iPhone 3.0 from a corporate point of view
If you follow the buzz on Twitter, you’d think that the iPhone 3.0 update began with copy and paste functionality and ended with Spotlight search capabilities. While those are the most popular new features in the new version of the iPhone OS, they’re not the only new tricks by any means.
Along with the “Big Two” enhancements, Apple has delivered a solid set of new features that will help the iPhone on corporate networks too.Read more…
LDAP for everybody
For iPhone users whose employers use a Directory Service based on LDAP, such as Apple’s Open Directory, Microsoft’s Active Directory, and so on, the iPhone 3.0 update allows you to finally use the contact information in those directories directly from your phone in Mail and Contacts. (For those of you who can’t move to version 3 yet, you can still talk to LDAP via Boneware’s excellent LDAPeople app. You don’t get the integration with Mail and Contacts, but it’s still a solid app.)
The setup for LDAP accounts is pretty simple. You create a new account in Settings -> Mail, Contacts, Calendars -> Add Account… -> Other -> Add LDAP Account. You’ll need to enter the server’s DNS name, and a user name and password, if one is required for read-only access. (You can’t create new contacts in LDAP with this account, only read them.) The iPhone or iPod touch will attempt to connect via SSL, and if that fails, in the clear, or unencrypted. (Obviously, SSL is the preferable method.)
Once the account is set up, you’ll have to make sure you have the correct search base set up. In LDAP terms, the search base is how you define where you limit searches. (If you aren’t careful, instead of just searching through contact info, you can be searching the entire directory, and that just slows things down.) So, if Macworld had an Open Directory server called “jobs” in the macworld.com domain, and was running a generic Open Directory implementation, the search base to use would be:
If Macworld was using a stock Active Directory setup, then the search base would be the same.
One minor complaint: It would be nice if the account could query the server during setup, and grab the appropriate search base for you. Other LDAP utilities I use can do this, and it’s kind of nice to not have to type things like search bases. (If you require Kerberos to access your directory, even for read-only, I highly doubt the iPhone supports that, so in that case, you may be out of luck.)
Once the LDAP account is set up, then it just works. You can search the directory (but no browsing, unfortunately) from within the Contacts application. If you’re sending an e-mail, then Mail will automatically search the directory for you as you enter a name.
One interesting thing I noticed: While the LDAP function does a nice job of formatting phone numbers, if you have an extension, the number formatting goes straight to Hades. For example, a number you enter into the directory as “800.555.1212” will show up in the Contacts as (800) 555-1212. However, if that same number is entered in as “800.555.1212 ext. 666”, then in the iPhone, you get “8005551212ext666”. If you tap the number to dial, then it will dial 8005551212666, which should work for the first 10 numbers, but it’s a bit ugly. The interesting part is that LDAPeople does the same thing, so it looks like this is an issue with how the iPhone gets LDAP data from the server, rather than a specific implementation. The LDAP functionality will show phone numbers, a work address and a single e-mail address, but no IM or other information. So it’s a bit limited, though functional enough.
All about Exchange Active Sync
Along those lines, both the iPhone’s Exchange Active Sync (EAS) and Calendaring functionality have picked up some new tricks. As Dan Moren did a great job with the major new CalDAV features in his review of iPhone 3.0, I’ll only point out that just because it’s CalDAV, that doesn’t mean push. So yes, Google has CalDAV support, but not for push with CalDAV. While you can get push notifications from Google and others via EAS, you can only have one EAS account on the iPhone. So if you have an EAS account for work, you are stuck with CalDAV, and most likely, no push. Hopefully, Google, et al. will fix this soon. (Apple has publicly noted that Snow Leopard Server will support push for calendaring, e-mail, and such.)
EAS picked up some new tricks on its own with iPhone 3.0, with the most immediately useful one being the ability to select folders other than your inbox to be updated via push. You also can now create meetings in EAS accounts. Oddly, you can’t do that for CalDAV. Maybe in iPhone 3.1?
On the management side, while Apple hasn’t updated the preferences manifests for iTunes yet (so you don’t get easy access to the new features in iTunes management, aka “Parental Controls”), if you look at the restrictions settings for the iPhone on the device, you can see what’s going to be available once Apple updates the management utility end of things. Some of the more important ones for companies are the ability to disable the camera on the device and to lock out the location functionality. Unfortunately, until Apple updates those management utilities, there’s no easy way to just push these changes out, so setting these will be a manual process. But at least the device support is there.
On the management utilities, Apple hasn’t yet released an update to the iPhone Configuration Utility. That’s a shame, because I and a lot of system administrators are hoping that Apple fixes some of the glaring holes in the iPhone Configuration Utility to allow for real over-the-air configuration of devices. It also means that a lot of stuff that corporate users are hoping for will have to wait for Apple to release updated versions of its iPhone/iTunes management utilities for those users to really be able to take advantage of the corporate feature upgrades in 3.0.
So even if you work as a Tool of the Man, there’s some legitimate tricks in iPhone 3.0 that will make your life easier, too. And that cut, copy, and paste feature is nothing to sneeze at, either.
[John C. Welch is a senior systems administrator for The Zimmerman Agency, and a long-time Mac IT pundit.]