Good questions. I have also given a lot of thought to those scenarios,
particularly
with regard to the fact that we're moving away from the federated model (since
no one ever used it, as far as I can tell). Citadel is finding itself most
comfortable in the space somewhere *between* the
You could use a new header byte ... or an RFC822 header
Mon Dec 14 2015 07:07:12 EST from IGnatius T Foobar @ Uncensored Subject: Re: implementing tags for blogs...
You could use a new header byte ... or an RFC822 header
yep, thats what I thought by eenVelopeTo is useless enough in this usecase.
So I'll go with that.
I'm also thinking about
meld is probably a good tool to use.
usually you start by git pull master and resolve the conflicts.
I wonder what these conflicts may be? I didn't do anything about the configs yet...
(I wanted to change them so they are transmitted inline in the migrate process instead of r'synced - because of that may fail badly...)
implemented with 7b5b6987e1077892e01f9ebdb1f27374011af6db
if an async context didn't do any IO in 10 minutes, its declared dead and will be killed.
So if you want to try it out ;-)
Hm, I think I'll write some timeout killer for the event queue jobs; they already cary a timestamp of their last activity so that should work straight ahead.
We will then see whether the kill facility works properly ;-)
if you run sendcommand RWHO do you see a citadel networker (believing to be...) talking to uncensored?
Thu Jul 09 2015 08:25:13 AM EDT from dothebart @ Uncensored Subject: Re: Networking issues in 9.01
if you run sendcommand RWHO do you see a citadel networker (believing to be...) talking to uncensored?
I'll need to try that the next time that it fouls up.
Assuming that I do see such
OOPS
I seem to have accidentally merged the configdb into git master. I will
attempt to revert that!!!
Looks like it's reverted. I hope I got that right.
yes - and since thats a very special case, make it a commandline option. Citadel will work for most who do easy install, .deb, .rpm or ebuild.
And if it doesn't, they need to edit their init scripts.
or - other idea, stat some db file, and pick the uid from that, and just have it specify once at start?
Here's what I'm leaning towards now ...
* If there is a citadel user, use that as default
* Otherwise, citserver will expect either the -r (run as root) or the new
-u (run as user...) options to be present
* Startup scripts implementing the -u option shall be written by setup scripts.
the -u should be fetched from /etc/defaults/citadel from the startup scripts.
The startup script itself should be static.
That's an implementation detail (and a correct one) -- the point is that it
no longer happens inside Citadel itself.
The username won't *always* be citadel ... most of the time it will, but
not always. (On a lot of sites, including mine, it's bbs)
So it seems that the only configuration variable that's really giving us
a chicken-and-egg problem is 2config.c_ctdluid, which specifies the uid under
which Citadel server should run (after it's done binding to low numbered sockets
and things like that).
I wonder if it would make sense
hm, so you have to create the db files as root and chown them?
Regarding the uid, if not commandline, doing getpwnam of the user citadel to get the uid sounds clever to me - since that should be the default, and like -h the others are very special cases...
Notice the lessons in the "chicken and egg" problem you mention above have been considered before in database-ish systems config.
Mysql/Mariadb) as well as ldap servers 'slapd' have config files that contain only the minimum of items necessary to connect to the (currently local only) database,
Ok, well I'm still skeptical about multiple citservers running a single site
in a non-federated tandem ... but either way it still sets out a pretty clear
roadmap for the kind of things we need to do next. It still means we move
all of the config stuff into the database. So we'll
I do understand the whole uptime thing. Remember, I work in the hosting
business. I know all about 99.999% SLA's (which somehow seem to be disregarded
when Exchange shits the bed -- shouldn't all those people be running something
more reliable?)
Only problem I can see with a
P.S. I should have added: the whole 'logging' thing goes away, and the 'CULL' command is a no-op in the HA setup.
P.P.S. As I'm a bit late to the citadel world, I actually have no certain idea what anyone who posts here does for work, where in the world they live, or, well, anything. I gather
The beautiful thing about the mariadb/galera multimaster database approach is: Each cit-server talking to a database server instance --- running on the same box citadel is --- thinks it's the only server running. The fact that citadel has that wonderful 'go threading' call, and has sorted
From the very beginning, the idea of a pluggable data store has been part
of the architecture. We've done it once -- originally we were using gdbm
but because that was so unstable we switched to Berkeley DB.
dothebart would undoubtedly want to use ArangoDB.
I'm ok with it as long as it
Fri Apr 03 2015 10:58:37 EDTfrom IGnatius T Foobar @ Uncensored Subject: Re: CODE FREEZE - RELEASE IMMINENT
From the very beginning, the idea of a pluggable data store has been part of the architecture. We've done it once -- originally we were using "gdbm" but because that was so unstable we
I really don't think we should try to fill that gap - since nobody
had scalability issues with citadel so far. Just for failover drdb is
perfect.
There was a time when we wanted to try to be an enterprise mail/groupware
system. That gave rise to the Global Address Book and the idea
the idea that you could spread a single Internet domain across a large
group of Citadel servers, and there is still all sorts of bizarre
message routing code to make that happen.
... and this brings up the first bit of axe wielding.
Effective immediately, I am removing support
I've done a lot of comparison between options in the email server space, and also in the high availability space. Because of the clamav and built in access to the spam daemon, Citadel server lacks only one thing to be the best replacement for hacked-together postfix+lmtp+caldav/webdav, etc.,
Ok folks, the v9.01 tag is in git, and Easy Install has been updated.
I'll do the tarballs shortly.
For the 9.xx development cycle, I'd like to keep the trunk fairly stable
and do unstable work in branches, if possible. Some of the things I'd like
to accomplish during 9.xx:
*
Wed Apr 01 2015 12:45:07 EDT from IGnatius T Foobar @ Uncensored Subject: Re: CODE FREEZE - RELEASE IMMINENT
Whats the release version gonna be? 8.30?
9.01 I'm updating it now.
did you try out the discount configure etc. code? I wasn't really able to test it, as I would have liked with
If you'd prefer, let me know and I'll separate each fix into it's own attachment.
Many thanks for the good work.
to ease the deployment, can you re-send your mails with the diffs as an attachment?
You'll find the changes you're looking for if you find this line in the previously attached file:
diff --git a/webcit/configure.ac b/webcit/configure.ac
Everything I cooked up that's different follows that. The autogenerated material, which shows the differences in the build environment, is
Thanks for the thought. I noticed the citadel server has a line of code in there to block CREU from working when there is LDAP auth.
# sendcommand CREU ItSeemedLikeAGoodIdeasendcommand: started (pid=29593) connecting to Citadel server at /var/run/citadel/citadel-admin.socket200 email1
Thanks a lot.
I guess if you run CREU http://citadel.org/doku.php/documentation:appproto:users#creu.create.new.user.account with a script, you may get that.
I don't know which admin interface you use to your ldap tree?
Thu Mar 19 2015 11:58:19 EDT from harryc @ Uncensored Subject: hc
Re: LDAP, I use LDAP (RFC2307) auth.
hm, the patch only contains the autogenerated files? Can you send the other files as diff attachments?
Thu Mar 19 2015 13:54:08 EDT from harryc @ Uncensored Subject: Re: hc changes to date, git diff format attached
Thanks for the thought. I noticed the citadel server has a line of code in there to block CREU from working when there is LDAP auth.
# sendcommand CREU
Ref the previous webcit build bug report, the problem was in the makefile -lmarkdown was too soon in the library list.
editing the makefile allowed proper completion, but the makefile got wiped out every dpkg-buildpackage. So a similar change in configure led to the correct makefile, whichgot
Also, in the spirit of 'belt-and-suspenders' programming practices:
--- webcit-8.24-dfsg/webcit.h 2014-01-27 09:42:11.0 -0600+++ webcit-8.24-dfsg/webcit.h.new 2014-10-23 14:12:58.638800940 -0500@@ -64,7 +64,7 @@ #define _(string) (string) #endif -#define IsEmptyStr(a) ((a)[0]
Ok, fixed some tiny leaks, and install stuff.
easy install git will now drag discount - wasn't able to test it with the download yet, can we get queasy install working once more?
http://www.pell.portland.or.us/~orc/Code/discount/discount-2.1.8.tar.gz
should be copied to the download directory.
hm, I've fixed the init script for the .debs, wanted to continue with easy install, but can't seem to find it?
wouldn't setup contain them as here document?
You're welcome. What many see as a weakness in Citadel: the storing of email in it's own single-process-managed db filesystem, is actually quite a security strength in the way I need email to work. Now that processors come with so many cores and solid state disks remove the storage bottleneck,
The traditional need for a distributed database is what drove the design that
allows a single email domain to contain addressees spread across any number
of Citadel server nodes. But as you correctly point out, that kind of thinking
is rapidly becoming obsolete (except in the Microsoft world
I've had really good experiences using postfix as a screen-and-forward-only 'from the outside to the inside' incoming email handler for citadel running in a DMZ area on on the router itself. Not only does that handle bursty incoming traffic and ease most of the obvious spam filtering load, but
And that's the idea, it's supposed to be it just works and not complicated
to configure. The old gag is that it's so easy to install, even an MCSE
could do it
harry comes up with the *best* fixes. They're never big, but they always
fix issues that no one else was ever able to find.
Thanks harry !
thanks - committed.
Thu Jul 24 2014 11:13:05 EDTfrom harryc @ Uncensored Subject: re: 8.25
Thu Jul 24 2014 03:47:28 EDTfrom dothebart @ Uncensored Subject: re: 8.25
"ok - now that you say it, this makes a lot more sense.
however, if you are to set this string, isn't that rather going to happen during setup?"
ok - now that you say it, this makes a lot more sense.
however, if you are to set this string, isn't that rather going to happen during setup?
so at the place where you choose LDAP/AD you would need another mask, defaulted with the two strings?
And, what about editing it? should webcit expose
Thu Jul 24 2014 03:47:28 EDT from dothebart @ Uncensored Subject: re: 8.25
"ok - now that you say it, this makes a lot more sense.
however, if you are to set this string, isn't that rather going to happen during setup?"
You've spotted a little quirk in citadel that I struggle with as
P.S. re: ldaps To be useful in an email server context, the ssl has to be able to support not only the usual business of making sure the ldap server uses a certificate signed by a CA approved by the citadel server, but the citadel server be able to offer a certificate to authenticate itself to
The changes I offered do not rely on any special citadel schemas. It just uses inetOrgPerson. However there are some fields most find useful that aren't included in the inetorgperson schema that are included in vcards. If those fields are there then citadel will interpret them into the vcard.
Thanks for working this out. If only all troubles were presented in such a clear form :]
The development branch has a special function to check for whether a message field is empty or not - so this fix is only important for releases up to 8.2x; for that reason I'll go for a !=NULL check in that
please attach the patch to the mail.
I think the thing I am most concerned with is losing private communication from citadel to citadel, for the sake of sending mail only between two servers, with the same LDAP users on both servers.
If I could set up two servers which share the same data store so that they have a common mailbox
I think the thing I am most concerned with is losing private communication from citadel to citadel, for the sake of sending mail only between two servers, with the same LDAP users on both servers.
If I could set up two servers which share the same data store so that they have a common mailbox
It's an interesting idea, but how would it be superior to simply implementing
a clusterable set of Citadel servers running in an active/standby configuration?
Right now there are people running Citadel sites in active/standby by sticking
the entire thing on top of DRDB, but if we moved
Tue Mar 18 2014 12:00:32 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Crazy idea
It's an interesting idea, but how would it be superior to simply implementing a clusterable set of Citadel servers running in an active/standby configuration? Right now there are people running Citadel
Tue Mar 18 2014 12:00:32 EDT from IGnatius T Foobar @ Uncensored Subject: Re: Crazy idea
It's an interesting idea, but how would it be superior to simply implementing a clusterable set of Citadel servers running in an active/standby configuration? Right now there are people running Citadel
(And of course I've added a credit for you in the documentation page on the
web site)
Thank you for including me here.
Probably our use case goes against the grain of the normal trend in email clients. We have a large international presence in many countries, and are not interested in communications with anyone outside our organization (through citadel). We have run our own mail
Sounds like we'll be making this transition over the course of a couple of
releases so we can feel out everyone's needs. I like hearing about what you're
doing with the Citadel system; it's very interesting.
Your interpretation is correct. Thanks for the note in the log. Notice this addresses the problems of 'ldap to vcard'. Set up ldap, export the citadel addresses as vcards. Done.
Why not create your own certificate authority, have that issue certificates to the citadel servers you prefer, then turn off all non-secure smtp addresses, and delete references to the other certificate authorities. Then citadel should only accept to transfer email from the authorized domains.
Ok, so if I'm reading this correctly, this is a fully built version of the
code that is supposed to take all of the user information learned out of LDAP
and uses it to populate the vCard?
Thanks for writing it. This was one of those someday things.
The code above is a replacement for this in ldap.c
/* * Learn LDAP attributes and stuff them into the vCard. * Returns nonzero if we changed anything. */int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v){ int changed_something = 0; if (!ldap_dn) return(0); if (!v)
This is a developer forum. Please take your question to the support forum
and try to be a little clearer.
Tue Nov 19 2013 18:53:35 EST from s3cr3to @ Uncensored Subject: how to test customized pages?
Tue Nov 19 2013 06:16:39 PM EST from the_mgt @ Uncensored
I once wondered exactly the same, there was some odd rule on how to test pages with names not currently present in webcit. In any
Tue Nov 19 2013 18:08:40 EST from s3cr3to @ Uncensored Subject: how to test customized pages?
Then I wonder How to test the new updated pages before to make it public to me and my users.
in general creating some Selenium tests is a good idea if you want to retest it later ;-)
Correction to the script, you can remove the set -x at the start... sorry about that. :)
Mon Oct 28 2013 16:36:48 EDT from bennabiy @ Uncensored Subject: Updated Easy Install Script
Here is an updated Easy Install script which I modified for the sake of compiling the git branches against an
You can submit the patch right here. Thanks!
thanks for the precise report - committed to master. will definitely be part of a next stable release.
Hi,
first thanks for your participation.
you have to edit webcit/gettext.c like in this commit:
http://code.citadel.org/?p=citadel.git;a=commit;h=8637e272fdb07a5b7f6d95dce8e27fce2daa6c76
and then recompile install webcit.
you then will be able to choose your new translated language.
This would be the place.
well, two points...
make it...
if (!is_qp !strncasecmp(buf, "Content-Transfer-Encoding", 25))
and...
if (strncasecmp(buf[26],"Quoted-Printable", 16)) {is probably not all accurate.
you should first
char *pch = strchr (buf[26], ':') (or was it '=' here?)
and then skip as many blanks as found
Yes, I do see the problem. Now we have to find an elegant way to address
it. The concept of name your admin doesn't seem to fit well with LDAP.
Perhaps we should go with the group thing. Perhaps if the authentication
mode is AD then we should skip that entirely and simply use group membership
I think that this particular workflow is confusing but I'm not yet aware of
a good way to change it.
In an Active Directory environment perhaps we could search to determine whether
the user is a member of the Administrators or Domain Admins groups, and
make any such user a Citadel admin as
ok, added that to libcitadel webcit.
please revalidate whether its working for you now.
Fri Jul 20 2012 03:29:47 AM EDT from dothebart @ Uncensored Subject: Re: Administrator login when using Active Directory
you have to re-run setup, and specify one of your AD users. On next login he will gain aide rights.
Thanks dothebart, that got me most of the way there.
The next
Sun Jul 22 2012 21:43:39 EDT from Lindsay Mathieson @ Uncensored Subject: Re: Administrator login when using Active Directory
Fri Jul 20 2012 03:29:47 AM EDT from dothebart @ Uncensored Subject: Re: Administrator login when using Active Directory
you have to re-run setup, and specify
can you please test the attached patch to configure?
you need to apply it with
~/src/citadel/libcitadel$ patch -p2 /tmp/check_memcpy.diff
and coppy the attached other file to ~/src/citadel/libcitadel/m4/localm4
then re-run bootstrap, and configure.
on my system I get:
checking "whether memcpy
hm, either that test doesn't work...
or this one:
#define _GNU_SOURCE#include "sysdep.h"#include ctype.h#include errno.h#include string.h#include unistd.h
is pulling some other stuff in...
as mentioned before, there realy has to be some other header with a define, which then in term gets
Mon Jul 23 2012 11:11:52 CEST from dothebart @ Uncensored Subject: Re: Administrator login when using Active Directory
The next bit took me a while to figure out and I find it a bit puzzling. I was specifying my login name ("lindsay") as the admin, which wasn't working - I had to
please try whether this text works.
AC_MSG_CHECKING([whether your system likes memcpy + HKEY]) AC_TRY_COMPILE([#define _GNU_SOURCE#include ctype.h#include errno.h#include string.h#include unistd.h#include string.h#include stdioh#include sys/select.h#include fcntl.h#include sys/types.h#include
Mon Jul 23 2012 15:36:20 EDTfrom the_mgt @ Uncensored Subject: Re: Administrator login when using Active Directory
Mon Jul 23 2012 11:11:52 CESTfrom dothebart @ Uncensored Subject: Re: Administrator login when using Active Directory
hm, if Lindsay is right, this is probably not a good
Hm,
this doesn't align with the errormessage you've posted.
there should be some header with #define memcpy (a,b,c) so please grep over all files not just string.h;
maybe that header gets pulled in first, and causes the error message.
Sat Jul 21 2012 13:52:42 EDT from Lightspeed @ Uncensored
can you find out from your headers what the actual definition of memcpy is? there needs to be a define in some place.
This is all I could find.
[/usr/include]$ grep memcpy string.h void *memcpy(void *, const void *, size_t);
[12:50PM] 38 [~]$ man memcpy MEMCPY(3) BSD Library Functions Manual MEMCPY(3)NAME memcpy -- copy memory areaLIBRARY Standard C Library (libc,
you're using a compiler that doesn't support macros in macros (or a libc where memcpy is a macro...). Afair we had this problem several times so far. You need to use a more recent compiler.
the code in question is this one:
memcpy(bptr, HKEY("\\n"));where
#define HKEY(a) a, (sizeof(a) - 1)
expands to two parameters.
Tue Jun 05 2012 08:45:07 EDT from IGnatius T Foobar @ Uncensored Subject: Major bad things are happening.
A large meeting involving lots of people has been ruined today, with lots of really bad results, thanks to Citadel. Upon reviewing the current situation on my server I have found that
maybe dissolving the queue runners into their own threads would also be an option. This will probably also reduce the current penalty of 2 minutes for mailinglist posts.
btw; the fulltext indexer currently can also block the queue thread; maybe sieve as well.
I begin suspecting curl has some
ok, from the average admin this looks as if his system was hacked.
I guess this is setup?
IG you realy should give sessions from the system socket a uniq username. /
--- forwarded message --- /
Sat Apr 21 2012 23:42:10 EDT from Citadel Subject: Citadel Configuration
Manager Message
Mon Apr 02 2012 19:17:40 EDT from IGnatius T Foobar @ Uncensored Subject: Re: systemd: socket activation
Looks like a nice idea. Will we server software developers have to account for this if distribution vendors adopt it?
The software developers can implement socket activation if they
Looks like a nice idea. Will we server software developers have to account
for this if distribution vendors adopt it?
Ok, it's time to test Sieve again.
(updated in git and in Easy Install, so far...)
uhm. thats awfull, since it will make easy install a hard job.
does it work with
CFLAGS=-I/usr/include/ev
LDFLAGS=-L/usr/lib/ev
?
In the next iteration of Easy Install, I intend to build libev, c-ares,
libsieve,
and maybe even libdb as static libraries. Since they're not shared, there
is no point in going through the rigamarole of handling them as dynamic.
601 - 700 of 1530 matches
Mail list logo