From 51ee27f514589194ec3bb931f1d2cc13c3cc864c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= <unbrot@dtext.online>
Date: Sat, 2 May 2026 12:21:13 +0200
Subject: [PATCH] 0020_nextcloud_mozilla_pre: auto-provision Thunderbird IMAP
 account at logon

Fetches user_full_name (givenname + sn) and user_email from FreeIPA via
ipalib and writes them into the Thunderbird IMAP account prefs. Adds
ipalib availability check to logon_script.sh. Drops TB_MAIL_FULLNAME
config variable.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../0020_nextcloud_mozilla_pre/test_api.sh    | 14 ++++++
 .../0020_nextcloud_mozilla_pre/user_run.sh    | 45 +++++++++++--------
 config/setup_system.conf.dist                 |  1 -
 system_setup/logon_script.sh                  |  7 +++
 4 files changed, 48 insertions(+), 19 deletions(-)
 create mode 100755 client_software/0020_nextcloud_mozilla_pre/test_api.sh

diff --git a/client_software/0020_nextcloud_mozilla_pre/test_api.sh b/client_software/0020_nextcloud_mozilla_pre/test_api.sh
new file mode 100755
index 0000000..bf94cd5
--- /dev/null
+++ b/client_software/0020_nextcloud_mozilla_pre/test_api.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env python3
+from ipalib import api
+from os import environ
+
+api.bootstrap(context="cli", in_server=False)
+api.finalize()
+api.Backend.rpcclient.connect()
+
+result = api.Command.user_show(environ['USER'])
+user_email = result['result']['mail'][0]
+user_full_name = result['result']['givenname'][0] + " " + result['result']['sn'][0]
+print(result)
+print(f"user_email: {user_email}")
+print(f"user_full_name: {user_full_name}")
diff --git a/client_software/0020_nextcloud_mozilla_pre/user_run.sh b/client_software/0020_nextcloud_mozilla_pre/user_run.sh
index d561817..76c6304 100755
--- a/client_software/0020_nextcloud_mozilla_pre/user_run.sh
+++ b/client_software/0020_nextcloud_mozilla_pre/user_run.sh
@@ -12,6 +12,8 @@ import tarfile
 import shutil
 import os
 from os import environ
+#see FreeIPA APIs: https://freeipa.readthedocs.io/en/latest/api/basic_usage.html
+from ipalib import api
 # See https://pypi.org/project/webdavclient3/
 # needs pip install webdavclient3
 from webdav3.client import Client
@@ -79,6 +81,7 @@ if 'PROFILE_FIREFOX_SRC' in environ: # Check and setup mozilla
     #Next sync will be executed by logon script
 
 #Thunderbird first profile setup
+tb_profile_dir = environ['PROFILE_TB_DST'] + "/default"
 if 'PROFILE_TB_SRC' in environ: # Check and setup mozilla
   pathstr = environ['PROFILE_TB_SRC'] + "/default"
   if not client.check(pathstr):
@@ -94,8 +97,8 @@ if 'PROFILE_TB_SRC' in environ: # Check and setup mozilla
     client.execute_request("mkdir", "/" + pathstr)
     print("Done.")
     #Check and create local Folder
-    if not os.path.exists(environ['PROFILE_TB_DST'] + "/default"):
-      os.makedirs(environ['PROFILE_TB_DST'] + "/default")
+    if not os.path.exists(tb_profile_dir):
+      os.makedirs(tb_profile_dir)
     #First sync to initialise sync-db
     print("Call " + environ['SYSCONFIGPATH'] + "/system_setup/mozilla_starter.sh thunderbird sync")
     retstr = subprocess.call(['sh', environ['SYSCONFIGPATH'] + '/system_setup/mozilla_starter.sh', 'thunderbird', 'sync'])
@@ -111,11 +114,17 @@ if 'PROFILE_TB_SRC' in environ: # Check and setup mozilla
 if ('PROFILE_TB_DST' in environ and 'TLDOMAIN' in environ and
         'SERVERFQDN_IMAP' in environ and 'DAVTOKEN_USER' in environ):
   prefs_path = environ['PROFILE_TB_DST'] + "/default/prefs.js"
-  mail_user = environ['DAVTOKEN_USER'] + "@" + environ['TLDOMAIN']
-  mail_user_url = mail_user.replace('@', '%40')
   imap_host = environ['SERVERFQDN_IMAP']
-  full_name = environ.get('TB_MAIL_FULLNAME', environ['DAVTOKEN_USER'])
-  profile_dir = environ['PROFILE_TB_DST'] + "/default"
+  account_name = environ['DAVTOKEN_USER'] + "@" + environ['TLDOMAIN']
+
+  #Call IPA api to get the Values
+  api.bootstrap(context="cli", in_server=False)
+  api.finalize()
+  api.Backend.rpcclient.connect()
+  api_userinfo = api.Command.user_show(environ['DAVTOKEN_USER'])
+
+  user_full_name = api_userinfo['result']['givenname'][0] + " " + api_userinfo['result']['sn'][0]
+  user_email = api_userinfo['result']['mail'][0]
 
   if not os.path.exists(prefs_path):
     print("Thunderbird prefs.js not found, skipping mail account setup.")
@@ -124,13 +133,13 @@ if ('PROFILE_TB_DST' in environ and 'TLDOMAIN' in environ and
       prefs = f.read()
 
     account_exists = bool(re.search(
-      r'mail\.server\.server\d+\.userName",\s*"' + re.escape(mail_user) + '"',
+      r'mail\.server\.server\d+\.userName",\s*"' + re.escape(account_name) + '"',
       prefs
     ))
     if account_exists:
-      print(f"Thunderbird IMAP account for {mail_user} already configured.")
+      print(f"Thunderbird IMAP account {account_name} already configured.")
     else:
-      print(f"Adding Thunderbird IMAP account for {mail_user} ...")
+      print(f"Adding Thunderbird IMAP account {account_name} ...")
 
       server_nums  = [int(x) for x in re.findall(r'mail\.server\.server(\d+)\.type', prefs)]
       account_nums = [int(x) for x in re.findall(r'mail\.account\.account(\d+)\.server', prefs)]
@@ -144,28 +153,28 @@ if ('PROFILE_TB_DST' in environ and 'TLDOMAIN' in environ and
       new_lines = [
         f'user_pref("mail.server.{sn}.check_new_mail", true);',
         f'user_pref("mail.server.{sn}.cleanup_inbox_on_exit", true);',
-        f'user_pref("mail.server.{sn}.directory", "{profile_dir}/ImapMail/{imap_host}");',
+        f'user_pref("mail.server.{sn}.directory", "{tb_profile_dir}/ImapMail/{imap_host}");',
         f'user_pref("mail.server.{sn}.directory-rel", "[ProfD]ImapMail/{imap_host}");',
         f'user_pref("mail.server.{sn}.hostname", "{imap_host}");',
         f'user_pref("mail.server.{sn}.login_at_startup", true);',
         f'user_pref("mail.server.{sn}.max_cached_connections", 5);',
-        f'user_pref("mail.server.{sn}.name", "{mail_user}");',
+        f'user_pref("mail.server.{sn}.name", "{account_name}");',
         f'user_pref("mail.server.{sn}.port", 993);',
         f'user_pref("mail.server.{sn}.socketType", 3);',
         f'user_pref("mail.server.{sn}.storeContractID", "@mozilla.org/msgstore/maildirstore;1");',
         f'user_pref("mail.server.{sn}.timeout", 29);',
         f'user_pref("mail.server.{sn}.trash_folder_name", "Trash");',
         f'user_pref("mail.server.{sn}.type", "imap");',
-        f'user_pref("mail.server.{sn}.userName", "{mail_user}");',
-        f'user_pref("mail.identity.{idn}.draft_folder", "imap://{mail_user_url}@{imap_host}/Drafts");',
+        f'user_pref("mail.server.{sn}.userName", "{environ["DAVTOKEN_USER"]}");',
+        f'user_pref("mail.identity.{idn}.draft_folder", "imap://{environ["DAVTOKEN_USER"]}@{imap_host}/Drafts");',
         f'user_pref("mail.identity.{idn}.drafts_folder_picker_mode", "0");',
-        f'user_pref("mail.identity.{idn}.fcc_folder", "imap://{mail_user_url}@{imap_host}/Sent");',
+        f'user_pref("mail.identity.{idn}.fcc_folder", "imap://{environ["DAVTOKEN_USER"]}@{imap_host}/Sent");',
         f'user_pref("mail.identity.{idn}.fcc_folder_picker_mode", "0");',
-        f'user_pref("mail.identity.{idn}.fullName", "{full_name}");',
+        f'user_pref("mail.identity.{idn}.fullName", "{user_full_name}");',
         f'user_pref("mail.identity.{idn}.reply_on_top", 1);',
-        f'user_pref("mail.identity.{idn}.stationery_folder", "imap://{mail_user_url}@{imap_host}/Templates");',
+        f'user_pref("mail.identity.{idn}.stationery_folder", "imap://{environ["DAVTOKEN_USER"]}@{imap_host}/Templates");',
         f'user_pref("mail.identity.{idn}.tmpl_folder_picker_mode", "0");',
-        f'user_pref("mail.identity.{idn}.useremail", "{mail_user}");',
+        f'user_pref("mail.identity.{idn}.useremail", "{user_email}");',
         f'user_pref("mail.identity.{idn}.valid", true);',
         f'user_pref("mail.account.{an}.identities", "{idn}");',
         f'user_pref("mail.account.{an}.server", "{sn}");',
@@ -186,6 +195,6 @@ if ('PROFILE_TB_DST' in environ and 'TLDOMAIN' in environ and
       prefs = prefs.rstrip('\n') + '\n' + '\n'.join(new_lines) + '\n'
       with open(prefs_path, 'w') as f:
         f.write(prefs)
-      print(f"Thunderbird IMAP account for {mail_user} added successfully.")
+      print(f"Thunderbird IMAP account {account_name} added successfully.")
 
 sys.exit(0)
diff --git a/config/setup_system.conf.dist b/config/setup_system.conf.dist
index df0653f..6cb1fcd 100644
--- a/config/setup_system.conf.dist
+++ b/config/setup_system.conf.dist
@@ -80,7 +80,6 @@ if [ "$EUID" -ne 0 ]; then
 
   # Mail account auto-provisioning for DAVTOKEN_USER@TLDOMAIN in Thunderbird
   export SERVERFQDN_IMAP="imap.${TLDOMAIN}"  # IMAP server hostname (e.g. imap.strato.de)
-  export TB_MAIL_FULLNAME="${USER}"           # Display name written to the Thunderbird identity
 fi
 
 #Basic commons not needing change
diff --git a/system_setup/logon_script.sh b/system_setup/logon_script.sh
index 3dad6b2..a2431cb 100755
--- a/system_setup/logon_script.sh
+++ b/system_setup/logon_script.sh
@@ -18,11 +18,18 @@ if [ "$EUID" -eq 0 ]; then
 fi
 
 #Check for needed python-modules
+#For WEBDAV
 python -c "import webdav3">/dev/null 2>&1
 if [[ $? -ne 0 ]]; then
     echo "Installing pip module webdav3"
     pip install webdavclient3>/dev/null
 fi
+#For IPA (system package python3-ipaclient, cannot be pip-installed)
+python -c "import ipalib">/dev/null 2>&1
+if [[ $? -ne 0 ]]; then
+    echo "Error: python3-ipaclient is not installed. Please install it via: sudo dnf install python3-ipaclient"
+fi
+
 
 #TODO C: Check if Desktop is KDE/Plasma and support other Displays
 # Make kdesu use sudo