@hooge exactly like you describe it. A whitelist is necessary.
Users are allowed by default, but any new device is a risk because you don’t know if the device belongs to the correct user or an attacker who got hold of the user’s credentials.
You’ll get the id with the initial connection attempt, and from there you allow the ids or not.
That would be an ideal solution and could be done with z-push-admin.
I found some other posts that I think were similar to my problem, suggesting a possible solution is to ensure that the full email address is used for IMAP login. Might be tough in my case since it’s an old stack I put together starting around 2004 and currently includes Cyrus > Pam > Winbindd > Windows AD, and though most elements are fairly configurable, the Windows domain name can’t be the same as the email address for other users. Maybe there’s something I can do at the pam level if there’s not an option to allow a different ActiveSync email address and IMAP login name.
Are there any options in Z-Push that will allow me to keep my email address and login name different? I know this is possible in ActiveSync, because I have an Exchange client that has a completely different domain from their email address and it works on iPhone.
For the record this was due to missing fpm package for the current php version.
I have PHP installed via Ondrej packages, and configured everything for PHP 7.4. But the default PHP version for the repo (that is, packages installed without an explicit version) are for PHP 8.0. Z-Push packages didn’t find php8.0-fpm so was trying to install Apache.
I don’t know if it still matters - I have had this issue too, for me it came from not defining the default path for your caldav collection in backend/caldav/config.php.
Here is how I configured my default path for Nextcloud:
// Base URL to principals calendar collection: use ‘%l’ for local part or ‘%u’ for full username
// Default CalDAV folder (calendar folder/principal). This will be marked as the default calendar in the mobile
I have contact syncing turned on so presumably the contacts on the phone exist somewhere on the server
That is not really how it works with ActiveSync (or any other contact syncing protocol I am aware of). When syncing an addressbook between your phone as server only the items of this specific addressbook get synced. The way I read your message is that it was your expectation that already existing contacts magically move into the addressbook that is synced to the server.