One thing to keep in mind is that the websocket sync is not straightforward to set up with vaultwarden and the proxy. If you don’t have it working, then your client does not necessarily sync on every change.

Maybe this is related to this, with sync not being performed by the client you were using for modification?

I don’t know if there is any specific utilities for that. You can always export your settings and reimplement them in lldap: this should be doable with a python script.

I never really understand why LDAP was so complicated. There must be needs in big setups that I am aware of but strangely I always found it not intuitive.

It supports a proper sync (my wife’s shared events do show up on my phone and I can modify them there) and the address book is specific to each user by default, but you can create shared address books as well. Again, that is synced two ways.

For LDAP, by default nextcloud only reads it. But you can enable LDAP writing as well.

I do this with nextcloud (and lldap for the user management). Though that could probably be overkill for just contacts and calendars.

I’ll provide an ELI5, though if you actually want to use it you’ll have to go beyond ELI5.

You contact a web service via a combination of IP address and port. For the sake of simplicity, we can assume that domain name is equivalent to IP address. You can then compare domain name/port with street name/street number: you need both to actually find someone. By default, some street numbers are really standard, like 443 is for regular encrypted connection. But you can have any service on any street number, it’s just less nice and less standard. This is usually done on closed networks.

Now what happens if you have a lot of services and you want all of them reachable at address 443? Well basically you are now in the same situation as a business building with a lobby. Whenever you want to contact a service, you go to 443, ask the reception what floor they are in, and they will direct you there. The reception desk is your proxy: just making sure you talk to the right people.

I did consider it, and I have not cancelled the old one yet. But that becomes more expensive than migrating to the higher end plan without CG NAt of the provider.

Indeed, the way they did that makes me quite angry. But at the same time, that’s 1Gbps vs 20Mbps upload, and I was struggling with the limitation when working from home sometimes. The one one is also cheaper so if the tunneling option works without too much pain, I’d be willing to give it a go.