Hello Everyone,
I dealing with an interesting problem with the Zentyal Openchange Server. These are the relevant packages:
ii dovecot-openchange-plugin 0.1 amd64 OpenChange dovecot plugin
ii openchange-notification 3:2.3-zentyal9 amd64 Openchange notifications daemon
ii openchange-ocsmanager 3:2.3-zentyal9 all Working instance of python-ocsmanager
ii openchange-rpcproxy 3:2.3-zentyal9 all A RPC-over-HTTP implementation for Samba, using wsgi
ii openchangeclient 3:2.3-zentyal9 amd64 Command-line client for the MAPI (Exchange/Outlook) protocol
ii openchangeproxy 3:2.3-zentyal9 amd64 Experimental MAPI (Exchange/Outlook) proxy
ii openchangeserver 3:2.3-zentyal9 amd64 Experimental MAPI (Exchange/Outlook) server
ii sogo-openchange:amd64 2.2.15-zentyal2 amd64 a modern and scalable groupware - OpenChange backend
ii zentyal-openchange 4.0.8 all Zentyal - OpenChange Server
root 7002 0.0 3.1 1504236 125980 ? Sl Jun08 0:14 /usr/bin/python /usr/bin/paster serve /etc/ocsmanager/ocsmanager.ini --pid-file /var/run/ocsmanager/ocsmanager.pid --log-file /var/log/ocsmanager/ocsmanager.log
When I trying to add an exchange account with the wizard from a Windows7 client IF I cancel the authentication box then it will get the *unencrypted* email settings from the autodiscovery server
1.2.3.4 - - [10/Jun/2015:10:03:25 +0200] "POST /autodiscover/autodiscover.xml HTTP/1.1" 401 362 "-" "Microsoft Office/14.0 (Windows NT 6.1; Microsoft Outlook 14.0.7128; Pro)"
These are working perfectly I get 3 green pipes, checking the manual settings what it did, Account type set to IMAP username, password correct, same username settings are used for SMTP server etc.
BUT whenever I authenticate for the *secure* email settings everything breaks. When I go to the manual configuration after this failed attempt:
ACCOUNT TYPE: POP3 < Instead of IMAP
INCOMING MAIL SERVER: mail.myhost.com, mail.myhost.com
OUTGOING MAIL SERVER: <<EMPTY !>>
USERNAME: testuser < instead of [email protected]
MY OUTGOING SERVER REQUIRES AUTHENTICATION is not ticked in
So although I cannot see into the xml datastream which is coming back from the OpenChanghe because it's over https I can tell that the values all broke.
Now obviously I don't want the users use the unencrypted settings. So my first question is:
1, How can I force openchange to give out the encrypted settings even if the authentication part was cancelled? I would like to hand out these values:
ACCOUNT TYPE: IMAP
INCOMING MAIL SERVER: mail.myhost.com (SSL on port 993)
OUTGOING MAIL SERVER: mail.myhost.com (TLS on port 587)
USERNAME: [email protected]
MY OUTGOING SERVER REQUIRES AUTHENTICATION: yes
2, How can I authenticate through the RPCproxy by different attribute than the regular username?
Even if I change the "filter = (cn=%s)" to "filter = (mail=%s)" in the /etc/ocsmanager/ocsmanager.ini it will still use the cn as username which is I think is mainly responsible for "breaking the autodiscovery" due to this:
When I authenticate as joeuser_myhost.com/password that will be used automatically by the exchange client to connect to the mailserver which will never work because the mail username is stored in mysql as [email protected] and I don't want to change this.
What I would like to do is make RPCproxy accept the email address for the auth:
https://i-technet.sec.s-msft.com/dynimg/IC102253.gif
Then exchange would hopefully use the same [email protected] username to try to logon securely to the IMAP and SMTP server.
Any help is welcome.
Thank you for your time!
