I have a somewhat unusual set up - I am using Foundation 2013, and have integrated Windows Azure AD accounts for external users through a trusted identity provider. That part works fine, and I can assign permissions based on the account name (which is equivalent to the email address). Users can access sites based on permissions, add content, etc. What doesn't work is incoming email for these external users. I get the following error message in the ULS log:
An error occurred while processing the incoming e-mail file C:\inetpub\mailroot\Drop\6f859b7b01d05c440000001c.eml. The error was: Access denied. You do not have permission to perform this action or access this resource..
Incoming mail works fine for normal domain users, just not external users. On a test account, I have ensured that the user has the "Email" field filled in on their profile, as well as the "SIP", since I figured SP may be checking the email address against one of these fields, which are empty for these users by default. Unfortunately, that did not help. I have also verified that the "X-Sender" address in the incoming email header is correct, which it is. Also, while an email is sitting in the SMTP drop folder waiting to be picked up, I can replace the X-Sender address with a normal domain user address, and it is processed correctly by SP.
When incoming email is enabled for everyone on a list, emails from external users are processed and posted in Sharepoint under the System Account. So it seems apparent that Sharepoint is unable to match up external user email addresses with an existing account in Sharepoint. Right now I am trying to figure out what the X-Sender field is verified against so I can see if there's a way to make them match up. Or, if anyone can think of another possible solution I'm all ears.
0 commentaires:
Enregistrer un commentaire