S/MIME with LDAP-GAB



  • Hi all!

    I don’t understand how this could work …

    Running KC with the last Zarafa Plugin on Outlook 2016, I start to fiddle around with S/MIME. My mails get signed, and I can also sucessfully exchange encrypted mails with people OUTSIDE of of my organisation.

    But trying to encrypt a mail internally does not work, obvisously because Outlook is not able to store back the S/MIME certificate from my colleque to the LDAP server where the GAB is built from, and where the internal E-Mail adresses are resolved to.

    I don’t see how this could ever work … or am I wrong? Do I have to do something to “enhance” my LDAP with the S/MIME certificates of the internal staff? Where can I find documentation on this?

    Thank you for any advice,

    Peter


  • Kopano

    Could you specify a bit better which versions you are using?



  • Sure.

    Kopano 8.5.4.0-0+9.1 on Debian 8 x64
    Outlook 365 (=Outlook 2016)
    Zarafa Client 7.2.6.52189
    OpenLDAP 2.4.40
    z-push 2.3.9 with a Android-based mobile phone using the app “nine”
    KOE not installed


  • Kopano

    you need no include the users certificate in your gab (and therefore ldap). The attribute

    # PR_USER_CERTIFICATE
    #0x3A220102     =       userCertificate
    

    is used for that.



  • Ah, I need to add the user certificate in LDAP. That makes sense.

    I’ll try this.