From f7e28b064ec5ac9aba439e4e69cd617c1f298b6a Mon Sep 17 00:00:00 2001 From: Viktor Pracht Date: Sun, 13 Apr 2025 17:17:23 +0200 Subject: [PATCH] feat(open-xchange): Enable ACLs and support logins different from local part Enable the Mail Login Resolver to properly resolve UUIDs to OX users and vice versa. Switch IMAP auth from emails to login names, since that's the only field present in authentication tokens. Due to an issue with retrieving operationsl LDAP attributes (see OX issue /appsuite/platform/core#251), entryUUID does not work currently. As a work-around, users need to have their UUIDs in the field departmentNumber. Migrating to UUIDs (WP#1236) would also work. Maybe we should just make that field configurable. --- .../open-xchange/values-openxchange.yaml.gotmpl | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index e7f2cd88..0c04d970 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -237,12 +237,25 @@ appsuite: com.openexchange.authentication.oauth.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }} # MAIL com.openexchange.mail.authType: "xoauth2" - com.openexchange.mail.loginSource: "mail" + com.openexchange.mail.loginSource: "name" com.openexchange.mail.mailServer: "dovecot" com.openexchange.mail.mailServerSource: "global" com.openexchange.mail.transport.authType: "xoauth2" com.openexchange.mail.transportServer: "postfix-ox" com.openexchange.mail.transportServerSource: "global" + # Mail Login Resolver + com.openexchange.mail.login.resolver.enabled: "true" + com.openexchange.mail.login.resolver.ldap.enabled: "true" + com.openexchange.mail.login.resolver.ldap.clientId: contactsLdapClient + com.openexchange.mail.login.resolver.ldap.mailLoginSearchFilter: "(&(univentionObjectType=users/user)(isOxUser=OK)(mailPrimaryAddress=[mailLogin]))" + com.openexchange.mail.login.resolver.ldap.userNameAttribute: uid + com.openexchange.mail.login.resolver.ldap.contextIdAttribute: oxContextIDNum + com.openexchange.mail.login.resolver.ldap.entitySearchFilter: "(&(univentionObjectType=users/user)(isOxUser=OK)(oxContextIDNum=[cid])(uid=[uname]))" + #com.openexchange.mail.login.resolver.ldap.mailLoginAttribute: entryUUID + # Workaround until either OX issue /appsuite/platform/core#251 is fixed + # or entryUUIDs are replaced by a different field. + com.openexchange.mail.login.resolver.ldap.mailLoginAttribute: departmentName + #com.openexchange.mail.login.resolver.ldap.cacheExpire: "1" # Requirements for OX-Connector com.openexchange.user.enforceUniqueDisplayName: "false" com.openexchange.folderstorage.database.preferDisplayName: "false"