I would like to setup the default permissions of an public folder to deny. To do that,
2 things are currently missing:

• add an default permission to an folder:
  grommunio-admin exmdb domain folder grant folderid default value
• set permission none to an folder
  grommunio-admin exmdb domain folder grant folderid default none

The command should end in the following entry in the exchange.sqlite of the domain
INSERT INTO permissions VALUES(13,427681,'default',0);

Currently a value of "0x0" is switched to all (0x27ff)

Hi,

for Scripting- and/or One-Liner-Purposes it would be great if the Output-Format of the command grommunio-admin ldap search would list the results in the following order

ID	Type	E-Mail	Name

This would help with something like grom.... |sort -k2.

Hi,

subject say's it all. Currently only modify and delete is possible (as far as i know).

Something like grommunio-admin exmdb target folder create ...

Hi,
I set up a test-installation from the latest appliance, using the setup wizard.
Now I tried to change some details using grammm web admin and grammm-dbconf.
It was able to save the config to database via web admin, but when I tried to read it again, I got an HTTP 500 error.
On the console using grammm-dbconf get -vvv postfix main.cf this was the response:

# grammm-dbconf get -vvv postfix main.cf
Opening 'mysql_adaptor.cfg'...
Failed. Trying '/etc/gromox/mysql_adaptor.cfg'
Could not connect to MySQL server.

I had a look at the source code of grammm-dbconf and noticed it tried to read the mysql settings in all uppercase, but apparently the setup created them in lower case and only username, password and database.
Once I changed the config file /etc/gromox/mysql_adaptor.cfg to use uppercase names and included "MYSQL_HOST" and "MYSQL_PORT" (even though it's only on localhost), I was able to use grammm-dbconf as intended.

I think making the utility read the variable names case-insensitive and providing the a fallback for localhost and port 3306 should fix this.

Hi,

it would be nice if there was an switch like grommuhio-admin store [email protected] store get -s to not print out the "0x10101010 ".
This way it could be easier to parse w/o having to add another sed/awk call or however one might work with it.

I actually wanted to update some webmail settings with the help of jq and realized there was a bit clutter in the output.

~cb

https://github.com/grommunio/admin-api/blob/master/cli/remote.py#L33

Was just browsing the code and noticed this domain validator. It does not match https://game-maker.nl though that domain is quite valid. Also, it works for IPv4 addresses, but not IPv6; not sure if IP address support (in the v4 case) is intentional but it seems convenient to have.

• To resolve support for domains with hyphens, \w\. should probably have a - appended.
• To add support for IPv6, it depends on what format you want but probably (given that specifying the port is possible) it makes most sense to require [ square brackets ] around the address. The address itself only needs : to be added before the - I think, but this might cause issues for https://:8080 (which should be invalid) parsing with : as host or so so perhaps this needs to be turned into a two-case system where the : is only allowed inside [].

Or perhaps using urllib.parse is easier.

Hi there, I had a need to allow postfix catch all alias to be used, so that any unknown email addresses are sent to a particular user. The api didn't like this so I've just done up a little PR if that would be helpful?

Thanks

Hi,

would it be possible to either add an option to enable a scripting-safe output of the returned data?
Or maybe even like the user-module wth --format [pretty|csv|json-flat|json-structured]

Especially those fancy chars can be bothersome.

I helped myself for now with stuff like ...| tr -d '└─├│' , but in general it would be really awesome having the possibility to not even think about cleansing the returned data.
And i don't even wan't to know what type or characters could be problematic with for instance an cyrillic Charset.

cheers,
~crpb

Debian 12.5
Python 3.11.2
https://github.com/eryx12o45/grommunio-setup/blob/main/grommunio-setup
Admin-UI
Configuration / Monitoring
Admin API
Reload icon (next to "Autorefresh" icon)

  File "/usr/lib/python3/dist-packages/flask/app.py", line 1796, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/grommunio-admin-api/api/core.py", line 179, in wrapper
    return call()
           ^^^^^^
  File "/usr/share/grommunio-admin-api/api/core.py", line 144, in call
    ret = func(*args, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/grommunio-admin-api/endpoints/system/logs.py", line 35, in getLog
    return jsonify(data=LogReader.tail(log.get("format", "journald"), log["source"], n, skip, after))
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/grommunio-admin-api/tools/logs.py", line 59, in tail
    return cls.rreg[source](target).tail(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/grommunio-admin-api/tools/**logs.py**", **line 110**, in tail
    if len(entry) == 0 or entry["__REALTIME_TIMESTAMP"] <= after:
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**TypeError: can't compare offset-naive and offset-aware datetimes**
[WARNING] (grommunio Admin API) GET /api/v1/system/logs/Admin API?after=2024-03-11%2016:17:35.772257&n=20 from 192.168.178.82 -> 500 '{"message":"The server encountered an error while processing the request."}\n'

Hi,

shouldn't that be (0x2 for domains, 0x9 for users)?

In reference to #5 it would be nice to have the possibility to get those extended formats also with the command in the topic and even better would be the possibility to list all non-default permissions for [email protected] on the mailbox recursively.
This would make things like problem-solving(because of wrong permissions) and even an "Audit" much easier.

I know i can read all those entries from the sqlite-db's but i think this would be nice to access it via the the cli or at a later point even with the webapi.

For now i scribbled together the following to retrieve a quick overview.

I also looked a bit at ./cli/exmdb.py but wasn't really sure how to best implement the return of the permissions. Maybe something like this?

{
  "folders": [
    {
      "ID": 9,
      "parentID": 1,
      "name": "Top of Information Store",
      "subfolders": [...],
      "permissions": [
        {
          "user": "[email protected]",
          "perms": "0x2000"
        },
        {
// Alternatively
          "user": "[email protected]",
          "numeric": "0x041b",
          "permissions": "readany,create,editowned,deleteowned,foldervisible"
\\ Alternatively
        },
        ...
      ]
    },
  ],
  "permissions": [
    {
      "readany": "0x1",
      "create": "0x2",
      "sendas": "0x4",
      "editowned": "0x8",
      "deleteowned": "0x10",
      "editany": "0x20",
      "deleteany": "0x40",
      "createsubfolder": "0x80",
      "folderowner": "0x100",
      "foldercontact": "0x200",
      "foldervisible": "0x400",
      "freebusysimple": "0x800",
      "freebusydetailed": "0x1000",
      "storeowner": "0x2000"
    }
  ]
}

The extra "permissions" might also be requested with an additional switch and by default not be returned depending on the return i guess not needed anyhow.

~crpb

Hello,
I am following the instructions in trying to access the API via the UWSGI as outlined in the README.

I have receive the same results when trying with Alpine (musl) and Debian and like to work within containers to keep my workstation clean.

I can access main.py without issues from command line

Error:

# sudo -u nginx uwsgi /etc/uwsgi/grommunio-aapi.ini

[uWSGI] getting INI configuration from /etc/uwsgi/grommunio-aapi.ini
*** Starting uWSGI 2.0.21 (64bit) on [Wed Nov 29 11:59:15 2023] ***
compiled with version: 12.2.1 20220924 on 28 April 2023 21:13:09
os: Linux-6.6.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 08 Nov 2023 16:05:38 +0000
nodename: 95631834ae08
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /www/grommunio-aapi
detected binary path: /usr/sbin/uwsgi
chdir() to /www/grommunio-aapi
your memory page size is 4096 bytes
detected max file descriptor number: 1073741816
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /run/grommunio//grommunio-aapi.socket fd 3
Python version: 3.11.6 (main, Oct  4 2023, 06:22:18) [GCC 12.2.1 20220924]
Python main interpreter initialized at 0x7ff472c96f78
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 208576 bytes (203 KB) for 4 cores
*** Operational MODE: threaded ***
Traceback (most recent call last):
  File "/www/grommunio-aapi/main.py", line 20, in <module>
    from api.core import API  # Export to uwsgi server
    ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/www/grommunio-aapi/api/core.py", line 64, in <module>
    validator = OpenApiCompat(apiSpec)
                ^^^^^^^^^^^^^^^^^^^^^^
  File "/www/grommunio-aapi/api/core.py", line 26, in __init__
    from openapi_core.spec.shortcuts import create_spec
ModuleNotFoundError: No module named 'openapi_core.spec.shortcuts'
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. going in full dynamic mode ***
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 11011)
spawned uWSGI worker 1 (pid: 11012, cores: 4)

Python modules on system based on performing pip install <module> after reading Pipfile in repository:

Package                   Version
------------------------- ----------
argcomplete               3.1.6
asgiref                   3.7.2
async-timeout             4.0.3
attrs                     23.1.0
blinker                   1.7.0
certifi                   2022.9.24
cffi                      1.16.0
charset-normalizer        3.3.2
click                     8.1.7
cryptography              41.0.7
distlib                   0.3.6
dnspython                 2.4.2
filelock                  3.9.0
Flask                     3.0.0
greenlet                  3.0.1
idna                      3.6
isodate                   0.6.1
itsdangerous              2.1.2
Jinja2                    3.1.2
jsonschema                4.20.0
jsonschema-path           0.3.2
jsonschema-spec           0.2.4
jsonschema-specifications 2023.7.1
lazy-object-proxy         1.9.0
ldap3                     2.9.1
MarkupSafe                2.1.3
mattermostdriver          7.3.2
more-itertools            10.1.0
multidict                 6.0.4
openapi-core              0.18.2
openapi-schema-validator  0.6.2
openapi-spec-validator    0.7.1
parse                     1.20.0
pathable                  0.4.3
pip                       23.0.1
pipenv                    2022.12.19
platformdirs              2.6.0
psutil                    5.9.6
pyasn1                    0.5.1
pycparser                 2.21
PyJWT                     2.8.0
PyMySQL                   1.0.2
PyYAML                    6.0.1
redis                     5.0.1
referencing               0.30.2
requests                  2.31.0
rfc3339-validator         0.1.4
rpds-py                   0.13.2
setuptools                66.1.1
six                       1.16.0
SQLAlchemy                2.0.23
typing_extensions         4.8.0
urllib3                   2.1.0
virtualenv                20.17.1+ds
virtualenv-clone          0.3.0
websockets                12.0
Werkzeug                  3.0.1
wheel                     0.38.4

Contents of specific files:

# /etc/uwsgi/grommunio-aapi.ini

[uwsgi]
master = True
plugin = python3
protocol = uwsgi
socket = /run/grommunio//grommunio-aapi.socket
chdir = /www/grommunio-aapi
module = main
callable = API
processes = 1
threads = 4
die-on-term = true
chmod-socket = 660
enable-threads = TRUE
disable-logging = TRUE

What am I missing in order to be able to allow access to the API?

If you setup grommunio using Valkey instead of Redis, because Fedora plans to switch to it (which RHEL 10 will most likely inherit), it would be nice if the admin API covers Valkey and Redis to be finally displayed in Admin Web properly.

Given the current lack of an officially recommended Redis configuration in the documentation, but when just simply taking https://community.grommunio.com/d/426-redis-at-grommunio-documentation-for-debian11, as a base, an instanced systemd unit like [email protected] works indeed out of the box, while [email protected] does obviously not. But when then leveraging systemd.unit [email protected] for [email protected], an empty label is shown in the Admin Web…which is quite unexpected!

Please add at least support for systemd.unit Alias=… to the Admin API to cover generally upcoming Redis alternatives more nicely.

Hi,

it would be nice to create, modify and delete mail rules over the admin-api,
especially when migrating from Kopano.

Greetings,
Michael