1
CalDAV / CardDAV GAL issue with TbSync
Problem reported by Sébastien Riccio - 6/6/2022 at 8:19 PM
Resolved
Hello,

While trying to help a customer having bad times trying to connect his account contacts and calendar with DAV (Using TbSync w/ Thunderbird), I discovered that it is currently not showing the Global Address List.


I did the same test with an account on our other mailservers which is using "mailcow" mail server stack and it works like a charm.


I tried many different things to get it working but it looks to me that there is some kind of incompatibility between SmarterMail and TbSync.

Any idea what could cause this ?

CardDAV resources url in TbSync for SmarterMail:

Kind regards.
Sébastien Riccio
System & Network Admin

10 Replies

Reply to Thread
0
Sébastien Riccio Replied
In order to try to find a reason for this issue, I went ahead and sniffed the traffic between TbSync and both mailservers.

On the mailcow server (using sOGO DAV), the resulting XML for discovering addresses books returns:

HTTP/1.1 207 Multi-Status
Server: nginx
Date: Tue, 07 Jun 2022 03:52:44 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 2164
Connection: keep-alive
X-Dav-Error: 200 No error
Ms-Author-Via: DAV
Pragma: no-cache
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN

<?xml version="1.0" encoding="UTF-8"?>
<D:multistatus xmlns:D="DAV:">
   <D:response>
      <D:href>/SOGo/dav/sr@madjix.ch/Contacts/</D:href>
      <D:propstat>
         <D:status>HTTP/1.1 200 OK</D:status>
         <D:prop>
            <D:current-user-privilege-set>
               <D:privilege>
                  <D:read-current-user-privilege-set />
               </D:privilege>
               <D:privilege>
                  <D:read />
               </D:privilege>
               <D:privilege>
                  <D:bind />
               </D:privilege>
               <D:privilege>
                  <D:unbind />
               </D:privilege>
               <D:privilege>
                  <D:write />
               </D:privilege>
               <D:privilege>
                  <D:write-properties />
               </D:privilege>
               <D:privilege>
                  <D:write-content />
               </D:privilege>
            </D:current-user-privilege-set>
            <D:resourcetype>
               <D:collection />
            </D:resourcetype>
            <D:displayname>Contacts</D:displayname>
         </D:prop>
      </D:propstat>
   </D:response>
   <D:response>
      <D:href>/SOGo/dav/sr@madjix.ch/Contacts/personal/</D:href>
      <D:propstat>
         <D:status>HTTP/1.1 200 OK</D:status>
         <D:prop>
            <D:current-user-privilege-set xmlns:n1="urn:inverse:params:xml:ns:inverse-dav">
               <D:privilege>
                  <D:write />
               </D:privilege>
               <D:privilege>
                  <D:bind />
               </D:privilege>
               <D:privilege>
                  <D:unbind />
               </D:privilege>
               <D:privilege>
                  <D:write-properties />
               </D:privilege>
               <D:privilege>
                  <D:write-content />
               </D:privilege>
               <D:privilege>
                  <D:read-acl />
               </D:privilege>
               <D:privilege>
                  <D:write-acl />
               </D:privilege>
               <D:privilege>
                  <n1:admin />
               </D:privilege>
               <D:privilege>
                  <D:all />
               </D:privilege>
            </D:current-user-privilege-set>
            <D:resourcetype>
               <D:collection />
               <vcard-collection xmlns="http://groupdav.org/"; />
               <addressbook xmlns="urn:ietf:params:xml:ns:carddav" />
            </D:resourcetype>
            <D:displayname>Personal Address Book</D:displayname>
         </D:prop>
      </D:propstat>
   </D:response>
   <D:response>
      <D:href>/SOGo/dav/sr@madjix.ch/Contacts/madjix.ch/</D:href>
      <D:propstat>
         <D:status>HTTP/1.1 200 OK</D:status>
         <D:prop>
            <D:current-user-privilege-set>
               <D:privilege>
                  <D:read />
               </D:privilege>
               <D:privilege>
                  <D:read-current-user-privilege-set />
               </D:privilege>
               <D:privilege>
                  <D:all />
               </D:privilege>
            </D:current-user-privilege-set>
            <D:resourcetype>
               <D:collection />
               <vcard-collection xmlns="http://groupdav.org/"; />
               <addressbook xmlns="urn:ietf:params:xml:ns:carddav" />
               <directory xmlns="urn:ietf:params:xml:ns:carddav" />
            </D:resourcetype>
            <D:displayname>GAL madjix.ch</D:displayname>
         </D:prop>
      </D:propstat>
   </D:response>
</D:multistatus>

The same for SmarterMail DAV:
HTTP/1.1 207 Multi-Status
Content-Type: text/xml; charset=utf-8
Vary: Accept-Encoding
X-Robots-Tag: noindex
Strict-Transport-Security: max-age=0
Date: Tue, 07 Jun 2022 03:38:46 GMT
Content-Length: 1883

<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:">
  <D:response>
    <D:href>/WebDAV/ab/</D:href>
    <D:propstat>
      <D:status>HTTP/1.1 200 OK</D:status>
      <D:prop>
        <D:current-user-privilege-set>
          <D:privilege>
            <D:read />
            <D:write />
            <D:write-properties />
            <D:write-content />
          </D:privilege>
        </D:current-user-privilege-set>
        <D:resourcetype>
          <D:collection />
        </D:resourcetype>
        <D:displayname>madjik@cybermind.ch</D:displayname>
      </D:prop>
    </D:propstat>
  </D:response>
  <D:response>
    <D:href>/WebDAV/ab/gal/</D:href>
    <D:propstat>
      <D:status>HTTP/1.1 200 OK</D:status>
      <D:prop>
        <D:resourcetype>
          <D:collection />
          <B:addressbook xmlns:B="urn:ietf:params:xml:ns:carddav" />
        </D:resourcetype>
        <D:displayname>Global Address List</D:displayname>
      </D:prop>
    </D:propstat>
    <D:propstat>
      <D:status>HTTP/1.1 404 Not Found</D:status>
      <D:prop>
        <D:current-user-privilege-set />
      </D:prop>
    </D:propstat>
  </D:response>
  <D:response>
    <D:href>/WebDAV/ab/a111198aa81c4e2aa34bba03351d921b/</D:href>
    <D:propstat>
      <D:status>HTTP/1.1 200 OK</D:status>
      <D:prop>
        <D:current-user-privilege-set>
          <D:privilege>
            <D:read />
            <D:write />
            <D:write-properties />
            <D:write-content />
          </D:privilege>
        </D:current-user-privilege-set>
        <D:resourcetype>
          <D:collection />
          <B:addressbook xmlns:B="urn:ietf:params:xml:ns:carddav" />
        </D:resourcetype>
        <D:displayname>Contacts</D:displayname>
      </D:prop>
    </D:propstat>
  </D:response>
</D:multistatus>

I've highligted in bold the part that is about the GAL on both XML. On SmarterMail response we can see there is a 404 returned. Probably the source of the issue.

Is TbSync requesting a property that is not available on The GAL resource on SmarterMail ?

More precisely I would say the:

<D:current-user-privilege-set />
property seems to result to a 404 on SmarterMail GAL's.

Shouldn't it return some kind of "read-only" privilege-set on GAL (instead of 404'ing the request)


Kind regards.
Sébastien Riccio
System & Network Admin

0
Sébastien Riccio Replied
Hello again,

We unfortunately have an additionnal issue here with DAV.

After our customer was able to configure TbSync (without GAL...) he reported that creating a contact in his linked adressbook from Thunderbird result in an error. The contact cannot be saved on the server.

I did a test myself and had the same result.

Here is the TbSync when it tries to add the contact on the server:

URL:
https://mail01.somemailserver.com/WebDAV/ab/a111198aa81c4e2aa34bba03351d921b/054f780d-22d4-4daf-9803-75e9d48c33f3.vcf (PUT)

Request:
BEGIN:VCARD
FN:Michel Jordan
N:Jordan;Michel;;;
EMAIL;TYPE=HOME:michel@jordan.com
UID:99274624-49e2-447e-911b-ee68482fc538
VERSION:3.0
END:VCARD

Response:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">;
<html xmlns="http://www.w3.org/1999/xhtml">;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header">
<h1>Server Error</h1>
</div>
<div id="content">
 <div class="content-container">
<fieldset>
  <h2>403 - Forbidden: Access is denied.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset>
</div>
</div>
</body>
</html>

The server returns a 403 "You do not have permission to view this directory or page using the credentials that you supplied", like if the user had only read access on his address book.

I tried the same test with an account on our "mailcow" server and it works correctly.... 

This is kinda an urgent matter :/

Kind regards.


Sébastien Riccio
System & Network Admin

0
Matt Petty Replied
Employee Post
Can you double check that user's folders.json file and verify that a111198aa81c4e2aa34bba03351d921b is in the file, and is the correct contact folder?
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Sébastien Riccio Replied
Hello Matt,

You mean for the contact creation issue with TbSync ? (there is two different issue in the thread)

It's a test user I created for troubleshooting our customer issue, but he's having the same issue with his own account. The addressbook can be read successfully but creating contacts fails.


I see no anomalies in these users `folders.json` and the strange thing is that the issue is _not_ occuring with emClient.
On the other hand with TbSync it works flawlessly against another server type using sOGO as DAV endpoint.

It also works correctly when I'm replicating what TbSynd is doing but using curl:

madjik@prism:~ 130 $ curl --user 'user:pass' -s -X PUT -H "If-None-Match: *" -H "Content-Type: text/vcard; charset=utf-8" -sD /dev/stderr -T /dev/stdin https://mail01.swisscenter.com/WebDAV/ab/a111198aa81c4e2aa34bba03351d921b/6e39f1c9-64f1-4bdd-8e2a-8429f57ffb7d.vcf <<-EOF
BEGIN:VCARD
FN:Jean Robert
N:Robert;Jean;;;
EMAIL;TYPE=HOME:jean.robert@gmail.com
UID:b9f06c98-d35f-479d-bb17-eae29da50872
VERSION:3.0
END:VCARD
EOF
Result:

HTTP/2 201 
x-robots-tag: noindex
strict-transport-security: max-age=0
date: Tue, 07 Jun 2022 14:38:30 GMT
content-length: 0
But when TbSync is doing the exact same thing, a 403 is returned, so I don't know what to tthink.

Maybe if you have some time to test if you can reproduce the issue on your side with latest stable Thunderbird + TbSync.

It requires you to add the TbSync extension with DAV support in thunderbird, connect your user's addressbook to it and create a contact from TB.

Kind regards.
Sébastien Riccio
System & Network Admin

0
Sébastien Riccio Replied
As additional info, I tested the same thing with Thunderbird + TbSync + SmarterMail in my OSX VM and the same issue (contact creation) occurs:

Sébastien Riccio
System & Network Admin

0
Zach Sylvester Replied
Employee Post
Hello Everyone, 

Sébastien openned a ticket for this issue and I was able to replicate this problem with the GAL. This has been escalated to the developers. As such I have marked this post as being fixed. 

Thank you, 
Zach Sylvester
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Sébastien Riccio Replied
Hello Zach,

I also just read a feedback from Tony for the contact creation issue from TB/TbSync he was also able to replicate.

Kind regards
Sébastien Riccio
System & Network Admin

1
Sébastien Riccio Replied
Just adding a little note here.

It's seems that Thunderbird 91+ has also built-in support for CardDAV without the need to use TbSync, however the same issue occurs when trying to add a new contact. (403 error)

I've updated the ticket with logs and screenshots about it.

Kind regards.
Sébastien Riccio
System & Network Admin

2
Andrea Free Replied
Employee Post
Hi all, 

I'm happy to report that this issue has been resolved! The fix is available in a release candidate build and will be released to the public soon. If you would like the release candidate build now, please submit a support ticket. 

Andrea Free
SmarterTools Inc.
877-357-6278

www.smartertools.com

1
Sébastien Riccio Replied
Hello,

After installing the RC, I can confirm both issues addressed here seems to be resolved.

Thanks a lot.
Sébastien Riccio
System & Network Admin

Reply to Thread