Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Apple Mobile Products: iPhone, iPad, iPod
iOS and Apps
LDAP email address lookup for S/MIME, how to configure LDAP ?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Mike vdS" data-source="post: 1825445" data-attributes="member: 403014"><p>I have an LDAP where I publish email addresses and their associated public S/MIME details.</p><p>Its formatted like:</p><p>ldaps://ldap.mydomain.com:636 </p><p>Anonymous authentication</p><p>Custom search: ou=people,dc=mydomain,dc=com</p><p></p><p>For my Outlook mailclient this works like a charm.</p><p>I can type in an email address, and Outlook finds the corresponding S/MIME details to I and some of my colleagues can send an encrypted email to this email address.</p><p></p><p>I want to set the same LDAP for my iOS 12.3.1 on an iPhone X, so that I can also initiate an encrypted email from my iPhone.</p><p></p><p>My iPhone has an S/MIME certificates and it has a profile configured to enable signing and encryption.</p><p>Encryption works fine when I for example reply to a signed email.</p><p></p><p>However I run into several issues when trying to initiate an encrypted email using an email address that has its s/MIME details in my LDAP.</p><p>I hope this community can help me with these issues.</p><p></p><p>1) </p><p>When manually adding the LDAP server, wether I use ldaps://ldap.mydomain.com:636 or ldap.mydomain.com , iOS will return: cannot connect using SSL.</p><p>I dont understand this error, as the SSL certificate comes from a trusted certificate service provider, and Qualys SSL Labs rates the ldaps / SSL connection A+</p><p>What could be a cause for iOS not being abble to connect by means of SSL?</p><p></p><p>2) </p><p>When disregarding the SSL connection on iOS, and changing to ldap://ldap.mydomain.com:389, and allowing firewalls rules for this non-secure traffic, iOS returns: unable to verify account information. Reason is likely that the custom search has not yet been defined. But what could be another reason?</p><p></p><p>3)</p><p>Adding the custom search setting: ou=people, dc=mydomain, dc=com on a Base search scope, and one a One level search scope, and on a Subtree search scope, works just fine, I dont get any errors. But how can I verify that my iPhone can actually check this search scope as valid?</p><p></p><p>4)</p><p>As I dont know how I can have iOS revalidate the LDAP settings as defined under steps 1-3, I simply tried to initiate writing an email from my iOS mail client, and tapping the blue open lock, which turns to a red open lock, thus indicating the iOS mail is unable to find the S/MIME details as located in the LDAP. </p><p>Similarly I tried tapping + and selecting groupd and then specifically selecting the LDAP as the source, but again same results.</p><p>Is there any way to figure out on iOS whats going wrong with the lookup in the LDAP?</p><p></p><p>5) Possibly the LDAP server formatting is wrong. I used ldap://ldap.mydomain.com:389 and ldaps://ldap.mydomain.com:636 and also tried ldap.mydomain.com with and without SSL, all the same results as described above. Just to be sure, what is the LDAP server formatting?</p><p></p><p></p><p></p><p>I also tried creating the LDAP profile using Apple Configurator 2 on my Macbook, but same results as above. </p><p></p><p></p><p></p><p>So bottom line question I have:</p><p>6) Is there a known difference in the way LDAP is configured or practically used for iOS and for Mac or Windows that could explain the above issues?</p><p></p><p></p><p>Many thanks for your time and wisdom.</p><p></p><p></p><p></p><p>edit: when it helps I can give you the ldap server details over PM, these are public anyhow, but dont want to come across as some spammer who is trying to advertise his company website or domainname <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite2" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p></blockquote><p></p>
[QUOTE="Mike vdS, post: 1825445, member: 403014"] I have an LDAP where I publish email addresses and their associated public S/MIME details. Its formatted like: ldaps://ldap.mydomain.com:636 Anonymous authentication Custom search: ou=people,dc=mydomain,dc=com For my Outlook mailclient this works like a charm. I can type in an email address, and Outlook finds the corresponding S/MIME details to I and some of my colleagues can send an encrypted email to this email address. I want to set the same LDAP for my iOS 12.3.1 on an iPhone X, so that I can also initiate an encrypted email from my iPhone. My iPhone has an S/MIME certificates and it has a profile configured to enable signing and encryption. Encryption works fine when I for example reply to a signed email. However I run into several issues when trying to initiate an encrypted email using an email address that has its s/MIME details in my LDAP. I hope this community can help me with these issues. 1) When manually adding the LDAP server, wether I use ldaps://ldap.mydomain.com:636 or ldap.mydomain.com , iOS will return: cannot connect using SSL. I dont understand this error, as the SSL certificate comes from a trusted certificate service provider, and Qualys SSL Labs rates the ldaps / SSL connection A+ What could be a cause for iOS not being abble to connect by means of SSL? 2) When disregarding the SSL connection on iOS, and changing to ldap://ldap.mydomain.com:389, and allowing firewalls rules for this non-secure traffic, iOS returns: unable to verify account information. Reason is likely that the custom search has not yet been defined. But what could be another reason? 3) Adding the custom search setting: ou=people, dc=mydomain, dc=com on a Base search scope, and one a One level search scope, and on a Subtree search scope, works just fine, I dont get any errors. But how can I verify that my iPhone can actually check this search scope as valid? 4) As I dont know how I can have iOS revalidate the LDAP settings as defined under steps 1-3, I simply tried to initiate writing an email from my iOS mail client, and tapping the blue open lock, which turns to a red open lock, thus indicating the iOS mail is unable to find the S/MIME details as located in the LDAP. Similarly I tried tapping + and selecting groupd and then specifically selecting the LDAP as the source, but again same results. Is there any way to figure out on iOS whats going wrong with the lookup in the LDAP? 5) Possibly the LDAP server formatting is wrong. I used ldap://ldap.mydomain.com:389 and ldaps://ldap.mydomain.com:636 and also tried ldap.mydomain.com with and without SSL, all the same results as described above. Just to be sure, what is the LDAP server formatting? I also tried creating the LDAP profile using Apple Configurator 2 on my Macbook, but same results as above. So bottom line question I have: 6) Is there a known difference in the way LDAP is configured or practically used for iOS and for Mac or Windows that could explain the above issues? Many thanks for your time and wisdom. edit: when it helps I can give you the ldap server details over PM, these are public anyhow, but dont want to come across as some spammer who is trying to advertise his company website or domainname ;) [/QUOTE]
Verification
Name this item 🌈
Post reply
Forums
Apple Mobile Products: iPhone, iPad, iPod
iOS and Apps
LDAP email address lookup for S/MIME, how to configure LDAP ?
Top
