[SOGo] BTS activities for Monday, October 24 2022

2022-10-24 Thread SOGo reporter 
Title: BTS activities for Monday, October 24 2022





  
BTS Activities

  Home page: https://bugs.sogo.nu
  Project: SOGo
  For the period covering: Monday, October 24 2022

  
  
idlast updatestatus (resolution)categorysummary
	
	
	  
	
5626
	2022-10-24 22:10:33
	updated (open)
	ActiveSync
	Extreme battery drain from "Mail (Background)" after update to IOS16

Re: [SOGo] show event organizer/creator on event detail

2022-10-24 Thread Claudio Brocco - Peer Srl 
Yes, but if I create an event in a shared calendar not owned by myself 
there is no information about the creator/organizer.
Other user with access to the shared calendar cannot see who has created 
the event


Thank you
Claudio

/10/22 11:20, Christian Mack (christian.m...@uni-konstanz.de) ha scritto:


Hello

That is how the standard demands it.

Why or when do you need that?
If there are no attendees, then the owner of the calendar is always 
the organizer.



Kind regards,
Christian Mack

Am 26.09.22 um 09:29 schrieb Claudio Brocco - Peer Srl 
(c.bro...@peer.biz):

Hi,

I kindly ask if there is an option to show the organizer in a sogo 
calendar if no attendee are added to the event.


I notice that in the raw source of the event the organizer is not 
present and not displayed. In event with attendee both are displayed.


Thank you

Re: [SOGo] kerberos sogo

2022-10-24 Thread van Vloten Kees 
You need a KDC for Kerberos, Samba provides it but there are some other
possible solutions, such as Active Directory or Redhat's IDM.

Op ma 24 okt. 2022 01:53 schreef mich :

> Hello
>
>
>
> So you have to install Samba?
>
>
>
> Michel
>
>
>
> *De : * au nom de "users@sogo.nu" 
> *Répondre à : *"users@sogo.nu" 
> *Date : *dimanche 23 octobre 2022 à 19:22
> *À : *"users@sogo.nu" 
> *Objet : *Re: [SOGo] kerberos sogo
>
>
>
>
>
> The session key is a 32 bytes random string, all details are in:
> https://github.com/gssapi/mod_auth_gssapi
> You can also specify it inline but then it must be base64 encoded, e.g.
>
> makepasswd --chars=32 | base64
>
> And in the apache conf:
>
> GssapiSessionKey key:
>
> In this case there is no file, hence no file permissions to think about.
>
> If your machine is a Samba domain member you can also use the default
> /etc/krb5.keytab just do:
>
> chgrp www-data /etc/krb5.keytab
>
> To make it accessible for apache.
> Do note that www-data is the group on Debian, other distros may use a
> different group name.
>
> If your machine is not a domain-member, it is a bit more work.
>
> You create a machine account in samba and create the principal:
>
> samba-tool computer create 
> # Set encryption types on the account
> net ads enctypes set  28
> # set a password on the computer account:
> PW=$(makepasswd --chars=32 | iconv -f UTF-8 -t UTF-16LE | base64 -w 0)
> echo "dn: \nchangetype: modify\nreplace:
> unicodePwd\nunicodePwd::${PW}" | ldbmodify -H /var/lib/samba/private/sam.ldb
>
> PRINCIPAL="http/"
> samba-tool spn add ${PRINCIPAL}  -H
> /var/lib/samba/private/sam.ldb
> samba-tool domain exportkeytab -d 8 --principal=${PRINCIPAL}
> 
>
> Now copy the keytab filename to the target host and provide access to
> apache with:
>
> chgrp www-data /etc/krb5.keytab
>
> Done.
>
> On 22-10-2022 15:20, mich (supp...@foxnet.be) wrote:
>
> Hello Kees
>
>
>
> Thanks for the approach.
>
>
>
> A tu tutorial more detailed, especially for the creation of keys
> gssapi_session.key, apache.keytab is I do not use LDAP to identify me
> during user connections, I use mysql.
>
> With the solution you asked for, Kerberos is used for authentication, not
> Mysql nor LDAP.
>
> Samba4 provides MS-AD functionality, which is a.o. Kerberos + LDAP. In the
> example below LDAP is used for authorization on top of the authentication
> provided by Kerberos (to get access a user must be member of a certain
> group, the "users_with_sogo_access" group).
>
> Sogo still requires a database to store the user profile.
>
> - Kees
>
>
>
> Michel
>
>
>
> *De : *  au nom de
> "users@sogo.nu"   
> *Répondre à : *"users@sogo.nu"  
> 
> *Date : *vendredi 21 octobre 2022 à 11:43
> *À : *"users@sogo.nu"   
> *Objet : *Re: [SOGo] kerberos sogo
>
>
>
> You can let your webserver do the authentication, there it can do
> krb5/gssapi authentication.
>
> In sogo.conf st:
>
> SOGoTrustProxyAuthentication = YES;
>
> In Apache conf put something like:
>
> 
> AuthName "Login"
> AuthType GSSAPI
> GssapiSSLonly On
> GssapiLocalName On
> GssapiUseSessions On
> GssapiSessionKey file:/var/lib/apache2/secrets/gssapi_session.key
> GssapiCredStore keytab:/etc/keytab/apache.keytab
> GssapiDelegCcacheDir /run/apache2/krb5
> GssapiBasicAuth on
> GssapiAllowedMech krb5
> GssapiBasicAuthMech krb5
> Session On
> SessionCookieName gssapi_session path=/private;httponly;secure;
> Require valid-user
> SetEnv proxy-nokeepalive 1
> RewriteEngine On
> RewriteRule .* - [E=SOGO_REMOTE_USER:%{REMOTE_USER}]
> 
>
> If you also want authorization with ldap group-membership then that can
> simply be added to the Apache config. Replace "Require valid-user" with:
>
> AuthLDAPURL "ldap://dc1.example.com
> dc2.example.com/DC=example,DC=com?sAMAccountName?sub?(objectClass=user)"
> AuthLDAPRemoteUserAttribute sAMAccountName
> 
> Require valid-user
> Require ldap-attribute userAccountControl="512"
> Require ldap-filter
> memberof:1.2.840.113556.1.4.1941:=CN=,OU=,DC=example,DC=com
> 
>
> This example is for Samba4 (or AD).
>
> There is one side-effect of webserver authentication: the user's password
> is not available in Sogo. This means that you must have password-less login
> from Sogo to imap and smtp/submission.
>
> For example run Sogo on the same machine as Dovecot and add this to the
> dovecot config:
>
> passdb {
>  args = nopassword=y allow_nets=127.0.0.1/32
>  driver = static
> }
>
> - Kees
>
>
>
> On 21-10-2022 11:04, Christian Mack (christian.m...@uni-konstanz.de)
> wrote:
>
> Hello
>
> SOGo itself does not know about Kerberos.
> But you can use its SAML interface in order to use it.
> For that to work you have to setup an "Identity Provider" which delivers
> Kerberos Tickets and a "Service Provider" for SOGo which handles
> authentication for it.
> Also your mail servers (IMAP + SMTP) have to either use kerberos for
> authentication, or you have to allow not authenticated access from the SO

Re: [SOGo] How to write to caldav calendars

2022-10-24 Thread Christian Mack 

Hello

No, WebDAV, calDAV and cardDAV write access to external 
resources/servers is not implemented.

See
https://bugs.sogo.nu/view.php?id=1330 and
https://bugs.sogo.nu/view.php?id=4510


Kind regards,
Christian Mack

Am 23.10.22 um 19:51 schrieb "Oliver Enes" (oli...@enesnet.de):


I have some external caldav calendars (caldav server is baikal) and I want to 
use them in SoGo. I can import them if I use the export url which points to a 
single ics file containing all events.

But then I cannot edit events or create/delete events. If I use the "normal" 
caldav url of the calendar although I cannot see any events nor create events.

So my question is if SoGo has caldav support and if it has, how can I use a 
caldav calendar with writing possibilities?

Greetings!



--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung, Lehre, Infrastruktur
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature