Kopano Groupware Core 8.7 is the first release to include a range of new components for the Kopano platform. These new components include support for OpenID Connect and initial support for our new RestAPI. Apart from this version 8.7 also brings performance and security improvements.
Kopano Groupware Core provides the Groupware functionality of the Kopano stack and in most cases sits at the heart of every Kopano environment. It is therefore a key figure in our promise to deliver stability and extensibility of Kopano’s proven communication platform. Kopano Archiver consists of additional archiving components, allowing Kopano Groupware servers to run on dedicated, and sometimes slower, storage servers for archived messages, while keeping the items available to the user.
New components in Kopano Groupware Core 8.7
Kopano 8.7 introduces two new components, which will play an important role in future client development and the integration of Kopano with external applications and platforms. The first new component that I want to introduce is Kopano Konnect. Konnect is an OpenID provider (OP) that directly integrates a web login with a consent form. It brings support for both OpenID Connect (OIDC) and Open Authentication (OAuth 2.0). Through this tool administrators can easily allow their users to login at third party applications, such as Owncloud and Nextcloud with the “Social Login” plugin, WordPress, OpenProject and many more. In addition to the easier integration with third-party applications, Kopano Konnect will also provide the authentication for the Kopano RestAPI and clients consuming it.
Want to learn more about Konnect? In the past we already gave a short introduction into Kopano Konnect. There are two main changes since the release blog post: you can now install Konnect through distribution packages and you no longer need to rely on Docker or binary downloads. Are you running Kopano on Univention Corporate Server and want to give Konnect a try? Kopano Konnect is available as Open ID provider with added Univention branding and integration on UCS.
Another new component is our new RestAPI “Kopano API” (or KAPI for short). KAPI is modelled after the Microsoft Graph RestAPI and will make it easier than ever before to integrate your Kopano data with external applications and clients. App developers should make sure to check our Compat documentation for further information on Graph and where we differ in our implementation. The first new client that will make use of KAPI is the Kopano Meet. We will have another blog on this subject in the beginning of 2019.
The Kopano RestAPI is only available for Debian 9, Ubuntu 16.04 and Ubuntu 18.04 at the moment. The API backend is made in Python3 and other distributions (RHEL, SLES, Debian 8) either do not have all dependencies in their repositories or not a recent enough version of Python. Support for SLES and RHEL will be added later on. The usage of Kopano WebApp or Z-Push is not affected by this.
Improved performance and security
Where available services now prefer python3 instead of python2.
Support for 4-Byte UTF-8 Unicode Encoding (utf8mb4)
Kopano now includes support for unicode characters outside of the actual body of an email (in the subject for example). To support such characters the database needs to be modified to support the utf8mb4 character set. New installation create the tables already in the correct encoding, but existing databases need to be upgraded by running kopano-dbadm usmp
(while kopano-server
is not running).
Until the above command is run kopano-server
will continue to work as in previous versions (unicode emoji will not be shown reliably).
Reporting of usage statistics
Starting with Kopano Groupware Core 8.7 the server process contains a new stats gathering and reporting functionality that is sending basic usage statistics back to us at Kopano. The transmitted statistics include:
- a unique machine ID
- the name of the submitting service
- the version of the submitting program
- an internal Kopano server GUID
- an OS identifier
- an identifier for the Kernel and architecture used
- the configured Kopano user plugin
- the number of active users
- the number of contacts created
- the number of inactive users (split in users, equipment and rooms)
Internally we are also enhancing these stats with a timestamp when the system sends a report for the first time and another timestamp tracking when the the system contacted us last.
Below is an example of how we store such a report internally:
+------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------+---------------------+----------------+-----------------+-------------------+-----------------+-------------------+------------+------------------------------+--------------------------------------------+---------------+-----------------+-------+ | uid | machine_id_sha256 | server_guid_sha256 | first_seen | last_update | usercnt_active | usercnt_contact | usercnt_equipment | usercnt_na_user | usercnt_nonactive | userplugin | osrelease | utsname | program_name | program_version | flags | +------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------+---------------------+----------------+-----------------+-------------------+-----------------+-------------------+------------+------------------------------+--------------------------------------------+---------------+-----------------+-------+ | 021612ba5bf55f097b9f2cba53b108e876329aa99a74bf879daa9d9c555bc259 | bb1f4f2d3541a1d9b0dd7416737608bedee162e442ed3c2c33aecfa26cefef19 | 48dfb2111e373d67ec034e0d26a37c8a7f81b84d864ac6b0c97022d7416661e4 | 2018-10-16 13:12:52 | 2018-10-16 13:12:52 | 0 | 0 | 0 | 0 | 0 | db | Debian GNU/Linux buster/sid | Linux x86_64 4.18.0-1-amd64 | kopano-server | 8.6.82 | 0 | +------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------+---------------------+----------------+-----------------+-------------------+-----------------+-------------------+------------+------------------------------+--------------------------------------------+---------------+-----------------+-------+
We hope to learn a bit more about our user base from these reports.
How to turn the survey reporting off?
The following configuration options in server.cfg
have an influence over the report sending:
- surveyclient_url
- surveyclient_interval
- surveyclient_ssl_verify
To disable sending of reports it is sufficient to include the line surveyclient_interval=0
in your server.cfg
Important configuration changes
Some configuration options have changed compared to Kopano 8.6 or an earlier version. Below you will find a list of deprecated options and their replacements.
server.cfg
The following options are deprecated:
- server_ssl_enabled
- server_ssl_port
- server_tcp_enabled
- server_tcp_port
The above options have been replaced with (these options were already available in Kopano Groupware Core 8.6.x):
- server_listen
- server_listen_tls
ical.cfg
The following options are deprecated:
- ical_enable
- icals_enable
- ical_port
- icals_port
The above options have been replaced with:
- ical_listen
- icals_listen
gateway.cfg
The following options are deprecated:
- imap_enable
- imaps_enable
- imap_port
- imaps_port
- pop3_enable
- pop3s_enable
- pop3_port
- pop3s_port
The above options have been replaced with:
- pop3_listen
- pop3s_listen
- imap_listen
- imaps_listen
Upcoming changes in Kopano 9.0
For the Kopano 9.0 release we are already planning some more changes, which we have announced in the “Housekeeping” blogpost. These changes can be summarised as:
- switching to PHP 7.x compatibility only
- switching to Python 3 compatibility only
These changes will result in changed set of supported distributions from the release of Kopano Core 9.0 and onwards. More details can be found in the blog post.
But there are also some smaller under the hood changes, that will only matter for custom integrations.
For backwards compatibility we still provided a python-zarafa
module within python-kopano
. We plan to remove the compatibility bridge for Kopano Groupware Core 9.0.
Additionally this release will also be the last release that to ship php class files. These files were already redundant, since both Kopano WebApp and Z-Push were shipping their own versions for quite a while. With the removal of the php version of kopano-mr-accept and kopano-mr-process in 8.7, these files are now no longer needed and will therefore be removed in the 9.0 release.
What to look out for when upgrading?
This version introduces updates to the internal schema. Before upgrading to this version make sure that the steps explained in https://kb.kopano.io/display/WIKI/K-1216 have been executed or plan in additional time to execute these after the upgrade. kopano-server
will print upon restart if kopano-dbadm k-1216
still needs to be run. Another indicator would be the absense of the current running version in the versions
MySQL table.
It has been observed that the script for creating store cannot be found after upgrade:
https://jira.kopano.io/browse/KC-1339
The simple fix for this would be to uncomment the values for the userscripts so the built in defaults are used. This is explained in more detail in above ticket.
The kopano-search rpm now has a dependency on poppler-utils, which pulls in some additional packages:
https://jira.kopano.io/browse/KC-1245
When upgrading from our repositories on UCS you will notice that because of the above mentioned configuration file changes kopano-gateway
and kopano-ical
will refuse to start. The integration package already provided an upgrade script for this case within the 8.6.8 upgrade, which can be found at /usr/share/kopano4ucs/kopano4ucs-update-settings870.sh
.
As always make sure to have a backup of your running system and configuration before upgrading.