What are your Directory Server version and vendor? Did you look in the access log or errors log of the DS to see specific LDAP codes for your cert search?
I'm currently running OpenLDAP 2.1.8. The logs show no error messages, but I was unable to get it to log anything useful about what Mozilla is trying to search for. A packet sniffer didn't get me any more information either. The normal email address search works fine (as in type someone's first name in To: and it will find the email address).
I wonder, could anyone provide or point me to a document which describes the LDAP certificate search functionality in Mozilla, what attributes it looks for and so on. Of course I could also try browsing the source a bit more, but I'm afraid its not exactly my bag.
-jake
Jarkko Santala wrote:
Hi all,
[Reposting to n.p.m.directory after no replies from .crypto]
I'm experiencing difficulties using the feature of fetching recipient certificate from LDAP using Mozilla 1.2.1, 1.4 and Thunderbird 0.2. After clicking the "View or change security settings" icon in the Compose windows I only get "Not Found" on each recipient, unless they've been previously added to local certificate storage. The same feature against same LDAP entries works flawlessly in Outlook. I know people have got this working also in Netscape/Mozilla by looking at the archives, but unfortunately it just doesn't work for me.
What really makes the problem hard to solve is the fact that other than the "Not Found" text, the Message Security window gives no information on why the certificates were not found, nor is there a button that you could click to see what was attempted and why it failed. Something like this would indeed be a nice feature to add.
If you have any tips on how to solve this issue (although I doubt it due to lack of available debug information), any tips or pointers will be greatly appreciated.
In any case, here's a related "LDIF" of a entry in our LDAP:
dn: cn=xxxx xxxxx,ou=xxxxx,dc=xxx,dc=xxx,dc=xxx,dc=xxx objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: pkiUser facsimileTelephoneNumber: xxx telephoneNumber: xxx givenName: xxx sn: xxx mobile: xxx l: xxx cn: xxx userCertificate;binary:: MIIEJTCCAw2gAwIBAgIDENgNMA0GCSqGSIb3DQEBB.... mail: [EMAIL PROTECTED]
One more thing; yes, the certificate has the Email extension field properly defined ([EMAIL PROTECTED]) and the certificates work flawlessly also in Mozilla if you acquire them by other means.
Thanks,
-jake
-- Jarkko Santala <jake(�t)ssh.com> System Administrator +358 40 720 4512 SSH Communications Security Corp. Helsinki, Finland http://www.ssh.com
_______________________________________________ mozilla-directory mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-directory
