I have been looking into the Baikal app and have some ideas for improvements which I wanted to document and discuss here.
- When moving from v1 to v2 packaging, the default
source_id
changed fromapp
tomain
. As a result, the files and patches undersources
(for connecting Baikal to YNH’s LDAP) were not applied anymore. This is already fixed and merged into master: rename 'app' -> 'main' by Toromtomtom · Pull Request #89 · YunoHost-Apps/baikal_ynh · GitHub - DAV clients such as Thunderbird and DAVx5 cannot access calendars or addressbooks if access to the app is allowed for logged-in users only, because these clients cannot obtain an SSO session. To use DAV clients with Baikal, access for visitors needs to be allowed (see Can't connect Thunderbird to Baikal). Note that even then clients need to authenticate with username and password of an YNH user. Also note that the admin interface of Baikal is always available only to logged-in YNH admin users. The fact that DAV clients need anonymous access is not documented yet. I would like to add this to the documentation at Baikal | Yunohost Documentation (PR pending) and to the setup dialog (PR pending), in a similar manner as for Gitea: https://github.com/YunoHost-Apps/gitea_ynh/blob/master/manifest.json#L53
- When anonymous access is allowed, fail2ban should be enabled for LDAP login attempts. I added fail2ban integration in this PR, please review as you see fit: Add fail2ban by Toromtomtom · Pull Request #92 · YunoHost-Apps/baikal_ynh · GitHub.
I will update this thread as I go. Please feel free to add your thoughts.