Kopano Groupware Core 8.7 Now Available

January 29, 2019

Written by
Category: Releases

Kopano Groupware Core 8.7 is the first release to include a range of new components for the Kopano platform. These new components include support for OpenID Connect and initial support for our new RestAPI. Apart from this version 8.7 also brings performance and security improvements.

Kopano Groupware Core provides the Groupware functionality of the Kopano stack and in most cases sits at the heart of every Kopano environment. It is therefore a key figure in our promise to deliver stability and extensibility of Kopano’s proven communication platform. Kopano Archiver consists of additional archiving components, allowing Kopano Groupware servers to run on dedicated, and sometimes slower, storage servers for archived messages, while keeping the items available to the user.

New components in Kopano Groupware Core 8.7

Kopano 8.7 introduces two new components, which will play an important role in future client development and the integration of Kopano with external applications and platforms. The first new component that I want to introduce is Kopano Konnect. Konnect is an OpenID provider (OP) that directly integrates a web login with a consent form. It brings support for both OpenID Connect (OIDC) and Open Authentication (OAuth 2.0). Through this tool administrators can easily allow their users to login at third party applications, such as Owncloud and Nextcloud with the “Social Login” plugin, WordPress, OpenProject and many more. In addition to the easier integration with third-party applications, Kopano Konnect will also provide the authentication for the Kopano RestAPI and clients consuming it.

Want to learn more about Konnect? In the past we already gave a short introduction into Kopano Konnect. There are two main changes since the release blog post: you can now install Konnect through distribution packages and you no longer need to rely on Docker or binary downloads. Are you running Kopano on Univention Corporate Server and want to give Konnect a try? Kopano Konnect is available as Open ID provider with added Univention branding and integration on UCS.

Another new component is our new RestAPI “Kopano API” (or KAPI for short). KAPI is modelled after the Microsoft Graph RestAPI and will make it easier than ever before to integrate your Kopano data with external applications and clients. App developers should make sure to check our Compat documentation for further information on Graph and where we differ in our implementation. The first new client that will make use of KAPI is the Kopano Meet. We will have another blog on this subject in the beginning of 2019.

The Kopano RestAPI is only available for Debian 9, Ubuntu 16.04 and Ubuntu 18.04 at the moment. The API backend is made in Python3 and other distributions (RHEL, SLES, Debian 8) either do not have all dependencies in their repositories or not a recent enough version of Python. Support for SLES and RHEL will be added later on. The usage of Kopano WebApp or Z-Push is not affected by this.

Improved performance and security

Where available services now prefer python3 instead of python2.

Support for 4-Byte UTF-8 Unicode Encoding (utf8mb4)

Kopano now includes support for unicode characters outside of the actual body of an email (in the subject for example). To support such characters the database needs to be modified to support the utf8mb4 character set. New installation create the tables already in the correct encoding, but existing databases need to be upgraded by running kopano-dbadm usmp (while kopano-server is not running).

Until the above command is run kopano-server will continue to work as in previous versions (unicode emoji will not be shown reliably).

Reporting of usage statistics

Starting with Kopano Groupware Core 8.7 the server process contains a new stats gathering and reporting functionality that is sending basic usage statistics back to us at Kopano. The transmitted statistics include:

  • a unique machine ID
  • the name of the submitting service
  • the version of the submitting program
  • an internal Kopano server GUID
  • an OS identifier
  • an identifier for the Kernel and architecture used
  • the configured Kopano user plugin
  • the number of active users
  • the number of contacts created
  • the number of inactive users (split in users, equipment and rooms)

Internally we are also enhancing these stats with a timestamp when the system sends a report for the first time and another timestamp tracking when the the system contacted us last.

Below is an example of how we store such a report internally:

+------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------+---------------------+----------------+-----------------+-------------------+-----------------+-------------------+------------+------------------------------+--------------------------------------------+---------------+-----------------+-------+
| uid                                                              | machine_id_sha256                                                | server_guid_sha256                                               | first_seen          | last_update         | usercnt_active | usercnt_contact | usercnt_equipment | usercnt_na_user | usercnt_nonactive | userplugin | osrelease                    | utsname                                    | program_name  | program_version | flags |
+------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------+---------------------+----------------+-----------------+-------------------+-----------------+-------------------+------------+------------------------------+--------------------------------------------+---------------+-----------------+-------+
| 021612ba5bf55f097b9f2cba53b108e876329aa99a74bf879daa9d9c555bc259 | bb1f4f2d3541a1d9b0dd7416737608bedee162e442ed3c2c33aecfa26cefef19 | 48dfb2111e373d67ec034e0d26a37c8a7f81b84d864ac6b0c97022d7416661e4 | 2018-10-16 13:12:52 | 2018-10-16 13:12:52 | 0              | 0               | 0                 | 0               | 0                 | db         | Debian GNU/Linux buster/sid  | Linux x86_64 4.18.0-1-amd64                | kopano-server | 8.6.82          | 0     |
+------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------+---------------------+----------------+-----------------+-------------------+-----------------+-------------------+------------+------------------------------+--------------------------------------------+---------------+-----------------+-------+

We hope to learn a bit more about our user base from these reports.

How to turn the survey reporting off?

The following configuration options in server.cfg have an influence over the report sending:

  • surveyclient_url
  • surveyclient_interval
  • surveyclient_ssl_verify

To disable sending of reports it is sufficient to include the line surveyclient_interval=0 in your server.cfg

Important configuration changes

Some configuration options have changed compared to Kopano 8.6 or an earlier version. Below you will find a list of deprecated options and their replacements.

server.cfg

The following options are deprecated:

  • server_ssl_enabled
  • server_ssl_port
  • server_tcp_enabled
  • server_tcp_port

The above options have been replaced with (these options were already available in Kopano Groupware Core 8.6.x):

  • server_listen
  • server_listen_tls

ical.cfg

The following options are deprecated:

  • ical_enable
  • icals_enable
  • ical_port
  • icals_port

The above options have been replaced with:

  • ical_listen
  • icals_listen

gateway.cfg

The following options are deprecated:

  • imap_enable
  • imaps_enable
  • imap_port
  • imaps_port
  • pop3_enable
  • pop3s_enable
  • pop3_port
  • pop3s_port

The above options have been replaced with:

  • pop3_listen
  • pop3s_listen
  • imap_listen
  • imaps_listen

Upcoming changes in Kopano 9.0

For the Kopano 9.0 release we are already planning some more changes, which we have announced in the “Housekeeping” blogpost. These changes can be summarised as:

  • switching to PHP 7.x compatibility only
  • switching to Python 3 compatibility only

These changes will result in changed set of supported distributions from the release of Kopano Core 9.0 and onwards. More details can be found in the blog post.

But there are also some smaller under the hood changes, that will only matter for custom integrations.

For backwards compatibility we still provided a python-zarafa module within python-kopano. We plan to remove the compatibility bridge for Kopano Groupware Core 9.0.
Additionally this release will also be the last release that to ship php class files. These files were already redundant, since both Kopano WebApp and Z-Push were shipping their own versions for quite a while. With the removal of the php version of kopano-mr-accept and kopano-mr-process in 8.7, these files are now no longer needed and will therefore be removed in the 9.0 release.

What to look out for when upgrading?

This version introduces updates to the internal schema. Before upgrading to this version make sure that the steps explained in https://kb.kopano.io/display/WIKI/K-1216 have been executed or plan in additional time to execute these after the upgrade. kopano-server will print upon restart if kopano-dbadm k-1216 still needs to be run. Another indicator would be the absense of the current running version in the versions MySQL table.

It has been observed that the script for creating store cannot be found after upgrade:
https://jira.kopano.io/browse/KC-1339

The simple fix for this would be to uncomment the values for the userscripts so the built in defaults are used. This is explained in more detail in above ticket.

The kopano-search rpm now has a dependency on poppler-utils, which pulls in some additional packages:
https://jira.kopano.io/browse/KC-1245

When upgrading from our repositories on UCS you will notice that because of the above mentioned configuration file changes kopano-gateway and kopano-ical will refuse to start. The integration package already provided an upgrade script for this case within the 8.6.8 upgrade, which can be found at /usr/share/kopano4ucs/kopano4ucs-update-settings870.sh.

As always make sure to have a backup of your running system and configuration before upgrading.