[Tickets #12186] Re: activesync component does not username canonified by authusername() hook

noreply at bugs.horde.org noreply at bugs.horde.org
Sat Apr 20 10:53:02 UTC 2013 

BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE  
E-MAIL-ADRESSE WERDEN NICHT GELESEN.

Ticket-URL: http://bugs.horde.org/ticket/12186
------------------------------------------------------------------------------
  Ticket           | 12186
  Aktualisiert Von | enrico.scholz at sigma-chemnitz.de
  Zusammenfassung  | activesync component does not username canonified by
                   | authusername() hook
  Warteschlange    | Horde Base
  Version          | Git master
  Typ              | Bug
  Status           | Resolved
  Priorität        | 1. Low
  Milestone        |
  Patch            |
  Zuständige       | Michael Rubinsky
------------------------------------------------------------------------------


enrico.scholz at sigma-chemnitz.de (2013-04-20 10:53) hat geschrieben:

Thanks for the quick response.  But the patch seems to make things  
worse.  Some more words about my setup:

* there are two virtualhosts 'mail.realm.org' and  
'mail.other-realm.org' which access two different mailservers  
'mailbox0' and 'mailbox1'.

* when user 'a' logs in on 'mail.realm.org' the authusername() hook  
normalizes its name to 'a at realm.org' but authentication on 'mailbox0'  
happens with plain 'a'

* similarly, user 'b' logging in on 'mail.other-realm.org' gets  
canonified to 'b at other-realm.org'

There are situations where both mailbox0 and mailbox1 have accounts  
for userid 'c' which is associated with two different people.   
Accounts must be kept distinct hence.

Ideally, the @realm.org and @other-realm.org canonification should  
happen transparently and not visible to users.


Without the patch:

* entering 'a' as its userid on a Android devices associated the  
device; but it is visible to the administrator in the global  
activesync device list.  User 'a' does not see it in its configuration  
screen.

* entering 'a at realm.org' as userid made the device visible to the user  
too.  But I had to wrote a preauthenticate() hook which strips the  
'@realm.org' away. Without this hook, authentication to mailbox0  
happens as 'a at realm.org'.


With the patch the device is not visible anymore for the last point.

More information about the bugs mailing list