How to add custom fields in UMC for Outlook detectable S/MIME public keys


I successfully added a custom attribute using Domain → LDAP directory for user S/MIME certificates (attribute userSMIMECertificate). I used syntax class “Upload”. When issuing udm users/user help, it shows up in tab contact, group business as expected. But in UMC, the web GUI, it does not show up. When using syntax class “Base64Upload” I get an upload widget but I cannot remove uploaded certificates.

However, Outlook does not find the attribute when accessing the “LDAP” at port 389. I checked Samba’s LDAP using Apache Directory Service, and it showed no attribute userSMIMECertificate. So, I guess, after all it’s just the s4-connector not knowing how to sync an extended attribute.

What’s the current workaround for getting extended attributes from OpenLDAP to Samba 4 LDAP? Using Apache Directory Studio, I also found out that userSMIMECertificate and userCertificate require the objectClass inetOrgPerson. Users in OpenLDAP do have this objectClass while users in Samba do not. Is there a way to ensure schema conformity before synchronising attributes like userSMIMECertificate?

And while we are at this topic: Do I use userSMIMECertificate or userCertificate for publishing public keys? I didn’t get userCertificate to work as it requires ;binary parameter when modifying the entry and I don’t know how to tell UCS to do it this way.

Best regards from Hoppegarten-Hönow by Berlin
Masin Al-Dujaili

Well, nobody could answer yet.

But here are some findings:

  1. Outlook queries both userCertificate;binary as well as userSMIMECertificate;binary, so I guess one of those will do.
  2. While querying the Samba AD requires only the login name, OpenLDAP requires the full DN of the user.