Closed Bug 294457 Opened 17 years ago Closed 16 years ago

Download of S/MIME certificates via LDAP uses anonymous bind although LDAP configured with credentials


(Thunderbird :: Message Compose Window, defect)

Windows XP
Not set


(Not tracked)



(Reporter: jpmens, Assigned: mscott)


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: version 1.0.2 (20050317)

I have an LDAP server configured for addressing in TB 1.0.2 and address
expansion correctly works against this server; credentials (bind DN and bind
Password) are sent to the directory server.

When composing a message, if I choose to encrypt the message and then press on
the SECURITY button, TB announces the certificate status as "Not found". The
reason for this is that at this moment, TB performs an anonymous bind to the
LDAP directory.

Reproducible: Always

Steps to Reproduce:
1. Configure address auto-completion with an LDAP directory server
2. Use an account which requires a Bind DN
3. Compose a new message and select an entry returned from the LDAP server
4. Choose "encrypt this message"
5. Press the Security icon

Actual Results:  
no certificates are returned.

Expected Results:  
The LDAP search is performed with an empty bind-DN and should have used the
configured credentials.

Logs of the OpenLDAP slapd:

slapd[15626]: conn=11 op=0 BIND dn="" method=128
slapd[15626]: conn=11 op=0 RESULT tag=97 err=0 text=
slapd[15626]: conn=11 op=1 SRCH base="ou=People,dc=example,dc=com" scope=2
deref=0 filter="("
slapd[15626]: conn=11 op=1 SRCH attr=usercertificate;binary
slapd[15626]: conn=11 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[15626]: conn=11 op=2 UNBIND
Bug still exists in Thunderbird 1.5beta1
Confirm for version 1.5 (20051201)
confirmed with Thunderbird version (20060308)

1. made test with ADS (needs authenication/credentials)
  -> address resolving works, but not certificate can be fetched

2. LDAP with anonymous bind 
  -> address matching works, certificate fetching works 

the same user and certificate is used in both directories.
This should be fixed latest development versions with a check in for bug 332483.

Could you attempt a nightly development build of Thunderbird from the 1.8 branch?

*** This bug has been marked as a duplicate of 332483 ***
Closed: 16 years ago
Resolution: --- → DUPLICATE
tried nightly build TB version (20061107).
Still not working....

Its now not working with anonymous AND with credential (ADS) bind.
Tried anonymous LDAP Server on port 4812 (Netscape Directory) and normal Windows Active Directory (Windows 2k3 Domain).
address matching worked, no certificates found at all.
Re Comment 6: Bug 332483 was fixed on the 1.8 Branch, which means the fix will be included in Thunderbird 2 at earliest (as the next release).
You need to log in before you can comment on or make changes to this bug.