Menu

#8 Active Sync 'Allowed Users' Config

None
open
nobody
None
1
2015-01-16
2013-05-26
Noppingen
No

At least Zimbra OSE does not provide an internal LDAP field for "User is AS enabled". My workaroud so far:

Additional config file backend/zimbra/config_as_users.php:

!/usr/bin/php

<?php

/*******

* File : config_as_users.php

* Project : Z-Push 2.x & Zimbra backend

* Descr : ActiveSync "allowed users" configuration file

* Info : Adds array with users allowed to use Active Sync, as

* Open Source Zimbra does not allow per-user settings.

* Also see https://forums.zarafa.com/showthread.php?7864-User-access-control-for-Z-Push

*

* Created : 26.05.2013

*

* Copyright 2013 Stefan Onderka (stefan@onderka.com)

*

********/

// *******

// ActiveSync user control settings

// *******

// Array of users allowed to "Active Sync"

$zpush_allowed_users = array("name1.name1@somain.tld",

"name2.name2@somain.tld",

"name3.name3@somain.tld",

"name4.name4@somain.tld");

// Convert array to constant

define('ZPUSH_ALLOWED_USERS', serialize($zpush_allowed_users));

?>

and a mdifiction to backend/zimbra/zimbra.php aroud line #889 right after the beginning of the "Logon" function:

!/usr/bin/php

public function Logon($username, $domain, $password) {

+ // ActiveSync user control:

+ // Constant ZPUSH_ALLOWED_USERS holds serialized

+ // valid users as 'user@domain.tld'

+ // Get Array from constant:

+ $zpush_allowed_users = unserialize(ZPUSH_ALLOWED_USERS);

+ // Is $username contained in $zpush_allowed_users?

+ if ( in_array($username, $zpush_allowed_users, false) ) {

+ // Contained, OK

+ ZLog::Write(LOGLEVEL_INFO, '[ZPUSH_ALLOWED_USERS] Allowed. OK' );

+ } else {

+ // Not contained: STOP

+ ZLog::Write(LOGLEVEL_INFO, '[ZPUSH_ALLOWED_USERS] Not allowed. STOP.

+ exit();

+ }

Wouldn't that be something to integrate for all Zimbra OSE users?

Discussion

  • Noppingen

    Noppingen - 2013-05-26

    ...and of course add

    require_once('backend/zimbra/config_as_users.php');

    to zimbra.php ;)

     

    • LiverpoolFCfan

      LiverpoolFCfan - 2013-05-26

      If you take a look at the z-push forum - I suggested an alternative method some months ago - that used a file to store the users/devices. It allowed for authorizing users and limiting the number of different devices they could sync at any one time. I posted it hoping it might spur the z-push team on to adding something similar.
      http://z-push.sourceforge.net/phpbb/viewtopic.php?f=5&t=2253

       

      • LiverpoolFCfan

        LiverpoolFCfan - 2013-05-27
        • Group: Next_Release --> None
         

        Log in to post a comment.

        Auth0 Logo