Dear all,
I´m checking out the S/MIME functionalities of Notes/Domino 6.
One test checked the verification of an S/MIME signed message by a
non-Notes mail client using certificates issued by the Domino PKI.
This mail client tried to retrieve the CRL using LDAP from the Notes
Directory during the certificate path verification. As a result, the
whole Domino server (not just the LDAP service) crashed due to the LDAP query.
In the Fix List Database of version 6.0.1 a related issue (SPR# YGUO5E7MW4 -
Fixed a crash in the LDAP server when doing a compare operation on a non-asci
value) was claimed to be fixed in version 6.0.1. Thus I upgraded the Domino
Server from 6.0 to 6.0.1. However, the server still crashed on LDAP queries as before.
This issue is a security threat, as - depending on the configuration - the
crash might be (intentionally) caused by bogus insiders or, even worse,
outsiders (In order to exchange secure email with S/MIME, externals should
be able to access the directory via LDAP as well). Also, the LDAP server runs
by default and thus may run even if there is no need for it.
Is there anybody who had similar experiences ? Is there a way to overcome
these problems, e.g., by configuring the LDAP server suitably ?
Otherwise, I recommend to quit the LDAP service in 6.0 and 6.0.1.
Thank you for your comments in advance,
Markus Michel