Forum Discussion
AndOs
Cirrostratus
Hi!
We recently started to use APM with activesync for some of our users.
Any new session from an activesync client will traverse the access policy the same way as any normal client.
The irule _sys_APM_activesync sets a flag "clientless mode" which somehow indicates to APM that it should not stop for logon pages etc.
The irule also sets a session variable, activesync = 1, which can be used to check if a client connecting is an activesync client.
Yes, the LDAP or AD query will act the same way for ActiveSync as any other client.
User credentials is sent with basic authentication from the activesync client, and those gets picked up and can be used with the authentication and query objects in the access policy.
Here's an example of an access policy we use for both normal web clients and activesync clients.
One thing I've noticed is that if an activesync client is denied by the access profile, say by a group check, the client will show a message saying that username and password is incorrect.
That caused some confusion for our users when some of them wasn't in the correct AD group.
That can probably be solved by an irule checking if access was denied and then sending a diffrent http response than the default 401-status.
/Andreas
SteveVernau_132
Jan 18, 2016Nimbostratus
Hi Andreas what is the Logon user pass box? I need to do this and I dont want the APM policy to force the activesync client to try and hiot a login web page so what is that firsrt box on your VPE that captured the cvreds from activesync auth?