Automatic Configuration and Discovery for Group Managers

Kolab Now provides an automatic client configuration and discovery service that is intended to aid users in configuring their accounts in any of the most popular desktop client applications.

This article outlines the necessary procedures for Group Managers to allow these services to be used with a custom domain name.

A note about Outlook 2016 and Automatic Discovery for ActiveSync

Outlook 2016 does not support automatic discovery for ActiveSync. Please see our Outlook 2016 over ActiveSync Setup Guide for instructions to configure Outlook 2016 to use ActiveSync.

DNS Entries Required

Depending on the clients used, either one or all of the following DNS entries are required, or recommended for some or all of the supported desktop client applications. Various versions of client applications may have implemented different routines or use a different order to attempt to get to automatic configuration of the client. Long story short, it’s best to include all of them in your DNS zones.

autodiscover                    CNAME   apps.kolabnow.com.
_autodiscover._tcp              SRV  0  0  443 apps.kolabnow.com.
_caldav._tcp                    SRV  0  0   80 apps.kolabnow.com.
_caldavs._tcp                   SRV  0  1  443 apps.kolabnow.com.
_carddav._tcp                   SRV  0  0   80 apps.kolabnow.com.
_carddavs._tcp                  SRV  0  1  443 apps.kolabnow.com.
_imap._tcp                      SRV  0  0  143 imap.kolabnow.com.
_imaps._tcp                     SRV  0  1  993 imap.kolabnow.com.
_pop3._tcp                      SRV 10  0  110 imap.kolabnow.com.
_pop3s._tcp                     SRV 10  1  995 imap.kolabnow.com.
_sieve._tcp                     SRV  0  0 4190 imap.kolabnow.com.
_submission._tcp                SRV  0  1  587 smtp.kolabnow.com.
_webdav._tcp                    SRV  0  0   80 apps.kolabnow.com.
_webdavs._tcp                   SRV  0  1  443 apps.kolabnow.com.

Web URL Redirects

Yet, some clients will happily attempt to use URLs that hit your organization’s main website, such as https://kolab.org/Autodiscover/Autodiscover.xml. You may redirect those requests to https://apps.kolabnow.com/Autodiscover/Autodiscover.xml. A simple snippet for HAProxy (which includes all URLs to possibly redirect) would look as follows (line breaks for line width, remove those in your actual configuration):

frontend https
    mode httpd
    bind *:443 ssl crt-list /etc/haproxy/cert-list.cfg

    acl vhost_autoconf.kolab.org     ssl_fc_sni_reg -i ^auto(conf(|ig)|discover)\.kolab\.org$
    acl vhost_kolab.org              ssl_fc_sni_reg -i ^kolab\.org$

    acl app_autoconfig               path_beg /mail/config-v1.1.xml
    acl app_autoconfig_wellknown     path_beg /.well-known/autoconfig/
    acl app_autodiscover             path_reg -i ^/autodiscover

    http-request redirect code 301 location \
        https://apps.kolabnow.com%[capture.req.uri]      if vhost_autoconf.kolab.org app_autoconfig

    http-request redirect code 301 location \
        https://apps.kolabnow.com%[capture.req.uri]      if vhost_autoconf.kolab.org app_autoconfig_wellknown

    http-request redirect code 301 location \
        https://apps.kolabnow.com%[capture.req.uri]      if vhost_autoconf.kolab.org app_autodiscover

    http-request redirect code 301 location \
        https://apps.kolabnow.com%[capture.req.uri]      if vhost_kolab.org app_autoconfig

    http-request redirect code 301 location \
        https://apps.kolabnow.com%[capture.req.uri]      if vhost_kolab.org app_autoconfig_wellknown

    http-request redirect code 301 location \
        https://apps.kolabnow.com%[capture.req.uri]      if vhost_kolab.org app_autodiscover
Posted in Documentation and tagged , , , , , , , , , , , , , , , .

2 Comments

  1. Re. autoconfig, what if the DNS provider does not provide a means to implement SRV records? Can this be done through TXT entries, and (if yes) what format would this have to be in?

    • If the DNS provider does not provide a means to implement SRV records, or doesn’t support SRV records, the type of lookup client would perform would fail. It does not fall back to TXT records.

Leave a Reply

Your email address will not be published. Required fields are marked *