Dropbox integration admin guide

Revision as of 06:37, 10 May 2023 by Barry de Graaff (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Zimbra Dropbox integration Admin Guide

This guide will take you through the steps to set-up the Dropbox integration in Zimbra. Once you have completed the steps in this guide you can follow the end-user guide at https://wiki.zimbra.com/wiki/Dropbox_integration_end_user_guide for the final OAuth set-up.

Create a Dropbox Application (OAuth)

To be able to use the Dropbox integration you have to create a Dropbox account, the basic free plan will work with this integration.

Go to https://www.dropbox.com/developers/apps/ and click create app:

001-create-app.png

Configure the app using Scoped access, select Full Dropbox access and give your app a unique name and click Create App:

002-app-settings.png

Once your app is created go to the Settings tab and configure your Redirect URL:

Put your Zimbra domains under Chooser/saver domains section.

003-app-config2.png

In the app Permissions tab select the following scopes:

  • account_info.write
  • account_info.read
  • files.metadata.write
  • files.metadata.read
  • files.content.write
  • files.content.read
  • sharing.write
  • sharing.read
  • file_requests.write
  • file_requests.read
  • contacts.write
  • contacts.read

And click submit:

004-set-scope.png

In the Branding tab you can set optional App description and icon.

Go back to the settings tab and: Click Enable additional users so that others may authorize with the app. Then copy the App key and App secret for configuring Zimbra.

005-get-key.png

Setting up Zimbra

From the command line run the following command to install the Dropbox Zimlet:

apt install -y zimbra-zimlet-dropbox

From the command line as the user zimbra run the following commands:

zmprov mcf +zimbraOAuthConsumerRedirectUri 'https://PUT-YOUR-ZIMBRA-SERVER-DOMAIN-HERE/service/extension/oauth2/authenticate/dropbox:dropbox'
zmprov mcf +zimbraOAuthConsumerCredentials 'PUT-APP-KEY-HERE:PUT-APP-SECRET-HERE:dropbox'

Finally restart mailbox to load the Zimlet by running as user zimbra:

zmmailboxdctl restart

SameSite Cookie restriction and Dropbox OAuth

In case you have configured Zimbra to use a Strict same site cookie restriction, this has to be reverted by running the following command as user zimbra:

/opt/zimbra/bin/zmlocalconfig -e zimbra_same_site_cookie=""

Typically if the same site cookie restriction is set to Strict the user will see a login screen after allowing Zimbra to access the Dropbox app. But even after signing on again the Dropbox integration will not be activated. In the mailbox log (/opt/zimbra/log/mailbox.log) you will see the following:

2023-05-10 05:21:36,776 ERROR [qtp2138564891-84:https://mail.zimbra.tech/service/extension/oauth2/authenticate/dropbox?code=ihvIiCKLSO4AAAAAAAAAGBTxfo_wGZg3VngTnK6f24g&state=%2Fmodern%2FdropboxAuthCompleted%3Bnoop] [] extensions - An oauth application error occurred. : permission denied: 401: must authenticate

For debugging purpose you can copy/paste the URL from the log, to the browser of the authenticated user to activate the app. If this works, it means you have not unset the same site cookie restriction correctly or you have a cache issue. Restart Zimbra and flush the browser cache and try again.

An OAuth application error has occurred

This error will be shown in case the OAuth scope on the Dropbox app is not set or does not have all the required access rights, add at least the 12 mentioned in the steps above.

Connect Zimbra with Dropbox and use the integration

These steps have to be done by each end-user (only once) and are described in: https://wiki.zimbra.com/wiki/Dropbox_integration_end_user_guide

Jump to: navigation, search