[commits] [Wiki] changed: ActiveSync

Wiki Guest wikiguest at horde.org
Thu Jan 30 23:05:25 UTC 2014 

guest [84.227.86.7]  Thu, 30 Jan 2014 23:05:25 +0000

Modified page: http://wiki.horde.org/ActiveSync
New Revision:  241
Change log:  Added additional steps which may be required when  
enabling provisioning

@@ -48,9 +48,9 @@
  For Apache + PHP-FPM using mod_proxy_fcgi
  <code>
  ProxyPassMatch ^/Microsoft-Server-ActiveSync$  
fcgi://socket=%2fusr%2flocal%2fphp54%2fsockets%2fhorde.sock/var/www/html/horde/rpc.php$1
  </code>
-Since Horde !ActiveSync connections are held open for a period of  
time up to 3540 seconds (depending on client and  
$conf[activesync][ping][heartbeatmax] setting, if using a proxy server  
you need to ensure it does not time out before the request is  
complete. Add this to your virtualhost
+Since Horde !ActiveSync connections are held open for a period of  
time up to 3540 seconds (depending on client and  
$conf[activesync][ping][heartbeatmax] setting, if using a proxy server  
you need to ensure it does not time out before the request is  
complete. Add this to your virtualhost:
  ProxyTimeout 5400

  +++ Autodiscover

@@ -186,9 +186,10 @@

  ++ Provisioning/!RemoteWipe
  Provisioning allows devices to be more tightly registered with a  
particular server. It enables the server to be able to send policy  
settings to the device. These policy settings include things like  
requiring a PIN to unlock the device, the complexity of the PIN  
required, the number of failed login attempts allowed etc...  
Additionally, it enables devices to be remotely wiped so that if a  
device is lost or stolen, the user or administrator can request the  
device to be wiped.

-As of Horde 5, provisioning is enabled via the permissions interface.  
You must first add the //!ActiveSync// permission as a child of the  
//Horde// permission. The //Provisioning// permission is a child of  
//!ActiveSync// and all policies are children of //Provisioning//.
+As of Horde 5, provisioning is enabled via the permissions interface.  
You must first add the //!ActiveSync// permission as a child of the  
//Horde// permission. The //Provisioning// permission is a child of  
//!ActiveSync// and all policies are children of //Provisioning//.
+If the //Horde// permission doesn't exist, create it and add all  
permissions to "All Authenticated users". You may also need to add the  
same permissions to the (timeobjects) element or your users may not be  
able to access Horde/Imp past the login page.

  In order to enforce any security policies on a device, it must be  
provisioned. However, not all devices support this and some will  
downright refuse to work if it's enabled. There are three choices for  
provisioning support. //None//, //Force//, and //Allow//. Choosing  
//None// will disable provisioning and any enforcement of security  
polices or remote wipe. //Force// will only allow devices that are  
successfully provisioned to connect to the server. This means devices  
that don't properly support provisioning, such as some older Android  
versions, will simply not work. The third choice, //Allow// will  
enforce provisioning on the devices that support it, but will also  
allow devices that don't support it to connect to the server. Once  
provisioning support is added, security policies can also be added via  
the permissions interface.

  Users can initiate a remote wipe, as well as view/manage their  
partnered devices in the !ActiveSync user preference.

More information about the commits mailing list