search

mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
8.93k stars 1.17k forks source link

Add group sync with the new SSO feature #5566

Open kingfisher77 opened 11 months ago

kingfisher77 commented 11 months ago

Summary

We would like to have groups from the SSO provider (in our case Keycloak) in the userdb context per user. For example, we can configure global ACL to Dovecots public folder with group names.

Motivation

Adding an IDP feature to Mailcow is a big change in terms of possible use cases. For teams it is crucial to get permissions and access via groups or/and roles. This feature is missing and keeps us from switching to Mailcow.

Additional context

In our Mailcow/Keycloak test, we have groups and users with their respective group membership. The groups could be part of the user info, which then goes into the mysql mailbox table via the SSO session. From there, the userdb context could then also be queried with groups.

kingfisher77 commented 9 months ago

Hi @DerLinkman How is usually the workflow for this kind of enhancement? Shall we support any further? A more deep explanation what the requirement is? What do you think?

DerLinkman commented 9 months ago

Hi,

simply contact us over at info@servercow.de and we'll get in touch together.