Groupware #1994
Groupware #1994
Conversation
pbleser-oc
added
Status:Needs-Review
Type:Organizational
Type:Maintenance
|
|
||
| svc, err := NewAuthenticationApi(options.Config, &options.Logger, options.Metrics, options.TraceProvider, m) | ||
| if err != nil { | ||
| panic(err) // TODO p.bleser what to do when we encounter an error in a NewService() ? |
There was a problem hiding this comment.
The authentication api should be passed in as an option so the creation cannot fail here.
| Run the following command on your host (requires the `ldap-tools` package with the `ldapsearch` CLI tool), which should output a list of DNs of demo users: | ||
|
|
||
| ```bash | ||
| ldapsearch -h localhost -D 'cn=admin,dc=opencloud,dc=eu' \ |
There was a problem hiding this comment.
this only works with the url for me
| ldapsearch -h localhost -D 'cn=admin,dc=opencloud,dc=eu' \ | |
| ldapsearch -H ldap://localhost -D 'cn=admin,dc=opencloud,dc=eu' \ |
| curl -ks -D- -X POST \ | ||
| "https://keycloak.opencloud.test/realms/openCloud/protocol/openid-connect/token" \ | ||
| -d username=alan -d password=demo -d grant_type=password \ | ||
| -d client_id=groupware -d scope=openid |
There was a problem hiding this comment.
when working from top to bottom this fails. using a client_id=web works ... so I need to add a client id for the goupware somewhere ...
| to which one should receive the following response: | ||
|
|
||
| ```java | ||
| A OK [CAPABILITY IMAP4rev2 ...] Authentication successful |
There was a problem hiding this comment.
hm, I need to dig into:
stalwart-1 | 2025-12-10T16:07:05Z TRACE Raw IMAP input received (imap.raw-input) listenerId = "imaptls", localPort = 993, remoteIp = 172.39.0.1, remotePort = 45034, size = 19, contents = "A LOGIN alan demo\r\n"
stalwart-1 | 2025-12-10T16:07:05Z ERROR LDAP error (store.ldap-error) listenerId = "imaptls", localPort = 993, remoteIp = 172.39.0.1, remotePort = 45034, reason = "I/O error: Connection refused (os error 111)", causedBy = "crates/directory/src/core/dispatch.rs:25", id = "A"
| STALWART_DOMAIN= | ||
|
|
There was a problem hiding this comment.
| STALWART_DOMAIN= | |
| STALWART_DOMAIN= | |
| # LDAP config to use. Can either be idmldap (the built in IdP) or ldap (when using keycloak). | |
| STALWART_AUTH_DIRECTORY=idmldap |
| ## Services | ||
|
|
||
| ### Stalwart | ||
|
|
There was a problem hiding this comment.
add a section about the STALWART_AUTH_DIRECTORY env var
| @@ -0,0 +1,19 @@ | |||
| package groupware | |||
There was a problem hiding this comment.
I think we should drop the groupware_ prefix from files in this package
| @@ -0,0 +1,49 @@ | |||
| package jmap | |||
There was a problem hiding this comment.
I think we should drop the jmap_ prefix from all files in this package
| AUTH_BASIC_LDAP_BIND_PASSWORD: "admin" | ||
| USERS_LDAP_BIND_PASSWORD: "admin" | ||
| GROUPS_LDAP_BIND_PASSWORD: "admin" | ||
| IDM_LDAPS_ADDR: 0.0.0.0:9235 |
There was a problem hiding this comment.
I configured everything on .compose.test to prevent collisions with my .opencloud.test deployment. The stalwart URL then needs to be set for the groupware:
| IDM_LDAPS_ADDR: 0.0.0.0:9235 | |
| IDM_LDAPS_ADDR: 0.0.0.0:9235 | |
| GROUPWARE_JMAP_BASE_URL: https://${STALWART_DOMAIN:-stalwart.opencloud.test} |
There was a problem hiding this comment.
oh and we need to set FRONTEND_GROUPWARE_ENABLED: "true" and enable the mail app in the web config when stalwart is enabled ... but that connot be configured with a simple env var ... 😞 we need to replace the config file then ...
There was a problem hiding this comment.
Ok, I still don't have a menu entry for mail in the web UI even though the config.json contains the mail app. I assume that is a problem with my setup/config. in any case, I can see the mail UI when navigation to {$OC_URL}/mail manually. \o/
I did run into some minor issues when following the docs. If you could address them (and enlighten me on how to get menu to show the groupware apps) I'm happy to merge this. I mostly want others to be able follow the DEVELOPMENT.md and have a working setup. Kudos for that, btw.
The groupware service itself follows our ... boilerplate ... service code ... and implements the JMAP handling. I assume that will have to evolve, but we can merge it and iterate.
Tip
the web repo has a compose file with all the apps enabled. That gave me the final hint to get the menu entries
pbleser-oc
force-pushed
the
groupware
branch
from
a9ef8f3 to
3d8cad1
Compare
…enLDAP container as a directory for user authentication
…ince 'admin' exists as a regular user in LDAP and thus won't have access to the administration
…80 directly to access the userinfo endpoint using HTTP since the certificates in traefik are self-signed and end up being rejected by Stalwart with no option to bypass the certificate check
…h API endpoint with it
…ernal authentication API for third party services such as Stalwart
* primitive implementation to demonstrate how it could work, still to be considered WIP at best * add new dependency: MicahParks/jwkset and MicahParks/keyfunc to retrieve the JWK set from KeyCloak to verify the signature of the JWTs sent as part of Bearer authentication in the /auth API * (minor) opencloud/.../service.go: clean up a logging statement that was introduced earlier to hunt down why the auth-api service was not being started
…es to the model to conform with draft-ietf-calext-jscalendarbis-10 and fields that are currently not implemented in Stalwart
* upgrade Stalwart image for devtools/full to 0.14.1 * re-assert which features are implemented or not in 0.14.1 * refactor the integration tests yet again to make it clearer and easier to see those "features-or-not" * get rid of old tests that are now better covered by integration tests * rewrite how we compare expected and actual objects in integration tests, finally having found a way to ignore the @type attribute properly instead of having to mutate all objects to remove it
* implement Request.AllAccountIds() to generalize the fetching (and uniqifying) of all account IDs, which will allow us to implement things such as "subscribed" accounts, or limiting the number of accounts in one request * add Account-Id response header * add Object-Type response header
… without email bodies
* fix a bug in how email summaries are flattened across multiple accounts, which was previous resulting in empty email objects * allow negative offset in email pagination * make all /emails endpoints return emails without bodies
…f they are missing
* jmap/EmailCreate: add more attributes that were omitted: Headers, InReplyTo, References, Sender * add jmap GetEmailSubmissionStatus * improve email integration tests by adding a thorough test for email submission * jmap integration tests: provision principals and domains using the Stalwart Management API, switching from an in-memory to an internal directory
…efaults and config sub-structures
* add example generator infrastructure, with some examples for pkg/jmap and pkg/groupware, with more needing to be done * alter the apidoc Makefile to stop using go-swagger but, instead, use the openapi.yml file that must be dropped into that directory using groupware-apidocs (will improve the integration there later) * add Makefile target to generate examples * bump redocly from 2.4.0 to 2.14.5 * introduce Request.PathParam() and .PathParamDoc() to improve API documentation, as well as future-proofing * improve X-Request-ID and Trace-Id header handling in the middleware by logging it safely when an error occurs in the middleware
… and remove defunct files
Description
Ongoing implementation of the Groupware backend service, which initially happened on its own branch but should now occur on the
mainbranch.Changes are almost exclusively on packages that are distinct to the Groupware backend, namely
pkg/jmap,pkg/jscalendarandpkg/jscontact: contain the implementation of the JMAP protocol and data models for Core, Mail, Contacts, Calendars, Blobs, ...services/groupware: contains the Groupware backend service which is currently configured to not be started by default, and must be explicitly included in theSTART_ADDITIONAL_SERVICESpropertyChanges to common areas include:
devtools/deployments/opencloud_full: addition of a container of the Stalwart mail server which is used for Groupware functionalitypkg/structs: add more helper functions that are then used inpkg/jmapandservices/groupwareNote that it is not fully functional yet and is going to be under continued and ongoing development along with its UI counterparts.
Specifically, the following aspects are lacking and only implemented in a skeletal way as a proof of concept:
The Groupware backend is not meant to be used productively yet.