[horde] ActiveSync Connection

Michael J Rubinsky mrubinsk at horde.org
Wed Mar 4 00:36:59 UTC 2015


Quoting Johannes Mock <mockjs at idmt.fraunhofer.de>:

> On 01/19/2015 08:56 PM, Michael J Rubinsky wrote:
>>
>> Quoting Johannes Mock <mockjs at idmt.fraunhofer.de>:
>>
>>> Hello together
>>>
>>> I want to sync my Horde Server with different devices via ActiveSync. I
>>> set all configurations and tried to sync. The device finds the server,
>>> but said sync couln'd finish because username or password is incorrect.
>>>
>>> Problem: Username and Password are correct.
>>> The server syncs perfectly via CalDAV.
>>>
>>> The configuration for my ActiveSync is the following:
>>>
>>> $conf['activesync']['params']['driverconfig'] = 'horde';
>>> $conf['activesync']['storage'] = 'Sql';
>>> $conf['activesync']['emailsync'] = true;
>>> $conf['activesync']['version'] = '14.1';
>>> $conf['activesync']['auth']['params']['username_field'] =
>>> 'SSL_CLIENT_S_DN_CN';
>>> $conf['activesync']['auth']['params']['password_source'] = 'none';
>>> $conf['activesync']['auth']['type'] = 'basic_cert';
>>> $conf['activesync']['autodiscovery'] = 'user';
>>> $conf['activesync']['outlookdiscovery'] = false;
>>> $conf['activesync']['logging']['type'] = false;
>>> $conf['activesync']['ping']['heartbeatmin'] = 60;
>>> $conf['activesync']['ping']['heartbeatmax'] = 2700;
>>> $conf['activesync']['ping']['heartbeatdefault'] = 480;
>>> $conf['activesync']['ping']['deviceping'] = true;
>>> $conf['activesync']['ping']['waitinterval'] = 15;
>>> $conf['activesync']['enabled'] = true;
>>>
>>> and the ActiveSync specifications in the Virtual Host:
>>>
>>> Alias /Microsoft-Server-ActiveSync /var/www/html/horde/rpc.php
>>>
>>>   <Directory "/var/www/html/horde/">
>>>
>>>         RewriteEngine On
>>>         RewriteRule ^Microsoft-Server-ActiveSync /rpc.php
>>>         RewriteRule .* -
>>> [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
>>>         RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
>>>         RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
>>>
>>>    </Directory>
>>>
>>> Did anyone have the same problem?! How can I connect to the server via
>>> ActiveSync or what configuration parameters do I have to change?
>>>
>>> Greetings
>>> Johannes
>>
>> Since you are using client certificate validation, my first thought is
>> that the certificate is not valid or the username you are getting from
>> SSL_CLIENT_S_DN_CN is not the username used during authentication. Try
>> just plain authentication to rule out problems with the cert. Another
>> thing to check is full email vs username only etc...
>>
>>
>>
> The connecting problem must be on the server side. The certificate is
> valid and username and password are submitted correctly. I tested it via
> a Nexus 7 and also via Microsoft Outlook 2013 on Desktop, but both
> answered: "The username or password you entered isn't working."
>
> I didn't have any ideas. I hope someone can help.

Works fine here. You are going to need to find out exactly where this  
is failing. Start by looking in the synclog. You should see the reason  
for the failure. My guess is you will see a line either like:

NOTICE: HORDE Access granted based on transparent authentication of  
user , but ActiveSync client is requesting access for {someother  
user}. [pid 51645 on line 544 of  
"/usr/local/horde/horde/framework/ActiveSync/lib/Horde/ActiveSync.php"]


or

NOTICE: HORDE Login failed ActiveSync client certificate for user mike


The first one means that the certificate is valid, but the username  
that is taken from the configured certificate field does not match the  
username you are expecting. If this is your case, you will need to  
either configure the appropriate certificate field and make sure it is  
in the correct format (just a username or a fully qualified email  
address?). If anything more involved needs to be done, you will need  
to utilize a hook.

The second message can mean one or more of the following,  that either  
the certificate validation failed, the connection isn't being made  
over SSL, the client isn't sending the certificate, the webserver  
isn't configured to enable passing certificate data to PHP etc...



-- 
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5869 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/horde/attachments/20150303/cdeb9014/attachment.bin>


More information about the horde mailing list