4.3 Configuring the Attribute for ActiveSync Server Authentication

While configuring an email account on a device by using a Mobile Email Policy, the user is automatically authenticated to the ActiveSync Server that is configured in the zone. ZENworks initially obtains the user credentials (such as the user’s Email ID) from the associated user source (LDAP directory configured in the zone) and using these credentials the user is authenticated to the ActiveSync Server to which the user belongs. The user is logged in to the email account, if the credentials provided in the user source match with the ones configured in the Activesync Server. However, the user credentials with which the user logs into the ActiveSync Server to retrieve emails might be different from the credentials that he/she uses to login to the LDAP directory. In such cases, you can define the LDAP attribute that ZENworks must query and use as the user name while retrieving emails from the ActiveSync Server.

For example: consider that the configured LDAP directory is the NetIQ eDirectory and the email application is GroupWise. The default attribute that is used to authenticate a user to GroupWise is the Mail attribute. The preferred email address of a user published in the NetIQ eDirectory is in the format first name.last name@domain.com, due to which authentication to GroupWise might fail. In this scenario, you can edit the ActiveSync Logon Attribute and select UniqueID, which can be the user name of the GroupWise user.

The default attribute is Mail but you can modify this attribute. You can define attributes for a specific user or for a user folder. These attributes differ based on the LDAP directory configured in the zone.

To edit the attribute:

  1. Navigate to Users on the left pane in ZCC.

  2. Click a User Source Folder or drill down to a specific user. Click Details next to the User Source Folder or the User.

  3. Click Edit next to the ActiveSync Server Logon Attribute.

The various attributes that can be defined are:

  • NetIQ eDirectory: If the NetIQ eDirectory is configured in the zone, then you can define the following attributes to authenticate to the ActiveSync Server:

    • CN: The common name of the user.

    • Mail: The email address of the user.

    • UniqueID: The unique user identifier.

    • Other: Specify the custom attribute defined in the configured LDAP directory.

  • Active Directory: If Active Directory is configured in the zone, then you can define the following attributes to authenticate to the ActiveSync Server:

    • UserPrincipalName: An Internet-style login name for a user based on the Internet standard RFC 822.

    • sAMAccountName: The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager.

    • Mail: The email address of the user.

    • Other: Specify the custom attribute defined in the configured LDAP directory.

For either of these LDAP directories, you can also select Inherited, to inherit the attribute defined at the user folder level.

If you modify these settings and if the assigned Mobile Email Policy does not use the ZENworks Server as the proxy server, then you need to republish or reassign the Mobile Email Policy. The modified settings are automatically applied on the email accounts configured with Mobile Email Policies that use the ZENworks Server as the proxy server.