Password management

2014-08-21 update: current plan is to use KeePass because of great desktop & device integration and we'll later add better team management via Tiki


The selected solution: users will access and edit files via VPN, taking advantage of ClearOS's Flexshare feature. In the future, we will add a method to have offline copies of the files. We'll integrated Syncthing along with adding ClearOS Flexshares as a storage option for the Tiki File Gallery.

The info below is kept for historical reasons.

  • See: files vs web debate
  • Because this is so true:
  • Behind the scenes folder syncing
  • Mount as a local drive
  • Use LDAP like Seafile
  • Keep version history
  • ACLs
  • Check ClearOS file management with Flexshare
  • Access is important, but how important is sync? (Maybe work on remote desktop access instead?)
  • Windows-Mac-Linux at least, and ideally Android as well
  • Encryption
  • Ideally, tool helps users see what is out of sync (FreeFileSync is great at this)
  • Ideally, the same tool for sync & backup. Backup being a read / add only instance of the sync tool
  • In the Tiki Suite context, we control both the server and all the clients. Thus, we can / should take advantage of that. There are tools which do a great job to get around this limitation. For example, Duplicati is great for backups to any disk, but it can't do sync.
  • The main use case is a central server and everyone syncs there. But there can be use cases where P2P sync (as offered by SyncThing) is interesting.
    • A user could have data on a laptop synced between two virtual machines. They could be kept in sync locally without the network, and for the sync to the main server, the data is transferred only once.
    • Some users in an organization may need to manage large files (ex.: video) but they don't need this to be backed up to the central server.

Use cases

John has several devices

John has a desktop, a laptop, a tablet, a smart phone. He wants:
a) Files synchronized on all devices (with possible exclusion of bigger files on tablet & smart phone)
b) Secure web-access to all his files and the history
c) Access to version history doesn't need to be on each device but would be nice
d) Ideally, the capacity to share a large file with a 1-time click secret URL which hell share via IM or e-mail.
e) As John's devices are sometimes all at the same place: an offsite, automated, write-only, encrypted backup to a an online drive (like Duplicati does) with version history (a backup of the last n versions of each file or all versions since x months)
f) Nice to have: a tool to search within the content of all files

Hamed, Qiao and Susana work for 3 different companies.

The three companies are teaming up for a project so they need to collaborate on some files and since they work for different companies, they can't just use the office's shared folder/drive.

Every time someone updates a file, it should synchronize the copies of the others. All versions of the file should be for sure available on the server backup. And ideally, the last X versions would also be available on each user's computer. (Or maybe just keep local revisions and the last version from the server, so as to avoid retrieving a revision which has already been replaced by a newer version.)

Hamed, Qiao and Susana could very well work for the same company but not be happy with the shared folder/drive because it doesn't provide easy access to previous versions of the files. And thus, this solution would replace the shared folder/drive.

Potential setup

  • Default use case: all files are in central FlexShare, accessible via VPN
    • A personal folder for each user. Ex.: /home/firstname.lastname/
    • A folder for each team / project (set with Flexshare permissions)
  • Backups
    • Every file edit provokes a backup of the file to go to a read-only archive
    • Anyone who can see the original file can also see the backups. So everyone can edit files, but each revision is stored in a read-only mode so users can restore if need be. So if a client machine is compromised, it can't delete anything permanently.
  • Offline access or multiple computers
    • For users who need offline access or to sync between computer, a multi-way auto-sync process is implemented.
    • Same principal as above. Keep every single revision in read-only mode.


See: Syncthing




File managers


GNU Midnight Commander

Double Commander


Far Manager




LibreOffice has a lot of features, and most overlap with Tiki functionality

LibreOffice Writer Tiki Wiki engine and structures
LibreOffice Calc Tiki Spreadsheet
LibreOffice Impress Tiki Slideshow with jQuery.S5
LibreOffice Draw Tiki Draw with SVG-edit
LibreOffice Base Tiki Trackers
LibreOffice Math Tiki Math

In general, the desktop app (ex.: LibreOffice) will tend to be more powerful, and better to produce a printable version while the web app (ex.: Tiki) will make it easier to make web documents and to have multiple users collaborate (especially multilingual collaboration). Users will have to choose on a case-by-case basis which one to use and be made aware of the tradeoffs. With the File Gallery features (tags, categories, permissions, check-in, check-out, lock and WebDAV support), we'll minimizes the annoyances of the inherent limitation of file-based computing. On the other hand, with HTML5 and AJAX, we'll strive to make the web app experience better & better.

In any case, the transversal features such as unified search, fined-grained permissions, tags, categories, category transitions (for workflows) will work be it a Tiki spreadsheet or a Libre Office spreadsheet.

Newer organizations which are very collaborative and web-based may tend to create a lot of the new documents in Tiki. On the other hand, organizations with a lot of history will have a large number of files and they'll want to simply copy over to the new shared disk.

Thus, users can edit their .ODF files in LibreOffice via WebDAV. A Tiki plugin for LibreOffice could be made to do certain operations to a given document from within LibreOffice (just to avoid that the person edits a document and also needs to go via the web interface to add tags / change categories / etc.) At the very simplest, it could be "open the URL with the metadata about this file".

The other integration is to add WebODF support. When in the File Gallery, if it's a file format supported by WebODF, a drop down menu item "edit via browser" would appear. This is exactly what we do in Tiki7 when a .svg file is in the file gallery as it is editable in the browser via SVG-edit.

So the idea is to leverage the best cross-platform ODF editor now (LibreOffice), which covers PDF needs and is a familiar paradigm, while also having a fully Web way of doing things with WebODF. Users could choose to do most of the work with LibreOffice via WebDAV and use WebODF for reading and minor edits from a mobile device.

Over time, there will likely be some semi-automated ways to convert from one format to the other. For example, you may want to have ongoing collaboration with the Wiki and Structures, but every so often, export the document to LibreOffice to take advantage of page layout, pagination and PDF export. That is what the Tiki community does to generate a printable version of the documentation


Even if files are on the Tiki Suite server, we still want the double-click, edit and save experience of a desktop file. Via the File Server or via the File Gallery, binary files will be accessible via WebDAV. Thus, a WebDAV client is needed and Cyberduck is a nice app for Windows and Mac.

Please see: Cyberduck. License: GPL

(There is also the built in client in Mac OS's Finder, though it's not exactly as practical as Cyberduck, it is a no download alternative)

It's also nice for WebDAV access to Wiki Pages

Virtualization / Desktop as a Service / Provisioning

See also: Tiki Suite Desktop

This will be more & more important as Tiki Suite SaaS gets underway. Jitsi can do Desktop streaming and Provisioning. We also want a solution like GLPI and OCS Inventory NG



Realtime Communication (RTC)

Prosody (later replaced by Openfire Meetings) & Jitsi have been selected. Please see Jitsi. The info below is kept for historical reasons.

Real-time Communication (RTC) Webinar/Web Conferencing/Instant messaging and presence via XMPP/Jingle (Jabber)/SIP/VOIP/PBX/Desktop sharing



Ejabberd seems the defacto choice at the moment, it features complete LDAP integration, web ui and many other modules. All this with a massive online community and some heavy backing. It tromps Prosody, which lacks LDAP and web ui, for integration and OpenFire for scalability. It also handles XMPP Jingle protocol for voice-chat support. Prosody has a very active community and developement and might someday sooner rather than later fix the lack of LDAP support.



Despite the fairly active core of solutions for VoIP including Asterisk, FreeSwitch, Yate and sipXecs. sipXecs is the only one of those that offers full integration with LDAP and XMPP (Jingle, presence and IM). However, it lacks flexibility at the VoIP level. It offers a distribution install (distributed through BitTorrent only) based on CentOS. The project is supported by the SIPFoundry foundation and Ezuce company, but hasn’t been very active lately. On the contrary, FreeSwitch offers an extremely active community and developpment. As shown by Baracuda Network’s Cudatel IP PBX Hardware, it is gaining popularity in the business sector. FreeSwitch also has two main Web UI satellite project: BlueBox/2600hz and FusionPBX. The former being more mature, but the latter gaining in popularity and offering an Ubuntu based distribution. FreeSwitch has one true show stopper: it doesn’t offer LDAP integration (FusionPBX 3.3. now offers LDAP integration). Some people are claiming to be working on solutions, but nothing yet has emerged. It would however be possible to create an external real time bridge to LDAP/ActiveDirectory using mod_config_xml a web service configuration API. FreeSwitch runs off most major distributions, however it is packaged through a PPA under Ubuntu. LDAP Integration seems like it would be rather popular for FreeSwitch and something that would benefit a growing community. Asterisk is not to be ignored as it has a massive community and is by far the most used in the industry. It is quite flexible and capable, but definitely has its short comings.

Freeswitch GUIs (ex.: to install on top of BigBlueButton)

cdrwhite uses Asterisk + FreePBX + tftp-Server for phones

Bringing BigBlueButton and sipX VoIP Server together
SipXecs + Bigbluebutton