Hello,
I am testing my tree with outlook 2011 (for mac) to see if everything works expected. When I search a contact in address book, photo of the user is not shown. I searched the problem and learned that outlook uses thumbnailPhoto attribute for photos. Then, I created an outlook compatibility schema that includes thumbnailPhoto attribute. However, photos still not shown, at which time I started investigating the problem.
I debugged the problem using the network analyzer and realized that Outlook 2011 requests awkward attribute names suffixed with the word ';binary'. When searching, it requests these attributes below along with standard ones:
- userSMIMECertificate;binary - userCertificate;binary - thumbnailPhoto;binary - jpegPhoto;binary
Since these attributes are not present in my tree (though I have 'normal' ones without a suffix), they are not sent to outlook client so photos are not shown.
I, then, tried to change my compatibility schema to use 'thumbnailPhoto;binary', but I got an error stating that the attribute name is not valid. OpenLDAP does not seem to accept ';' character in attribute names.
Probably, AD accepts ';' character in attribute names and outlook 2011 works with AD. Apart from not seeing photos, you cannot send encrypted e-mail using outlook because you cannot send a user certificate with openldap (';binary' suffix). So, if you try to use current openldap with outlook, you will miss 2 features, encryption on photos. I'm not sure if ';binary' suffix is done on purpose to make other LDAP servers work with outlook harder.
Is there any workaround for it? Being able to include ';' in attribute name will probably fix the problem but I don't know if ';' is acceptable in LDAP standard.
Regards, Eren