Hi there SOGo, I found a possible issue with users in multiple domains having the same uid. I haven't tested the issue or know how to reproduce. Here's my experience:
- 2 users named "fjohnson" - 2 LDAP domains, "ldap1.domain" and "ldap2.domain" - 1 LDAP domain is OpenDLAP, 1 LDAP domain is ActiveDirectory Configuring Mac OS X 10.9 Calendar app with server-side autoconfiguration is automatic and great. But in one case with two usernames that are the same, the user "fjohnson" logging into "ldap1.domain" had his CalDAV URL say "/SOGo/dav/fjohnson@ldap2.domain/" instead of the expected "/SOGo/dav/fjohnson@ldap1.domain/". "fjohnson"@"ldap2.domain" can update the calendar of "fjohnson"@"ldap1.domain" with no issue whatsoever -- complete access. The configuration issue could not be corrected without manually changing the domain. Still, there is the security issue. But, it's definitely an issue starting with the autoconfiguration. Apple is really bugging me right now with their autoconfiguration. Mozilla Thunderbird autoconfigures SOGo perfectly, so does OUTLOOK! It would be nice if we could figure out these silly Apple devices! (My current issue is getting autoconfig on Apple iOS devices for IMAP/SMTP. GRR! Anyone with tips I'd love to chat!) Thanks again, community. ~Laz Peterson-- users@sogo.nu https://inverse.ca/sogo/lists
