groupware: make everything also work with the built-in LDAP and IDP

2026-04-06 08:33:53 -04:00 · 2025-10-08 19:20:31 +02:00
parent 2fd0d6c6e1
commit e6fbcff395
5 changed files with 302 additions and 69 deletions
--- a/devtools/deployments/opencloud_full/config/stalwart/config.toml
+++ b/devtools/deployments/opencloud_full/config/stalwart/config.toml
@@ -3,7 +3,7 @@ authentication.fallback-admin.user = "mailadmin"
 authentication.master.secret = "$6$4qPYDVhaUHkKcY7s$bB6qhcukb9oFNYRIvaDZgbwxrMa2RvF5dumCjkBFdX19lSNqrgKltf3aPrFMuQQKkZpK2YNuQ83hB1B3NiWzj."
 authentication.master.user = "master"
 directory.idmldap.attributes.class = "objectClass"
-directory.idmldap.attributes.description = "description"
+directory.idmldap.attributes.description = "displayName"
 directory.idmldap.attributes.email = "mail"
 directory.idmldap.attributes.groups = "memberOf"
 directory.idmldap.attributes.name = "uid"
@@ -95,7 +95,7 @@ server.socket.reuse-addr = true
 server.socket.reuse-port = true
 storage.blob = "rocksdb"
 storage.data = "rocksdb"
-storage.directory = "ldap"
+storage.directory = "%{env:STALWART_AUTH_DIRECTORY}%"
 storage.fts = "rocksdb"
 storage.lookup = "rocksdb"
 store.rocksdb.compression = "lz4"
--- a/devtools/deployments/opencloud_full/ldap.yml
+++ b/devtools/deployments/opencloud_full/ldap.yml
@@ -24,6 +24,7 @@ services:
      OC_LDAP_SERVER_WRITE_ENABLED: "false" # assuming the external ldap is not writable
      # OC_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services
      OC_EXCLUDE_RUN_SERVICES: idm
+      STALWART_AUTH_DIRECTORY: "ldap"

  ldap-server:
    image: bitnamilegacy/openldap:2.6
--- a/devtools/deployments/opencloud_full/opencloud.yml
+++ b/devtools/deployments/opencloud_full/opencloud.yml
@@ -58,6 +58,9 @@ services:
      COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.opencloud.test}
      # enable to allow using the banned passwords list
      OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
+      IDM_REVASVC_PASSWORD: "admin"
+      OC_LDAP_BIND_PASSWORD: "admin"
+      IDM_LDAPS_ADDR: 0.0.0.0:9235
    volumes:
      - ./config/opencloud/app-registry.yaml:/etc/opencloud/app-registry.yaml
      - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
--- a/devtools/deployments/opencloud_full/stalwart.yml
+++ b/devtools/deployments/opencloud_full/stalwart.yml
@@ -19,6 +19,8 @@ services:
      - /etc/localtime:/etc/localtime:ro
      - ./config/stalwart:/opt/stalwart/etc
      - stalwart-data:/opt/stalwart/data
+    environment:
+      STALWART_AUTH_DIRECTORY: "${STALWART_AUTH_DIRECTORY:-idmldap}"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.stalwart.entrypoints=https"