[pkg-kolab] Bug#375431: kolabd: Few updates to README.Debian
Shri Shrikumar
shri at kraya.co.uk
Sun Jun 25 22:16:07 UTC 2006
Package: kolabd
Severity: minor
Tags: patch
Hiya,
I retrieved the latest version of README.Debian from svn and made a few updates as I was working through it.
I have attached a patch as well as the full new file.
Please feel free to get in touch if there is anything you wish to discuss.
Thanks & Best Wishes,
Shri
-------------- next part --------------
--- README.Debian.bak 2006-06-25 19:37:29.000000000 +0100
+++ README.Debian 2006-06-25 23:09:53.000000000 +0100
@@ -7,7 +7,11 @@
1. Install this kolabd package with all dependencies
----------------------------------------------------
-# apt-get install postfix postfix-tls kolabd
+# apt-get install postfix kolabd
+
+note that if you had ntp installed - this will remove that package. To prevent that, use:
+
+# apt-get install postfix kolabd ntp
kolabd should depend on all needed packages.
@@ -46,7 +50,7 @@
defaultsearchbase "dc=example,dc=com"
-require none
+#require none
# we need v2 for the php scripts
allow bind_v2
@@ -56,7 +60,6 @@
database bdb
cachesize 2000
-checkpoint 512 10
idlcachesize 10000
idletimeout 10 # The value can be increased if some clients develop problems.
# Please report to kolab-devel at kolab.org if you encounter such a client.
@@ -67,6 +70,8 @@
rootdn "cn=manager,cn=internal,dc=example,dc=com"
rootpw "PASSWORD"
+checkpoint 512 10
+
replica uri=ldap://127.0.0.1:9999
binddn="cn=replicator"
bindmethod=simple
@@ -86,39 +91,39 @@
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by * none stop
-access to attr=userPassword
+access to attrs=userPassword
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" =wx
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" =wx
by self =wx
by anonymous =x
by * none stop
-access to attr=mail
+access to attrs=mail
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
-access to attr=alias
+access to attrs=alias
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
-access to attr=uid
+access to attrs=uid
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
-access to attr=cyrus-userquota
+access to attrs=cyrus-userquota
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by self read stop
-access to attr=kolabHomeServer
+access to attrs=kolabHomeServer
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
-access to attr=kolabHomeMTA
+access to attrs=kolabHomeMTA
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
@@ -181,6 +186,7 @@
2.2
+- replace all references in the above file to "dc=example,dc=com" to your own
- Stop the LDAP server: "/etc/init.d/slapd stop"
- Backup your LDAP data in: /var/lib/ldap/
- Delete old LDAP data: "rm /var/lib/ldap/*"
@@ -234,6 +240,8 @@
Please make sure that you change "PASSWORD" to your manager password
(with the example .ldif it is "credativ").
+You will also need to change references to "dc=example,dc=com" to your own
+
3.3 Start the saslauthd: "/etc/init.d/saslauthd start"
-----------------------------------------------------------------------------------------
@@ -264,8 +272,8 @@
append
--8<--
-kolabfilter unix - n n - - pipe user=nobody flags=n argv=/usr/bin/php
- -c /etc/php4/cli/php.ini
+kolabfilter unix - n n - - pipe user=nobody flags=n argv=/usr/bin/php5
+ -c /etc/php5/cli/php.ini
-f /usr/share/kolab-resource-handlers/kolabfilter.php
--
-h host
@@ -273,8 +281,8 @@
-r ${recipient}
-c ${client_address}
-kolabmailboxfilter unix - n n - - pipe user=nobody flags=n argv=/usr/bin/php
- -c /etc/php4/cli/php.ini
+kolabmailboxfilter unix - n n - - pipe user=nobody flags=n argv=/usr/bin/php5
+ -c /etc/php5/cli/php.ini
-f /usr/share/kolab-resource-handlers/kolabmailboxfilter.php
--
-h host
@@ -290,12 +298,14 @@
add
--8<--
+
# maps
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual, ldap:ldapdistlist, ldap:ldapvirtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport, ldap:ldaptransport
+local_transport = kolabmailboxfilter
mailbox_transport = kolabmailboxfilter
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
@@ -348,6 +358,7 @@
--8<--
note: PASSWORD is the cleartext password of the nobody user in the LDAP
+(with the example .ldif it is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
Please make also sure that the mydestination variable is set right.
Kolab will look at it and it is not enough to enter localhost, so please
@@ -364,7 +375,7 @@
5.3 /etc/postfix/sasl/smtpd.conf
-create the directory /etc/postfix/sasl/
+create the directory /etc/postfix/sasl/ (This already exists in testing)
/etc/postfix/sasl/smtpd.conf
--8<--
@@ -391,6 +402,13 @@
calendar_pw : PASSWORD
--8<--
+Remember to change "dc=example,dc=com" to your one and to change
+the manager password and the nobody password.
+
+TODO: What is the password for calendar meant to be?
+(with the example .ldif manager password is "credativ")
+(with the example .ldif nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
+
-----------------------------------------------------------------------------------------
7. Resource Manager
@@ -408,6 +426,8 @@
$params['calendar_pass'] = 'PASSWORD';
$params['freebusy_url'] = 'https://server.example.com/freebusy/${USER}.xfb';
+remember to change PASSWORD to the nobody password
+(with the example .ldif nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
-----------------------------------------------------------------------------------------
8. FreeBusy
@@ -443,6 +463,9 @@
extension=domxml.so
extension=ldap.so
+You will also need to add the above lines to
+/etc/php5/cli/php.ini
+
-----------------------------------------------------------------------------------------
8. Apache and PHP
@@ -463,7 +486,7 @@
restart Apache2: "/etc/init.d/apache2 restart"
-9. Adminfrontend
+9. Admin frontend
--------------
If you need it install "apt-get install kolab-webadmin" and configure
@@ -476,11 +499,58 @@
$_SESSION['php_dn'] = "cn=nobody,cn=internal,dc=example,dc=com";
$_SESSION['php_pw'] = "PASSWORD";
+remember to change PASSWORD to the nobody password
+(with the example .ldif nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
+
+10. Enabling SSL
+--------------
+
+If you are planning to use the Toltech Outlook connector, you will also need to enable
+TLS with Cyrus.
+
+openssl req -new -nodes -out req.pem -keyout key.pem
+openssl rsa -in key.pem -out new.key.pem
+openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999
+
+cp new.key.pem /etc/ssl/certs/cyrus.pem
+rm new.key.pem
+cat ca-cert >> /etc/ssl/certs/cyrus.pem
+
+chown cyrus:mail /etc/ssl/certs/cyrus.pem
+chmod 600 /etc/ssl/certs/cyrus.pem # Your key should be protected
+
+edit /etc/imapd.conf and change the following lines
+
+tls_ca_file: /etc/ssl/certs/cyrus.pem
+tls_cert_file: /etc/ssl/certs/cyrus.pem
+tls_key_file: /etc/ssl/certs/cyrus.pem
+
+
+
+11. Updating this document
+--------------
+
+To update this document, you need to download it from svn first.
+
+svn co svn://svn.debian.org/pkg-kolab/trunk/kolabd/debian/
+
+This will create a folder called debian which will include this README.Debian file.
+
+Make a backup copy of this file and edit it with any changes.
+
+Do a diff of the two files using
+
+diff -u README.Debian.bak README.Debian > patch
+
+provide this patch in a bug-report.
+
-----------------------------------------------------------------------------------------
There is a partly adjusted bootstrap for Debian but its not working 100%
at /usr/share/kolabd/kolab_bootstrap
Patches to make this bootstrap working 100% are very welcome!:)
+-----------------------------------------------------------------------------------------
+
-- No?l K?the, noel at debian.org Fri, 24 Feb 2006 14:05:53 +0100
-------------- next part --------------
Documentation to install Kolab on Debian
The latest version of this document can be found at:
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/README.Debian?op=file&rev=0&sc=0
1. Install this kolabd package with all dependencies
----------------------------------------------------
# apt-get install postfix kolabd
note that if you had ntp installed - this will remove that package. To prevent that, use:
# apt-get install postfix kolabd ntp
kolabd should depend on all needed packages.
-----------------------------------------------------------------------------------------
2. Configure LDAP
-----------------
2.1 /etc/ldap/slapd.conf (file mode 0640)
replace the file with this content:
--8<--
# Loading of backend modules
modulepath /usr/lib/ldap
moduleload back_bdb
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
#include /usr/share/kolabd/schema/rfc2739.schema
include /usr/share/kolabd/schema/kolab2.schema
pidfile /var/run/slapd/slapd.pid
replica-pidfile /var/run/slapd/slurpd.pid
argsfile /var/run/slapd.args
replogfile /var/lib/ldap/replog
replicationinterval 5
schemacheck on
#TLSCertificateFile /etc/kolab/cert.pem
#TLSCertificateKeyFile /etc/kolab/key.pem
rootDSE /etc/kolab/rootDSE.ldif
defaultsearchbase "dc=example,dc=com"
#require none
# we need v2 for the php scripts
allow bind_v2
loglevel 256
#database monitor
database bdb
cachesize 2000
idlcachesize 10000
idletimeout 10 # The value can be increased if some clients develop problems.
# Please report to kolab-devel at kolab.org if you encounter such a client.
suffix "dc=example,dc=com"
directory /var/lib/ldap/
rootdn "cn=manager,cn=internal,dc=example,dc=com"
rootpw "PASSWORD"
checkpoint 512 10
replica uri=ldap://127.0.0.1:9999
binddn="cn=replicator"
bindmethod=simple
credentials=secret
index objectClass pres,eq
index uid approx,sub,pres,eq
index mail approx,sub,pres,eq
index alias approx,sub,pres,eq
index cn approx,sub,pres,eq
index sn approx,sub,pres,eq
index givenName approx,sub,pres,eq
index kolabHomeServer pres,eq
index member pres,eq
access to dn.subtree="cn=Monitor"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by * none stop
access to attrs=userPassword
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" =wx
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" =wx
by self =wx
by anonymous =x
by * none stop
access to attrs=mail
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
access to attrs=alias
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
access to attrs=uid
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
access to attrs=cyrus-userquota
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by self read stop
access to attrs=kolabHomeServer
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
access to attrs=kolabHomeMTA
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
access to dn="cn=nobody,dc=example,dc=com"
by anonymous auth stop
access to dn="cn=manager,cn=internal,dc=example,dc=com"
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by self write
by anonymous auth stop
access to dn="cn=admin,cn=internal,dc=example,dc=com"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by self write
by anonymous auth stop
access to dn="cn=maintainer,cn=internal,dc=example,dc=com"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" read
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by self write
by anonymous auth stop
access to dn.regex="(.*,)?cn=internal,dc=example,dc=com"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by self write
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by anonymous auth stop
access to dn.regex="(.*,)?cn=external,dc=example,dc=com"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
access to dn="cn=external,dc=example,dc=com"
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by * search stop
access to dn="cn=internal,dc=example,dc=com"
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by * search stop
access to dn="k=kolab,dc=example,dc=com"
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" read
by dn="cn=nobody,cn=internal,dc=example,dc=com" read
by * none stop
access to *
by self write
by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
by * read stop
#include /etc/ldap/slapd.replicas
--8<--
2.2
- replace all references in the above file to "dc=example,dc=com" to your own
- Stop the LDAP server: "/etc/init.d/slapd stop"
- Backup your LDAP data in: /var/lib/ldap/
- Delete old LDAP data: "rm /var/lib/ldap/*"
- Import LDAP Data: "slapadd < yourkolabldapdata"
note: we need to make an example ldapfile
- Start the LDAP server again: "/etc/init.d/slapd start"
An example for the "yourkolabldapdata" can be found here:
/usr/share/doc/kolabd/examples/slapcat.example.com.gz
http://svn.debian.org/wsvn/pkg-kolab/trunk/kolabd/debian/slapcat.example.com?op=file&rev=0&sc=0
The passwords for the manager and users are "credativ" and for
the nobody user "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR"
-----------------------------------------------------------------------------------------
3. Configure SASL:
------------------
3.1 /etc/default/saslauthd change to
--8<--
# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="ldap"
--8<--
3.2 /etc/saslauthd.conf (file mode 600)
--8<--
ldap_auth_method: bind
ldap_bind_dn: cn=manager,cn=internal,dc=example,dc=com
ldap_bind_pw: PASSWORD
ldap_deref: always
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))
ldap_restart: yes
ldap_scope: sub
ldap_search_base: dc=example,dc=com
ldap_servers: ldap://127.0.0.1:389
ldap_time_limit: 15
ldap_timeout: 15
ldap_version: 3
--8<--
Please make sure that you change "PASSWORD" to your manager password
(with the example .ldif it is "credativ").
You will also need to change references to "dc=example,dc=com" to your own
3.3 Start the saslauthd: "/etc/init.d/saslauthd start"
-----------------------------------------------------------------------------------------
4. cyrus
--------
4.1 /etc/imapd.conf
configure the option "loginrealms:" with your Kolab Domain. For example:
loginrealms: example.com
4.2 create mailboxes
# cyradm --user manager localhost
IMAP Password:
localhost> cm user/userc at example.com
localhost>
-----------------------------------------------------------------------------------------
5. postfix
----------
5.1 /etc/postfix/master.cf
append
--8<--
kolabfilter unix - n n - - pipe user=nobody flags=n argv=/usr/bin/php5
-c /etc/php5/cli/php.ini
-f /usr/share/kolab-resource-handlers/kolabfilter.php
--
-h host
-s ${sender}
-r ${recipient}
-c ${client_address}
kolabmailboxfilter unix - n n - - pipe user=nobody flags=n argv=/usr/bin/php5
-c /etc/php5/cli/php.ini
-f /usr/share/kolab-resource-handlers/kolabmailboxfilter.php
--
-h host
-s ${sender}
-r ${recipient}
-c ${client_address}
--8<--
note: using sarge you have to comment out the two "-c ${client_address}"
because postfix 2.1 doesn't support this. postfix 2.2 does.
5.2 /etc/postfix/main.cf
add
--8<--
# maps
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual, ldap:ldapdistlist, ldap:ldapvirtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport, ldap:ldaptransport
local_transport = kolabmailboxfilter
mailbox_transport = kolabmailboxfilter
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
broken_sasl_auth_clients = yes
# LDAP Alias support
ldapvirtual_server_host = ldap://127.0.0.1:389
ldapvirtual_search_base = dc=example,dc=com
ldapvirtual_query_filter = (&(!(kolabDeleteFlag=*))(|(alias=%s)(mail=%s)))
ldapvirtual_result_attribute = mail
ldapvirtual_result_filter = %s
ldapvirtual_search_timeout = 15
ldapvirtual_scope = sub
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=nobody,cn=internal,dc=example,dc=com
ldapvirtual_bind_pw = PASSWORD
ldapvirtual_version = 3
# LDAP Distributionlist support
ldapdistlist_server_host = ldap://127.0.0.1:389
ldapdistlist_search_base = dc=example,dc=com
ldapdistlist_domain = $mydestination
ldapdistlist_query_filter = (&(objectClass=kolabGroupOfNames)(!(kolabDeleteFlag=*))(mail=%s))
ldapdistlist_special_result_attribute = member
ldapdistlist_exclude_internal = yes
ldapdistlist_result_attribute = mail
ldapdistlist_result_filter = %s
ldapdistlist_search_timeout = 15
ldapdistlist_scope = sub
ldapdistlist_bind = yes
ldapdistlist_bind_dn = cn=nobody,cn=internal,dc=example,dc=com
ldapdistlist_bind_pw = PASSWORD
ldapdistlist_version = 3
# LDAP Transport for multilocation support
ldaptransport_server_host = ldap://127.0.0.1:389
ldaptransport_search_base = dc=example,dc=com
ldaptransport_query_filter = (&(mail=%s)(objectClass=kolabInetOrgPerson)(!(kolabHomeServer=$myhostname)))
ldaptransport_result_attribute = kolabHomeServer
ldaptransport_result_filter = smtp:[%s]
ldaptransport_search_timeout = 15
ldaptransport_scope = sub
ldaptransport_bind = yes
ldaptransport_bind_dn = cn=nobody,cn=internal,dc=example,dc=com
ldaptransport_bind_pw = PASSWORD
ldaptransport_version = 3
--8<--
note: PASSWORD is the cleartext password of the nobody user in the LDAP
(with the example .ldif it is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
Please make also sure that the mydestination variable is set right.
Kolab will look at it and it is not enough to enter localhost, so please
use a valid name (e.g. your real hostname).
Also the options inet_interfaces and mydestination have to be configured for your
enviroment.
If you don't have the files for the options canonical_maps, virtual_maps, relocated_maps
and/or transport_maps then remove them or create empty one:
# touch /etc/postfix/{canonical,virtual,relocated,transport}
# postmap /etc/postfix/{canonical,virtual,relocated,transport}
5.3 /etc/postfix/sasl/smtpd.conf
create the directory /etc/postfix/sasl/ (This already exists in testing)
/etc/postfix/sasl/smtpd.conf
--8<--
pwcheck_method: saslauthd
mech_list: plain login
--8<--
6. kolabd
---------
configure /etc/kolab/kolab.conf
--8<--
fqdnhostname : kolab.example.com
is_master : true
base_dn : dc=example,dc=com
bind_dn : cn=manager,cn=internal,dc=example,dc=com
bind_pw : PASSWORD
ldap_uri : ldap://127.0.0.1:389
ldap_master_uri : ldap://127.0.0.1:389
php_dn : cn=nobody,cn=internal,dc=example,dc=com
php_pw : PASSWORD
calendar_dn : cn=calendar,cn=internal,dc=example,dc=com
calendar_pw : PASSWORD
--8<--
Remember to change "dc=example,dc=com" to your one and to change
the manager password and the nobody password.
TODO: What is the password for calendar meant to be?
(with the example .ldif manager password is "credativ")
(with the example .ldif nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
-----------------------------------------------------------------------------------------
7. Resource Manager
-------------------
configure in /etc/kolab/resmgr.conf the options:
$params['server'] = 'kolabserver.example.com';
$params['email_domain'] = 'example.com';
$params['ldap_uri'] = 'ldap://localhost';
$params['base_dn'] = 'dc=example,dc=com';
$params['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
$params['bind_pw'] = 'PASSWORD';
$params['calendar_user'] = 'calendar@'.$params['email_domain'];
$params['calendar_pass'] = 'PASSWORD';
$params['freebusy_url'] = 'https://server.example.com/freebusy/${USER}.xfb';
remember to change PASSWORD to the nobody password
(with the example .ldif nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
-----------------------------------------------------------------------------------------
8. FreeBusy
-----------
configure in /etc/kolab/freebusy.conf the options:
$params['server'] = 'kolabserver.example.com';
$params['ldap_uri'] = 'ldap://127.0.0.1:389';
$params['base_dn'] = 'dc=example,dc=com';
$params['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
$params['bind_pw'] = 'PASSWORD';
$params['log'] = 'file:/var/log/kolab/freebusy.log';
// What level of output should we log? Higher levels give more verbose output.
// One of: RM_LOG_SILENT; RM_LOG_ERROR; RM_LOG_WARN; RM_LOG_INFO or RM_LOG_DEBUG.
$params['log_level'] = RM_LOG_DEBUG;
we need some files from Horde and the easiest way is to create this link:
# ln -sf /usr/share/horde3/lib/Horde /usr/share/php/
If you are runing horde < 3.1 (e.g. horde 3.0 in sarge) you need to
patch an iCal file from horde.
FreeBusy uses functions from Horde to parse the XML parts in the calendar
emails.
# patch < /share/doc/kolabd/horde-sarge-iCal.patch
Be sure you have the following extensions enabled in php for freebusy:
/etc/php4/apache2/php.ini
...
extension=domxml.so
extension=ldap.so
You will also need to add the above lines to
/etc/php5/cli/php.ini
-----------------------------------------------------------------------------------------
8. Apache and PHP
-----------------
We need https for Freebusy so we need certificates. To create them use
"/usr/sbin/apache2-ssl-certificate" which is included in Apache2.
add "Listen 443" to /etc/apache2/ports.conf
link the Apache2 kolab config to your sites-available:
# ln -s /etc/kolab/apache2-kolab.conf /etc/apache2/sites-available/
enable this config
# a2ensite apache2-kolab.conf
restart Apache2: "/etc/init.d/apache2 restart"
9. Admin frontend
--------------
If you need it install "apt-get install kolab-webadmin" and configure
/etc/kolab-webadmin/session_vars.php
$_SESSION['fqdnhostname'] = "kolabserver.example.com";
$_SESSION['ldap_master_uri'] = "ldap://127.0.0.1:389";
$_SESSION['base_dn'] = "dc=example,dc=com";
$_SESSION['php_dn'] = "cn=nobody,cn=internal,dc=example,dc=com";
$_SESSION['php_pw'] = "PASSWORD";
remember to change PASSWORD to the nobody password
(with the example .ldif nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR")
10. Enabling SSL
--------------
If you are planning to use the Toltech Outlook connector, you will also need to enable
TLS with Cyrus.
openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999
cp new.key.pem /etc/ssl/certs/cyrus.pem
rm new.key.pem
cat ca-cert >> /etc/ssl/certs/cyrus.pem
chown cyrus:mail /etc/ssl/certs/cyrus.pem
chmod 600 /etc/ssl/certs/cyrus.pem # Your key should be protected
edit /etc/imapd.conf and change the following lines
tls_ca_file: /etc/ssl/certs/cyrus.pem
tls_cert_file: /etc/ssl/certs/cyrus.pem
tls_key_file: /etc/ssl/certs/cyrus.pem
11. Updating this document
--------------
To update this document, you need to download it from svn first.
svn co svn://svn.debian.org/pkg-kolab/trunk/kolabd/debian/
This will create a folder called debian which will include this README.Debian file.
Make a backup copy of this file and edit it with any changes.
Do a diff of the two files using
diff -u README.Debian.bak README.Debian > patch
provide this patch in a bug-report.
-----------------------------------------------------------------------------------------
There is a partly adjusted bootstrap for Debian but its not working 100%
at /usr/share/kolabd/kolab_bootstrap
Patches to make this bootstrap working 100% are very welcome!:)
-----------------------------------------------------------------------------------------
-- No?l K?the, noel at debian.org Fri, 24 Feb 2006 14:05:53 +0100
More information about the pkg-kolab-devel
mailing list