[SOGo] BTS activities for Thursday, October 20 2016

[SOGo reporter]

Title: BTS activities for Thursday, October 20 2016





  
BTS Activities

  Home page: http://www.sogo.nu/bugs
  Project: SOGo
  For the period covering: Thursday, October 20 2016

  
  
idlast updatestatus (resolution)categorysummary
	
	
	  
	
3848
	2016-10-20 12:20:02
	updated (open)
	Backend Calendar
	Event start/end time shifts
	
	  
	
3847
	2016-10-20 18:03:24
	updated (open)
	Backend General
	Filters and Vacation always stops working after update
	
	  
	
3852
	2016-10-20 05:27:22
	updated (open)
	GUI
	Copy of Events
	
	  
	
3850
	2016-10-20 02:08:06
	updated (open)
	Web Address Book
	link to shared address book
	
	  
	
1222
	2016-10-20 08:46:31
	updated (open)
	Web Mail
	Imap Alert Support
	
	  
	
3854
	2016-10-20 14:02:30
	updated (open)
	Web Mail
	CKEDITOR additional skins/extensions gets reset on update
	
	  
	
3853
	2016-10-20 10:43:51
	updated (open)
	Web Preferences
	SOGoForwardConstraints = 1; Do not allow multiple internal domains forwarding
	
	  
	
3665
	2016-10-20 04:59:59
	resolved (fixed)
	GUI
	sensitive range of checkboxes too big
	
	  
	
3849
	2016-10-20 18:29:54
	resolved (fixed)
	GUI
	Can't edit Note in address book
	
	  
	
3795
	2016-10-20 21:47:02
	resolved (fixed)
	Web Calendar
	Persistent Cross-Site Scripting in calendar
	
	  
	
3851
	2016-10-20 10:23:52
	closed (fixed)
	Backend Calendar
	Multiplebookings parameter not respected
	
	  
	
  
  


-- users@sogo.nuhttps://inverse.ca/sogo/lists

[SOGo] ANN: SOGo v2.3.17

[Ludovic Marcotte]

The Inverse Team is pleased to announce the immediate availability of 
SOGo v2.3.17. This is a minor release of SOGo which focuses on small new 
features and improved stability over previous versions.



 What is SOGo

SOGo is a free and modern scalable groupware server. It offers shared 
calendars, address books and emails through your favorite Web browser or 
by using a native client such as Mozilla Thunderbird and Lightning, 
Apple Calendar and Address Book (Mac OS X and iOS) and Microsoft 
Outlook.aSOGo is standard-compliant and supports CalDAV, CardDAV and 
reuses existing IMAP, SMTP and database servers - making the solution 
easy to deploy and interoperable with many applications.


SOGo features:

 * Scalable architecture suitable for deployments from dozen to many
   thousand users
 * Rich Web-based interface that shares the look and feel, the features
   and the data of Mozilla Thunderbird and Lightning
 * Improved integration with Mozilla Thunderbird and Lightning by using
   the SOGo Connector and the SOGo Integrator
 * Native compatibility for Microsoft Outlook 2003, 2007, 2010, 2013
   and 2016
 *

   Two-way synchronization support with any Microsoft
   ActiveSync-capable device (Apple iOS, Android, Windows Phone,
   BlackBerry 10) or Outlook 2013/2016

 * Excellent native integration with Apple software (OS X and iOS) and
   Android-based devices

and many more! SOGo and our connectors are completely free.


 Changes from the previous release

*Enhancements*

 * [web] allow custom email address to be one of the user's profile (#3551)
 * [web] the left column of the attendees editor is resizable (not
   supported in IE) (#1479, #3667)

*Bug fixes*

 * [eas] make sure we don't sleep for too long when EAS processes need
   interruption
 * [eas] fixed recurring events with timezones for EAS (#3822)
 * [eas] improve handling of email folders without a parent
 * [eas] never send IMIP reply when the "initiator" is Outlook 2013/2016
 * [core] only consider SMTP addresses for AD's proxyAddresses (#3842)

Seehttps://sogo.nu/bugs/changelog_page.php?project_id=1for closed 
tickets andhttps://github.com/inverse-inc/sogo/commits/SOGo-2.3.17for 
the complete change log.



 Getting SOGo

SOGo is free software and is distributed under the GNU GPL. As such, you 
are free to download and try it by visiting the following page:


https://sogo.nu/download.html#/v2

Front-end clients such as Mozilla Thunderbird, Mozilla Lightning 
(Inverse Edition), SOGo Connector and SOGo Integrator extensions are 
available for download from:


https://sogo.nu/download.html#/frontends

Documentation about the installation and configuration of SOGo, 
Thunderbird or the native Microsoft Outlook compatibility layer is 
available from:


https://sogo.nu/support/index.html#/documentation

You can also try our online SOGo demo. Three accounts are available: 
sogo1, sogo2 and sogo3. Their password is the same as their username.


https://sogo-demo.inverse.ca/SOGo/


 Upgrading to v2.3.17

No special measure needs to be taken when upgrading.


 How can I help ?

SOGo is a collaborative effort in order to create the best Free and Open 
Source groupware solution.


There are multiple ways you can contribute to the project:

 * Documentation reviews, enhancements and translations
 * Write test cases - if you know Python, join in!
 * Feature requests or by sharing your ideas (see the roadmap)
 * Participate to the discussion in mailing lists
 *

   Patches for bugs or enhancements (https://sogo.nu/bugs)

 *

   Provide new translations
   
(https://sogo.nu/nc/support/faq/article/how-to-translate-sogo-in-another-language-2.html)

Feel free to send us your questions. You can also post them to the SOGo 
mailing list:https://sogo.nu/lists/



 Getting Support

For any questions, do not hesitate to contact us by writing 
tosupp...@inverse.ca 


Customer support packages for SOGo are available 
fromhttps://inverse.ca/#support



--
Ludovic Marcotte
lmarco...@inverse.ca  ::  +1.514.755.3630  ::  http://inverse.ca
Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence 
(http://packetfence.org) and Fingerbank (http://fingerbank.org)

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] shared IMAP folders

["Thomas Fuehrer"]

On Thursday, October 20, 2016 13:41 CEST, "Ralf Cirksena" (c...@holmco.de) 
 wrote:


> * 31 FETCH (UID 31 RFC822 {136999}
> 
> 1 OK Fetch completed.
>
> looks good.
>

Is it always the same id (/31) which is reported in sogo.log?
Try to delete the message to see whether it is an issue with this message only.

ImapDebugEnabled = YES should give more details(you can mail it to 
t...@aon.at)

Regards,
Thomas





-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] shared IMAP folders

[Ralf Cirksena]

Hi Thomas,

On Wed, Oct 19, 2016 at 11:40:06PM +0200 you wrote:

> the message [NGImap4Connection]> could not fetch url: 
> imap://r...@mail.holmco.de/Public%2Fshared%2Fname%2Farchiv%2F2005/31 means 
> that sogo failed to read the message with id 31 in folder 
> public/shared/name/archive/2005
> 
> Have checked /var/log/mail.*?
> 
> You can try to read the message via telnet:
> 
> telnet  143
> 1 login  
> 1 select public/shared/name/archive/2005

1 select public/shared/name/archiv/2005
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 100 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1476862633] UIDs valid
* OK [UIDNEXT 101] Predicted next UID
* OK [HIGHESTMODSEQ 2] Highest
x OK [READ-ONLY] Select completed.

> 1 uid fetch 31 rfc822

* 31 FETCH (UID 31 RFC822 {136999}

1 OK Fetch completed.

looks good.


Regards
-- 
R. Cirksena 
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] SAML2 authentication requirements

[Christoph Kreutzer]

Hi Steve,

I was also afraid of patching common libraries, but I also tried following the 
AUF recipe (without success). I also thought about the OpenChange way (allow 
access without password from localhost [or other SOGo host]), but that wasn’t 
really what I wanted, as you noted by yourself ;) As for EAS, this works fine 
for me out of the box, but I’m not using OpenChange.

I researched a bit further and documented my steps as good as I can remember 
(forgot to take notes sometimes).

Christoph.


SAML with SOGo and Dovecot
==

SOGo SAML configuration
---
I am using the following configuration, which is pretty straightforward:
SOGoAuthenticationType = saml2;
NGImap4AuthMechanism = PLAIN;
SOGoSAML2PrivateKeyLocation = "/etc/sogo/saml.pem";
SOGoSAML2CertificateLocation = "/etc/sogo/saml.crt";
SOGoSAML2IdpMetadataLocation = "/etc/sogo/idp-metadata.xml";
SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/idp.crt";
SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp.crt";
SOGoSAML2LoginAttribute = "mail";
SOGoSAML2LogoutEnabled = YES;
SOGoSAML2LogoutURL = "https://example.com;;

idp-metadata.xml and idp.crt come from the IdP.

saml.pem and saml.crt are your certificate and private key, possible generated 
like this:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt 
-keyout saml.pem

Most important is the IMAP part.
>From the SOGo installation guide: "if you make use of the CrudeSAML SASL 
>plugin, you need to make sure that NGImap4AuthMechanism is configured to use 
>the SAML mechanism. If you make use of the CrudeSAML PAM plugin, this value 
>may be left empty."
That suggests, if you are using PAM, you can leave the defaults. At least with 
Dovecot, this doesn't work out of the box.
SOGo will use the LOGIN command and sends the full SAML assertion as password. 
Dovecot will fail to authenticate, because the "password" is larger than the 
reserved memory.
But you can use AUTHENTICATE PLAIN, because for AUTHENTICATE a larger buffer is 
reserved (for using Kerberos tickets, etc.). To get SOGo/SOPE to do this, add 
the NGImap4AuthMechanism = PLAIN as I did above.

Dovecot SAML authentication (PAM)
-
1. crudesaml, as listed in SOGo documentation

1.1 UCS crudesaml & liblasso3
(Univention Corporate Server, Debian based enterprise Linux)
- Issue crudesaml deb-Build: 
https://forge.univention.org/bugzilla/show_bug.cgi?id=39315
- crudesaml deb: 
http://updates.software-univention.de/4.1/maintained/4.1-0/amd64/pam-saml_1.5.0-4.12.201510061230_amd64.deb
Also needs patched liblasso3 installed (see issue, and: 
https://dev.entrouvert.org/issues/8042).
I just added the Repository in APT and pinned it, so that only the specific 
packages where installed.
However, segfaults while processing the PAM request on Debian Jessie.

1.2 Custom build crudesaml against default liblasso3
Gives "Undefined symbol: lasso_provider_verify_saml_signature" (as expected)

1.3 Custom build liblasso3 from upstream and crudesaml
- patched using the patches by Inverse/AUF 
(https://wiki.auf.org/wikiteki/Projet/SOGo/TestsSAML)
- second build patched using UCS patch (https://dev.entrouvert.org/issues/8042)
Sometimes segfaulted, but most of all flooded logs with: GLib-GObject-WARNING 
**: cannot register existing ... (clashed with installed liblasso3 by Debian)
Worked for some requests, for most not (I would say 1 of 4, because of glib 
problem)

1.4 liblasso3 using deb-src package and patching
I tried it once, but I didn't like it ;) Build failed even without patching 
(but I think only because all bindings where compiled, too)
Didn't tried any longer then, as I don't want to have to patch every single 
release.


2. pam-script
https://packages.debian.org/en/jessie/libpam-script

2.1 bash implementation of crudesaml
I started with it, only using minimal dependencies (xmllint, openssl, xmlsec).
But then realized, that it would be hard to implement the whole SAML protocol 
with XML extraction using xmllint --xpath and verifying signatures using xmlsec.

2.2 pam-script-saml
Is a PHP implementation using the LightSAML library 
(https://www.lightsaml.com/LightSAML-Core/), accepts nearly the same arguments 
like pam-saml.
Available on GitHub: https://github.com/ck-ws/pam-script-saml
Time will tell if it is performing good enough. For the moment it works good 
enough in a test environment.

DAV Access
--
DAV access for Cal/CardDAV will usually not support SAML authentication. The 
simplest solution is to keep your default authentication source in place, on 
which SOGo should rely nevertheless.
I, however, don't really want my users passwords in some apps. So I built 
something like Googles App Passwords, stored in a MariaDB/MySQL database. SOGo 
currently only checks the first result row for a given uid (but I think it 
should be easily changeable, see feature request 

Re: [SOGo] Session Timeout

[Christian Mack]

Am 20.10.2016 um 11:31 schrieb Christian Reischl
(christian.reis...@ivv.fraunhofer.de):
> Hi,
> 
> is it possible to adjust the session timeout?
> 
> Some users are complaining that they have to relogin a little too often.
> 

Sure.
Just adjust the value of expire-sessions on the cron job.
You find it in /etc/cron.d/sogo
It is in minutes.


Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature

[SOGo] Session Timeout

[Christian Reischl]

Hi,

is it possible to adjust the session timeout?

Some users are complaining that they have to relogin a little too often.

Kind regards,
Christian
--
__
Christian Reischl

Fraunhofer Institut für
Verfahrenstechnik und Verpackung
Giggenhauser Str. 35
85354 Freising

Tel.: +49 8161 491-704
mailto:christian.reis...@ivv.fraunhofer.de
http://www.ivv.fraunhofer.de/
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sieve filters problem

[Ketan Aagja]

Adam,

Do you have "SOGoSieveFolderEncoding = UTF-8;" enabled in sogo.conf?

Thanks,
Ketan Aagja


On Mon, Sep 12, 2016 at 9:00 PM, "Adam Kowalsky"  wrote:

> Hi,
> I have a problem with sieve filters. Everything was working fine until I
> switched database to utf8mb4. After that under Preferences -> E-mail ->
> Filters I see only three empty items that can't be altered or deleted. When
> I add new filter nothing happens, new filter doesn't appear on the list and
> no error messages. Logs doesn't reveals any problems as well (debug options
> are on). Vacation messages works like a charm. I have no idea what to do.
> Regards, Adam
>
>
>
>
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Maximize compose view in webmail

[Ketan Aagja]

I am also eagerly want this with Minimize and maximize options. I tried
playing with CSS and JS but when we update SOGo it gets reset and comes
back to original view.

Thanks,
Ketan Aagja


On Tue, Sep 27, 2016 at 7:38 PM, Jason Mooradian  wrote:

> Is there any way to make the composer box bigger when creating a new email
> in webmail?
>
> Thanks!
>
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] 2-Factzor Authentication

[Andreas Altenburg]

Hi,

I wonder if there any plans for implementation of a 2FA into SOGo Web
Interface. We got it running with an LDAP-Proxy (and DUO, so there was
no need to enter a token but to accept a push message on your phone).
Cavecat is obviously that with this setup a 2FA is also needed for
mobile users with caldav etc.

Did anybody have an idea for realizing that?


Thanks,

Andreas
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] schedule event based on free/buzy in sogo 3.2.0

[Christian Mack]

Hello

Am 19.10.2016 um 20:48 schrieb mj (li...@merit.unu.edu):
> 
> Can anyone tell me where the schedule-an-appointment based on free/buzy
> info functionality is hidden in sogo 3.2.0?
> 
> Creating a new 'event', invite attendee, works. But this just takes the
> date/time as i entered it.
> 
> There should be scheduling funtionality in 3.2 as well, shouldn't
> there..? (just like sogo2)
> 
> I must be overlooking something here...
> 
> Pointers...appreciated..!
> 

This is one of the missing features in version 3.


Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature