SOGO editable global address book

Andy_Wismer · December 7, 2020, 1:27am

Hi George

Even on Windows, in large Enterprise environments, it’s common for the user to log in just using a Username. No @domainname.local crap behind it. Worldwide standard for Windows is still firstname.lastname as Username.

We’re talking about enterprises with thousands, if not tens of thousands of users.
The only eception to the rule is if two people have the same first and last names…

I don’t use Sogo, I use Nextcloud. But I’m running about 30 NethServers for different clients, about a third (10 servers) do use multi-domain…

All only use one single AD.

In other words, your company’s requirements are such, that even a Windows Server environment would be a No-Go? Really hard to believe…

My 2 cents
Andy

gpapaiko · December 7, 2020, 6:20am

Hi Andy,
Thanks for the comments.
We were trying to avoid have a multiple servers, handle email for multiple domains, but if we are to go now the path of a mutli-server environment then windows (AD and exchange) and even nethserver are contenders.

But we are trying to avoid that scenario if possible.

Mutli-domains with nethserver will work for our clients have (own) multiple domains the one user will be part of all domains, and the use for the alias does work great for that.

As Stephane explained what we need cannot be done with Nethserver.
Eg. user A on Domain A is the smae user on Domain B due to the aliase.

But in out case domain A and domain B are completely different clients and there for cannot reside on the same nethserver, and hence both clients can not have use A.

The solution that we have come across is the help with iRedMail and that can host multiple domains on the one server and keep them segregated, hence you can have user A on all the domains and they cannot see each other. This will work great for our smaller clients, but for larger client they will have their own email servers where that is Nethserver or windows servers.

The original scope of this was to see if we can create a global address book ( use use in Sogo for our smaller clients) that is editable by Admins and store in a mysql db, and it looks like it cannot be done, as trying to get a list of the valid column/attributes lien c_name, c_cn, c_uid, phone numbers, address, etc… does nto seem possible. with reverse engineering the Sogo code at this stage.
The only solution that we have found is to create a user ID callded "global address: and share the address book with all users, and user a php script in the backend to make visible to all users, with a portal page for users to be able to update their own details name, address, phone numebrs, manger etc…
We use a proxy so each domain has it’s own site for the email clients, all point to a single backend server.

gpapaiko · December 7, 2020, 10:58am

Hi to all,

I managed to create a custom global address book in MYSQL.
This for anyone that is using SOGo client.
This is domain specific, so users in one domain will NOT be visible in another domain in a multi-domain environment.
In the Sogo Database create a table called contacts: below is the SQL statement for it:

SET SQL_MODE = “NO_AUTO_VALUE_ON_ZERO”;
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = “+00:00”;

– Table structure below:

DROP TABLE IF EXISTS contacts;
CREATE TABLE contacts (
c_uid text DEFAULT NULL,
c_name text DEFAULT NULL,
c_cn text DEFAULT NULL,
nsaimid text DEFAULT NULL,
mail varchar(128) NOT NULL,
mozillasecondemail text NOT NULL,
givenName text NOT NULL,
sn text NOT NULL,
telephoneNumber varchar(18) DEFAULT NULL,
homephone varchar(18) DEFAULT NULL,
mobile varchar(18) DEFAULT NULL COMMENT ‘Mobile’,
facsimiletelephonenumber varchar(18) DEFAULT NULL,
pager varchar(18) DEFAULT NULL,
mozillahomestreet text NOT NULL,
mozillahomestreet2 text NOT NULL,
mozillahomelocalityname text NOT NULL,
mozillahomestate text NOT NULL,
mozillahomepostalcode text NOT NULL,
mozillahomecountryname text NOT NULL,
title text NOT NULL,
ou text NOT NULL,
o text NOT NULL,
street text NOT NULL,
mozillaworkstreet2 text NOT NULL,
l text NOT NULL,
st text NOT NULL,
postalCode text NOT NULL,
c text NOT NULL,
birthyear int(11) NOT NULL,
birthmonth int(11) NOT NULL,
birthday int(11) NOT NULL,
description text NOT NULL,
photo longblob NOT NULL,
domain varchar(128) NOT NULL,
mozillahomeurl text DEFAULT NULL,
mozillaworkurl text DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

== Below are two trigers to abdate a couple of files on inser and update.

DROP TRIGGER IF EXISTS adduiandcnname;
DELIMITER $$
CREATE TRIGGER adduiandcnname BEFORE INSERT ON contacts FOR EACH ROW BEGIN
set new.c_uid = new.mail, new.c_name = new.mail, new.c_cn = CONCAT(new.givenName, " ", new.sn), NEW.nsaimid = CONCAT(new.givenName, " ", new.sn);
end
$$
DELIMITER ;
DROP TRIGGER IF EXISTS updateUID;
DELIMITER $$
CREATE TRIGGER updateUID BEFORE UPDATE ON contacts FOR EACH ROW BEGIN
SET NEW.c_uid = NEW.mail, NEW.c_name = NEW.mail;

END
$$
DELIMITER ;

— Indexes for table contacts
ALTER TABLE contacts
ADD PRIMARY KEY (mail,domain);

The below list of field/columns/attributes do not show up.;

givenName text NOT NULL,
sn text NOT NULL,
telephoneNumber varchar(18) DEFAULT NULL,
birthyear int(11) NOT NULL,
birthmonth int(11) NOT NULL,
birthday int(11) NOT NULL,
photo longblob NOT NULL, <== Not concerned about this on it was just a trial to see if it works, I have set to blob but may be it need to be a text and pointing to a url, not much info about it.
I do not know why at this stage but trying to figure out the reason for it, most are of no real concern with the exception of this one 'telephoneNumber", others are just a nice to have but not critical.

Noe for the SOGo config.

SOGoUserSources = (
.
. other stuff…!!!
.
{
displayName = “Global Address Book”;
type = sql;
id = global_address_book;
viewURL = “mysql://sogo:bOLhJMp8AsFabEpnVJFePmnTKSH6x24J@127.0.0.1:3306/sogo/contacts”;
canAuthenticate = NO;
isAddressBook = YES;
listRequiresDot = NO;
SOGoEnableDomainBasedUID = YES;
DomainFieldName = “domain”;
},
.
. other stuff…!!!
.
);

Now to create a couple of PHP pages one for the admins to be able to Edit/Add/Delete records, and pone for the actual user to be able to update their own record only,.

Possibly create a DB trigger to add the user automatically ( basic information like email and name).
Will let you know who I go with this trigger.

This is an image of the SOGo Address book:

gpapaiko · December 7, 2020, 11:19am

Image 2, continuation of SOGo Address book

robb · December 7, 2020, 11:36am

@gpapaiko Aren’t you trying to mix something very different?
If you need an accountprovider for a user, you can either go with LDAP or Samba4 AD. In this scenario, you have the domain for your accountprovider as login. This can be either “username” or “Username@damin.tld”. It is not possible to have multiple accountprovider domains on the same server.

Now if you want to use a multi-domain mailserver, and you use local accounts, you can perfectly use multiple separated domains. But then those useraccounts have nothing to do with useraccounts created via an LDAP or Samba4 AD accountprovider.

In other words: If you want multidomain email: have a seperate (local)userbase on a mailserver. If you want to provide a SSO for multiple services, set up an accountprovider (LDAP or Samba4 AD) for each domain you want to use.

gpapaiko · December 8, 2020, 1:01am

Hi Rob,

Thanks for the comments.
As you said currently Nethserver cannot provide a multi-domain configuration.

I have tried Nethserve’s ldap and samba4 ad, but they again are limited to only storing user name and user id, no other information like phone numbers, address, etc…, or maybe I might have missed something.

I have no issue with using multiple servers if they can provide the required user account information like storing phone numbers, address, etc… and displyaing that information in the global/domain address book, but that seems to be a limitation that and you cannot enter that information, unless I have missed something, I ahve tried that with both ldap and samber4 ad.

But for small to medium client base what I have setup seems to be working - one email server (ubuntu 20.04, iRedMail, and SOGo as the user client) with multiple domains, at this stage I am useing the MySQL configuration, there is also a LDAP version that I will be testing later on, and that is alos meant to be capable of manging multiple domains. This allows me to use proxy pass through so as each client has their own url to log into the email client on a single server.

For large clients this will not be an efficient way to do and they will require their own email server.
I was advised that what I wanted to do might be able to be done on Nethserver, but after setting up a POC, and running through a few scenarios, and from I have been told it cannot be done.
Nethserver does have a good interface, makes things simple but it does have quiet a few limitations.

m.traeumner · December 8, 2020, 8:58am

I think they can store more, but not at the nethserver gui.
You can try with rsat tools at a windows client or with phpldapadmin from @stephdl on nethserver itself.

Andy_Wismer · December 8, 2020, 9:34am

@gpapaiko
@m.traeumner

Hi

I just want to confirm that both LDAP and AD on NethServer can easily store almost any information, including several email accounts and telefon numbers for each user.
Both are, after all, fully blown LDAP with all standard capabilities.

Most EMail clients, including Outlook and Thunderbird have options to add in a LDAP based Addressbook.
(Although mostly Read-Only, for security reasons).

As @m.traeumner suggested, either PHPLDAPadmin from stephdl or MS-RSAT can add in Addresses/Contacts/Whatever.

My 2 cents
Andy

robb · December 8, 2020, 10:31am

What @gpapaiko wants is to have multi domain email where you can have users from (mail)domain A are independent from users from (mail)domain2. AFAIK this is not possible with NethServer.

You will need to install a multi tenant mail server, independent of the LDAP or Samba4 AD provider. I would suggest to go for a server with iRedmail. I have no experience with iRedmail, but the few lines I read about it, it looks like it supports multi domain.

Going for a multi tenant mailserver also means that if you need other services, you will have multiple useraccounts. The useraccount for email will be different than the useraccount for other services, unless iRedmail supports multiple LDAP? You should investigate this scenario.

I would love to hear what is possible.

m.traeumner · December 8, 2020, 10:36am

Hi @robb,
he wrote t’s OK for him to have multiple servers, if they can store the data.

robb · December 8, 2020, 10:39am

In that case, I probably would go for multiple NS servers, for instance on a Proxmox cluster, and have SOGo as (web)mail. Per server/domain you create a shared adressbook where you put in all in- and external (mail)addresses and phonenumbers. You could even make it so that there is only 1 account or group per server/domain that can edit the shared “Global Address Book”
Adding thos in LDAP or in Samba doesn’t seem a good idea to me because you will alter the schema and might end up with problems with future updates.

gpapaiko · December 8, 2020, 11:09am

Hi Rob, Michael,

At this stage I am experimenting with iRedMail, the version that uses the MYSQL, back end, and with that version a multi-domain environment is easy to setup, with the exception of the global/domain address book, hence why I have developed a mysql table called contacts in the sogo database and a few db triggers to add/edit/deleted the contacts table when modification/addtions/deletions are done via the iRedMail admin panel, and that work well, now just need to create a couple of php pages on for the admin and one for the users to be able to edit their details.

Having said that, I willl now try the ldap version of iRedMail, and based on the demo ( [Online Demo of the iRedAdmin-Pro (https://www.iredmail.org/admin_demo.html or https://demo-ldap.iredmail.org/) it does support multi-domain environment with user id segregation, once I ahve set that up I will let you know how I go.

As with Nethserver I was not aware of the 'PHPLDAPadmin from stephdl or MS-RSAT " tools.
I have since deleted my Nethserver, but I can always reinstall ( i have an esxi server) and test them again. The only problem that I might be facing is the public IP address as we only have on, so directing port 25 to the mail server is going to be an issue, multiple servers might be able to send out email, but receiving them might be an issue, open to ideas/suggestion on this one.

Hence a single server with a multi-domain configuration resolves the issue.

But will let you know hoe I get on with both a new installtion of Nethserver and iRedMail ldap version.

Andy_Wismer · December 8, 2020, 12:04pm

@gpapaiko

Any decent mailserver, including NethServer, can forward incoming mail according to domain/tld to another mailserver, no matter if internal or external. In NethServer, this can be set from Cockpit or NethGUI (980) - see E-Mail -> Domains. This can be set on a per Domain basis in NethServer, all from GUI…

One Server becomes the “Bridgehead” or DMZ Mail Server (It’s connected to the Internet and available on Port 25) - that doesn’t mean it actually has to stand in a real network segment “DMZ”.
That mailserver has all the protection needed, antivirus and spam-protection or whatever required.

The “internal” servers only need “client” side protection. All internal mailservers send via smarthost, that being your Brdghead Mail Server. This Server doesn’t even need to have mailboxes, it can be a pure “mail-router”…

Doing this for the first time, getting your Internal & External DNS right can be a PITA, also SPF (easy) DKIM & DMARC (more difficult) can be issues. But all do-able… YMMV.

My 2 cents
Andy

gpapaiko · December 9, 2020, 2:33am

Hi Andy,

Thanks for that comments.
I never thought of that, I have a proxy server so why not a mail-proxy (Bridghead Mail Server.

I will take that into account, and redesign infrastructure.

At the moment just reinstalling Nethserver ro play with LDAP using the phppdap module and to get more familiar with it, also reinstalling my current iRedMail to test the ldap functionality of it.

Will let you know how I go.

gpapaiko · December 12, 2020, 4:42am

Hi Rob,

I have installed and tested iRedmail with open ldap ( also uses MySQL for sogo, postfix and others0and it does work with a multi-domain environment.
The address book has only some of the field basically just the phone numbers no address, so the work around I had develop still need to be implemented to give you a proper address book.

When setting up iRedmail with LDAP the first domain that you enter become the base domain, All other become "sub-domain " eg:

Base Domain:
domainName=xx.com,o=domains,dc=xx,dc=com

Second Domain
domainName=yy.com,o=domains,dc=xx,dc=com

Third Domain
domainName=aa.com.au,o=domains,dc=xx,dc=com
etc…

image419×694 45 KB

This allows for complete segregation of users from each domain, but the same thing applies it only keeps basic information line names titles and phone numbers no address.

Not sure if this approach can be adopted by Nethserver for setting up multiple domains.