diff --git a/.editorconfig b/.editorconfig
index d1a6ce8..79c3128 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -27,3 +27,9 @@ indent_size = 4
 
 [*.ldif]
 indent_style = space
+
+[*.json]
+indent_style = space
+
+[*.php]
+indent_style = space
diff --git a/.gitignore b/.gitignore
index 3bc42b0..569a8ab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ dive.log
 *.env
 docker-compose.override.yml
 build.tags
+kopano-calendar-*/
diff --git a/docker-compose.yml b/docker-compose.yml
index 8a3b711..2ca25fc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -231,11 +231,13 @@ services:
     environment:
       - SERVICE_TO_START=grapi
       - TZ=${TZ}
-      - KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=false
+      - KCCONF_GRAPI_INSECURE=${INSECURE}
+      - KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=no
     env_file:
       - kopano_grapi.env
     networks:
       - kopano-net
+      - web-net
 
   kopano_kapi:
     image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
diff --git a/ldap_demo/README.md b/ldap_demo/README.md
index d0209a0..f971406 100644
--- a/ldap_demo/README.md
+++ b/ldap_demo/README.md
@@ -17,4 +17,4 @@ Additionally the ldap tree is also prepared for multiserver installations (also
 $ docker-compose -f examples/kopano-multiserver.yml up
 ```
 
-Demo users created in the demo ldap all have a password that is identical to the username, e.g. the password for `user1` user `user1`.
+Demo users created in the demo ldap all have a password that is identical to the username, e.g. the password for `user1` user `user1`. The user `user23 is setup to be an admin within Kopano.`
diff --git a/ldap_demo/bootstrap/ldif/demo-users.ldif b/ldap_demo/bootstrap/ldif/demo-users.ldif
index 0eb861a..ae2447e 100644
--- a/ldap_demo/bootstrap/ldif/demo-users.ldif
+++ b/ldap_demo/bootstrap/ldif/demo-users.ldif
@@ -4281,6 +4281,7 @@ objectClass: kopano-user
 uidNumber: 23
 userPassword:: dXNlcjIz
 kopanoAccount: 1
+kopanoAdmin: 1
 uid: user23
 mail: user23@{{ LDAP_DOMAIN }}
 kopanoAliases: Katarina@{{ LDAP_DOMAIN }}
diff --git a/owncloud/.gitignore b/owncloud/.gitignore
new file mode 100644
index 0000000..97981f2
--- /dev/null
+++ b/owncloud/.gitignore
@@ -0,0 +1,2 @@
+openidconnect
+phoenix
diff --git a/owncloud/99-ldap.sh b/owncloud/99-ldap.sh
index 495965e..ef867b7 100755
--- a/owncloud/99-ldap.sh
+++ b/owncloud/99-ldap.sh
@@ -22,6 +22,10 @@ occ ldap:set-config s01 ldapBase ${LDAP_SEARCH_BASE}
 occ ldap:set-config s01 ldapUserFilter "(|(objectclass=kopano-user))"
 occ ldap:set-config s01 ldapLoginFilter "(&(|(objectclass=kopano-user))(uid=%uid))"
 occ ldap:set-config s01 ldapGroupFilter "(&(|(objectclass=kopano-group)))"
+occ ldap:set-config s01 ldapEmailAttribute "mail"
+occ ldap:set-config s01 ldapExpertUUIDUserAttr "entryuuid"
+occ ldap:set-config s01 ldapUserDisplayName "cn"
+occ ldap:set-config s01 ldapUserFilter "(|(objectclass=posixAccount))"
 occ ldap:set-config s01 ldapConfigurationActive 1
 
 /usr/bin/occ user:sync -m disable "OCA\User_LDAP\User_Proxy"
diff --git a/owncloud/README.md b/owncloud/README.md
index 9d0f925..4db94cb 100644
--- a/owncloud/README.md
+++ b/owncloud/README.md
@@ -10,9 +10,9 @@ Example:
 COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:owncloud/owncloud.yml
 ```
 
-2. run `owncloud.sh` to create the required runtime variables in your `.env` file.
+2. change into the owncloud folder and run `owncloud.sh` to create the required runtime variables in your `.env` file.
 
-3. run `docker-compose up -d` and you will be able to log into `https://your-fqdn/owncloud`.
+3. change back into the root of the checkout and run `docker-compose up -d` and you will be able to log into `https://your-fqdn/owncloud`.
 
 ## Further tweaks
 
diff --git a/owncloud/config.json b/owncloud/config.json
new file mode 100644
index 0000000..b42c70e
--- /dev/null
+++ b/owncloud/config.json
@@ -0,0 +1,29 @@
+{
+  "server": "https://kopano.demo:2015/owncloud/",
+  "theme": "owncloud",
+  "version": "0.1.0",
+  "openIdConnect": {
+    "authority": "https://kopano.demo:2015/",
+    "client_id": "owncloud",
+    "client_secret": "owncloud",
+    "response_type": "id_token token",
+    "scope": "openid profile email"
+  },
+  "apps": [
+    "files"
+  ],
+  "menu": {
+    "items": [
+      {
+        "name": "Kopano Meet",
+        "url": "https://kopano.demo:2015/meet",
+        "iconMaterial": "hearing"
+      },
+      {
+        "name": "Kopano Webapp",
+        "url": "https://kopano.demo:2015/webapp/",
+        "iconMaterial": "transform"
+      }
+    ]
+  }
+}
diff --git a/owncloud/konnectd.config.php b/owncloud/konnectd.config.php
new file mode 100644
index 0000000..13e6f96
--- /dev/null
+++ b/owncloud/konnectd.config.php
@@ -0,0 +1,16 @@
+<?php
+$CONFIG = [
+  'loglevel' => 0,
+  'debug' => true,
+  'openid-connect' => [
+      'provider-url' => 'https://kopano.demo:2015',
+      'client-id' => 'ownCloud',
+      'client-secret' => 'ownCloud',
+      'loginButtonName' => 'kopano',
+      'autoRedirectOnLoginPage' => false,
+      'redirect-url' => 'https://kopano.demo:2015/owncloud/index.php/apps/openidconnect/redirect',
+      'mode' => 'email',
+      'search-attribute' => 'email',
+      'use-token-introspection-endpoint' => false
+  ],
+];
diff --git a/owncloud/owncloud-phoenix.yml b/owncloud/owncloud-phoenix.yml
new file mode 100644
index 0000000..2a77f37
--- /dev/null
+++ b/owncloud/owncloud-phoenix.yml
@@ -0,0 +1,8 @@
+version: "3.5"
+services:
+  owncloud:
+    volumes:
+      - ./owncloud/openidconnect/:/mnt/data/apps/openidconnect/
+      - ./owncloud/phoenix/:/mnt/data/apps/phoenix/
+      - ./owncloud/konnectd.config.php:/mnt/data/config/konnectd.config.php
+      - ./owncloud/config.json:/mnt/data/apps/phoenix/config.json
diff --git a/owncloud/owncloud.sh b/owncloud/owncloud.sh
index 6d1574e..7f5e970 100755
--- a/owncloud/owncloud.sh
+++ b/owncloud/owncloud.sh
@@ -4,8 +4,7 @@ set -euo pipefail
 IFS=$'\n\t'
 
 if ! command -v reg > /dev/null; then
-	echo "Please install reg in order to run this script."
-	exit 1
+	echo "Please install reg to list available tags. You can only press enter when being asked for a tag."
 fi
 
 if [ ! -e ../.env ]; then
@@ -33,7 +32,7 @@ random_string() {
 	hexdump -n 16 -v -e '/1 "%02X"' /dev/urandom
 }
 
-docker_tag_search () {
+docker_tag_search() {
 	image="$1"
 	results=$(reg tags "$image" 2> /dev/null)
 	echo "$results" | xargs -n1 | sort --version-sort -ru
@@ -63,7 +62,7 @@ selectWithDefault() {
 	[[ -n $index ]] && printf %s "${@: index:1}"
 }
 
-update_env_file () {
+update_env_file() {
 	varname="$1"
 	varvalue="$2"
 	if ! grep -q "$varname" ../.env; then
@@ -73,7 +72,7 @@ update_env_file () {
 	fi
 }
 
-tag_question () {
+tag_question() {
 	containername="$1"
 	value_default="$2"
 	description="$3"
@@ -94,6 +93,8 @@ update_env_file OWNCLOUD_ADMIN_USERNAME admin
 update_env_file OWNCLOUD_ADMIN_PASSWORD "$(random_string)"
 update_env_file MARIADB_ROOT_PASSWORD "$(random_string)"
 
+echo "Setup complete"
+
 if [ -e "$tmpfile" ]; then
 	rm "$tmpfile"
 fi
diff --git a/setup-update-tag.sh b/setup-update-tag.sh
index 8571e3d..9ae3d63 100755
--- a/setup-update-tag.sh
+++ b/setup-update-tag.sh
@@ -4,8 +4,7 @@ set -euo pipefail
 IFS=$'\n\t'
 
 if ! command -v reg > /dev/null; then
-	echo "Please install reg in order to run this script."
-	exit 1
+	echo "Please install reg to list available tags. You can only press enter when being asked for a tag."
 fi
 
 if [ ! -e ./.env ]; then
diff --git a/setup.sh b/setup.sh
index 6c79315..48e760b 100755
--- a/setup.sh
+++ b/setup.sh
@@ -92,7 +92,7 @@ if [ ! -e ./.env ]; then
 
 	value_default="kopano.demo"
 	read -r -p "FQDN to be used (for reverse proxy).
-	Hint: use port 2015 in case port 443 is already in use on the system.
+	Hint: use $value_default:2015 (with your actual FQDN) in case port 443 is already in use on the system (it has to be 443 or 2015, other ports will not work).
 	[$value_default]: " new_value
 	FQDN=${new_value:-$value_default}
 
diff --git a/web/kweb-calendar.cfg b/web/kweb-calendar.cfg
new file mode 100644
index 0000000..b1ba7fd
--- /dev/null
+++ b/web/kweb-calendar.cfg
@@ -0,0 +1,2 @@
+staticpwa /calendar /usr/share/kopano-calendar/calendar-webapp
+root /var/www/
diff --git a/web/kweb-override.yml b/web/kweb-override.yml
new file mode 100644
index 0000000..cd3575e
--- /dev/null
+++ b/web/kweb-override.yml
@@ -0,0 +1,10 @@
+version: "3.5"
+services:
+  web:
+    volumes:
+      - ./web/kweb-calendar.cfg:/etc/kweb-extras/kweb-calendar.cfg
+      - ./kopano-calendar-0.20.0/:/usr/share/kopano-calendar/
+      - ./kopano-calendar-0.20.0/config.json.in:/var/www/api/config/v1/kopano/calendar/config.json
+  kopano_grapi:
+    environment:
+      - KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=yes
diff --git a/web/kweb.cfg b/web/kweb.cfg
index 393ddd5..9fd5c08 100644
--- a/web/kweb.cfg
+++ b/web/kweb.cfg
@@ -220,4 +220,6 @@
 		try_duration 30s
 	}
 	folderish /owncloud
+
+	import /etc/kweb-extras/*
 }