Re: [SOGo] Has someone a working SAML configuration most optimal with Keycloak as IDP?

[Claas Hilbrecht]

Hi,


DISCLAIMER: I have zero knowledge of SAML!


me too I think after trying more than a week to get SOGo working with  
Keycloak...



Having said that, there are two cases where people successfully used it,
although not sure if they also used Keycloak.

1. https://www.mail-archive.com/users@sogo.nu/msg29860.html
2. https://marc.info/?l=sogo-users=147697076318929=2


I already found both post (and many more). But I can't find a post  
that is written this year and Keycloak changed a lot in the last  
years...

Re: [SOGo] Different authentication for CalDAV/CardDAV accesses possible?

[Kees van Vloten]

Op 29-06-2023 om 15:27 schreef Frank Richter 
(frank.rich...@hrz.tu-chemnitz.de):

Am 28.06.23 um 15:02 schrieb Kees van Vloten (keesvanvlo...@gmail.com):


On 28-06-2023 13:13, Frank Richter (frank.rich...@hrz.tu-chemnitz.de) 
wrote:

Hello,

for Web access to our SOGo server we use LDAP authentication. This 
works for CalDAV/CardDAV as well.
We’d like to have another authentication method for CalDAV/CardDAV: 
same username, but different password (as users store those 
passwords in their apps, we’d like to have different password just 
for DAV accesses). Any hints how to achieve this are welcome.


We’ve Apache as reverse proxy in front of SOGo.
I have authentication delegated to the apache reverse proxy. With 
this I am able to achieve exactly what you describe but for 
sogo-webmail and sogo-activesync.


I have not tried to make caldav/carddav available for mobile devices 
since activesync includes that information. But I see no reason why 
apache cannot do this for *dav.
Thanks! And indeed, 
https://www.sogo.nu/support/faq/how-to-configure-apache-as-frontend.html 
contains the configuration for this already.
Just one additional question: When you authenticate users for 
sogo-webmail in Apache, how do you log in users to the IMAP server then?


In that case you have the user-name only, not the password. The only way 
to be able to access imap is passwordless access. I have setup a 
separate (dovecot-) imap-listener for sogo that allows this and is not 
accessible on localhost only. For that reason I run sogo and dovecot on 
the same server, but it is possible to host them on different servers 
and use a tunnel (e.g. ha-proxy) to get a similar setup.


Btw. with Apache as authenticator you can also distinguish on source 
location, e.g. internet vs. lan and get different authentication for 
each: mfa vs. ldap or kerberos.


- Kees.



Frank

Re: [SOGo] Different authentication for CalDAV/CardDAV accesses possible?

[Frank Richter]

Am 28.06.23 um 15:02 schrieb Kees van Vloten (keesvanvlo...@gmail.com):


On 28-06-2023 13:13, Frank Richter (frank.rich...@hrz.tu-chemnitz.de) wrote:

Hello,

for Web access to our SOGo server we use LDAP authentication. This works 
for CalDAV/CardDAV as well.
We’d like to have another authentication method for CalDAV/CardDAV: same 
username, but different password (as users store those passwords in their 
apps, we’d like to have different password just for DAV accesses). Any 
hints how to achieve this are welcome.


We’ve Apache as reverse proxy in front of SOGo.
I have authentication delegated to the apache reverse proxy. With this I 
am able to achieve exactly what you describe but for sogo-webmail and 
sogo-activesync.


I have not tried to make caldav/carddav available for mobile devices since 
activesync includes that information. But I see no reason why apache 
cannot do this for *dav.
Thanks! And indeed, 
https://www.sogo.nu/support/faq/how-to-configure-apache-as-frontend.html 
contains the configuration for this already.
Just one additional question: When you authenticate users for sogo-webmail 
in Apache, how do you log in users to the IMAP server then?


Frank

--
Frank Richter
Chemnitz University of Technology, Germany




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] Mirroring nightly

[Daniel Le Bray]

oups,
it was a typo on our side... sorry for the noise :p
have a nice day

Le 29/06/2023 à 13:32, Daniel Le Bray (d...@univ-lehavre.fr) a écrit :

Hello,
we're used to setup our sogo servers with a local mirror of the nightly 
builds generated with apt-mirror.


Today, while the mirror seems to be rightly populated (no errors 
reported), our sogo servers don't get the update...


Is there any reason to this?
Anyone in the same operation mode with/without this problem?


--
Daniel Le Bray :: CRI :: Pôle Systèmes et Réseaux
daniel.le-b...@univ-lehavre.fr :: +33 (0)2 32 74 42 94
Universite Le Havre Normandie
25 rue Philippe Lebon, BP1123, 76063 Le Havre Cedex, France
==
J'accepte les emails VSRE (http://vsre.info/index_fr.html)


smime.p7s
Description: Signature cryptographique S/MIME

Re: [SOGo] Has someone a working SAML configuration most optimal with Keycloak as IDP?

[Odhiambo Washington]

On Thu, Jun 29, 2023 at 4:15 PM Claas Hilbrecht  wrote:

> Hi,
>
> since I'm still have trouble getting SOGo 5.8.4 SAML login working
> with Keycloak 21.1.1 I wonder if someone has a working setup and is
> willing to share that configuration?
>

DISCLAIMER: I have zero knowledge of SAML!

Having said that, there are two cases where people successfully used it,
although not sure if they also used Keycloak.

1. https://www.mail-archive.com/users@sogo.nu/msg29860.html
2. https://marc.info/?l=sogo-users=147697076318929=2



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

Re: [SOGo] Timeout to fetch web calendars configurable?

[Frank Richter]

Am 28.06.23 um 15:12 schrieb smizr...@alinto.eu (smizr...@alinto.eu):
We have increase the timeout in the latests nightly build 
(https://bugs.sogo.nu/view.php?id=5781)


Can you try it ?


Thanks, it works now. I also read your remark:

Be careful, this will lock process until download or timeout is complete. 
You may need to adjust WOWorkerCount and WOListenQueueSize


Frank





Le Mercredi, Juin 28, 2023 13:06 CEST, "Frank Richter" 
(frank.rich...@hrz.tu-chemnitz.de)  a écrit:

Hello,

> If you are using Apache in front, maybe you can try to increase timeout as
> explained here :
> 
https://serverfault.com/questions/948312/apache-reverse-proxy-timeout-in-60-seconds
> 



We use Apache in front, but this timeout occurs when SOGo fetches the
calendar from the CalDAV server. So it’s IMHO a timeout in SOGo.
We now take a look why the CalDAV server needs more than 20 secs to deliver
the data to SOGo.

Frank

>
> Le Vendredi, Juin 23, 2023 09:42 CEST, "Frank Richter"
> (frank.rich...@hrz.tu-chemnitz.de)  a écrit:
>> Hello,
>>
>> when users subscribe to web calendars (CalDAV) we see timeouts, when the
>> CalDAV server answers too slow:
>>
>> Jun 23 09:27:11 sogod [2125260]:
>> <0x5574f1f944d0[SOGoWebAppointmentFolder]:206DCC-64954980-19-3E98F2C0> 
Load

>> web calendar https://….tu-chemnitz.de/users/…/calendar/ (401)
>> Jun 23 09:27:39 sogod [2125260]: [ERROR]
>> <0x5574f190c590[SOGoWebAppointmentFolder]:206DCC-64954980-19-3E98F2C0> 
CURL

>> error while accessing https://….tu-chemnitz.de/users/…/calendar/ (28):
>> Operation timed out after 2 milliseconds with 229376 bytes received
>>
>> Is this timeout value configurable in SOGo?



--
Frank Richter
Chemnitz University of Technology, Germany



smime.p7s
Description: S/MIME Cryptographic Signature

[SOGo] Mirroring nightly

[Daniel Le Bray]

Hello,
we're used to setup our sogo servers with a local mirror of the nightly 
builds generated with apt-mirror.


Today, while the mirror seems to be rightly populated (no errors 
reported), our sogo servers don't get the update...


Is there any reason to this?
Anyone in the same operation mode with/without this problem?
--
Daniel Le Bray :: CRI :: Pôle Systèmes et Réseaux
daniel.le-b...@univ-lehavre.fr :: +33 (0)2 32 74 42 94
Universite Le Havre Normandie
25 rue Philippe Lebon, BP1123, 76063 Le Havre Cedex, France
==
J'accepte les emails VSRE (http://vsre.info/index_fr.html)


smime.p7s
Description: Signature cryptographique S/MIME

[SOGo] Has someone a working SAML configuration most optimal with Keycloak as IDP?

[Claas Hilbrecht]

Hi,

since I'm still have trouble getting SOGo 5.8.4 SAML login working  
with Keycloak 21.1.1 I wonder if someone has a working setup and is  
willing to share that configuration?

Re: [SOGo] httpd already installed

[Marco Moock]

Am 29.06.2023 schrieb "supp...@foxnet.be" (supp...@foxnet.be)
:

> Under Debian/Ubuntu , the installation goes correctly.
> On the other hand, under Centos/RockyLinux/Redhat, when you install
> directadmin and then SOGo, it asks you to install httpd, because it
> can't find the install package.

httpd might me apache, nginx or any other webserver.

Install only one of them manually with dnf/apt.


smime.p7s
Description: S/MIME cryptographic signature

Re: [SOGo] httpd already installed

[supp...@foxnet.be]

Simple
I manage my email account with DirectAdmin
Under Debian/Ubuntu , the installation goes correctly.
On the other hand, under Centos/RockyLinux/Redhat, when you install directadmin 
and then SOGo, it asks you to install httpd, because it can't find the install 
package.
So my question is, when the daemon is compiled and installed, how do you remove 
it during installation, knowing that on Debian/Ubuntu there is a way of doing 
this via this command:
apt-get install --no-install-recommends

How do I do this under Centos/RockyLinux/Redhat.

Michel
​​


Le Jeudi, Juin 29, 2023 09:05 CEST, "Marco Moock" 
(marco.mo...@urz.uni-heidelberg.de)  a écrit:
 Am 29.06.2023 schrieb "supp...@foxnet.be" (supp...@foxnet.be)
:

> How do you get SOGo to ask for it in its list of packages when it's
> already installed and configured?

Please explain exactly what you are doing.

 

Re: [SOGo] httpd already installed

[Marco Moock]

Am 29.06.2023 schrieb "supp...@foxnet.be" (supp...@foxnet.be)
:

> How do you get SOGo to ask for it in its list of packages when it's
> already installed and configured?

Please explain exactly what you are doing.


smime.p7s
Description: S/MIME cryptographic signature

[SOGo] httpd already installed

[supp...@foxnet.be]

Hello

How do you get SOGo to ask for it in its list of packages when it's already 
installed and configured?

Michel