diff --git a/ActiveSync/SOGoActiveSyncDispatcher.m b/ActiveSync/SOGoActiveSyncDispatcher.m
index 83314be2f..b107b94f0 100644
--- a/ActiveSync/SOGoActiveSyncDispatcher.m
+++ b/ActiveSync/SOGoActiveSyncDispatcher.m
@@ -2862,6 +2862,7 @@ static BOOL debugOn = NO;
   NSAutoreleasePool *pool;
   id builder, dom;
   SEL aSelector;
+  id activeUser;
 
   NSString *cmdName, *deviceId;
   NSData *d;
@@ -2870,6 +2871,14 @@ static BOOL debugOn = NO;
     
   ASSIGN(context, theContext);
 
+  activeUser = [context activeUser];
+  if (![activeUser canAccessModule: @"ActiveSync"]) 
+    {
+      [theResponse setStatus: 403];
+      [self logWithFormat: @"EAS - Forbidden access for user %@", [activeUser loginInDomain]];
+      return nil;
+    }     
+
   // Get the device ID, device type and "stash" them
   deviceId = [[theRequest uri] deviceId];
   [context setObject: deviceId  forKey: @"DeviceId"];
diff --git a/OpenChange/MAPIStoreMessage.m b/OpenChange/MAPIStoreMessage.m
index 1613171ea..b842b2d6c 100644
--- a/OpenChange/MAPIStoreMessage.m
+++ b/OpenChange/MAPIStoreMessage.m
@@ -202,7 +202,8 @@ rtf2html (NSData *compressedRTF)
         email = recipient->data[count];
         break;
       case PidTagObjectType:
-        object_type = *((uint8_t*) recipient->data[count]);
+        if (recipient->data[count])
+          object_type = *((uint8_t*) recipient->data[count]);
         break;
       case PidTagSmtpAddress:
         smtpAddress = recipient->data[count];
@@ -229,7 +230,7 @@ rtf2html (NSData *compressedRTF)
 
   if (object_type == MAPI_MAILUSER && recipient->username)
     {
-      /* values from user object have priority uppon the data passed for the client */
+      /* values from user object have priority over data sent by the client */
       recipientUser = [SOGoUser userWithLogin: [value lowercaseString]];
       if (recipientUser)
         {
diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m
index 3ca686386..d537c6aec 100644
--- a/SoObjects/SOGo/LDAPSource.m
+++ b/SoObjects/SOGo/LDAPSource.m
@@ -1167,6 +1167,8 @@ groupObjectClasses: (NSArray *) newGroupObjectClasses
           intoLDIFRecord: (NSMutableDictionary *) ldifRecord];
   [self _fillConstraints: ldapEntry forModule: @"Mail"
           intoLDIFRecord: (NSMutableDictionary *) ldifRecord];
+  [self _fillConstraints: ldapEntry forModule: @"ActiveSync"
+          intoLDIFRecord: (NSMutableDictionary *) ldifRecord];
 
   if (contactMapping)
     [self _applyContactMappingToResult: ldifRecord];
diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m
index a8fa1d937..19dab1f26 100644
--- a/SoObjects/SOGo/SOGoUserManager.m
+++ b/SoObjects/SOGo/SOGoUserManager.m
@@ -659,7 +659,7 @@ static Class NSNullK;
             [currentSource setBindPassword: _pwd];
           }
     }
-	    
+
   return checkOK;
 }
 
@@ -752,6 +752,12 @@ static Class NSNullK;
   NSNumber *isGroup;
   NSArray *c_emails;
   BOOL access;
+  NSEnumerator *enumerator;
+  NSString *access_type;
+  NSArray *access_types_list = [NSArray arrayWithObjects: @"CalendarAccess",
+                                                          @"MailAccess",
+                                                          @"ActiveSyncAccess",
+                                                          nil];
 
   emails = [NSMutableArray array];
   cn = nil;
@@ -761,10 +767,10 @@ static Class NSNullK;
   c_imaplogin = nil;
   c_sievehostname = nil;
 
-  [theCurrentUser setObject: [NSNumber numberWithBool: YES]
-                     forKey: @"CalendarAccess"];
-  [theCurrentUser setObject: [NSNumber numberWithBool: YES]
-                     forKey: @"MailAccess"];
+  enumerator = [access_types_list objectEnumerator];
+  while ((access_type = [enumerator nextObject]) != nil)
+    [theCurrentUser setObject: [NSNumber numberWithBool: YES]
+                       forKey: access_type];
 
   if ([[theCurrentUser objectForKey: @"DomainLessLogin"] boolValue])
     {
@@ -773,7 +779,6 @@ static Class NSNullK;
       r = [theUID rangeOfString: [NSString stringWithFormat: @"@%@", theDomain]];
       theUID = [theUID substringToIndex: r.location];
     }
-  
 
   sogoSources = [[self authenticationSourceIDsInDomain: theDomain] objectEnumerator];
   userEntry = nil;
@@ -801,14 +806,15 @@ static Class NSNullK;
             c_imaplogin = [userEntry objectForKey: @"c_imaplogin"];
           if (!c_sievehostname)
             c_sievehostname = [userEntry objectForKey: @"c_sievehostname"];
-          access = [[userEntry objectForKey: @"CalendarAccess"] boolValue];
-          if (!access)
-            [theCurrentUser setObject: [NSNumber numberWithBool: NO]
-                               forKey: @"CalendarAccess"];
-          access = [[userEntry objectForKey: @"MailAccess"] boolValue];
-          if (!access)
-            [theCurrentUser setObject: [NSNumber numberWithBool: NO]
-                               forKey: @"MailAccess"];
+
+          enumerator = [access_types_list objectEnumerator];
+          while ((access_type = [enumerator nextObject]) != nil)
+            {
+              access = [[userEntry objectForKey: access_type] boolValue];
+              if (!access)
+                [theCurrentUser setObject: [NSNumber numberWithBool: NO]
+                                   forKey: access_type];
+            }
 
           // We check if it's a group
           isGroup = [userEntry objectForKey: @"isGroup"];