Results 1 to 7 of 7

Thread: Signing of mails (X.509) using the Zimbra Connector for Outlook 2007 doesn’t work

  1. #1
    aeapra is offline Junior Member
    Join Date
    Jan 2009
    Location
    Germany
    Posts
    7
    Rep Power
    6

    Default Signing of mails (X.509) using the Zimbra Connector for Outlook 2007 doesn’t work

    We cannot send mails signed with a X.509 certificate using the Zimbra Connector for Outlook 2007.

    We have the following setup: The authentication is done through a third party directory service, and we are using the attribute “uid” (first letter of given name + last name, e.g. “jpublic” for “John Public“) for authentication. The Zimbra accounts are also named jpublic (resulting in jpublic@company.com). We’ve then created several aliases for a user, e.g. john.public@company.com that are used for external communications.

    Using IMAP or POP it’s not a problem to send a signed mail from john.public@company.com (the mail address the certificate is issued to). But some of our users are using the Outlook Connector, and although the Connector is configured to use the mail address john.public@company.com Outlook/the Connector tries to find a certificate for jpublic@company.com (which doesn’t exist because in external communications we do not want to reveal our UIDs).
    In the end Outlook/the Connector refuses to send signed mails from john.public@company.com, because it only looks for certificates issued to jpublic@company.com. I think this is a problem of the Zimbra connector because it is possible to send signed mails from Outlook when using IMAP or POP3.
    Do you have any suggestions how to solve this problem?

    Best regards,
    Karsten Reineck

  2. #2
    aeapra is offline Junior Member
    Join Date
    Jan 2009
    Location
    Germany
    Posts
    7
    Rep Power
    6

    Default

    I've just found the "Zimbra Connector for Outlook" forum.
    @Admins: Feel free to move my post. Thanks.

  3. #3
    UserOfZ is offline New Member
    Join Date
    Jan 2011
    Posts
    3
    Rep Power
    4

    Default

    Quote Originally Posted by aeapra View Post
    We cannot send mails signed with a X.509 certificate using the Zimbra Connector for Outlook 2007.

    We have the following setup: The authentication is done through a third party directory service, and we are using the attribute “uid” (first letter of given name + last name, e.g. “jpublic” for “John Public“) for authentication. The Zimbra accounts are also named jpublic (resulting in jpublic@company.com). We’ve then created several aliases for a user, e.g. john.public@company.com that are used for external communications.

    Using IMAP or POP it’s not a problem to send a signed mail from john.public@company.com (the mail address the certificate is issued to). But some of our users are using the Outlook Connector, and although the Connector is configured to use the mail address john.public@company.com Outlook/the Connector tries to find a certificate for jpublic@company.com (which doesn’t exist because in external communications we do not want to reveal our UIDs).
    In the end Outlook/the Connector refuses to send signed mails from john.public@company.com, because it only looks for certificates issued to jpublic@company.com. I think this is a problem of the Zimbra connector because it is possible to send signed mails from Outlook when using IMAP or POP3.
    Do you have any suggestions how to solve this problem?

    Best regards,
    Karsten Reineck
    Hi,

    I have the same problem in my company. Are there any solutions available, today?

  4. #4
    fsiegel is offline Zimbra Employee
    Join Date
    Sep 2006
    Posts
    1,334
    Rep Power
    10

    Default

    What is the exact error you get?

  5. #5
    aeapra is offline Junior Member
    Join Date
    Jan 2009
    Location
    Germany
    Posts
    7
    Rep Power
    6

    Default My "solution"

    Not working:
    - X.509 certificate issued to givenname.surname@company.com (unchangeable)
    - Zimbra account: surname@company.com
    - Zimbra alias givenname.surname@company.com for account surname@company.com
    --> You cannot use the certificate with the Outlook Connector, as it ALWAYS searches for a certificate issued to surname@company.com (=the Zimbra account) even if you configured the connector with givenname.surname@company.com

    My (obvious) solution:
    - Delete alias givenname.surname@company.com
    - Rename account surname@company.com to givenname.surname@company.com
    - Create new alias surname@company.com for account givenname.surname@company.com
    - Uninstall Outlook Connector
    - Reinstall Outlook Connector
    …repeat for all accounts. The first 3 steps can be automated, the last 2 steps require some work but luckily we don’t have that much Outlook users.

  6. #6
    UserOfZ is offline New Member
    Join Date
    Jan 2011
    Posts
    3
    Rep Power
    4

    Default

    Quote Originally Posted by fsiegel View Post
    What is the exact error you get?
    Please see the error messages attached (Outlook 2007 and Outlook 2010).

    Quote Originally Posted by aeapra View Post
    My (obvious) solution:
    - Delete alias givenname.surname@company.com
    - Rename account surname@company.com to givenname.surname@company.com
    - Create new alias surname@company.com for account givenname.surname@company.com
    - Uninstall Outlook Connector
    - Reinstall Outlook Connector
    …repeat for all accounts. The first 3 steps can be automated, the last 2 steps require some work but luckily we don’t have that much Outlook users.
    This workaround does not work for us. Because we are using an external LDAP-Auth. So we can not change the primary account name.
    Attached Images Attached Images

  7. #7
    aeapra is offline Junior Member
    Join Date
    Jan 2009
    Location
    Germany
    Posts
    7
    Rep Power
    6

    Default

    Quote Originally Posted by UserOfZ View Post
    This workaround does not work for us. Because we are using an external LDAP-Auth. So we can not change the primary account name.
    We do so too. But you can change the ldap filter in the authentication section to not use the UID but any other attribute.
    E.g. if you'd like Zimbra to query for the "mail" attribute and have to domains "mydomain1.com" and "mydomain2.com" then it would look like this:

    (|(mail=%u@mydomain1.com)(mail=%u@mydomain2.com))

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra + Funambol Sync4j Code
    By KevinH in forum Mobility
    Replies: 563
    Last Post: 01-16-2010, 02:20 AM
  2. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  3. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  4. [SOLVED] Error Installing Zimbra on RHEL 5
    By harris7139 in forum Installation
    Replies: 10
    Last Post: 09-25-2007, 11:39 AM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •