The global addressbook in Apple Mail provided by Exchange already contains all TU Dresden certificates. Please configure the LDAP directory only to find certificates of other universities and institutions in the DFN.

The following describes the configuration of Apple Mail for the integration of the DFN PKI LDAP directory service.

Apple Mail stores all certificates in the central "Keychain Management" of macOS. So far Apple Mail cannot automatically access the certificates from the LDAP directory. Therefore, have your email partner send you a signed email. The certificate is then automatically saved in the keychain management. However, you can use the DFN PKI LDAP as an address book.
 

1. To do this, open the Contacts application and click on "Add Account..." in the menu bar. 

2. Select "Other Contacts Account..."

3. Please set the account type to "LDAP".

4. Fill in the following details in the window that opens:

Name: DFN PKI LDAP
Search range: o=DFN-Verein, c=DE
Range: Subtree
Server: ldap.pca.dfn.de
Port: 636
Use SSL
Identification: None

5. Please confirm the information with "Sign in".

6. After you click on "sign in", you will find the LDAP tab in the Contacts program, where you can search for specific persons or addresses. 

7. As soon as you start searching for new people or addresses in the Recipients section of Apple Mail, you will receive matching suggestions through the LDAP directory.