5:51 p.m.
I have been trying to get activesync to work with Outlook.com and have
found a number of problems. I have submitted bug reports for each
(76515-76518)), in order to not forget about them, but three of the four
probably require some discussion on the list.
1) Outlook.com requires protocol version 14.0. It does not support any
earlier or later protocols. We currently support version 12.1 (which
seems to be supported by most Exchange servers, even those which also
support 14.0 or 14.1).
The code includes a conditional to select whether we claim to support
12.1 or 14.0. But it looks like that only really changes what we claim
-- the only case the version seems to be checked is when sending mail
(which we don't use in SyncEvolution). A quick test seems to show that
claiming to be 14.0 allows syncs to work with outlook.com -- but I have
not yet reviewed the differences to see if I can find things which break.
Assuming that we either don't need to change the operation, or can
easily change it, there is a bigger question of whether to switch to
claiming 14.0. At the moment, there is no attempt to negotiate protocol
version: if we switch to 14.0, servers which only support 12.1 will stop
working. Negotiation would involve some complexity (adding a new
message exchange or re-trying connections with each protocol version) --
is it worth it? Are there any servers still running which do not
support 14.0?
2) Outlook.com does not like NTLM auth. Activesyncd explicitly tells
libsoup to enable NTLM, which causes outlook.com to return an error.
Disabling NTLM allows outlook.com to work, and also works with my work
server (it always requires Basic auth anyway, even when we start by
sending NTLM).
Apparently autodiscover (which we don't support) is supposed to tell you
whether to use NTLM or Basic. But surely we can't provide valid domain
credentials using NTLM anyway, can we?
Is there any reason to specify NTLM?
3) Outlook.com does redirects, to redirect access to a specific server
based on the username. Should we bother to go to the extra effort to
implement these redirects? Does any other service use them? It is not
clear that the user can find out which server to specify if we don't
implement the redirect.
Graham
9:58 a.m.
Hello!
Let me add David. He was more involved with the activesyncd side of
things than I was. David, any comments?
On Sun, 2014-03-23 at 17:51 +0000, Graham Cobb wrote:
I have been trying to get activesync to work with Outlook.com and
have
found a number of problems. I have submitted bug reports for each
(76515-76518)), in order to not forget about them, but three of the four
probably require some discussion on the list.
1) Outlook.com requires protocol version 14.0. It does not support any
earlier or later protocols. We currently support version 12.1 (which
seems to be supported by most Exchange servers, even those which also
support 14.0 or 14.1).
The code includes a conditional to select whether we claim to support
12.1 or 14.0. But it looks like that only really changes what we claim
-- the only case the version seems to be checked is when sending mail
(which we don't use in SyncEvolution). A quick test seems to show that
claiming to be 14.0 allows syncs to work with outlook.com -- but I have
not yet reviewed the differences to see if I can find things which break.
Assuming that we either don't need to change the operation, or can
easily change it, there is a bigger question of whether to switch to
claiming 14.0. At the moment, there is no attempt to negotiate protocol
version: if we switch to 14.0, servers which only support 12.1 will stop
working. Negotiation would involve some complexity (adding a new
message exchange or re-trying connections with each protocol version) --
is it worth it? Are there any servers still running which do not
support 14.0?
2) Outlook.com does not like NTLM auth. Activesyncd explicitly tells
libsoup to enable NTLM, which causes outlook.com to return an error.
Disabling NTLM allows outlook.com to work, and also works with my work
server (it always requires Basic auth anyway, even when we start by
sending NTLM).
Apparently autodiscover (which we don't support) is supposed to tell you
whether to use NTLM or Basic. But surely we can't provide valid domain
credentials using NTLM anyway, can we?
Is there any reason to specify NTLM?
3) Outlook.com does redirects, to redirect access to a specific server
based on the username. Should we bother to go to the extra effort to
implement these redirects? Does any other service use them? It is not
clear that the user can find out which server to specify if we don't
implement the redirect.
Point 3 seems worthwhile to me.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
2406
days inactive
2408
days old
syncevolution@synevolution.org
1 comments
2 participants
participants (2)
-
Graham Cobb -
Patrick Ohly