[Samba] S/MIME certificates in Samba 4 LDAP

Stefan Pietsch stefan.pietsch at lsexperts.de
Tue Nov 3 09:21:29 UTC 2015 

On 30.10.2015 22:13, Jeremy Allison wrote:
> On Fri, Oct 30, 2015 at 11:27:55AM +0100, Stefan Pietsch wrote:
>> Dear Samba users and developers,
>>
>> we had the idea of storing S/MIME certificates in the Samba 4 LDAP.
>> In the Windows Active Directory Users and Computers tool I can use the
>> "Published Certificates" tab to add a certificate to a user account.
>>
>> As Mozilla Thunderbird requests the "userCertificate;binary" attribute
>> of a user when sending encrypted mail, the LDAP response is empty.
>>
>> This behaviour is different from a Windows 2008 R2 AD.
>>
>> I tested this with Samba from Debian 4.1.17+dfsg-2.
>> Is this a missing feature or a bug?
> 
> Not sure. Can you provide network traces of Thunderbird
> trying to do this against a Samba4 AD/DC ?


Here are the packet details for the search request:

Lightweight Directory Access Protocol
    LDAPMessage searchRequest(2)
"OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" wholeSubtree
        messageID: 2
        protocolOp: searchRequest (3)
            searchRequest
                baseObject:
OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
                scope: wholeSubtree (2)
                derefAliases: neverDerefAliases (0)
                sizeLimit: 2
                timeLimit: 0
                typesOnly: False
                Filter: (mail=martin.sofaru at lsexperts.de)
                    filter: equalityMatch (3)
                        equalityMatch
                            attributeDesc: mail
                            assertionValue: martin.sofaru at lsexperts.de
                attributes: 1 item
                    AttributeDescription: usercertificate;binary
        [Response In: 16]


Lightweight Directory Access Protocol
    LDAPMessage searchResEntry(2) "CN=Martin
Sofaru,OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de" [1 result]
        messageID: 2
        protocolOp: searchResEntry (4)
            searchResEntry
                objectName: CN=Martin
Sofaru,OU=People,OU=Users,OU=LSE,DC=corp,DC=lsexperts,DC=de
                attributes: 0 items
        [Response To: 15]
        [Time: 0.021100000 seconds]
Lightweight Directory Access Protocol
    LDAPMessage searchResDone(2) success [1 result]
        messageID: 2
        protocolOp: searchResDone (5)
            searchResDone
                resultCode: success (0)
                matchedDN:
                errorMessage:
        [Response To: 15]
        [Time: 0.021100000 seconds]




Regards,
Stefan

More information about the samba mailing list