mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-03 13:43:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
3eb400a204bd742bc6eb3d3df763e9bae1739359
opencloud/devtools/deployments/opencloud_full/config/stalwart
History
Pascal Bleser c400949718 groupware: add OIDC authentication support between Groupware backend and Stalwart 
* re-implement the auth-api service to authenticate Reva tokens
   following the OIDC Userinfo endpoint specification

 * pass the context where necessary and add an authenticator interface
   to the JMAP HTTP driver, in order to select between master
   authentication (which is used when GROUPWARE_JMAP_MASTER_USERNAME and
   GROUPWARE_JMAP_MASTER_PASSWORD are both set) and OIDC token
   forwarding through bearer auth

 * add Stalwart directory configuration "idmoidc" which uses the
   OpenCloud auth-api service API (/auth/) to validate the token it
   received as bearer auth from the Groupware backend's JMAP client,
   using it as an OIDC Userinfo endpoint

 * implement optional additional shared secret to secure the Userinfo
   service, as an additional path parameter
2026-04-30 10:51:44 +02:00
..
config.toml
groupware: make everything also work with the built-in LDAP and IDP
2026-04-30 10:51:42 +02:00
idmldap.toml
groupware: stalwart: add the magic sharing.allow-directory-query config setting, but keep it to false (default)
2026-04-30 10:51:43 +02:00
idmoidc.toml
groupware: add OIDC authentication support between Groupware backend and Stalwart
2026-04-30 10:51:44 +02:00
ldap.toml
groupware: try an alternative way to configure Stalwart dynamically in the devtools Docker Compose setup, by using separate files and ${STALWART_AUTH_DIRECTORY} to name to file to mount
2026-04-30 10:51:42 +02:00
README.md
groupware: try an alternative way to configure Stalwart dynamically in the devtools Docker Compose setup, by using separate files and ${STALWART_AUTH_DIRECTORY} to name to file to mount
2026-04-30 10:51:42 +02:00

README.md

Stalwart Configuration

The mechanics are currently to mount a different configuration file depending on the environment, as we support two scenarios that are described in services/groupware/DEVELOPER.md:

  • «production» setup, with OpenLDAP and Keycloak containers
  • «homelab» setup, with the built-in IDM (LDAP) and IDP that run as part of the opencloud container

The Docker Compose setup (in stalwart.yml) mounts either idmldap.toml or ldap.toml depending on how the variable STALWART_AUTH_DIRECTORY is set, which is either idmldap for the homelab setup, or ldap for the production setup.

This is thus all done automatically, but whenever changes are performed to Stalwart configuration files, they must be reflected across those two files, to keep them in sync, as the only entry that should differ is this one:

storage.directory = "ldap"

or this:

storage.directory = "idmldap"
Reference in New Issue View Git Blame Copy Permalink