Lightweight Groupware software

[hruodr]

Continuation from:

What do you think about doing JS-Free sites?

It does not. The standard is the same assuming you mean closing tags such as I see that often but that closing slash has never been part of any HTML standard including HTML5. In fact, the standard specifically states that slash has no meaning and does nothing in HTML. XHTML has higher...

forums.freebsd.org

I've got most of an Ansible script that sets up a Freebsd server on Digital Ocean to run Postfix, Dovecot, and Roundcube. It includes a Roundcube plugin I wrote to allow you to change your password somewhat securely. I really need to finish that project.

I did not thought on a script, more on making an OS image, or just installing everything by hand when I need it.

Sendmail and cyrus use sasl. I use at the moment the ldap plugin, for chaning pass I wrote a
CGI script that calls ldappasswd. Security is a question!

Since the whole project is generic, perhaps not everyone can login, perhaps not everyone has all
services, and perhaps a lot of people from outside can have some access, I am still thinking on
how the solution for authentication is.

I could never get used to the way in which Cyrus lays out the inbox, so I use Dovecot. I'm never going back to sendmail.cf. It's Postfix for me, thanks.

But perhaps you can run the DAV capabilities separately.

Had never heard of that one. The Freshports entry for it says it's broken and deprecated. That's a shame.

I got to it from this paper:

Scaling up Cambridge University’s email service

Unfortunately it is not being mantained / developed anymore. I hope in the future someone comes to the idea.

I tried Trac and Redmine, and have decided that integrating the wiki, bug tracker, and source browser into one is a bad idea. I prefer discrete projects for each of the roles. I've settled on Dokuwiki, Bugzilla, and Gitweb.

devel/fossil has not the unix philosophy: it is like a swiss knive, one uses one
blade and holds in the hand a lot that one does not use. But since it is well done, this is
very practical.

You have everything in one executable that can be moved without problem, the client and server
programs in one executable. The same with the data, source, tickets, wiki, forums, etc in one
sqlite3 db that can be moved. For subprojects in the project server very good.

Give net-im/prosody a try. Nice, simple, and lightweight.

I will see it. I installed net/kamailio, it is also lightweight, but I did not test it.
I also one to use Web Technology as VoIP phone. It is a big field and one needs time.

 

[Jose]

...
Sendmail and cyrus use sasl. I use at the moment the ldap plugin, for chaning pass I wrote a
CGI script that calls ldappasswd. Security is a question!
...

I run LDAP for auth right now, and frankly it creates more problems than it solves for small sites. I'm slowly moving my home network to Kerberos. I'm going to use PAM (local auth) for my turnkey script.

 

[hruodr]

I run LDAP for auth right now, and frankly it creates more problems than it solves for small sites.

Indeed. ldap is terrible. But it is a standard and I thought I could deal with it with some scripts
and CGI scripts. I wanted first to try software, then to "glue" them with scripts.

Linux and FreeBSD have PAM, but not OpenBSD. That is why I want to avoid it. It has also not
the concept of authorization and authentication of SASL. In my CGI script for changing pass
someone can change the pass of other person if he is allowed.

As you see, I have a very small site with few resources, but try to use software that may scale
for very big sizes and thousands of users. That is also part of the plan.

Perhaps one could do a FreeBSD package that install all the software, scripts and configuration
files instead of your script?

 

[rootbert]

roundcube and secure do not fit in the same sentence. I have run quite a lot of different groupware solutions at different scale, I have learned my lessons in a huge amount of hours spent on setting up, running, tweaking, automated testing, upgrading, migrating those groupware packages, however, for me it boils down to running the stable, fast, lightweight SOGO. I can highly recommend it to anyone interested in this topic, it is a great piece of software. I have run it with 5000 users with adequate speed on standard server software from 2014-2018 (no SSDs, all services on one hardware server - openldap, postgres, dovecot, postfix, amavis/spamassassin).

 

[20-100-2fe]

I have begun assembling such a solution based on Postfix+Dovecot for email and SabreDAV for CalDAV and CardDAV.
I wanted to add Roundcube as webmail but couldn't get CalDAV and CardDAV plugin to work.

CalDAV and CardDAV seem essential to me in order to be able to access one's contacts and calendar from any client.
However, I've been very surprised to see how poor CalDAV and CardDAV support is in open source software, particularly email clients.
The most "lightweight" working email client I've found is Thunderbird with the CardDAV add-on...

 

[hruodr]

However, I've been very surprised to see how poor CalDAV and CardDAV support is in open source software, particularly email clients.

I would prefer CalDAV and CardDAV in stand alone clients and be free to use any mail client I want.

I wanted to add Roundcube as webmail but couldn't get CalDAV and CardDAV plugin to work.

For me the reason to offer webmail is: (1) I dont want to allow anyone to login, (2) I have
FEATURE(dnsbl, `zen.spamhaus.org') in sendmail.mc and most IPs that are offered
dynamically by my provider are blacklisted.

I have learned my lessons in a huge amount of hours spent on setting up, running, tweaking, automated testing, upgrading, migrating those groupware packages, however, for me it boils down to running the stable, fast, lightweight SOGO.

Perhaps everyone should learn the same way. There is a lot of ready Groupware solutions, but
I wanted to decide for each service what to use.

 

[Jose]

roundcube and secure do not fit in the same sentence. I have run quite a lot of different groupware solutions at different scale, I have learned my lessons in a huge amount of hours spent on setting up, running, tweaking, automated testing, upgrading, migrating those groupware packages, however, for me it boils down to running the stable, fast, lightweight SOGO. I can highly recommend it to anyone interested in this topic, it is a great piece of software. I have run it with 5000 users with adequate speed on standard server software from 2014-2018 (no SSDs, all services on one hardware server - openldap, postgres, dovecot, postfix, amavis/spamassassin).

I can't find this SOGO anywhere. Could you give me more details?

 

[rootbert]

its www/sogo4 or www/sogo4-activesync, but sogo5 was just recently announced on www.sogo.nu. Disclaimer: I am not affiliated with the project, just had really good experience with it ;-)

 

[Jose]

its www/sogo4 or www/sogo4-activesync, but sogo5 was just recently announced on www.sogo.nu. Disclaimer: I am not affiliated with the project, just had really good experience with it ;-)

Interesting project. Don't love that they use LDAP, and their user management strategy is not for non-technical people:

Installation and Configuration Guide

I do love that the backend is in Objective-C and uses the Gnustep libraries.

 

[msplsh]

Going to second the Kerberos > LDAP. My experience has been that LDAP files are impossible to secure at rest due to how binds send the password in the clear and there's no options for hashing. Everyone is like "just use SSL" or "encrypt the disk" as if that's a complete solution.

 

[rootbert]

Don't love that they use LDAP

you can also use SQL, see https://sogo.nu/files/docs/SOGoInstallationGuide.html#Authentication-using-SQL

 

[hruodr]

however, for me it boils down to running the stable, fast, lightweight SOGO

With google I see that many german universities are deploying it, including Heidelberg.

It seems to be a very good out of the box solution. In spite of it, I will continue with my
original approach.

Note that according to the paper of cambridge, prayer web-mail was deployed among
32.000 users, with old hardware of the time. That is sure lighter weight than sogo.

One must find a compromise between many things. I think sogo is putting too much weight
on the appearance and ease to use for non technical people. It is sure a professional system.
I prefer something more "home brew", putting more weight on functionality with little
resource requirements. At the time one can get very cheap VPS, perhaps thought mainly
for testing or for starting, and I want to use them eventually for "production".

 

[20-100-2fe]

I'm a bit puzzled here: if it's not for non-technical people, what do you call "production", then?

Building a home brew system is a very good learning path and this reason is sufficient to justify the time and effort.
That said, whenever I hear the word "production", it refers to some work being done for someone else (customers, users), hence my question.

One must find a compromise between many things. I think sogo is putting too much weight
on the appearance and ease to use for non technical people. It is sure a professional system.
I prefer something more "home brew", putting more weight on functionality with little
resource requirements. At the time one can get very cheap VPS, perhaps thought mainly
for testing or for starting, and I want to use them eventually for "production".

 

[hruodr]

what do you call "production", then?

That the goal is not the software itself, but what it is done with the software.

Hence: the goal is not only testing the software. Or perhaps yes, but for being prepared for
using it beyond that.

Here: make people that are far away connected and work together in a project, not necessarily a
software project, not necessarily a technical project. It may be business, political, entertainment,
social, etc. It must be productive, but perhaps production was not the right word.

 

[msplsh]

This Sogo thing actually looks pretty awesome. Going to look into replacing Roundcube with it.

 

[rootbert]

it is great! When it comes to caldav/carddav client compatibility and performance it is by far the best free open source solution out there ... and you get activesync on top of that if you want to use it

 

[Jose]

you can also use SQL, see https://sogo.nu/files/docs/SOGoInstallationGuide.html#Authentication-using-SQL

It seems to require both:

Installation and Configuration Guide

That's puzzling given than modern SQL databases provide a superset of LDAP's functionality. Maybe it's for compatibility. In any case, managing users by SQL query is at least as bad as ldapadd plus hand-coded ldif.

it is great! When it comes to caldav/carddav client compatibility and performance it is by far the best free open source solution out there ... and you get activesync on top of that if you want to use it

I'm a little skeptical of integrated solutions after my misadventures with Trac and Own/Nextcloud, but I'm definitely going to give it a look. I'd still rather handle calendaring with something separate like Radicale.

 

[Mjölnir]

Jose said: Give net-im/prosody a try. Nice, simple, and lightweight.
I will see it. I installed net/kamailio, it is also lightweight, but I did not test it. [...]

You may want to consider why the admin of https://trashserver.net/faq/ switched from Prosody to ejabberd.

 

[Jose]

You may want to consider why the admin of https://trashserver.net/faq/ switched from Prosody to ejabberd.

I've run prosody for years, and have never encountered any such problems. Then again, I have six users and trashserver has 8,000+. I also don't run any mods. I did look at ejabberd, and it was a nightmare to install and configure, though this was some years ago.

I also never got the Erlang hype. About 10 years ago, all the kids were super excited about this Youtube video:

View: https://www.youtube.com/watch?v=xrIjfIjssLE


Suddenly everyone had a cool new project in that forgotten language. I never cared enough to take a look. Then again, I usually don't get the hype.

 

[msplsh]

I understand why they use Erlang but I had no interest in worrying over if Erlang is going to be a boat anchor, so I chose something else too (also because the load was small and inconsequential). If they chose Scheme, Haskell or Clojure, I wouldn't worry so much. Erlang doesn't even break top 50 on TIOBE (just for spitballing popularity of functional programming languages). If I wanted to fiddle with it, I'd feel like I was wasting my time.

 

[hruodr]

I also never got the Erlang hype.

I think it is not hype, it seems to be designed to solve specific tasks in telecommunication.

Erlang doesn't even break top 50 on TIOBE

What is the advantage of popularity?

 

[hruodr]

Erlang doesn't even break top 50 on TIOBE (just for spitballing popularity of functional programming languages). If I wanted to fiddle with it, I'd feel like I was wasting my time.

TIOBE compares apples, pears, bananas, carrots, tomatos, etc.

Not only Erlang, also Verilog, VHDL and TeX are the last of the list, C, java and pyton are on
the top, not far away javascript and php, assembly follows, then FORTRAN and LISP, but
after logo, J or APL are not even mentioned.

These languages are not interchangeable, if you have a task, you must select the appropriate one.

But please, back to the main theme: lightweight groupware software. I wrote a very simple,
primitive script in tcl in order to allow people to upload files and text messages in my server,
I mean it as a more private mail. I get the uploaded files and text as a big multipart/form-data
file. Since it is mostly binary, I decided to write a program in C for extracting the parts.
Since days I am wasting my time writing by hand a parser for this trivial file, I regret not
having doing it with tcl, or at least not have used lex. Should I have done it in VHDL, TeX
or logo?

Here the description of multipart/form-data:

RFC 7578 - Returning Values from Forms: multipart/form-data

Returning Values from Forms: multipart/form-data (RFC 7578)

tools.ietf.org

 

[msplsh]

These languages are not interchangeable,

I listed three other functional programming languages that are interchangeable which are in the top 50.

I shouldn't have to explain why popularity matters in open source on a FreeBSD forum, but succinctly, popularity means that you get more people working on a thing, keeps it feature set relevant, and increases its survival long-term.

 

[hruodr]

I listed three other functional programming languages that are interchangeable which are in the top 50.

It seems it is not the fact that it is functional what makes Erlang special. It is concurrency, real
time, fault tollerance, scalability, hot swapping, and such things. I do not think that Scheme,
Haskell or Clojure may replace Erlang.

Just see here:

Erlang -- What is Erlang

 

[msplsh]

Concurrency is available in those other languages, which is mostly a natural byproduct of them being functional.

The rest of those things are just attributes that can be picked up by other languages (except maybe the soft RT). I mean, seriously, what does "scalability" mean in a programming language? It's usually just something you are trying to "get" when you choose a functional language.

Anyway, I don't believe using Erlang specifically confers any super powers. Using a functional programming methodology, does. Again, I understand why they use Erlang, but those concerns aren't going to translate to hobbyist randos here on a forum. Prosody is going to be fine.