Dav Server support documentation & non-LDAP user info.

[swordfish90s]

Hi Ralph,

I have been exploring Automx2, and have it running in foreground with MariaDB back-end for the moment. It responds as expected, but I have realised that it needs to query an LDAP server for the verified user info.

I cannot tell if the recent DAV support is meant to be an alternate to LDAP, or provide some other functionality, as there is little info in the documentation regarding DAV support.

I have a Postfix/Dovecot mail server with MariaDB back-end for user info and SOGo for webmail (including DAV). So I'd like to explore the possibilities / feasibility of supporting a MariaDB user base or using cardDav somehow.

Thank you, Rob.

[rseichter]

Hello Rob. The Davserver model class is only referenced in outlook.py, because the defined settings are only used in the Autodiscover settings generator. DAV support was introduced as an addon to a sponsored feature, and the functionality is currently limited to passing DAV server settings to Microsoft Outlook.

On the other hand, LDAP support is fleshed out to look up user data and is not limited to a particular config protocol. I therefore recommend using LDAP support when possible.

Does this answer provide enough information for your needs?

[swordfish90s]

Hello Ralph,

Yes, it confirms DAV is for delivering to the client, and LDAP is for email address validation. As evidenced by the tables server_domain and davserver_domain being linked to domain_id While ldapserver is linked to domain_ldapserver_id.

Pity, I was looking to use a MariaDB table for email address validation. I am considering the following LDAP server as glue between what I have and Automx2 https://gist.github.com/bekce/21d68df667f3454892c9bc30ecc237ec

I would adapt to use the existing Postfix/Dovecot user table. What do you think?

Thanks, Rob

[rseichter]

automx2 core design is based on Mozilla's Autoconfigure mechanism, which relies on per-domain configuration and special placeholders, not user-based configuration. The added LDAP support in automx2 allows configuration for individual users, and LDAP is of course optimised for this type of lookup. There is no mechanism beyond that. I could support using a relational database backend for user-based data, but it is just not something that has been requested enough, unless we're talking about a sponsored feature. The organisations I know of which require user-based config data all use LDAP servers anyway.

As for your own JS glue code: I have not looked into it in detail, but at a glance, I'd strongly urge you to never store unencrypted passwords in a database.

I'll close this issue because there is no change required on my end, but feel free to comment further if you wish.

[swordfish90s]

Much appreciated.

Are you saying that if I wanted per-domain configuration only, that I could to that? I assumed that the LDAP lookup was required.

I did have Automx2 working as per documented example until I added the LDAP step. "UPDATE domain SET ldapserver_id=....." (fail because I don't have a valid LDAP server to connect to)

So If I remove that "ldapserver_id", then that would be functional as a per-domain configuration?

Thanks, Rob.

[rseichter]

Defining an LDAP server for a given domain is completely optional. If an LDAP server is defined, automx2 attempts to lookup user-specific data, for example in cases where the %EMAILADDRESS% placeholder is not sufficient and users' login IDs differ from the email address used during lookup. Have you tried examining the DB content after a fresh install of automx2 and calling the http://127.0.0.1:4243/initdb/ endpoint? This step populates the database with example config data.

[swordfish90s]

Hello Ralph,

Yes, that ( calling /initdb/ ) is how I tested it was working with the documented example.

Good to have confirmed the LDAP link is optional. All my logins are email-address, so I should be good with per-domain configuration.

I will proceed from initial testing to full implementation (and testing) using systemd and proper records in the DB. Then add the Apache proxy setup (for multple domains) and go live.

I appreciate your support on this ticket.

Thanks, Rob

[rseichter]

Please let me know how it goes. I'd also like to point out the automx2 mailing list. Posting there will allow other users to chime in and/or benefit from discussions.