Baikal improvements

I have been looking into the Baikal app and have some ideas for improvements which I wanted to document and discuss here.

  1. When moving from v1 to v2 packaging, the default source_id changed from app to main. As a result, the files and patches under sources (for connecting Baikal to YNH’s LDAP) were not applied anymore. This is already fixed and merged into master: rename 'app' -> 'main' by Toromtomtom · Pull Request #89 · YunoHost-Apps/baikal_ynh · GitHub
  2. DAV clients such as Thunderbird and DAVx5 cannot access calendars or addressbooks if access to the app is allowed for logged-in users only, because these clients cannot obtain an SSO session. To use DAV clients with Baikal, access for visitors needs to be allowed (see Can't connect Thunderbird to Baikal). Note that even then clients need to authenticate with username and password of an YNH user. Also note that the admin interface of Baikal is always available only to logged-in YNH admin users. The fact that DAV clients need anonymous access is not documented yet. I would like to add this to the documentation at Baikal | Yunohost Documentation (PR pending) and to the setup dialog (PR pending), in a similar manner as for Gitea: https://github.com/YunoHost-Apps/gitea_ynh/blob/master/manifest.json#L53
  3. When anonymous access is allowed, fail2ban should be enabled for LDAP login attempts. I added fail2ban integration in this PR, please review as you see fit: Add fail2ban by Toromtomtom · Pull Request #92 · YunoHost-Apps/baikal_ynh · GitHub.

I will update this thread as I go. Please feel free to add your thoughts.

4 Likes

Hi Toromtomtom,

Welcome to the forums!

Nothing related to Baikal, I’d just like to express my gratitude for you taking the effort not only to improve the app, but also to make an account on the forums especially for that.

Have fun!

2 Likes

@wbk Thank you for the kind words!
@ericg Thanks for merging the fail2ban PR so quickly!

Here are the promised PRs regarding documentation:

1 Like

Welcome!

To further improve the app, one could have the main permission given to visitors, like it’s done here with admins: https://github.com/YunoHost-Apps/baikal_ynh/blob/b9f0a285ca32484e40e8ed600a589bb515cfe663/manifest.toml#L59

That would simplify the UX and prevent users to refer to the documentation to understand what’s going on.

2 Likes

Yes, that is something I also played around with. Do you think that that would be a better solution? I was thinking that

  • it seems to work the way it is now for most users (at least I could not find many complaints about non-working DAV clients) and
  • the Gitea app configuration uses a similar suggestion during installation for users that want to use “advanced” Git features.

But I definitely see the advantages of configuring this to be working for DAV clients out-of-the-box.

Hi!
I have a questions related to the contact birthday.
Is it handled by Baikal or the client side?
Best

Here is a PR that is doing that. If merged, I will revert the corresponding changes to the documentation.

Seems like it is client-side: Baikal should maintain a contact birthday calendar · Issue #1166 · sabre-io/Baikal · GitHub

5 Likes

haha!
Excellent vidéo @Aleks !
It really shows how the underlying programming can be beyond simple user capability of grasping its full complexity.

Birthday adapter app on Android saved my day though. :slight_smile: