On 30.10.2015 22:13, Jeremy Allison wrote:> On Fri, Oct 30, 2015 at 11:27:55AM +0100, Stefan Pietsch wrote:
>> Dear Samba users and developers,
>>
>> we had the idea of storing S/MIME certificates in the Samba 4 LDAP.
>> In the Windows Active Directory Users and Computers tool I can use the
>> "Published Certificates" tab to add a certificate to a user
account.
>>
>> As Mozilla Thunderbird requests the "userCertificate;binary"
attribute
>> of a user when sending encrypted mail, the LDAP response is empty.
>>
>> This behaviour is different from a Windows 2008 R2 AD.
>>
>> I tested this with Samba from Debian 4.1.17+dfsg-2.
>> Is this a missing feature or a bug?
>
> Not sure. Can you provide network traces of Thunderbird
> trying to do this against a Samba4 AD/DC ?
Here are the packet details for the search request:
Lightweight Directory Access Protocol
LDAPMessage searchRequest(2)
"OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree
messageID: 2
protocolOp: searchRequest (3)
searchRequest
baseObject:
OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 2
timeLimit: 0
typesOnly: False
Filter: (mail=martin.sofaru at lsexperts.de)
filter: equalityMatch (3)
equalityMatch
attributeDesc: mail
assertionValue: martin.sofaru at lsexperts.de
attributes: 1 item
AttributeDescription: usercertificate;binary
[Response In: 16]
Lightweight Directory Access Protocol
LDAPMessage searchResEntry(2) "CN=Martin
Sofaru,OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" [1 result]
messageID: 2
protocolOp: searchResEntry (4)
searchResEntry
objectName: CN=Martin
Sofaru,OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
attributes: 0 items
[Response To: 15]
[Time: 0.021100000 seconds]
Lightweight Directory Access Protocol
LDAPMessage searchResDone(2) success [1 result]
messageID: 2
protocolOp: searchResDone (5)
searchResDone
resultCode: success (0)
matchedDN:
errorMessage:
[Response To: 15]
[Time: 0.021100000 seconds]
Regards,
Stefan