Cloudron Forum

It's the same with SOGo. Use the mailbox name as username and any of the group's credentials as the password.

Depends on your use case / what apps you want to provide for your users. For best practice, I avoid the "Visible to all users on this Cloudron" option and remove all assigned groups from a user before deactivating the account.

In case of Nextcloud for example, Cloudron groups can be used within the app to give permissions to shares and features. Certain apps can also be configured to give every user that is able to log in a certain amount of permissions (like Nextcloud Auto Groups or specific role managment in Bookstack).

I have a "base" group (like <orgname>) giving normal access to apps like Matrix/Element, Nextcloud and Bockstack. Below that I have a group "<orgname>-internal" that give access to more specific apps like Freescout or Kimai. To go even further you can do <orgname>-<department> but for most apps you have to specify user permissions in addition. However it is useful to limit app access by Cloudron groups so users don't end up in a spot where they don't have permissions or no role to fulfill.

@BrutalBirdie So I figured this out, and it's definitely NOT a Cloudron issue. Actually, it's a Thunderbird issue... so I'll probably go write a quick report on Bugzilla at some point.

It turns out that when you hook up two emails for Thunderbird that (1) go the same mail server and (2) share the same password, that causes Thunderbird to ignore the username.

What this means:

Let's say you set up two mailboxes in Cloudron, your.name@company.com and service@company.com. While your.name@company.com is accessible to you, service@company.com is instead accessible to a group you are a part of. You can use user account password to log into both.

Let's say you first add your.name@compay.com to Thunderbird. It will work fine. However when you add service@company.com, outgoing will be messed up (though incoming will work). Rather than outgoing being registered for service@company.com, it'll go out through your.name@company.com, which is not the correct behavior.

You can fix this by going into Outgoing Servers in Thunderbird, but it's a big pain it doesn't need to be, and I'm sure it's something that can be fixed on the Thunderbird end.

Anyways, that was a fun dive into some email issues... hopefully I can get this fixed and jump back into using groups, as that helps make security issues with emails a little easier to deal with (no having to reset everybody's shared password).

Hope you all have an awesome day!

@nebulon can you maybe have a look into the other thread, I am a bit stuck but it would be important to get this right for a porject of mine.

@ruihildt yeah I guess horizontal scaling is not the correct term for what I meant. I believe, viewing one Cloudron instance (which may consist of multiple servers in the future) for one organization is what we are aiming for. Not the scaling for multi-tenancy of organizations (the scaling more applicable for SaaS offerings)

@brutalbirdie You are God level Cloudron user! You must absolutely love Cloudron. Thanks for giving me an idea of what is possible.

Even if we could just get LDAP groups working with Nextcloud that'd be a big win imho given how many of us use Nextcloud (I think I'm correct in assuming it's the 2nd most popular app on Cloudron?)