6.0.0-beta1
7/5/25

[#11638] ActiveSync :: The Autodiscover URL must be configurable, not extracted from the email address performing the query.
Summary ActiveSync :: The Autodiscover URL must be configurable, not extracted from the email address performing the query.
Queue Horde Framework Packages
Queue Version Git master
Type Enhancement
State Resolved
Priority 1. Low
Owners mrubinsk (at) horde (dot) org
Requester torben (at) dannhauer (dot) info
Created 11/04/2012 (4626 days ago)
Due
Updated 11/05/2012 (4625 days ago)
Assigned
Resolved 11/05/2012 (4625 days ago)
Milestone
Patch No

History
11/05/2012 09:01:07 PM Michael Rubinsky Comment #6
State ⇒ Resolved
Reply to this comment

[Show Quoted Text - 21 lines]
Yes. Probably because Apache is returning my-host.tld as 
$_SERVER['SERVER_NAME'] because that is what it is answering the 
request as (since this is what the client is requesting based on the 
email address).  This is what the $conf['server']['name'] 
configuration is designed to override.

For more detailed information on the AUTOCONFIGURE process you can 
read 
http://blogs.msdn.com/b/exchangedev/archive/2011/07/08/autodiscover-for-exchange-activesync-developers.aspx
By the way: the interesting question is why my webserver delivers 
horde querys vor http://virtual.tld but the apaceh vhost is 
configured only for https://www.my-host.tld .... THAT seems to  be a 
true bug ;)
Maybe because your my-host.tld server is the default virtual domain?

11/05/2012 08:02:43 PM torben (at) dannhauer (dot) info Comment #5 Reply to this comment

[Show Quoted Text - 37 lines]
Hi,
I have no vhost configs, I have a single horde installation for 
multiple domains..

Of course the client uses the email address to determine the url to 
query for autodetection, but each of my virtual domains has a DNS 
redirect entry and horde is only availableto redirect autodiscover 
queries to www.my-host.tld - and it works with outlook. So according 
to the specs, each client device should restart the autodiscover at 
www.my-host.tld.

I have verified the problem:
My horde is located at 'www.my-host.tld' while to have only a single 
SSL certificate to buy.
emailadresses with user@virtual-domain.tld get a ActiveSync URL 
'https://virtual-domain.tld/Microsoft-Server-ActiveSync' but not 
'https://www.my-host.tld/Microsoft-Server-ActiveSync'
Even when I use an email-address user@my-host.tld it uses 
'https://my-host.tld/Microsoft-Server-ActiveSync' and not 
'https://www.my-host.tld/Microsoft-Server-ActiveSync'
-- is that the correct behaviour?

Anyway, the tip to specify my correct horde URL in 
$conf['server']['name'] as $conf['server']['name'] = 'www.my-host.tld
instead of using SERVER_NAME did the trick, now it works correctly.
For me this issue is closed...

Many thanks,
Torben

By the way: the interesting question is why my webserver delivers 
horde querys vor http://virtual.tld but the apaceh vhost is configured 
only for https://www.my-host.tld .... THAT seems to  be a true bug ;)
11/05/2012 03:24:00 PM Michael Rubinsky State ⇒ Feedback
 
11/05/2012 03:22:15 PM torben (at) dannhauer (dot) info Comment #4 Reply to this comment

[Show Quoted Text - 26 lines]
Hmm, that sounds horde has already the right behaviour I need. Maybe 
I've mixed something up, I was hunting several horde problems in the 
last days.

I'll check this again after work and will comment this bug again.

Yeah hooks sounds great, this would allow to modify the autodiscover 
behavior without adding lots of new options to the configuration.

Torben
11/05/2012 03:08:13 PM Michael Rubinsky Comment #3
Assigned to Michael Rubinsky
Reply to this comment

[Show Quoted Text - 9 lines]
The host is NOT directly calculated on ther server from the email 
address provided by the user/client. It's parsed out of the result of 
Horde::url(), which returns a URL based on $conf['server']['name'].

Are you using virtual-domain specific configuration files?  If so, 
that might explain why this is happening since the *client* uses the 
email address to determine which server to query for the Autodiscovery.

Telling ActiveSync to use the one domain for all activesync requests 
will cause your custom domain specific configuration files to be 
ignored.

Instead of adding this as a configuration option, I'm going to add a 
new hook. I've had various hooks planned for autodiscover but were 
pretty low priority for me.
11/05/2012 11:30:45 AM Jan Schneider State ⇒ Accepted
 
11/04/2012 05:51:12 PM Michael Rubinsky State ⇒ New
Type ⇒ Enhancement
Priority ⇒ 1. Low
 
11/04/2012 05:06:07 PM torben (at) dannhauer (dot) info Comment #2 Reply to this comment
oops, there was a mistake in my text, it should be

[...]
The right implementation should be a ActiveSync URL which is
configurable in the Administration/ActiveSync prefs.
In this example it should be configured as "www.my-horde.tld" which
would return a URL
"https://www.my-horde.tld/Microsoft-Server-ActiveSync" which is
covered by the SSL certificate.
[...]
11/04/2012 04:53:14 PM torben (at) dannhauer (dot) info Comment #1
Priority ⇒ 3. High
Type ⇒ Bug
Summary ⇒ ActiveSync :: The Autodiscover URL must be configurable, not extracted from the email address performing the query.
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
Reply to this comment
If you have a single horde installation serving a couple of domains, 
you oftne have only one SSL certificate covering the domain of your 
horde installation, not of all virtual domains the horde installation 
serves.

Because the AutoDiscover feature is usually performed via SSL and 
mosts clients quit autodiscovery if the find a untrusted or invalid 
SSL certificate, it is mandatory to return an ActiveSync URL covered 
with that SSL certificate, not with URL derived from the email Domain.

Example:
* Horde installation at https://www.my-horde.tld, covered with a valid 
and trusted SSL certificate.
* Virtual domain and email address user@virtual-customer.tld

The current implementation returns a ActiveSync URL which is:   
https://virtual-customer.tld/Microsoft-Server-ActiveSync
--> this URL is not covered by the SSL certificate of 
https://www.my-horde.tld -> AutoDiscover fails.

The right implementation should be a ActiveSync URL which is 
configurable in the Administration/ActiveSync prefs.
In this example it should be configured as "www.my-horde.tld" which 
would return a URL 
"https://www.dannhauer.de/Microsoft-Server-ActiveSync" which is 
covered by the SSL certificate.


I'm not totally aware of all pref-system details, so I cannot provide 
a working solution. Anyway, I'm sure this is a 5 minutes task if 
someone is aware of the horde pref system.
The relevant function which requires adaption is: 
Horde/Core/ActiveSync/Driver.php :: autoDiscover()

Many thanks,
Torben Dannhauer

Saved Queries