From 919e7d23b1b334ec05c0c2f86bad1967a8a5b4d3 Mon Sep 17 00:00:00 2001
From: Pascal Bleser <p.bleser@opencloud.eu>
Date: Wed, 8 Oct 2025 12:57:39 +0200
Subject: [PATCH] groupware: devtools: Stalwart: add internal LDAP
 configuration

---
 .../config/stalwart/config.toml               | 31 ++++++++++++++++---
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/devtools/deployments/opencloud_full/config/stalwart/config.toml b/devtools/deployments/opencloud_full/config/stalwart/config.toml
index 3b21d52d97..4fec2d941c 100644
--- a/devtools/deployments/opencloud_full/config/stalwart/config.toml
+++ b/devtools/deployments/opencloud_full/config/stalwart/config.toml
@@ -2,11 +2,32 @@ authentication.fallback-admin.secret = "$6$4qPYDVhaUHkKcY7s$bB6qhcukb9oFNYRIvaDZ
 authentication.fallback-admin.user = "mailadmin"
 authentication.master.secret = "$6$4qPYDVhaUHkKcY7s$bB6qhcukb9oFNYRIvaDZgbwxrMa2RvF5dumCjkBFdX19lSNqrgKltf3aPrFMuQQKkZpK2YNuQ83hB1B3NiWzj."
 authentication.master.user = "master"
+directory.idmldap.attributes.class = "objectClass"
+directory.idmldap.attributes.description = "description"
+directory.idmldap.attributes.email = "mail"
+directory.idmldap.attributes.groups = "memberOf"
+directory.idmldap.attributes.name = "uid"
+directory.idmldap.attributes.secret = "userPassword"
+directory.idmldap.base-dn = "o=libregraph-idm"
+directory.idmldap.bind.auth.method = "default"
+directory.idmldap.bind.dn = "uid=reva,ou=sysusers,o=libregraph-idm"
+directory.idmldap.bind.secret = "admin"
+directory.idmldap.cache.size = 1048576
+directory.idmldap.cache.ttl.negative = "10m"
+directory.idmldap.cache.ttl.positive = "1h"
+directory.idmldap.filter.email = "(&(|(objectClass=person)(objectClass=groupOfNames))(mail=?))"
+directory.idmldap.filter.name = "(&(|(objectClass=person)(objectClass=groupOfNames))(uid=?))"
+directory.idmldap.timeout = "15s"
+directory.idmldap.tls.allow-invalid-certs = true
+directory.idmldap.tls.enable = true
+directory.idmldap.type = "ldap"
+directory.idmldap.url = "ldaps://opencloud:9235"
+directory.keycloak.auth.method = "user-token"
 directory.keycloak.cache.size = 1048576
 directory.keycloak.cache.ttl.negative = "10m"
 directory.keycloak.cache.ttl.positive = "1h"
-directory.keycloak.endpoint.method = "userinfo"
-directory.keycloak.endpoint.url = "http://172.18.0.7:8080/realms/openCloud/protocol/openid-connect/userinfo"
+directory.keycloak.endpoint.method = "introspect"
+directory.keycloak.endpoint.url = "http://keycloak:8080/realms/openCloud/protocol/openid-connect/userinfo"
 directory.keycloak.fields.email = "email"
 directory.keycloak.fields.full-name = "name"
 directory.keycloak.fields.username = "preferred_username"
@@ -35,14 +56,14 @@ directory.ldap.tls.allow-invalid-certs = true
 directory.ldap.tls.enable = true
 directory.ldap.type = "ldap"
 directory.ldap.url = "ldap://ldap-server:1389"
-metrics.prometheus.auth.secret = "secret"
-metrics.prometheus.auth.username = "metrics"
-metrics.prometheus.enable = true
 http.allowed-endpoint = 200
 http.hsts = true
 http.permissive-cors = false
 http.url = "'https://' + config_get('server.hostname')"
 http.use-x-forwarded = true
+metrics.prometheus.auth.secret = "secret"
+metrics.prometheus.auth.username = "metrics"
+metrics.prometheus.enable = true
 server.listener.http.bind = "0.0.0.0:8080"
 server.listener.http.protocol = "http"
 server.listener.https.bind = "0.0.0.0:443"