Re: [SOGo] Any experiences with TbSync w/ CalDAV & CardDAV Provider?

2020-12-06 Thread "tim.ban...@gmail.com" 

Hi Andreas,

we are a smaller organization, and we use SOGo in connection with 
TBSync, and CardBook (instead of the TB Address Book).


I hand out the laptops with the preconfigured TBSync, and Cardbook 
(auto-discovery is also possible).


you can also subscribe users remotely (so the calendar/address book 
shows up in TBSync/Cardbook):
sudo -u sogo sogo-tool manage-acl subscribe OWNER Calendar/RESOURCE 
USER_TO_SUBSCRIBE


So whenever there is a new address book (very seldomly), or Calendar 
(sometimes), I send out a reminder how staff can add to those calendars 
(staff needs to click on "TBSync" and checking the checkbox, then 
clicking subscribe). In CardBook a window opens at the next sync and it 
is offered to add this new address book.


We are also at TB68 currently for other reasons (we use GPG encryption, 
and until recently Subject protection couldn't be disabled on TB78, and 
subject protection doesn't work well for our webinterface + partners who 
use protonmail). But I tested TB78 with TBSync, and Cardbook and it 
seems to work as well as with TB68.


So this combination works quite well for us for the last 2 years. I 
understand its not as good as the sogo-integrator (which I hadn't yet a 
look at).


At the same time, we will switch away from SOGo as it doesn't offer GPG 
encryption for their webmail, and we want better integration of 
calendars, and address book in our webmail (roundcube with enigma).


I also understand that Thunderbird should get their own carddav capable 
address book sometime in the future, so the introduction of Cardbook 
might not be worth the effort, also if the current TB Address book is 
good enough).








On 2020-12-05 14:03, Andreas Haumer (andr...@xss.co.at) wrote:

Hi!

As most Linux distros began to roll out Thunderbird 78 recently
and given the fact that sogo-connector for this version was
(and perhaps is) a little bit problematic to use (to say it
politely) I started to experiment with the TbSync and CalDAV &
CardDAV Provider Thunderbird add-ons.

See https://github.com/jobisoft/TbSync and 
https://github.com/jobisoft/DAV-4-TbSync/

So far the results are encouraging: the add-ons seem to work fine with SOGo
for both calendar and contacts. Given the SOGo DAV base-URL, the add-ons find
the user's calendar and address-book subscriptions automatically.
Synchronisation seems to work fine in both directions.

With TbSync users have to configure the SOGo account themselves.
Users have to provide the correct SOGo CalDAV and CardDAV URLs as well
as username and password in the TbSync admin GUI. After that, TbSync
automatically detects all calendars and address books the user has
subscribed to in SOGo. It even detects the colors assigned to each calendar.

For a smaller organization with only a few users this is IMHO way easier
for the admin as it is with the sogo-connector concept, where the admin
has to provide a customized sogo-connector XPI file (we had that dicussion
on this list a few weeks ago...)

I did limited testing with a few calendars and address-books, though
and can't say anything about large-scale installations.

Therefore I'd like to ask if anyone can share good or bad experiences with
these Thunderbird add-ons:
Did you try these add-ons as alternative to sogo-connector?
For how many users / calendars / address books?
Are you happy with it?
Did you find any problems?

Thanks!

- andreas


--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] subs_ribe user feature for Administrator / SOGoSuperUsernames

2019-06-14 Thread "tim.ban...@gmail.com" 
Hello,

I found the answer myself, sogo-tools already has this feature. If
anybody is interested, to subscribe another user to a calendar:

sudo -u sogo sogo-tool manage-acl subscribe user1 Calendar/personal user2

to subscribe user2 to the personal calendar of user1




On 07.06.19 17:08, "tim.ban...@gmail.com" (tim.ban...@gmail.com) wrote:
> Dear SOGo,
> 
> as mentioned here:
> https://lists.inverse.ca/sogo/arc/users/2017-02/msg00065.html
> 
> "... unfortunately the user still has to subscribe manually to the
> resource..."
> 
> So, if I grant userX access to a calendar/address book of userY, userX
> still has to subscribe to this calendar.
> 
> If I could also subscribe userX to userY's resource, userX would see the
> new resource immediately, without the need to find userY's calendar
> (which is very often too complicated).
> 
> Is there any way to do this as administrator (e.g. via the database)? Or
> is this feature planned? I'm using latest sogo 4.x
> 
> kind regards,
> Tim
> 
> 
> ps: "subscribe" in the subject triggered the reply that I shouldn't use
> commands. Therefore the misspelled subject.
> 
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] sogo 4. ERROR: value too long for type character varying(255) (not contacts quick tables c_mail problem)

2019-06-07 Thread "tim.ban...@gmail.com" 
Dear Sogo-users,

I have the below error message regularly. It's about 2 different
contacts. Evidently, I cannot find them in the database to see what is
wrong, as they are never synchronized.

I recently upgraded from 3.1.3-1 to 4.0.7, then ran
"sql-update-3.2.10_to_4.0.0.sh" without errors

I'm currently at 4.0.7.20190607-1

I found that previously, the field c_mail in public.sogoXYZ_quick must
be extended to TEXT.

This is the case in my database. e.g. latest DB-dump:
CREATE TABLE public.sogoXYZUSER_quick (
c_name character varying(255) NOT NULL,
c_givenname character varying(255),
c_cn character varying(255),
c_sn character varying(255),
c_screenname character varying(255),
c_l character varying(255),
c_mail text,
c_o character varying(255),
c_ou character varying(255),
c_telephonenumber character varying(255),
c_categories character varying(255),
c_component character varying(10) NOT NULL,
c_hascertificate integer DEFAULT 0
);

Did I miss some database-schema upgrades? In the manual, there is no
mentioning what (else) to do when upgrading from 3.1.x
I looked at sql-update-3.0.0-to-combined.sh , but it doesn't seem to
alter a field from varchar to something bigger.

Is this fixable on the server? or should I tell the user to change the
offending contact, so it can get synced?



The error message is:

...
Jun 07 16:16:23 sogod [23065]:
<0x556d84027610[SOGoContactGCSEntry]:e33b9c73-6ff6-447a-b93b-a3e00be43be5.vcf>
TODO: implement if-none-match for etag: '*'
Jun 07 16:16:23 sogod [23065]: <0x0x556d83ff2460[GCSFolder]>
ERROR(-[GCSFolder
writeContent:fromComponent:container:toName:baseVersion:]): cannot
insert content : 
NAME:PostgreSQL72FatalError REASON:fatal pgsql error
(channel=<0x0x556d840d5290[PostgreSQL72Channel]:
connection=<0x0x556d84000780[PGConnection]:
connection=0x0x556d840fb820>>): ERROR:  value too long for type
character varying(255)

Jun 07 16:16:23 sogod [23065]: [ERROR]
<0x556d84027610[SOGoContactGCSEntry]:e33b9c73-6ff6-447a-b93b-a3e00be43be5.vcf>
write failed: 
NAME:PostgreSQL72FatalError REASON:fatal pgsql error
(channel=<0x0x556d840d5290[PostgreSQL72Channel]:
connection=<0x0x556d84000780[PGConnection]:
connection=0x0x556d840fb820>>): ERROR:  value too long for type
character varying(255)

Jun 07 16:16:23 sogod [23065]: XXX.XXX.XXX.XX, XX.XX.XX.XX "PUT
/SOGo/dav/USERNAME/Contacts/personal/e33b9c73-6ff6-447a-b93b-a3e00be43be5.vcf
HTTP/1.1" 500 367/1280 0.014 - - 0
...
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] subs_ribe user feature for Administrator / SOGoSuperUsernames

2019-06-07 Thread &quot;tim.ban...@gmail.com" 
Dear SOGo,

as mentioned here:
https://lists.inverse.ca/sogo/arc/users/2017-02/msg00065.html

"... unfortunately the user still has to subscribe manually to the
resource..."

So, if I grant userX access to a calendar/address book of userY, userX
still has to subscribe to this calendar.

If I could also subscribe userX to userY's resource, userX would see the
new resource immediately, without the need to find userY's calendar
(which is very often too complicated).

Is there any way to do this as administrator (e.g. via the database)? Or
is this feature planned? I'm using latest sogo 4.x

kind regards,
Tim


ps: "subscribe" in the subject triggered the reply that I shouldn't use
commands. Therefore the misspelled subject.
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] sogo 4.0.7 ldap ActiveDirectory authentication: filter by group membership doesn't work (worked with sogo 3.1.3)

2019-05-16 Thread &quot;tim.ban...@gmail.com" 
OK,

it seems I can answer the question myself, after taking 10 minutes to
crafting below email it suddenly worked. I guess because the AD group
membership caching was renewed

the old sogo is authenticating towards a much faster DC, so there
seems to be no caching delay.

for the new sogo 4.0.7 deployment I authenticated towards a much slower
DC, so group membership caching seems to be an issue 

I tried it now 3 times, waiting a couple of minutes, and the filter is
working. So I think it was the AD group caching all the time ...
hopefully this is useful information to not waste hours




On 16.05.19 16:38, "tim.ban...@gmail.com" (tim.ban...@gmail.com) wrote:
> Dear all,
> 
> I'm migrating to sogo nightly 4.0.7 and the filter to limit
> authentication to users being member of a certain group doesn't work
> anymore. I can still filter (enable/disable access to sogo) by checking
> whether the account is disabled in Active directory (Windows 2012R2).
> 
> my ldap config:
> 
> SOGoUserSources = (
> {
>   type = ldap;
>   CNFieldName = cn;
>   UIDFieldName = sAMAccountName;
>   IDFieldName = cn;
>   baseDN = "CN=Users,dc=ad,dc=xyz,dc=org";
>   bindDN = "CN=auth_sogo,CN=Users,DC=ad,DC=xyz,DC=org";
>   bindFields = (sAMAccountName);
>   bindPassword = "mypassw";
>   canAuthenticate = YES;
>   displayName = "xyz Staff";
>   bindAsCurrentUser = YES;
>   hostname = "ldaps://dc.ad.xyz.org:636";
>   filter = "memberOf = 'CN=access_sogo,CN=Users,DC=ad,DC=xyz,DC=org'
> AND UserAccountControl:1.2.840.113556.1.4.803: <> 2";
>   id = directory;
>   isAddressBook = YES;
> }
>   );
> 
> 
> I tried different syntax (e.g. filter =
> "(objectClass='access_sogo'  as in the manual) but a test user
> always gets authenticated, no matter whether he is in the group
> "access_sogo" or not. It also doesn't matter when I temporarily don't
> check whether the AD user is disabled or not (e.g. also
> filter = "memberOf = 'CN=access_sogo,CN=Users,DC=ad,DC=xyz,DC=org'";
> 
> doesn't work (user is always authenticated).
> 
> -) "access_sogo" is a global security group.
> the test user is only in "domain user" group, beside the "access_sogo"
> group for testing.
> 
> -) auth_sogo bind user is in domain user group, nowhere else.
> 
> sogo.log:
> 
> May 16 14:35:10 sogod [22127]: <0x0x5652ad140220[NGLdapConnection]>
> Using ldap_initialize for LDAP URL: ldaps://dc.xyz.org:636
> May 16 14:35:10 sogod [22127]: SOGoRootPage successful login from
> '10.11.1.51' for user 'it-test' - expire = -1  grace = -1
> 
> 
> also
> LDAPDebugEnabled = YES;
> 
> doesn't seem to do anything
> 
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] sogo 4.0.7 ldap ActiveDirectory authentication: filter by group membership doesn't work (worked with sogo 3.1.3)

2019-05-16 Thread &quot;tim.ban...@gmail.com" 
Dear all,

I'm migrating to sogo nightly 4.0.7 and the filter to limit
authentication to users being member of a certain group doesn't work
anymore. I can still filter (enable/disable access to sogo) by checking
whether the account is disabled in Active directory (Windows 2012R2).

my ldap config:

SOGoUserSources = (
{
  type = ldap;
  CNFieldName = cn;
  UIDFieldName = sAMAccountName;
  IDFieldName = cn;
  baseDN = "CN=Users,dc=ad,dc=xyz,dc=org";
  bindDN = "CN=auth_sogo,CN=Users,DC=ad,DC=xyz,DC=org";
  bindFields = (sAMAccountName);
  bindPassword = "mypassw";
  canAuthenticate = YES;
  displayName = "xyz Staff";
  bindAsCurrentUser = YES;
  hostname = "ldaps://dc.ad.xyz.org:636";
  filter = "memberOf = 'CN=access_sogo,CN=Users,DC=ad,DC=xyz,DC=org'
AND UserAccountControl:1.2.840.113556.1.4.803: <> 2";
  id = directory;
  isAddressBook = YES;
}
  );


I tried different syntax (e.g. filter =
"(objectClass='access_sogo'  as in the manual) but a test user
always gets authenticated, no matter whether he is in the group
"access_sogo" or not. It also doesn't matter when I temporarily don't
check whether the AD user is disabled or not (e.g. also
filter = "memberOf = 'CN=access_sogo,CN=Users,DC=ad,DC=xyz,DC=org'";

doesn't work (user is always authenticated).

-) "access_sogo" is a global security group.
the test user is only in "domain user" group, beside the "access_sogo"
group for testing.

-) auth_sogo bind user is in domain user group, nowhere else.

sogo.log:

May 16 14:35:10 sogod [22127]: <0x0x5652ad140220[NGLdapConnection]>
Using ldap_initialize for LDAP URL: ldaps://dc.xyz.org:636
May 16 14:35:10 sogod [22127]: SOGoRootPage successful login from
'10.11.1.51' for user 'it-test' - expire = -1  grace = -1


also
LDAPDebugEnabled = YES;

doesn't seem to do anything
-- 
users@sogo.nu
https://inverse.ca/sogo/lists