[commits] [Wiki] changed: ActiveSync

Ralf Lang (B1 Systems GmbH) lang at b1-systems.de
Thu Dec 13 12:49:02 UTC 2012 

rlang  Thu, 13 Dec 2012 13:49:02 +0100

Modified page: http://wiki.horde.org/ActiveSync
New Revision:  166
Change log:  Mostly typos.

@@ -69,9 +69,9 @@
  ++ Email Support

  Email synchronization has been added in Horde 5. Since in some  
installs this could increase server load or may be otherwise  
undesirable, it is possible to deactivate email support via Horde's  
configuration, on the !ActiveSync tab.

-!ActiveSync email support requires an IMAP server POP3 is not  
supported. It will use the same server that IMP is configured to  
connect to. It is recommended that this server support the QRESYNC  
server extension for performance reasons, though it will work without  
this. It can also help performance if an IMAP proxy is used.
+!ActiveSync email support requires an IMAP server. POP3 is not  
supported. It will use the same server that IMP is configured to  
connect to. It is recommended that this server support the QRESYNC  
server extension for performance reasons, though it will work without  
this. It can also help performance if an IMAP proxy is used.

  The only flags supported by !ActiveSync are the //seen// and  
//flagged for follow up// flags. Flag changes will be synchronized,  
but flag changes alone will **not** trigger a SYNC for performance  
reasons. The only thing that will trigger a SYNC is the arrival of a  
new message (technically, an increase in the NEXTUID value). Once this  
SYNC is triggered though, all message changes are taken into account -  
including any flag changes.

  Since !ActiveSync does not support the //deleted// flag, messages in  
a mailbox with this flag are ignored when syncing. Deleting a message  
on the device will do one of two things; If the user has enabled a  
Trash mailbox then the message will be moved to that mailbox.  
Otherwise, the message is immediately expunged. This is in accordance  
with the !ActiveSync protocol specs.
@@ -91,16 +91,16 @@

  ++ Administration
  Administrators can view all of the !ActiveSync devices paired with  
the server. This is the //!ActiveSync Devices// link located under the  
Administration menu. From here an administrator can request a remote  
wipe, or force a re-provisioning of any device.

- at TODO: Explain various setup configuration options and security  
policies (hearbeat etc...)
+ at TODO: Explain various setup configuration options and security  
policies (heartbeat etc...)

  ++ Provisioning/!RemoteWipe
  Provisioning allows devices to be more tightly registered with a  
particular server. It enables the server to be able to send policy  
settings to the device. These policy settings include things like  
requiring a PIN to unlock the device, the complexity of the PIN  
required, the number of failed login attempts allowed etc...  
Additionally, it enables devices to be remotely wiped so that if a  
device is lost or stolen, the user or administrator can request the  
device to be wiped.

  As of Horde 5, provisioning is enabled via the permissions  
interface. You must first add the //!ActiveSync// permission as a  
child of the //Horde// permission. The //Provisioning// permission is  
a child of //!ActiveSync// and all policies are children of  
//Provisioning//.

-In order to enforce any security policies on a device, it most be  
provisioned. However, not all devices support this and some will  
downright refuse to work if it's enabled. There are three choices for  
provisioning support. //None//, //Force//, and //Allow//. Choosing  
//None// will disable provisioning and any enforcement of security  
polices or remote wipe. //Force// will only allow devices that are  
successfully provisioned to connect to the server. This means devices  
that don't properly support provisioning, such as some older Android  
versions, will simply not work. The third choice, //Allow// will  
enforce provisioning on the devices that support it, but will also  
allow devices that don't support it to connect to the server. Once  
provisioning support is added, security policies can also be added via  
the permissions interface.
+In order to enforce any security policies on a device, it must be  
provisioned. However, not all devices support this and some will  
downright refuse to work if it's enabled. There are three choices for  
provisioning support. //None//, //Force//, and //Allow//. Choosing  
//None// will disable provisioning and any enforcement of security  
polices or remote wipe. //Force// will only allow devices that are  
successfully provisioned to connect to the server. This means devices  
that don't properly support provisioning, such as some older Android  
versions, will simply not work. The third choice, //Allow// will  
enforce provisioning on the devices that support it, but will also  
allow devices that don't support it to connect to the server. Once  
provisioning support is added, security policies can also be added via  
the permissions interface.

  Users can initiate a remote wipe, as well as view/manage their  
partnered devices in the !ActiveSync user preference.

  Clicking //Wipe// in the Horde interfaces for device management  
flags the server to send the wipe command to the device the next time  
it synchronizes. The next time the device attempts to request a  
command other then PING or OPTIONS, it will be wiped. The !ActiveSync  
preference page shows the status of all the user's devices. If the  
status is listed as //Pending//, and you wish to cancel the wipe  
request, you may do this by clicking the //Cancel Wipe// button. You  
should see the status be reset to //Provisioned//. After it is wiped,  
the status will be shown as //Wiped//, if you wish to allow the device  
to connect to your server again, you need to explicitly remove the  
device as a sync partner by clicking the //Remove// button. If you do  
not remove this entry, the device will continue to be wiped each time  
it reconnects to the server.

More information about the commits mailing list