none
Outlook and LDAP address book for S/MIME purposes not always working RRS feed

  • Question

  • I've got an LDAP made publicly available, for the purpose of third parties being able to email me and my colleagues  in an encrypted manner using S/MIME.

    The LDAP can be used over HTTPS to manually download the S/MIME certificate, and it also support LDAPS on port 636, so it can be added as an address book in various email clients, using a custom search.

    The SSL certificate is publicly trusted and comes from GlobalSign.

    This all works fine for me and various other people outside my organization with Outlook 2016 and its Office 365 counterpart. Using both a specific search on the LDAP address book, and by simply typing the mail address in the TO or CC field.

    However I recently heard from several people using also Outlook 2016, that when using the exact same LDAP configuration in their mail client, they CANNOT search the appropriate email address in the added LDAP address book. 

    So it seems that in some cases Outlook will not automatically search all address book when using the TO or CC field. 

    What could be the cause of this behavior? What would be the fix?

    Your help is much appreciated


    Wednesday, July 17, 2019 9:12 PM

Answers

  • Hi,

    Have you got the issue fixed?

    I'm writing to see if the reply above is helpful to you. If yes, would you mind helping mark the reply as answer? So that others who might have a similar question can benefit from your thread? Thanks for your understanding and support.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Hi Aidan,

    Observations:

    Vanilla Outlook client adds an added LDAP Address book to its address book list.

    However not all Outlook clients add an added LDAP Address book to its address book list.

    Reason:

    Arguably I still don't know why

    Solution:

    1) In Outlook, press CTRL+SHIFT+B , this opens Address books

    2) Select Address books tools -> select options

    3) Select custom , select add

    4) Select the newly added LDAP address book

    Now Outlook will search all address books, including newly added LDAP address books

    • Marked as answer by Mike22april Wednesday, July 31, 2019 9:58 PM
    Wednesday, July 31, 2019 9:58 PM

All replies

  • Hi,

    To narrow down this issue, please try exiting Outlook desktop client and see if the issue can be reproduced on the web mail. If it works well on web mail, then this should be a client issue.

    Besides, it is also suggested to configure these problematic users' account on other computer(Outlook) and see if there is any difference.

    For these problematic Outlook clients, please refer to the suggestions below to troubleshot this issue.

    1. Recreate the OAB files:
      (1) In Outlook client, click File > Account Settings.
      (2) On the Data Files tab, select your email account and click "Open File Location" to find the location of OAB file.
      (3) Close your Outlook client.
      (4) Select the folder called "Offline Address Books" and rename the "Offline Address Books" folder by appending .old behind it.
      (5) Restart your Outlook client and test again.
    2. If the issue continues, please try creating and using a new Outlook profile via Control Panel > Mail > Show profile and see if there is any difference.


    Hope this can be helpful.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Thursday, July 18, 2019 7:35 AM
    Moderator
  • Hi Aiden,

    Many thanks for you response.

    The problematic users regretfully do not see a difference when recreating the OAB file.

    Ref your webmail verify suggestion, can you kindly tell me how I add my LDAP to Office 365 Exchange, so that I can try to do an email address lookup from it?

    Kind regards

    Mike

    Thursday, July 18, 2019 4:04 PM
  • Hi Mike,

    Thanks for your updates.

    >>Ref your webmail verify suggestion, can you kindly tell me how I add my LDAP to Office 365 Exchange, so that I can try to do an email address lookup from it?

    Sorry that here we mainly focus on general issues about Outlook desktop client so this question may be beyond my ability.

    Have you tried creating and using a new Outlook profile? Please test and see the results.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, July 22, 2019 9:30 AM
    Moderator
  • Hi Mike,

    Have you got the issue fixed?

    Please try my suggestions and let me know the results.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, July 24, 2019 9:34 AM
    Moderator
  • Hi Mike,

    Have you got the issue fixed?

    Please try my suggestions and let me know the results.

    Regards,

    Aidan Wang



    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Hi Aiden, sorry not yet, need to track down one of the problematic users to try a new profile.

    Summer vacations are starting so people are out

    Wednesday, July 24, 2019 6:51 PM
  • Hi Mike,

    Thanks for your reply.

    If there is any update, please feel free to post here.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, July 25, 2019 9:02 AM
    Moderator
  • Hi Mike,

    Thanks for your updates.

    >>Ref your webmail verify suggestion, can you kindly tell me how I add my LDAP to Office 365 Exchange, so that I can try to do an email address lookup from it?

    Sorry that here we mainly focus on general issues about Outlook desktop client so this question may be beyond my ability.

    Have you tried creating and using a new Outlook profile? Please test and see the results.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Hi Aiden,

    I think I found the root cause.

    The LDAP is indeed queried, and the address is being found, but for some users their Outlook refuses to use the S/MIME details as found in the configured LDAP addressbook.

    The LDAP uses objectclass inetOrgPerson, with mail=<mailaddress> and S/MIME details residing in UserCertificate;binary

    Is there some sort of potential AD policy that enables Outlook to refuse public S/MIME details found in third party addressbooks?


    • Edited by Mike22april Thursday, July 25, 2019 11:24 AM
    Thursday, July 25, 2019 10:42 AM
  • Hi,

    Thanks for your updates.

    Just as I said, here we mainly focus on general issues about Outlook desktop client so this question about AD may be beyond my ability. And I found this article may be helpful to you.

    Set-OwaMailboxPolicy.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, July 29, 2019 2:01 AM
    Moderator
  • Hi,

    Thanks for your updates.

    Just as I said, here we mainly focus on general issues about Outlook desktop client so this question about AD may be beyond my ability. And I found this article may be helpful to you.

    Set-OwaMailboxPolicy.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thanks for your time and efforts in this matter Aiden, I will checkout the article you linked to, and see what I can find out.

    Monday, July 29, 2019 9:59 AM
  • Hi,

    Have you got the issue fixed?

    I'm writing to see if the reply above is helpful to you. If yes, would you mind helping mark the reply as answer? So that others who might have a similar question can benefit from your thread? Thanks for your understanding and support.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, July 31, 2019 9:48 AM
    Moderator
  • Hi,

    Have you got the issue fixed?

    I'm writing to see if the reply above is helpful to you. If yes, would you mind helping mark the reply as answer? So that others who might have a similar question can benefit from your thread? Thanks for your understanding and support.

    Regards,

    Aidan Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Hi Aidan,

    Observations:

    Vanilla Outlook client adds an added LDAP Address book to its address book list.

    However not all Outlook clients add an added LDAP Address book to its address book list.

    Reason:

    Arguably I still don't know why

    Solution:

    1) In Outlook, press CTRL+SHIFT+B , this opens Address books

    2) Select Address books tools -> select options

    3) Select custom , select add

    4) Select the newly added LDAP address book

    Now Outlook will search all address books, including newly added LDAP address books

    • Marked as answer by Mike22april Wednesday, July 31, 2019 9:58 PM
    Wednesday, July 31, 2019 9:58 PM