I successfully added a custom attribute using
Domain → LDAP directory for user S/MIME certificates (attribute userSMIMECertificate). I used syntax class “Upload”. When issuing
udm users/user help, it shows up in tab contact, group business as expected. But in UMC, the web GUI, it does not show up. When using syntax class “Base64Upload” I get an upload widget but I cannot remove uploaded certificates.
However, Outlook does not find the attribute when accessing the “LDAP” at port 389. I checked Samba’s LDAP using Apache Directory Service, and it showed no attribute userSMIMECertificate. So, I guess, after all it’s just the s4-connector not knowing how to sync an extended attribute.
What’s the current workaround for getting extended attributes from OpenLDAP to Samba 4 LDAP? Using Apache Directory Studio, I also found out that userSMIMECertificate and userCertificate require the objectClass inetOrgPerson. Users in OpenLDAP do have this objectClass while users in Samba do not. Is there a way to ensure schema conformity before synchronising attributes like userSMIMECertificate?
And while we are at this topic: Do I use userSMIMECertificate or userCertificate for publishing public keys? I didn’t get userCertificate to work as it requires ;binary parameter when modifying the entry and I don’t know how to tell UCS to do it this way.
Best regards from Hoppegarten-Hönow by Berlin