SOGo 6 - system settings

SOGo 6 system settings change everything on the webapp, whatever who is or is not authenticated. They are stored in the database, and don’t need to restart the application to be effective.

How to set/patch them

First init

You can put a JSON file in the filesystem of SOGo and set this process_setting: SOGO_INIT_SYSTEM_SETTINGS_PATH.

You can use this endpoint with administrator privileges: * PATCH /api/admin/v1/config/system, body must be a JSON with at least one of the following parameters.

SOGO_S_DO_DOMAIN

Boolean, default to False.

If your SOGo has the same configuration whatever the user, put this to True. SOGo 6 is able to make different behavior according to the user’s domain. If that’s not the case, this setting will prevent unnecessary checks and also simplify some of its algorithms.

You can enable or disable this setting on the go, the user’s experience won’t notice anything. It’s mainly a safeguard for SOGo backend to only do what it needs to do.

SOGO_S_KNOWN_DOMAIN

A list of strings, default is empty/missing

This setting is a way to tell SOGo all the domains it should know. It allows it to take action when it doesn’t know the domain

For now, alpha, only the next setting SOGO_S_REJECT_UNKNOWN_DOMAIN uses that

Later, a functionality will be added to automatically list the domains based on your user sources.

SOGO_S_REJECT_UNKNOWN_DOMAIN

A boolean, default to False.

DO NOT USE IF SOGO_S_KNOWN_DOMAIN is not properly set. Otherwise, nobody will be able to login.

This setting sets SOGo 6 to directly reject plain login (username/password) or auth method (username) if the domain of the user is not listed in SOGO_S_KNOWN_DOMAIN. That way, it prevents SOGo 6 from making an unnecessary query/request to your user sources.

SOGO_S_DOMAINLESS_LOGIN

A boolean, default to False

SOGo 6 relies a lot on the user’s domain (except if you set SOGO_S_DO_DOMAIN=False). However, you may want your users to log in with a uid which is not their email. E.g. (user instead of user@sogo.nu). In that case, set this setting to True. It will tell SOGo 6 how to behave with this user.

With this setting at True, SOGo will have to check every user source for the first login. After that, it will link the current user to the user source and its email’s domain, which means domain_settings will be applied.

It means that if your user’s uid is "sogo" but its mail is "sogo@sogo.nu", settings for sogo.nu will be applied after the login. Unless you have set SOGO_S_DO_DOMAIN =False

SOGO_S_DIRECT_LOGIN

NOT IMPLEMENTED FOR ALPHA

A boolean, default to False

By default, SOGo 6 will make the login phase in two steps: * First ask for the uid/mail/username * Second ask for the password or redirect to an SSO if needed

This allows you to easily set a different authentication system according to the user’s domain (E.g. sogo@sogo.nu is plain/password, sogo@ogos.un is OpenID).

However, if you have the same authentication system for all of your users, you can make it in one step by setting this at True.

SOGO_S_SENDMAIL

NOT IMPLEMENTED FOR ALPHA

A String, default to "/usr/lib/sendmail"

If you’re using the sendmail binary instead of an SMTP server, set its path here