap with
outlook, you will miss 2 features, encryption on photos. I'm not sure if
';binary' suffix is done on purpose to make other LDAP
servers work with outlook harder.

Is there any workaround for it? Being able to include ';' in attribute
name will probably fix the problem but I don't know if ';' is acceptable
in LDAP standard.


    . 73! DE TA1AET

Attachment: pgpgwfs10ZRzh.pgp
Description: PGP signature