[sync] autodiscover/EAS email vs login
Michael J Rubinsky
mrubinsk at horde.org
Tue Nov 6 22:54:19 UTC 2012
Quoting geoffroy desvernay <dgeo at centrale-marseille.fr>:
> Le 11/06/2012 17:14, Michael J Rubinsky a écrit :
>>
>> Quoting geoffroy desvernay <dgeo at centrale-marseille.fr>:
>>
>> <snip>
>>
>>>> I still don't see what the problem is for you. Are your users' email
>>>> mailboxes not the same as their username? I.e., if a user logs into
>>>> Horde with username_one, is the email address username_one at example.com?
>>>> If it is NOT, then autoconfigure will NOT work. Period. There is no
>>>> mechanism to automatically report back a different username to the
>>>> device. The user needs to edit it, or not use autoconfigure. If the
>>>> email address DOES match like that, then there should be no problem
>>>> using AUTOCONFIGURE with stripping everything after and including the
>>>> '@' in the address.
>>>>
>>> In this test case : what works:
>>> - userlogin matches the local part of the mail.
>>> - userlogin is used as internal uid in horde
>>> - userlogin at domain CAN be used to login in horde (thanks to
>>> preauthenticate hook)
>>> - userlogin at domain *is used* by the mobile device (because of
>>> autodiscover), and synchronized data *is* userlogin's
>>
>> This in incorrect. Devices should NOT be using the full email address to
>> login, this is against the protocol specs. They MUST use the mailbox
>> name only. What device/client is this?
>>
>
> I've got the exact same behaviour from different android devices:
> emulator 4.0, 4.1 and 3.2, different 4.[01] firmwares on an HTC desire,
> an asus transformer (4.0.3), waiting for an IOS test tonight or tomorrow
>
> If I configure them at hand (or interrupt autoconfig as you said), this
> problem doesn't exist as I use 'userlogin' in this case.
>
>> The other possibility is that you have a hook somewhere turning
>> userlogin into userlogin at domain somewhere.
> No, only preauthenticate and autodiscover's one to transform email to
> login each time.
>
>>
>>> The only problem is that the user 'userlogin' doesn't see the device in
>>> his preferences, and is not able to wipe/remove it. (horde's admin can,
>>> seeing the device owned by 'userlogin at domain')
>>> I though that authusername hook could be of some help here, but it
>>> doesn't seems to be...
>>
>> You shouldn't need any hook at all. The device should be logging into
>> horde as userlogin, period. If it's not, it's broken, or is misconfigured.
>>
> I understood that, but I'm trying to understand what is possible to work
> around this misbehaviour.
Ok. I've spent most of today working this issue. There are a ton of
issues with Android Autodiscover. It obviously doesn't completely
implement it, and what is implemented is terrible.
(1) Android does not send any of the XML data for the Autodiscover request.
(2) It sends an Authorization header using email:password, not
username:password.
(3) The username field is auto populated with the domain\emailaddress
instead of domain\username. This causes authentication to fail after
the Autodiscover request completes and we start a sync - unless your
Horde installation actually uses email addresses as login.
Thanks to (2), it's possible to work around (1) enough to allow the
process to return without a failure. I have made some changes to allow
this to work the best that it can given the broken client. The user
will still have to manually correct the username field though. There
is NO way around this on these clients.
--
mike
The Horde Project (www.horde.org)
mrubinsk at horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6062 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.horde.org/archives/sync/attachments/20121106/d10616d3/attachment-0001.bin>
More information about the sync
mailing list