-
Notifications
You must be signed in to change notification settings - Fork 47
Disable Z Push access
Since Z-Push 2.2 it is possible to disable or enable the access to Z-push for a user individually. In order to achieve this, Z-Push queries ZCP's addressbook configuration of disabled_features on the user management system (e.g. LDAP).
Z-Push checks if the keyword "mobile" is in the disabled features for a user who tries to authenticate. As this is usually not set at all, the user can successfully connect by default.
With the release of Z-Push 2.3 this functionality was extended so that Outlook as an ActiveSync client can also be controlled. The keyword "outlook" is used in this case.
There are two ways to use this feature, depending on your preference.
- Z-Push sync should be enabled by default and can be disabled for certain users (use-case: majority is enabled). This is the default behavior - the access is allowed normally.
- Z-Push sync should be disabled by default and can be enabled for certain users (use-case: majority is disabled).
In order to use the first option, you only need to add the keyword "mobile" to the disabled features list to of the user you want to disable in the user management system, like LDAP. This is analogue to the enabling/disabling of e.g. imap access.
In order to implement option 2, your zarafa/kopano server.cfg file needs to be adjusted first. The keyword "mobile" needs to be added to the disabled_features parameter in the server's config file. The zarafa/kopano-server needs to be reloaded after the configuration is changed (possibly restart might be necessary).
Then add the keyword "mobile" to the enabled features list of a user who should be allowed access in the user management system, similar to the modifications made for step 1.
For both options, the result can be checked with zarafa-admin --details username / kopano-admin --details username.
In the enabled/disabled features the keyword "mobile" should be present for users with enabled/disabled access.