After some investigation, it does not appear as if Impersonation works, but it also appears as if delegation is broken.
I have two users, roger and sally. Sally has delegated rights to her mailbox to roger. ubuntu:~/openchange/openchange/bin$ ./openchangeclient --profile=sally --mailbox + Mailbox - Sally |---+ Calendar : (Total: 0 / Unread: 0 - Container class: IPF.Appointment) [FID: 0xc9947f0000003941] |---+ Contacts : (Total: 0 / Unread: 0 - Container class: IPF.Contact) [FID: 0xca947f0000003941] |---+ Conversation Action Settings : (Total: 0 / Unread: 0 - Container class: IPF.Configuration) [FID: 0x20977f0000003941] |---+ Deleted Items : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xc3947f0000003941] |---+ Drafts : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xcb947f0000003941] |---+ Inbox : (Total: 10 / Unread: 9 - Container class: IPF.Note) [FID: 0xc0947f0000003941] |---+ Journal : (Total: 0 / Unread: 0 - Container class: IPF.Journal) [FID: 0xcc947f0000003941] |---+ Junk E-Mail : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0x1b977f0000003941] |---+ Notes : (Total: 0 / Unread: 0 - Container class: IPF.StickyNote) [FID: 0xcd947f0000003941] |---+ Outbox : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xc1947f0000003941] |---+ Sent Items : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xc2947f0000003941] |---+ Tasks : (Total: 0 / Unread: 0 - Container class: IPF.Task) [FID: 0xce947f0000003941] ubuntu:~/openchange/openchange/bin$ ./openchangeclient --mailbox --profile=roger + Mailbox - roger |---+ Calendar : (Total: 0 / Unread: 0 - Container class: IPF.Appointment) [FID: 0xdb01750000001c3c] |---+ Contacts : (Total: 5 / Unread: 0 - Container class: IPF.Contact) [FID: 0xdc01750000001c3c] |---+ Conversation Action Settings : (Total: 0 / Unread: 0 - Container class: IPF.Configuration) [FID: 0x1302750000001c3c] |---+ Deleted Items : (Total: 34 / Unread: 0 - Container class: IPF.Note) [FID: 0xd501750000001c3c] |---+ Drafts : (Total: 1 / Unread: 0 - Container class: IPF.Note) [FID: 0xdd01750000001c3c] |---+ Enron : (Total: 41522 / Unread: 0 - Container class: IPF.Note) [FID: 0x1200bf0100000002] |---+ Envelope : (Total: 2 / Unread: 0 - Container class: IPF.Note) [FID: 0xf011428900001c3c] |---+ Hold : (Total: 10 / Unread: 0 - Container class: IPF.Note) [FID: 0x6110dde700001c3c] |---+ Inbox : (Total: 24 / Unread: 0 - Container class: IPF.Note) [FID: 0xd201750000001c3c] | |---+ Chinese Test : (Total: 2 / Unread: 0 - Container class: IPF.Note) [FID: 0x0c00bf0100000002] | |---+ Enron : (Total: 3017 / Unread: 0 - Container class: IPF.Note) [FID: 0x11d37f3100001c3c] | |---+ Import1 : (Total: 19 / Unread: 0 - Container class: IPF.Note) [FID: 0x1100bf0100000002] |---+ Journal : (Total: 0 / Unread: 0 - Container class: IPF.Journal) [FID: 0xde01750000001c3c] |---+ Junk E-Mail : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0x0e02750000001c3c] |---+ Multipart : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0x3b41dde700001c3c] |---+ News Feed : (Total: 0 / Unread: 0 - Container class: IPF.Note.SocialConnector.FeedItems) [FID: 0x0b00bf0100000002] |---+ Notes : (Total: 0 / Unread: 0 - Container class: IPF.StickyNote) [FID: 0xdf01750000001c3c] |---+ Outbox : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xd301750000001c3c] |---+ Quick Step Settings : (Total: 0 / Unread: 0 - Container class: IPF.Configuration) [FID: 0x0200bf0100000002] |---+ RSS Feeds : (Total: 0 / Unread: 0 - Container class: IPF.Note.OutlookHomepage) [FID: 0x0100bf0100000002] |---+ Save : (Total: 5 / Unread: 0 - Container class: IPF.Note) [FID: 0x7144c00400001c3c] |---+ Save Emails for Testing : (Total: 5 / Unread: 0 - Container class: IPF.Note) [FID: 0x0d00bf0100000002] |---+ Sent Items : (Total: 34 / Unread: 0 - Container class: IPF.Note) [FID: 0xd401750000001c3c] |---+ Shred : (Total: 162 / Unread: 0 - Container class: IPF.Note) [FID: 0x4033dde700001c3c] |---+ Suggested Contacts : (Total: 6 / Unread: 0 - Container class: IPF.Contact) [FID: 0x0600bf0100000002] |---+ Sync Issues : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xf25c750000001c3c] | |---+ Conflicts : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xf65c750000001c3c] | |---+ Local Failures : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xfa5c750000001c3c] | |---+ Server Failures : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xfe5c750000001c3c] |---+ Tasks : (Total: 0 / Unread: 0 - Container class: IPF.Task) [FID: 0xe001750000001c3c] |---+ test : (Total: 14 / Unread: 0 - Container class: IPF.Note) [FID: 0x7ffe418900001c3c] |---+ test folder : (Total: 11 / Unread: 0 - Container class: IPF.Note) [FID: 0x0e00bf0100000002] |---+ test2 : (Total: 11 / Unread: 0 - Container class: IPF.Note) [FID: 0x8edb7b0000001c3c] |---+ Test21 : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xa341dde700001c3c] |---+ test22 : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0x9f41dde700001c3c] |---+ TNEF : (Total: 0 / Unread: 0 - Container class: IPF.Note) [FID: 0xda3edde700001c3c] Now, if roger tries to view sally's email: dbixler@don-ubuntu:~/openchange/openchange/bin$ ./openchangeclient --mailbox --profile=roger --username=sally -d3 Using binding ncacn_ip_tcp:10.100.1.220[,seal] Cannot do GSSAPI to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 Using binding ncacn_ip_tcp:TS-Exch2010.support.local[,seal] Cannot reach a KDC we require to contact exchangeAB/TS-EXCH2010.SUPPORT.LOCAL@SUPPORT.LOCAL : kinit for Roger@SUPPORT.LOCAL failed (Cannot contact any KDC for requested realm) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 Using binding ncacn_ip_tcp:10.100.1.220[,seal] Cannot do GSSAPI to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 ndr_pull_error(11): Pull bytes 2 (../librpc/ndr/ndr_basic.c:103) Unable to ndr_pull structure for EcDoRpc - NT_STATUS_BUFFER_TOO_SMALL OpenUserMailbox : ecUnknownUser (0x3EB) If I add in a third user (who is given impersonation capability), I get the same error. ----- Original Message ----- From: nerdl...@comcast.net To: "Development list" <devel@lists.openchange.org> Sent: Monday, June 15, 2015 11:10:47 AM Subject: Re: [openchange][devel] Usage question OK, but impersonation and delegation are two different things. Delegation must be enabled user by user, where impersonation is enabled once and the user can see all accounts. Is impersonation supported? ----- Original Message ----- From: "Julien Kerihuel" <j.kerih...@openchange.org> To: devel@lists.openchange.org Sent: Monday, June 15, 2015 4:44:09 AM Subject: Re: [openchange][devel] Usage question On 09/06/15 19:21, nerdl...@comcast.net wrote: One more quick question. Does libmapi support accessing another user's account when impersonation has been enabled? Yes if you have delegated access to the user. Br, Julien. -- Julien Kerihuel j.kerih...@openchange.org OpenChange Project Founder Twitter: http://twitter.com/jkerihuel GPG Fingerprint: 0B55 783D A781 6329 108A B609 7EF6 FE11 A35F 1F79 _______________________________________________ devel mailing list devel@lists.openchange.org http://mailman.openchange.org/listinfo/devel _______________________________________________ devel mailing list devel@lists.openchange.org http://mailman.openchange.org/listinfo/devel
_______________________________________________ devel mailing list devel@lists.openchange.org http://mailman.openchange.org/listinfo/devel
