描述配置文件( .mobileconfig)

转：http://blog.sina.com.cn/s/blog_4b3c1f950102dspd.html

 配置描述文件是XML 文件，包含以下内容：设备安全策略、VPN 配置信息、Wi-Fi 设置、APN 设置、Exchange帐户设置、邮件设置以及允许 iPhone 和 iPod touch 与企业系统配合使用的证书。

 

  “iPhone配置实用工具”可让您轻松地创建、维护和安装配置描述文件及对配置描述文件进行加密，跟踪和安装预置描述文件与授权的应用程序，以及采集包括控制台日志在内的设备信息。（这个工具可以从官网上进行下载）

 

  目前所知的，安装这个配置文件除了上述的使用“iphone配置实用工具”之外，还可以通过邮件附件或通过使用safari浏览包含有下载的网页的方式激活安装（install profile窗口）。

 

 

下面这个文章大致介绍了下配置描述文件从生成到安装的过程：

Over-the-air IPhone Setup Using a Signed .mobileconfig File

Note: this does not push your configuration to an iPhone. The user of the iPhone must go to a web address and install aconfiguration profile.

   Suppose that you have a few iPhones that you need to support, but you don't want to spend the time typing in all of the e-mail (IMAP or POP), LDAP, wireless network, or other settings into each phone. Perhaps you have foundApple's Enterprise Deployment Guide but you don't really feellike setting up a whole SCEP Certification Authority to get things done either since your requirements are so simple. But you do realize that it is much easier to tell your user to go to https://example.com/iphone/ on their iPhone than to step themthrough all the individual setup routines.

   Amazingly enough, there is not much documentation out there on how to hand-roll a.mobileconfig file that you can pass out on an HTTPS server to your users. We also want it to be "Verified" by the iPhone so that your users can see it is from you. While they can install untrusted profiles, it sure adds a nice touch to have the green checkmark.

   Perhaps you've scoured the Internet since you've read that you can "just useopenssl smime" to sign your .mobileconfig file, but no one seems to tell you　how. We'll go over that here as well.

 

1) Create a configuration(.mobileconfig) file

   This file will contain all the configuration you want for your users' iPhones. I believe youcan use Apple'siPhoneConfiguration Utility to create this file. You don't have to,but it'll probably save you some typing.

   The Enterprise Deployment Guide defines the syntax of the profilesin Appendix B. You can do some pretty fancy request/responsescripting between the phone and your server, but I'll just go overa simpler method that just sends a configuration file from your webserver to their phone.

Your .mobileconfig file will end up looking something likethis:

 

 PayloadContent

 

  

   PayloadDisplayName

   LDAP Settings

   PayloadType

   com.apple.ldap.account

   PayloadVersion

   1

   PayloadUUID

   6df7a612-ce0a-4b4b-bce2-7b844e3c9df0

   PayloadIdentifier

   com.example.iPhone.settings.ldap

   LDAPAccountDescription

   Company Contacts

   LDAPAccountHostName

   ldap.example.com

   LDAPAccountUseSSL

   

   LDAPAccountUserName

   uid=username,dc=example,dc=com

   LDAPSearchSettings

   

    

     LDAPSearchSettingDescription

     Company Contacts

     LDAPSearchSettingSearchBase

     

     LDAPSearchSettingScope

     LDAPSearchSettingScopeSubtree

    

    

     LDAPSearchSettingDescription

     Sales Departments

     LDAPSearchSettingSearchBase

     ou=Sales,dc=example,dc=com

     LDAPSearchSettingScope

     LDAPSearchSettingScopeSubtree

    

   

  

  

   PayloadDisplayName

   Email Settings

   PayloadType

   com.apple.mail.managed

   PayloadVersion

   1

   PayloadUUID

   362e5c11-a332-4dfb-b18b-f6f0aac032fd

   PayloadIdentifier

   com.example.iPhone.settings.email

   EmailAccountDescription

   Company E-mail

   EmailAccountName

   Full Name

   EmailAccountType

   EmailTypeIMAP

   EmailAddress

   [email protected]

   IncomingMailServerAuthentication

   EmailAuthPassword

   IncomingMailServerHostName

   imap.example.com

   IncomingMailServerUseSSL

   

   IncomingMailServerUsername

   [email protected]

   OutgoingPasswordSameAsIncomingPassword

   

   OutgoingMailServerAuthentication

   EmailAuthPassword

   OutgoingMailServerHostNa