sogo installation guide
DESCRIPTION
Sogo installation manualTRANSCRIPT
-
InstallationandConfigurationGuideforversion2.2.9
-
InstallationandConfigurationGuideVersion2.2.9-September2014
Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-CoverTexts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense".
ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http://scripts.sil.org/OFL
CopyrightukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato".
CopyrightRaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLhttp://www.latofonts.com/http://levien.com/
-
iii
TableofContentsAbout thisGuide .............................................................................................................. 1Introduction ..................................................................................................................... 2
ArchitectureandCompatibility ................................................................................... 3SystemRequirements ........................................................................................................ 5
Assumptions ............................................................................................................. 5MinimumHardwareRequirements.............................................................................. 5OperatingSystemRequirements................................................................................ 6
Installation ....................................................................................................................... 8SoftwareDownloads ................................................................................................. 8Software Installation ................................................................................................. 8
Configuration ................................................................................................................. 10GNUstepEnvironmentOverview............................................................................. 10PreferencesHierarchy ............................................................................................. 10GeneralPreferences ................................................................................................ 11AuthenticationusingLDAP...................................................................................... 18LDAPAttributes Indexing ........................................................................................ 24LDAPAttributesMapping ........................................................................................ 24AuthenticatingusingC.A.S. ...................................................................................... 26AuthenticatingusingSAML2.................................................................................... 27DatabaseConfiguration ........................................................................................... 27AuthenticationusingSQL........................................................................................ 29SMTPServerConfiguration ..................................................................................... 31IMAPServerConfiguration ...................................................................................... 32WebInterfaceConfiguration.................................................................................... 34SOGoConfigurationSummary................................................................................. 40Multi-domainsConfiguration.................................................................................... 41ApacheConfiguration .............................................................................................. 43StartingServices ..................................................................................................... 44CronjobEMailreminders ...................................................................................... 44CronjobVacationmessagesexpiration................................................................... 45
ManagingUserAccounts ................................................................................................. 46CreatingtheSOGoAdministrativeAccount............................................................... 46CreatingaUserAccount ......................................................................................... 46
MicrosoftActiveSync ...................................................................................................... 48UsingSOGo ................................................................................................................... 50
SOGoWebInterface .............................................................................................. 50MozillaThunderbirdandLightning............................................................................ 50Apple iCal .............................................................................................................. 51AppleAddressBook ................................................................................................. 51MicrosoftActiveSync/MobileDevices..................................................................... 52
Upgrading ...................................................................................................................... 53Additional Information ..................................................................................................... 55CommercialSupportandContactInformation................................................................... 56
-
Chapter1
AboutthisGuide 1
AboutthisGuide
ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution. ItalsocoverstheinstallationandconfigurationofSOGoActiveSyncsupportthesolutionusedtosyn-chronizemobiledeviceswithSOGo.
Theinstructionsarebasedonversion2.2.9ofSOGo.
Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html.
http://www.sogo.nu/downloads/documentation.html
-
Chapter2
Introduction 2
Introduction
SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,andemailsthroughyourfavouriteWebbrowserandbyusinganativeclientsuchasMozillaThunderbirdandLightning.
SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreusesexistingIMAP,SMTPanddatabaseservers-makingthesolutioneasytodeployandinteroperablewithmanyapplications.
SOGofeatures:
Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers
RichWeb-based interface thatshares the lookandfeel, the featuresandthedataofMozillaThunderbirdandLightning
ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorandtheSOGoIntegrator
NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013
Two-way synchronization supportwith anyMicrosoftActiveSync-capable device, orOutlook2013
SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope.Moreinformationcanbefoundathttp://www.sogo.nu/
http://www.sogo.nu/
-
Chapter2
Introduction 3
ArchitectureandCompatibility
-
Chapter2
Introduction 4
StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocom-municatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoftActiveSyncprotocolarealsosupported.
ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGoNativeMicrosoftOutlookConfigurationGuide.
-
Chapter3
SystemRequirements 5
SystemRequirements
Assumptions
SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing:
Databaseserver(MySQL,PostgreSQLorOracle)
LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers)
SMTPserver(Postfix,Sendmailandothers)
IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers)
Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhostor127.0.0.1)thatSOGowillbeinstalledon.
GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo.Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentationandproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwiththisguide.
Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversionnumbers:
Databaseserver PostgreSQL7.4orlater
LDAPserver OpenLDAP2.3.xorlater
SMTPserver Postfix2.x
IMAPserver CyrusIMAPServer2.3.xorlater
Morerecentversionsofthesoftwarementionedabovecanalsobeused.
MinimumHardwareRequirements
Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobilede-vices:
Server Evaluationandtesting
Intel,AMD,orPowerPCCPU1GHz
-
Chapter3
SystemRequirements 6
512MBofRAM 1GBofdiskspace
Production
Intel,AMDorPowerPCCPU3GHz 2048MBofRAM 10GBofdiskspace(excludingthemailstore)
Desktop General
Intel,AMD,orPowerPCCPU1.5GHz 1024x768monitorresolution 512MBofRAM 128Kbpsorhighernetworkconnection
MicrosoftWindows
MicrosoftWindowsXPSP2orVista
AppleMacOSX
AppleMacOSX10.2orlater
Linux
YourfavouriteGNU/Linuxdistribution
MobileDevice AnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftAc-tiveSync.
OperatingSystemRequirements
Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo:
RedHatEnterpriseLinux(RHEL)Server5and6
CommunityENTerpriseOperatingSystem(CentOS)5and6
DebianGNU/Linux5.0(Lenny)to7.0(Wheezy)
Ubuntu10.04(Lucid)to14.04(Trusty)
Makesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunningbeforeproceedingwith theSOGoconfiguration.Alsomake sure that you can install additionalpackagesfromyourstandarddistribution.Forexample,ifyouareusingRedHatEnterpriseLinux5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftwareinstallation.
ThisdocumentcoverstheinstallationofSOGounderRHEL6.
ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteathttp://www.sogo.nu/.Under thedownloads section, youwill find links for installation steps forDebianandUbuntu.
http://www.sogo.nu/
-
Chapter3
SystemRequirements 7
NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefol-lowedinordertofullyconfigureSOGo.
-
Chapter4
Installation 8
Installation
ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.ThestepsdescribedhereapplytoanRPM-basedinstallationforaRedHatorCentOSdistribution.
SoftwareDownloads
SOGo can be installed using the+yum+utility. To do so, first create the /etc/yum.repos.d/inverse.repoconfigurationfilewiththefollowingcontent:
[SOGo]name=Inverse SOGo Repositorybaseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearchgpgcheck=0
SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge(previouslyknownasRPMforge).ToaddRepoForgetoyourpackagessources,downloadandinstalltheappropriateRPMpackagefromhttp://packages.sw.be/rpmforge-release/.Alsomakesureyouenabledthe"rpmforge-extras"repository.
FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/.
SoftwareInstallation
Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsde-pendencies.Todoso,proceedwiththefollowingcommand:
yum install sogo
ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached.Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitableforyourenvironment.Youneedtoinstallsope49-gdl1-postgresqlforthePostgreSQLdatabasesystem,sope49-gdl1-mysqlforMySQLorsope49-gdl1-oracleforOracle.Theinstallationcom-mandwillthuslooklikethis:
yum install sope49-gdl1-postgresql
http://packages.sw.be/rpmforge-release/http://repoforge.org/use/
-
Chapter4
Installation 9
Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit.
-
Chapter5
Configuration 10
Configuration
Inthissection,youlllearnhowtoconfigureSOGotouseyourexistingLDAP,SMTPanddatabaseservers.Aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveronwhichSOGoisbeinginstalled.Ifthisisnotthecase,pleaseadjusttheconfigurationparameterstoreflectthosechanges.
GNUstepEnvironmentOverview
SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationoftheOpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktopapplications.Amongthosefacilities,thereisaconfigurationAPIsimilartothe"Registry"paradigminMicrosoftWindows.InOpenSTEP,GNUstepandMacOSX,thesearecalledthe"userdefaults".
InSOGo, theusersapplicationssettingsarestored in/etc/sogo/sogo.conf.Youcanuseyourfavouritetexteditortomodifythefile.
Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes:arrays,dictionaries (orhashes), stringsandnumbers.Numbersare representedas-is, except forbooleanswhichcantaketheunquotedvaluesYESandNO.Stringsarenotmandatorilyquoted,butdoingsowillavoidyoumanyproblems.Adictionaryisasequenceofkeyandvaluepairsseparatedintheirmiddlewitha=sign.Itstartswitha\{andendswithacorresponding}.Eachvaluedefinitioninadictionaryendswithasemicolon.Anarrayisachainofvaluesstartingwith(andendingwith),wherethevaluesareseparatedwitha,.Also,thefilegenerallyfollowsaC-styleindentationforclaritybutthisindentationisnotrequired,onlyrecommended.Blockcommentsaredelimitedby/*and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//.
PreferencesHierarchy
SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofuserswithinoneinstallationofSOGo.Auserassociatedtoadomainislimitedtoaccessonlytheusersdatafromthesamedomain.Consequently,theconfigurationparametersofSOGoaredefinedonthreelevels:
-
Chapter5
Configuration 11
Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethede-faultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldo-mainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf,whiletheuserspreferencesareconfigurablebytheuserandstoredinSOGosdatabase.
Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviationsinthetablesofthisdocument:
S Parameterexclusivetothesystemandnotconfigurableperdomain
D Parameterexclusivetoadomainandnotconfigurableperuser
U Parameterconfigurablebytheuser
Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedataparentlevel.
GeneralPreferences
Thefollowingtabledescribesthegeneralparametersthatcanbeset:
S WOWorkersCount TheamountofinstancesofSOGothatwillbespawnedtohandlemultiplerequestssimulta-neously.Whenstartedfromtheinitscript,thatamountisoverridenbythePREFORKvaluein/etc/sysconfig/sogoor/etc/default/sogo.Avalueof3isareasonabledefaultforlowus-age.ThemaximumvaluedependsontheCPU
-
Chapter5
Configuration 12
andIOpowerprovidedbyyourmachine:aval-uesettoohighwillactuallydecreaseperfor-mancesunderhighload.
Defaultsto1whenunset.
S WOListenQueueSize Thisparametercontrolsthebacklogsizeofthesocketlistenqueue.Forlarge-scaledeploy-ments,thisvaluemustbeadjustedincaseallworkersarebusyandtheparentprocessesre-ceiveslotsofincomingconnections.
Defaultsto5whenunset.
S WOPort TheTCPlisteningaddressandportusedbytheSOGodaemon.Theformatisipaddress:port.
Defaultsto127.0.0.1:20000whenunset.
S WOLogFile Thefilepathwheretologmessages.Specify-tologtotheconsole.
Defaultsto/var/log/sogo/sogo.log.
S WOPidFile Thefilepathwheretheparentprocessidwillbewritten.
Defaultsto/var/run/sogo/sogo.pid.
S WOWatchDogRequestTimeout Thisparameterspecifiesthenumberofminutesafterwhichabusychildprocesswillbekilledbytheparentprocess.
Defaultsto10(minutes).
Donotsetthistoolowaschildprocessesre-plyingtoclientsonaslowinternetconnectioncouldbekilledprematurely.
S SxVMemLimit Parameterusedtosetthemaximumamountofmemory(inmegabytes)thatachildcanuse.Reachingthatvaluewillforcechildrenprocess-estorestart,inordertopreservesystemmem-ory.
Defaultsto384.
S SOGoMemcachedHost Parameterusedtosetthehostnameandop-tionallytheportofthememcachedserver.
ApathcanalsobeusediftheservermustbereachedviaaUnixsocket.
Defaultstolocalhost.
Seememcached_servers_parse(3)fordetailsonthesyntax.
S SOGoCacheCleanupInterval Parameterusedtosettheexpiration(insec-onds)ofeachobjectinthecache.
-
Chapter5
Configuration 13
Defaultsto300.
S SOGoAuthenticationType Parameterusedtodefinethewaybywhichuserswillbeauthenticated.ForC.A.S.,speci-fycas.ForSAML2,specifysaml2.Foranythingelse,leavethatvalueempty.
S SOGoTrustProxyAuthentication ParameterusedtosetwhetherHTTPuser-nameshouldbetrusted.
DefaultstoNOwhenunset.
S SOGoEncryptionKey ParameterusedtodefineakeytoencryptthepasswordsofremoteWebcalendarswhenSO-GoTrustProxyAuthenticationisenabled.
S SOGoCASServiceURL WhenusingC.A.S.authentication,thisspeci-fiesthebaseurlforreachingtheC.A.S.service.ThiswillbeusedbySOGotodeducetheprop-erloginpageaswellastheotherC.A.S.ser-vicesthatSOGowilluse.
S SOGoCASLogoutEnabled Booleanvalueindicatingwhetherthe"Logout"linkisenabledwhenusingC.A.S.asauthentica-tionmechanism.
The"Logout"linkwillendupcallingSOGo-CASServiceURL/logouttoterminatetheclientssinglesign-onC.A.S.session.
S SOGoAddressBookDAVAccessEnabled ParametercontrollingWebDAVaccesstotheContactscollections.Thiscanbeusedtode-nyaccesstotheseresourcesfromLightningforexample.
DefaultstoYESwhenunset.
S SOGoCalendarDAVAccessEnabled ParametercontrollingWebDAVaccesstotheCalendarcollections.
Thiscanbeusedtodenyaccesstothesere-sourcesfromLightningforexample.
DefaultstoYESwhenunset.
S SOGoSAML2PrivateKeyLocation ThelocationoftheSSLprivatekeyfileonthefilesystemthatisusedbySOGotosignanden-cryptcommunicationswiththeSAML2identityprovider.ThisfilemustbegeneratedforeachrunningSOGoservice(ratherthanhost).
S SOGoSAML2CertiticateLocation ThelocationoftheSSLcertificatefile.ThisfilemustbegeneratedforeachrunningSOGoser-vice.
S SOGoSAML2IdpMetadataLocation ThelocationofthemetadatafilethatdescribestheservicesavailableontheSAML2identifyprovider.
S SOGoSAML2IdpPublicKeyLocation ThelocationoftheSSLpublickeyfileonthefilesystemthatisusedbySOGotosignanden-
-
Chapter5
Configuration 14
cryptcommunicationswiththeSAML2identityprovider.Thisfileshouldbepartofthesetupofyouridentityprovider.
S SOGoSAML2IdpCertificateLocation ThelocationoftheSSLcertificatefile.Thisfileshouldbepartofthesetupofyouridentityprovider.
S SOGoSAML2LogoutEnabled Booleanvalueindicatedwhetherthe"Logout"linkisenabledwhenusingSAML2asauthenti-cationmechanism.
D SOGoTimeZone Parameterusedtosetadefaulttimezoneforusers.ThedefaulttimezoneissettoUTC.TheOlsondatabaseisastandarddatabasethattakesallthetimezonesaroundtheworldintoaccountandrepresentsthemalongwiththeirhistory.OnGNU/Linuxsystems,timezonede-finitionfilesareavailableunder/usr/share/zoneinfo.Listingtheavailablefileswillgiveyouthenameoftheavailabletimezones.ThiscouldbeAmerica/New_York,Europe/Berlin,Asia/TokyoorAfrica/Lubumbashi.
Inourexample,wesetthetimezonetoAmeri-ca/Montreal.
D SOGoMailDomain ParameterusedtosetthedefaultdomainnameusedbySOGo.SOGousesthisparametertobuildthelistofvalidemailaddressesforusers.
Inourexample,wesetthedefaultdomaintoacme.com.
D SOGoAppointmentSendEMailNotifications ParameterusedtosetwhetherSOGosendsornotemailnotificationstomeetingparticipants.Possiblevaluesare:
YEStosendnotifications NOtonotsendnotifications
DefaultstoNOwhenunset.
D SOGoFoldersSendEMailNotifications Sameasabove,butthenotificationsaretrig-geredonthecreationofacalendaroranad-dressbook.
D SOGoACLsSendEMailNotifications Sameasabove,butthenotificationsaresenttotheinvolvedusersofacalendaroraddressbooksACLs.
D SOGoCalendarDefaultRoles Parameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessacalendar.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofuptofivestrings.Eachstringdefiningaroleforaneventcatego-rymustbeginwithoneofthosevalues:
Public
-
Chapter5
Configuration 15
Confidential Private
Andeachstringmustendwithoneofthosevalues:
Viewer DAndTViewer Modifier Responder
Thearraycanalsocontainoneormanyofthefollowingstrings:
ObjectCreator ObjectEraser
Example:SOGoCalendarDefaultRoles = ("Ob-jectCreator", "PublicViewer");
Defaultstonorolewhenunset.Recommend-edvaluesarePublicViewerandConfidential-DAndTViewer.
D SOGoContactsDefaultRoles Parameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessanaddressbook.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofoneormanyofthefollowingstrings:
ObjectViewer ObjectEditor ObjectCreator ObjectEraser
Example:SOGoContactsDefaultRoles = ("Ob-jectEditor");
Defaultstonorolewhenunset.
D SOGoSuperUsernames Parameterusedtosetwhichusernamesrequireadministrativeprivilegesoveralltheusersta-bles.Forexample,thiscouldbeusedtoposteventsintheuserscalendarwithoutrequir-ingtheusertoconfigurehis/herACLs.Inthiscaseyouwillneedtospecifythosesuperusersusernameslikethis:SOGoSuperUsernames =([, , ...]);
U SOGoLanguage ParameterusedtosetthedefaultlanguageusedintheWebinterfaceforSOGo.Possiblevaluesare:
BrazilianPortuguese Czech Dutch English
-
Chapter5
Configuration 16
French German Hungarian Italian Russian Spanish Swedish Welsh
D SOGoNotifyOnPersonalModifications ParameterusedtosetwhetherSOGosendsornotemailreceiptswhensomeonechangeshis/herowncalendar.Possiblevaluesare:
YEStosendnotifications NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.
D SOGoNotifyOnExternalModifications ParameterusedtosetwhetherSOGosendsornotemailreceiptswhenamodificationisbeingdonetohis/herowncalendarbysomeoneelse.Possiblevaluesare:
YEStosendnotifications NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.
D SOGoLDAPContactInfoAttribute ParameterusedtospecifyanLDAPattributethatshouldbedisplayedwhenauto-completingusersearches.
D SOGoiPhoneForceAllDayTransparency WhensettoYES,thiswillforceall-dayeventssentoverbyiPhoneOSbaseddevicestobetransparent.Thismeansthattheall-dayeventswillnotbeconsideredduringfreebusylookups.
DefaultstoNOwhenunset.
S SOGoEnablePublicAccess Parameterusedtoallowornotyouruserstosharepublicly(ie.,requiringnotauthentication)theircalendarsandaddressbooks.
Possiblevaluesare:
YEStoallowthem NOtopreventthemfromdoingso
DefaultstoNOwhenunset.
S SOGoPasswordChangeEnabled ParameterusedtoallowornotuserstochangetheirpasswordsfromSOGo.
Possiblevaluesare:
YEStoallowthem NOtopreventthemfromdoingso
-
Chapter5
Configuration 17
DefaultstoNOwhenunset.
Forthisfeaturetoworkproperlywhenauthen-ticatingagainstADorSamba4,theLDAPcon-nectionmustuseSSL/TLS.Serversiderestric-tionscanalsocausethepasswordchangetofail,inwhichcaseSOGowillonlylogaCon-straintviolation(0x13)error.Theserestrictionsincludepasswordtooyoung,complexitycon-straintsnotsatisfied,usercannotchangepass-word,etcAlsonotethatSambahasamini-mumpasswordageof1daybydefault.
S SOGoSupportedLanguages ParameterusedtoconfigurewhichlanguagesareavailablefromSOGosWebinterface.Avail-ablelanguagesarespecifiedasanarrayofstring.
Thedefaultvalueis:( "Czech", "Welsh","English", "Spanish", "French", "Ger-man", "Italian", "Hungarian", "Dutch","BrazilianPortuguese", "Polish", "Russ-ian", Ukrainian", "Swedish" )
D SOGoHideSystemEMail ParameterusedtocontrolifSOGoshouldhideornotthesystememailaddress(UIDFieldName@SOGoMailDomain).ThisiscurrentlylimitedtoCalDAV(calendar-user-ad-dress-set).
DefaultstoNOwhenunset.
D SOGoSearchMinimumWordLength Parameterusedtocontroltheminimumlengthtobeusedforthesearchstring(attendeecom-pletion,addressbooksearch,etc.)priortrigger-ingtheserver-sidesearchoperation.
Defaultsto2whenunsetwhichmeansasearchoperationwillbetriggeredonthe3rdtypedcharacter.
S SOGoMaximumFailedLoginCount ParameterusedtocontrolthenumberoffailedloginattemptsrequiredduringSOGoMaximum-FailedLoginIntervalsecondsormore.Ifcondi-tionsaremet,theaccountwillbeblockedforSOGoFailedLoginBlockIntervalsecondssincethefirstfailedloginattempt.
Defaultvalueis0,ordisabled.
S SOGoMaximumFailedLoginInterval Numberofseconds,defaultsto10.
S SOGoFailedLoginBlockInterval Numberofseconds,defaultsto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.
S SOGoMaximumMessageSubmissionCount ParameterusedtocontrolthenumberofemailmessagesausercansendfromSOGosweb-
mailto:UIDFieldName@SOGoMailDomain
-
Chapter5
Configuration 18
mailinterface,toSOGoMaximumRecipientCount,inSOGoMaximumSubmissionIntervalsecondsormore.Ifconditionsaremetorexceeded,theuserwontbeabletosendmailsforSOGoMes-sageSubmissionBlockIntervalseconds.
Defaultvalueis0,ordisabled.
S SOGoMaximumRecipientCount Maximumnumberofrecipients.Defaultvalueis0,ordisabled.
S SOGoMaximumSubmissionInterval Numberofseconds,defaultsto30.
S SOGoMessageSubmissionBlockInterval Numberofseconds,defaultto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.
AuthenticationusingLDAP
SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks.SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_laterinthisdocument).Insertthefollowingtextintoyourconfigurationfiletoconfigureanauthen-ticationandglobaladdressbookusinganLDAPdirectoryserver:
SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; IMAPHostFieldName = mailHost; baseDN = "ou=users,dc=acme,dc=com"; bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = "ldap://127.0.0.1:389"; id = public; isAddressBook = YES; });
Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled.
Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,youcoulddefine,inyour.GNUstepDefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingtotheorganizationInversewithamailaddressandnotinactive:
filter = "(o='Inverse' AND mail='*' AND status 'inactive')";
-
Chapter5
Configuration 19
SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,youcanspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule:
displayName = "";isAddressBook = YES;
ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisanexample:
SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = sAMAccountName; baseDN = "cn=Users,dc=acme,dc=com"; bindDN = "cn=sogo,cn=Users,dc=acme,dc=com"; bindFields = (sAMAccountName); bindPassword = qwerty; canAuthenticate = YES; displayName = "Active Directory"; hostname = ldap://10.0.0.1:389; id = directory; isAddressBook = YES; });
Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.ThatvalueisfoundbydoingasearchonthefieldsspecifiedinbindFields.Mostofthetime,therewillbeonlyonefieldbutitispossibletospecifymoreintheformofanarray(forexample,bindFields = (sAMAc-countName, cn)).Whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname.Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountNameentryinalltheusercards,andoncethiscardisfound,theuserDNofthiscardwillbeusedforcheckingtheuserspassword.
Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthenticationsources(ie.,canAuthenticatemustbesettoYESandagroupmusthaveavalidemailaddress).InorderforSOGotodetermineifaspecificLDAPentryisagroup,SOGowill lookforoneofthefollowingobjectClassattributes:
group
groupOfNames
groupOfUniqueNames
posixGroup
YoucansetACLsbasedongroupmembershipand inviteagrouptoameeting (andthegroupwillbedecomposedtoitslistofmembersuponsavebySOGo).YoucanalsocontrolthevisibilityofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingtheisAddressBookparametertoYESorNO.ThefollowingLDAPentryshowshowatypicalgroupisdefined:
-
Chapter5
Configuration 20
dn: cn=inverse,ou=groups,dc=inverse,dc=caobjectClass: groupOfUniqueNamesobjectClass: topobjectClass: extensibleObjectuniqueMember: uid=alice,ou=users,dc=inverse,dc=cauniqueMember: uid=bernard,ou=users,dc=inverse,dc=cauniqueMember: uid=bob,ou=users,dc=inverse,dc=cacn: inversestructuralObjectClass: groupOfUniqueNamesmail: [email protected]
ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe:
{ type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = cn; baseDN = "ou=groups,dc=inverse,dc=ca; bindDN = "cn=sogo,ou=services,dc=inverse,dc=ca"; bindPassword = zot; canAuthenticate = YES; displayName = Inverse Groups; hostname = ldap://127.0.0.1:389; id = inverse_groups; isAddressBook = YES;}
ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource:
SOGoUserSources ParameterusedtosettheLDAPand/orSQLsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesanLDAPsourcecancontainthefollowingvalues:
type Thetypeofthisusersource,settoldap`foranLDAPsource.
id TheidentificationnameoftheLDAPreposi-tory.Thismustbeuniqueevenwhenusingmultipledomains.
CNFieldName Thefieldthatreturnsthecompletename.
IDFieldName ThefieldthatstartsauserDNifbindFieldsisnotused.ThisfieldmustbeuniqueacrosstheentireSOGodomain.
D
UIDFieldName Thefieldthatreturnstheloginnameofauser.
ThereturnedvaluemustbeuniqueacrossthewholeSOGoinstallationsinceitisusedtoidentifytheuserinthefolder_infodatabasetable.
-
Chapter5
Configuration 21
MailFieldNames Anarrayoffieldsthatreturnstheusersemailaddresses(defaultstomailwhenunset).
SearchFieldNames Anarrayoffieldstotomatchagainstthesearchstringwhenfilteringusers(defaultstosn,displayName,andtelephoneNumberwhenunset).
IMAPHostFieldName(optional) ThefieldthatreturnseitheranURItotheIMAPserverasdescribedforSOGoIMAPServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoIMAPServerpara-meter.
IMAPLoginFieldName(optional) ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstothevalueofUIDFieldNamewhenunset).
SieveHostFieldName(optional) ThefieldthatreturnseitheranURItotheSIEVEserverasdescribedforSOGoSieveServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoSieveServerpara-meter.
baseDN ThebaseDNofyouruserentries.
KindFieldName(optional) Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.
ForLDAP-basedsources,SOGocanalsoauto-maticallydetermineifitsaresourceiftheentryhasthecalendarresourceobjectClassset.
MultipleBookingsFieldName(optional) Thevalueofthisattributeisthemaximumnumberofconcurrenteventstowhichare-sourcecanbepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.
filter(optional) ThefiltertouseforLDAPqueries,itshouldbedefinedasanEOQualifier.Thefollowingopera-torsaresupported:
inequalityoperator =equalityoperator
MultiplequalifierscanbejoinedbyusingORandAND,theycanalsobegroupedtogetherbyusingparenthesis.Attributevaluesshouldbequotedtoavoidunexpectedbehaviour.
Forexample:filter ="(objectClass='mailUser' ORobjectClass='mailGroup') AND
-
Chapter5
Configuration 22
accountStatus='active' AND uid 'al-ice'";
scope(optional) EitherBASE,ONEorSUB.
bindDN TheDNoftheloginnametouseforbindingtoyourserver.
bindPassword Itspassword.
bindAsCurrentUser IfsettoYES,SOGowillalwayskeepbindingtotheLDAPserverusingtheDNofthecurrentlyauthenticateduser.IfbindFieldsisset,bindDNandbindPasswordwillstillberequiredtofindtheproperDNoftheuser.
bindFields(optional) Anarrayoffieldstousewhendoingindirectbinds.
hostname Aspace-delimitedlistofLDAPURLsorLDAPhostnames.
LDAPURLsarespecifiedinRFC4516andhavethefollowinggeneralformat:
scheme://host:port/DN?attributes?scope?filter?extensions
NotethatSOGodoesntcurrentlysupportDN,attributes,scopeandfilterinsuchURLs.Usingthemmayhaveundefinedsideeffects.
URLsexamples:
ldap://127.0.0.1:3389 ldaps://127.0.0.1 ldap://127.0.0.1/????!StartTLS
port(deprecated) PortnumberoftheLDAPserver.
Anon-defaultportshouldbepartoftheldapURLinthehostnameparameter.
encryption(deprecated) EitherSSLorSTARTTLS
SSLshouldbespecifiedasldaps://intheLDAPURL.STARTTLSshouldbespecifiedasaLDAPExtensionintheLDAPURL(e.g.ldap://127.0.0.1/????!StartTLS)
userPasswordAlgorithm ThealgorithmusedforpasswordencryptionwhenchangingpasswordswithoutPasswordPoliciesenabled.
Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants(plussettingoftheencodingwith.b64or.hex).
-
Chapter5
Configuration 23
Foramoredetaileddescriptionseehttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.
Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdatabase.
canAuthenticate IfsettoYES,thisLDAPsourceisusedforau-thentication
passwordPolicy IfsettoYES,SOGowillusetheextendedLDAPPasswordPoliciesattributes.IfyouLDAPserv-erdoesnotsupportthoseandyouactivatethisfeature,everyLDAPrequestswillfail.
isAddressBook IfsettoYES,thisLDAPsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.
displayName(optional) Ifsetasanaddressbook,thehumanidentifica-tionnameoftheLDAPrepository
ModulesConstraints(optional) Limitstheaccessofanymodulethroughacon-straintbasedonanLDAPattribute;mustbeadictionarywithkeysMail,and/orCalendar,forexample:
ModulesConstraints = { Calendar = { ou = employees; };};
mapping AdictionarythatmapscontactattributesusedbySOGototheLDAPattributesusedbytheschemaoftheLDAPsource.Eachentrymusthaveanattributenameaskeyandanarrayofstringsasvalue.Thisenablesactualfieldstobemappedoneafteranotherwhenfetchingcon-tactinformations.
SeetheLDAPAttributeMappingsectionbelowforanexampleandalistofsupportedattribut-es.
objectClasses Whenthemodifierslist(seebelow)isset,orwhenusingLDAP-baseduseraddressbooks(seeabOUbelow),thislistofobjectclasseswillbeappliedtonewrecordsastheyarecreated.
modifiers Alist(array)ofusernamesthatareauthorizedtoperformmodificationstotheaddressbookdefinedbythisLDAPsource.
http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes
-
Chapter5
Configuration 24
abOU ThisfieldenablesLDAP-baseduseraddressbooksbyspecifyingtheval-ueoftheaddressbookcontainerbe-neatheachuserentry,forexample:ou=addressbooks,uid=username,dc=domain.
The following parameters can be defined along the other keys of each entry of the SO-GoUserSources,butcanalsodefinedatthedomainand/orsystemlevels:
D SOGoLDAPContactInfoAttribute Parameterusedtospecifyanattributethatshouldappearinautocompletionofthewebin-terface.
D SOGoLDAPQueryLimit ParameterusedtolimitthenumberofreturnedresultsfromtheLDAPserverwheneverSO-GoperformsaLDAPquery(forexample,dur-ingaddressescompletioninasharedaddressbook).
D SOGoLDAPQueryTimeout ParametertodefinethetimeoutofLDAPqueries.Theactualtimelimitforoperationsisalsoboundedbythemaximumtimethattheserverisconfiguredtoallow.
Defaultsto0(unlimited).
LDAPAttributesIndexing
ToensureproperperformanceoftheSOGoapplication, thefollowingLDAPattributesmustbefullyindexed:
givenName
cn
mail
sn
Pleaserefertothedocumentationofthesoftwareyouuseinordertoindexthoseattributes.
LDAPAttributesMapping
SomeLDAPattributesaremappedtocontactsattributesintheSOGoUI.Thetablebelowlistmostofthem.Itispossibletooverridethesebyusingthemappingconfigurationparameter.
Forexample,iftheLDAPschemausesthefaxattributetostorethefaxnumber,onecouldmapittothefacsimiletelephonenumberattributelikethis:
-
Chapter5
Configuration 25
mapping = \{facsimiletelephonenumber = ("fax", "facsimiletelephonenumber");};
Name
First givenName
Last sn
DisplayName displayNameorcnorgivenName+sn
Nickname mozillanickname
Internet
Email mail
Secondaryemail mozillasecondemail
ScreenName nsaimid
Phones
Work telephoneNumber
Home homephone
Mobile mobile
Fax facsimiletelephonenumber
Pager pager
Home
Address mozillahomestreet+mozillahomestreet2
City mozillahomelocalityname
State/Province mozillahomestate
Zip/PostalCode mozillahomepostalcode
Country mozillahomecountryname
Webpage mozillahomeurl
Work
Title title
Department ou
Organization o
Address street+mozillaworkstreet2
City l
State/Province st
Zip/Postalcode postalCode
Country c
Webpage mozillaworkurl
Other
Birthday birthyear-birthmonth-birthday
Note description
-
Chapter5
Configuration 26
AuthenticatingusingC.A.S.
SOGonativelysupportsC.A.S.authentication.ForactivatingC.A.S.authenticationyouneedfirsttomakesurethattheSOGoAuthenticationType settingissettocasandthattheSOGoCASServiceURLsettingisconfiguredappropriately.
ThetrickypartshowsupwhenusingSOGoasafrontendinterfacetoanIMAPserverasthisimposesconstraintsneededbytheC.A.S.protocoltoensuresecurecommunicationbetweenthedifferentservices.Failingtotakethoseprecautionswillpreventusersfromaccessingtheirmails,whilestillgrantingbasicauthenticationtoSOGoitself.
ThefirstconstraintisthattheamountofworkersthatSOGousesmustbehigherthan1inordertoenabletheC.A.S.servicetoperformsomevalidationrequestsduringIMAPauthentication.Asingleworkeralonewouldnot,bydefinition,beabletorespondtotheC.A.S.requestswhiletreatingtheuserrequestthatrequiredthetriggeringofthoserequests.YoumustthereforeconfiguretheWOWorkersCountsettingappropriately.
ThesecondconstraintisthattheSOGoservicemustbeaccessibleandaccessedviahttps.More-over,thecertificateusedbytheSOGoserverhastoberecognizedandtrustedbytheC.A.S.ser-vice.Inthecaseofacertificateissuedbyathird-partyauthority,thereshouldbenothingtowor-ryabout.Inthecaseofaself-signedcertificate,thecertificatemustberegisteredinthetrustedkeystoreoftheC.A.S.application.Theproceduretoachievethiscanbesummarizedasimportingthecertificateintheproper"keystore"usingthekeytoolutilityandspecifyingthepathforthatkeystoretotheTomcatinstancewhichprovidestheC.A.S.service.Thisisdonebytweakingthejavax.net.ssl.trustStoresetting,eitherinthecatalina.propertiesfileorinthecommand-lineparameters.Ondebian,theSOGocertificatecanalsobeaddedtothetruststoreasfollows:
openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \ -out /tmp/sogo-cert.derkeytool -import -keystore /etc/ssl/certs/java/cacerts \ -file /tmp/sogo-cert.der -alias sogo-cert# The keystore password is 'changeit'# tomcat must be restarted after this operation
Thecertificateusedby theCASservermustalsobe trustedbySOGo. Incaseofaself-signedcertificate,thismeansexportingtomcatscertificateusingthe+keytool+utility,convertingittoPEMformatandappendingittotheca-certificates.crtfile(thenameandlocationofthatfilediffersbetweendistributions).Basically:
# export tomcat's cert to openssl formatkeytool -keystore /etc/tomcat7/keystore -exportcert -alias tomcat | \ openssl x509 -inform der >tomcat.pem
Enter keystore password: tomcat
# add the pem to the trusted certscp tomcat.pem /etc/ssl/certscat tomcat.pem >>/etc/ssl/certs/ca-certificates
-
Chapter5
Configuration 27
Ifanyofthoseconstraintsisnotsatisfied,thewebmailinterfaceofSOGowilldisplayanemptyemailaccount.Unfortunately,SOGohasnopossibilitytodetectwhichoneisthecauseoftheproblem.Theonlyindicatorsarelogmessagesthatatleastpinpointthesymptoms:
"failuretoobtainaPGTfromtheC.A.S.service"
SuchanerrorwillshowupduringauthenticationoftheusertoSOGo.Ithappenswhentheauthen-ticationservicehasacceptedtheuserauthenticationticketbuthasnotreturneda"ProxyGrantingTicket".
"aCASfailureoccurredduringoperation."
Thiserrorindicatethatanattemptwasmadetoretrieveanauthenticationticketforathird-partyservicesuchasIMAPorsieve.Mostofthetime,thishappensasaconsequencetotheproblemdescribedabove.Totroubleshoottheseissues,oneshouldbetailingcas.log,pamlogsandsogologs.
Currently,SOGowillaskforaCASticketusingthesameCASservicenameforbothIMAPandSieve.WhenCASifyingsieve,thismeansthatthe-sparameterof`pam_cas`shouldbethesameforbothIMAPandSieve,otherwisetheCASserverwillcomplain:
ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service [imap://myimapserverdoes not match supplied service [sieve://mysieveserver:2000]
Finally,whenusing imapproxytospeedupthe imapaccesses, theSOGoIMAPCASServiceNameshouldbesettotheactualimapservicenameexpectedbypam_cas,otherwiseitwillfailtoauthen-ticateincomingconnectionproperly.
AuthenticatingusingSAML2
SOGonativelysupportsSAML2authentication.Pleaserefertothedocumentationofyouridenti-typroviderandtheSAML2configurationkeysthatarelistedaboveforpropersetup.OnceaSO-Goinstanceisconfiguredproperly,themetadataforthatinstancecanberetrievedfromhttp:///SOGo/saml2-metadataforregistrationwiththeidentityprovider.
In order to relay authentication information to your IMAP server and if youmake use of theCrudeSAMLSASLplugin,youneedtomakesurethatNGImap4AuthMechanismisconfiguredtousetheSAMLmechanism.IfyoumakeuseoftheCrudeSAMLPAMplugin,thisvaluemaybeleftempty.
DatabaseConfiguration
SOGorequiresa relationaldatabasesystem inorder to storeappointments, tasksandcontactsinformation.ItalsousesthedatabasesystemtostorepersonalpreferencesofSOGousers.Inthisguide,weassumeyouusePostgreSQLsocommandsprovidedthecreatethedatabasearerelatedtothisapplication.However,otherdatabaseserversaresupported,suchasMySQLandOracle.
-
Chapter5
Configuration 28
First,makesurethatyourPostgreSQLserverhasTCP/IPconnectionssupportenabled.
Createthedatabaseuserandschemausingthefollowingcommands:
su # postgrescreateuser --no-superuser --no-createdb #-no-createrole \ #-encrypted --pwprompt sogo(specify sogo as password)createdb -O sogo sogo
Youshouldthenadjusttheaccessrightstothedatabase.Todoso,modifytheconfigurationfile/var/lib/pgsql/data/pg_hba.confinordertoaddthefollowinglineattheverybeginningofthefile:
host sogo sogo 127.0.0.1/32 md5
Onceadded,restartthePostgreSQLdatabaseservice.Then,modifytheSOGoconfigurationfile(/etc/sogo/sogo.conf)toreflectyourdatabasesettings:
SOGoProfileURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
Thefollowingtabledescribestheparametersthatwereset:
D SOGoProfileURL ParameterusedtosetthedatabaseURLsothatSOGocanretrieveuserprofiles.
ForMySQL,setthedatabaseURLtosomethinglike:mysql://sogo:sogo@localhost:3306/so-go/sogo_user_profile.
D OCSFolderInfoURL ParameterusedtosetthedatabaseURLsothatSOGocanretrievethelocationofuserfolders(addressbooksandcalendars).
ForOracle,setthedatabaseURLtosomethinglike:oracle://sogo:sogo@localhost:1526/so-go/sogo_folder_info.
D OCSSessionsFolderURL ParameterusedtosetthedatabaseURLsothatSOGocanstoreandretrievesecuredusersessionsinformation.ForPostgreSQL,thedata-baseURLcouldbesettosomethinglike:post-gresql://sogo:sogo@localhost:5432/so-go/sogo_sessions_folder.
D OCSEMailAlarmsFolderURL ParameterusedtosetthedatabaseURLforemail-basedalarms(thatcanbesetoneventsandtasks).Thisparameterisrel-evantonlyifSOGoEnableEMailAlarmsissettoYES.ForPostgreSQL,thedatabaseURLcouldbesettosomethinglike:post-
-
Chapter5
Configuration 29
gresql://sogo:sogo@localhost:5432/so-go/sogo_alarms_folder
Seethe"EMailreminders"sectioninthisdocu-mentformoreinformation.
IfyoureusingMySQL,makesureinyourmy.cnffileyouhave:
[mysqld]...character_set_server=utf8character_set_client=utf8
[client]default-character-set=utf8
[mysql]default-character-set=utf8
AuthenticationusingSQL
SOGocanuseaSQL-baseddatabaseserverforauthentication.TheconfigurationisverysimilartoLDAP-basedauthentication.
ThefollowingtabledescribesallthepossibleparametersrelatedtoaSQLsource:
SOGoUserSources ParameterusedtosettheSQLand/orLDAPsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesaSQLsourcecancontainthefollowingvalues:
type Thetypeofthisusersource,settosqlforaSQLsource.
id TheidentificationnameoftheSQLrepository.Thismustbeuniqueevenwhenusingmulti-pledomains.
D
viewURL DatabaseURLoftheviewusedbySOGo.Theviewexpectscolumnstobepresent.Requiredcolumnsare:
c_uid:[email protected]
c_name:willbeusedtouniquelyidentifyen-trieswhichcanbeidenticaltoc_uid
c_password:passwordoftheuser,plaintext,crypt,md5orshaencoded
c_cn:theuserscommonname mail:theusersemailaddress
mailto:[email protected]
-
Chapter5
Configuration 30
OthercolumnscanexistandwillactuallybemappedautomaticallyiftheyhavethesamenameaspopularLDAPattributes(suchasgivenName,sn,department,title,telepho-neNumber,etc.).
userPasswordAlgorithm Thedefaultalgorithmusedforpassworden-cryptionwhenchangingpasswords.Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5,ldap-md5,andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants.Passwordscanhavetheschemeprepend-edintheform{scheme}encryptedPass.
Ifnoschemeisgiven,userPasswordAlgo-rithmisusedinstead.Theschemeslistedabovefollowthealgorithmsdescribedinhttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.
Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdata-base.
prependPasswordScheme Thedefaultbehaviouristostorenewlysetpasswordswithoutthescheme(default:NO).ThiscanbeoverriddenbysettingtoYESandwillresultinpasswordsstoredas{scheme}encryptedPass.
canAuthenticate IfsettoYES,thisSQLsourceisusedforau-thentication.
isAddressBook IfsettoYES,thisSQLsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.
authenticationFilter(optional) Afilterthatlimitswhichuserscanauthenticatefromthissource.
displayName(optional) Ifsetasanaddressbook,thehumanidentifica-tionnameoftheSQLrepository.
LoginFieldNames(optional) Anarrayoffieldsthatspecifiesthecolumnnamesthatcontainvalidauthenticationuser-names(defaultstoc_uidwhenunset).
MailFieldNames(optional) Aanarrayoffieldsthatspecifiesthecolumnnamesthatholdadditionalemailaddresses(be-sidethemailcolumn)foreachuser.
IMAPHostFieldName(optional) ThefieldthatreturnstheIMAPhostnamefortheuser.
IMAPLoginFieldName(optional) ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstoc_uidwhenunset).
http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes
-
Chapter5
Configuration 31
SieveHostFieldName(optional) ThefieldthatreturnstheSievehostnamefortheuser.
KindFieldName(optional) Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.
MultipleBookingsFieldName(optional) Thevalueofthisfieldisthemaximumnumberofconcurrenteventstowhicharesourcecanbepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.
DomainFieldName(optional) Ifset,SOGowillusethevalueofthatfieldasthedomainassociatedtotheuser.
SeetheMulti-domainsConfigurationsectioninthisdocumentformoreinformation.
HereisanexampleofanSQL-basedauthenticationandaddressbooksource:
SOGoUserSources =( { type = sql; id = directory; viewURL = "postgresql://sogo:[email protected]:5432/sogo/sogo_view"; canAuthenticate = YES; isAddressBook = YES; userPasswordAlgorithm = md5; });
Certaindatabasecolumnsmustbepresentintheview/table,suchas:
c_uidwillbeusedforauthenticationitstheusernameorusername@domain.tld
c_namewhichcanbeidenticaltoc_uidwillbeusedtouniquelyidentifyentries
c_passwordpasswordoftheuser,plain-text,md5orshaencodedfornow
c_cntheuserscommonnamesuchas"JohnDoe"
mailtheusersmailaddress
NotethatgroupsarecurrentlynotsupportedforSQL-basedauthenticationsources.
SMTPServerConfiguration
SOGomakesuseofaSMTPservertosendemailsfromtheWebinterface, iMIP/iTIPmessagesandvariousnotifications.
mailto:[email protected]
-
Chapter5
Configuration 32
Thefollowingtabledescribestherelatedparameters.
D SOGoMailingMechanism ParameterusedtosethowSOGosendsmailmessages.Possiblevaluesare:
sendmailtousethesendmailbinary smtptousetheSMTPprotocol
D SOGoSMTPServer TheDNSnameorIPaddressoftheSMTPserverusedwhenSOGoMailingMechanismissettosmtp.
D SOGoSMTPAuthenticationType ActivateSMTPauthenticationandspecifieswhichtypeisinuse.Current,onlyPLAINissup-portedandothervalueswillbeignored.
S WOSendMail Thepathofthesendmailbinary.
Defaultsto/usr/lib/sendmail.
D SOGoForceExternalLoginWithEmail Parameterusedtospecifyif,whenloggingintotheSMTPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:
YES NO
DefaultstoNOwhenunset.
IMAPServerConfiguration
SOGorequiresanIMAPserverinordertoletusersconsulttheiremailmessages,managetheirfold-ersandmore.
Thefollowingtabledescribestherelatedparameters.
U SOGoDraftsFolderName ParameterusedtosettheIMAPfoldernameusedtostoredraftsmessages.
DefaultstoDraftswhenunset.
Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Drafts.
U SOGoSentFolderName ParameterusedtosettheIMAPfoldernameusedtostoresentmessages.
DefaultstoSentwhenunset.
Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Sent.
U SOGoTrashFolderName ParameterusedtosettheIMAPfoldernameusedtostoredeletedmessages.
-
Chapter5
Configuration 33
DefaultstoTrashwhenunset.
Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Trash.
D SOGoIMAPCASServiceName ParameterusedtosettheCASservicename(URL)oftheimapservice.ThisisusefulifSO-GoisconnectingtotheIMAPservicethroughaproxy.Whenusingpam_cas,thisparametershouldbesettothesamevalueasthe-sargu-mentoftheimappamservice.
D SOGoIMAPServer ParameterusedtosettheDNSnameorIPad-dressoftheIMAPserverusedbySOGo.YoucanalsouseSSLorTLSbyprovidingavalueusinganURL,suchas:
imaps://localhost:993 imaps://localhost:143/?tls=YES
D SOGoSieveServer ParameterusedtosettheDNSnameorIPad-dressoftheSieve(managesieve)serverusedbySOGo.YoumustuseanURLsuchas:
sieve://localhost sieve://localhost:2000 sieve://localhost:2000/?tls=YES
NotethatTLSissupportedbutSSLisnot.
D SOGoSieveFolderEncoding ParameterusedtospecifywhichencodingisusedforIMAPfoldernamesinSievefilters.De-faultsto"UTF-7".Theotherpossiblevalueis"UTF-8".
U SOGoMailShowSubscribedFoldersOnly ParameterusedtospecifyiftheWebinter-faceshouldonlyshowsubscribedIMAPfold-ers.Possiblevaluesare:
YES NO
DefaultstoNOwhenunset.
D SOGoIMAPAclStyle ParameterusedtospecifywhichRFCtheIMAPserverimplementswithrespecttoACLs.Possi-blevaluesare:
rfc2086 rfc4314
Defaultstorfc4314whenunset.
D SOGoIMAPAclConformsToIMAPExt ParameterusedtospecifyiftheIMAPserverimplementstheInternetMessageAccessPro-tocolExtension.Possiblevaluesare:
YES NO
-
Chapter5
Configuration 34
DefaultstoNOwhenunset.
D SOGoForceExternalLoginWithEmail Parameterusedtospecifyif,whenloggingintotheIMAPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:
YES NO
DefaultstoNOwhenunset.
D SOGoMailSpoolPath Parameterusedtosetthepathwheretempo-raryemaildraftsarewritten.Ifyouchangethisvalue,youmustalsomodifythedailycronjobsogo-tmpwatch.
Defaultsto/var/spool/sogo.
S NGImap4ConnectionStringSeparator ParameterusedtosettheIMAPmailboxseparator.SettingthiswillalsohaveanimpactonthemailboxseparatorusedbySievefilters.
Thedefaultseparatoris/.
S NGImap4AuthMechanism TriggertheuseoftheIMAPAUTHENTICATEcommandwiththespecifiedSASLmechanism.Pleasenotethatfeaturemightbelimitedatthistime.
D NGImap4ConnectionGroupIdPrefix PrefixtoprependtonamesinIMAPACLtrans-actions,toindicatethenameisagroupnamenotausername.
RFC4314givesexampleswheregroupnamesareprefixedwith$.Dovecot,forone,followsthisscheme,andwill,forexample,applyper-missionsfor$adminstoallusersingroupad-minsintheabsenceofspecificpermissionsfortheindividualuser.
Thedefaultprefixis$.
WebInterfaceConfiguration
ThefollowingadditionalparametersonlyaffecttheWebinterfacebehaviourofSOGo.
S SOGoPageTitle ParameterusedtodefinetheWebpagetitle.
DefaultstoSOGowhenunset.
U SOGoLoginModule Parameterusedtospecifywhichmoduletoshowafterlogin.Possiblevaluesare:
-
Chapter5
Configuration 35
Calendar Mail Contacts
DefaultstoCalendarwhenunset.
S SOGoFaviconRelativeURL ParameterusedtospecifytherelativeURLofthesitefavion.
Whenunset,defaultstothefilesogo.icoun-derthedefaultwebresourcesdirectory.
S SOGoZipPath Parameterusedtospecifythepathofthezipbinaryusedtoarchivemessages.
Defaultsto/usr/bin/zipwhenunset.
D SOGoSoftQuotaRatio ParameterusedtochangethequotareturnedbytheIMAPserverbymultiplyingitbythespecifiedratio.Actsasasoftquota.Example:0.8.
U SOGoMailUseOutlookStyleReplies(notcur-rentlyeditableinWebinterface)
ParameterusedtosetifemailrepliesshoulduseOutlooksstyle.
DefaultstoNOwhenunset.
U SOGoMailListViewColumnsOrder(notcur-rentlyeditableinWebinterface)
ParameterusedtospecifythedefaultorderofthecolumnsfromtheSOGowebmailinterface.Theparameterisanarray,forexample:
SOGoMailListViewColumnsOrder = (Flagged, Attachment, Priority, From, Subject, Unread, Date, Size);
D SOGoVacationEnabled Parameterusedtoactivatetheeditionfromthepreferenceswindowofavacationmessage.
RequiresSievescriptsupportontheIMAPhost.
DefaultstoNOwhenunset.
Whenenablingthisparameter,onemustalsoenabletheassociatedcronjobin/etc/cron.d/sogoinordertoactivateautomaticvacationmessageexpiration.
SeetheCronjobVacationmessagesexpirationsectionbelowfordetails.
D SOGoForwardEnabled Parameterusedtoactivatetheeditionfromthepreferenceswindowofaforwardingemailaddress.RequiresSievescriptsupportontheIMAPhost.
DefaultstoNOwhenunset.
-
Chapter5
Configuration 36
D SOGoSieveScriptsEnabled Parameterusedtoactivatetheeditionfromthepreferenceswindowsofserver-sidemailfil-ters.RequiresSievescriptsupportontheIMAPhost.
DefaultstoNOwhenunset.
D SOGoMailPollingIntervals Parameterusedtodefinethemailpollinginter-vals(inminutes)availabletotheuser.Thepara-meterisanarraythatcancontainthefollowingnumbers:
1 2 5 10 20 30 60
Defaultstothelistabovewhenunset.
U SOGoMailMessageCheck Parameterusedtodefinethemailpollinginter-valatwhichtheIMAPserverisqueriedfornewmessages.Possiblevaluesare:
manually every_minute every_2_minutes every_5_minutes every_10_minutes every_20_minutes every_30_minutes once_per_hour
Defaultstomanuallywhenunset.
D SOGoMailAuxiliaryUserAccountsEnabled ParameterusedtoactivatetheauxiliaryIMAPaccountsinSOGo.WhensettoYES,userscanaddotherIMAPaccountsthatwillbevisiblefromtheSOGoWebmailinterface.
DefaultstoNOwhenunset.
U SOGoDefaultCalendar Parameterusedtospecifywhichcalendarisusedwhencreatinganeventoratask.Possiblevaluesare:
selected personal first
Defaultstoselectedwhenunset.
U SOGoDayStartTime Thehouratwhichthedaystarts(0through12).
Defaultsto8whenunset.
-
Chapter5
Configuration 37
U SOGoDayEndTime Thehouratwhichthedayends(12through23).
Defaultsto18whenunset.
U SOGoFirstDayOfWeek Thedayatwhichtheweekstartsintheweekandmonthviews(0through6).0indicatesSun-day.
Defaultsto0whenunset.
U SOGoFirstWeekOfYear Parameterusedtodefinedhowisidentifiedthefirstweekoftheyear.Possiblevaluesare:
January1 First4DayWeek FirstFullWeek
DefaultstoJanuary1whenunset.
U SOGoTimeFormat Theformatusedtodisplaytimeinthetimelineofthedayandweekviews.PleaserefertothedocumentationforthedatecommandorthestrftimeCfunctionforthelistofavailablefor-matsequence.
Defaultsto%H:%M.
U SOGoCalendarCategories Parameterusedtodefinethecategoriesthatcanbeassociatedtoevents.Thisparameterisanarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.
U SOGoCalendarDefaultCategoryColor Parameterusedtodefinethedefaultcolourofcategories.
Defaultsto#F0F0F0whenunset.
U SOGoCalendarEventsDefaultClassification Parameterusedtodefinedthedefaultclassifi-cationfornewevents.Possiblevaluesare:
PUBLIC CONFIDENTIAL PRIVATE
DefaultstoPUBLICwhenunset.
U SOGoCalendarTasksDefaultClassification Parameterusedtodefinedthedefaultclassifi-cationfornewtasks.Possiblevaluesare:
PUBLIC CONFIDENTIAL PRIVATE
DefaultstoPUBLICwhenunset.
U SOGoCalendarDefaultReminder Parameterusedtodefinedadefaultreminderfornewevents.Possiblevaluesare:
-
Chapter5
Configuration 38
-PT5M -PT10M -PT15M -PT30M -PT45M -PT1H -PT2H -PT5H -PT15H -P1D -P2D -P1W
D SOGoFreeBusyDefaultInterval Thenumberofdaystoincludeinthefreebusyinformation.Theparameterisanarrayoftwonumbers,thefirstbeingthenumberofdayspriortothecurrentdayandthesecondbeingthenumberofdaysfollowingthecurrentday.
Defaultsto(7, 7)whenunset.
U SOGoBusyOffHours Parameterusedtospecifyifoff-hoursshouldbeautomaticallyaddedtothefree-busyinfor-mation.Offhoursincludedweekendsandpe-riodscoveredbetweenSOGoDayEndTimeandSOGoDayStartTime .
DefaultstoNOwhenunset.
U SOGoMailMessageForwarding Themethodthemessageistobeforwarded.Possiblevaluesare:
inline attached
Defaultstoinlinewhenunset.
U SOGoMailCustomFullName Thestringtouseasfullnamewhencomposinganemail,ifSOGoMailCustomFromEnabledissetintheusersdomaindefaults.
Whenunset,thefullnamespecifiedintheusersourcesfortheuserisusedinstead.
U SOGoMailCustomEmail Thestringtouseasemailaddresswhencom-posinganemail,ifSOGoMailCustomFrom-Enabledissetintheusersdomaindefaults.Whenunset,theemailspecifiedintheusersourcesfortheuserisusedinstead.
U SOGoMailReplyPlacement Thereplyplacementwithrespecttothequotedmessage.Possiblevaluesare:
above below
Defaultstobelow.
-
Chapter5
Configuration 39
U SOGoMailReplyTo Theemailaddresstouseinthereply-tohead-erfieldwhentheusersendsamessage.
Ignoredwhenempty.
U SOGoMailSignaturePlacement Theplacementofthesignaturewithrespecttothequotedmessage.Possiblevaluesare:
above below
Defaultstobelow.
U SOGoMailComposeMessageType Themessagecompositionformat.Possibleval-uesare:
text
html
Defaultstotext.
S SOGoEnableEMailAlarms Parameterusedtoenableemail-basedalarmsoneventsandtasks.
DefaultstoNOwhenunset.
Forthisfeaturetoworkcorrectly,onemustalsosettheOCSEMailAlarmsFolderURLpara-meterandenabletheassociatedcronjob.SeetheCronjobEMailreminderssectionfromthisdocumentformoreinformation.
U SOGoContactsCategories Parameterusedtodefinethecategoriesthatcanbeassociatedtocontacts.Thisparameterisanarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.
D SOGoUIAdditionalJSFiles Parameterusedtodefinealistofaddition-alJavaScriptfilesloadedbySOGoforalldis-playedwebpages.ThisparameterisanarrayofstringscorrespondingofpathstothearbitraryJavaScriptfiles.ThepathsarerelativetotheWebServerResourcesdirectory,whichisusuallyfoundunder/usr/lib/GNUstep/SOGo/.
D SOGoMailCustomFromEnabled Parameterusedtoallowornotuserstospecifycustom"From"addressesfromSOGosprefer-encespanel.
DefaultstoNOwhenunset.
D SOGoSubscriptionFolderFormat Parameterusedtosetthedefaultformattingofasubscriptionfoldername.Availablevariablesare:
%{FolderName}
%{UserName}
-
Chapter5
Configuration 40
%{Email}
Defaultsto%{FolderName} (%{UserName} )whenunset.
D SOGoUIxAdditionalPreferences ParameterusedtoenableanextrapreferencestabusingthecontentofthetemplatenamedUIxAdditionalPreferences.wox.Thistem-plateshouldbeputunder~sogo/GNUstep/Li-brary/SOGo/Templates/PreferencesUI/.
DefaultstoNOwhenunset.
SOGoConfigurationSummary
ThecompleteSOGoconfigurationfile+/etc/sogo/sogo.conf+shouldlooklikethis:
-
Chapter5
Configuration 41
{ SOGoProfileURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile"; OCSFolderInfoURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info"; OCSSessionsFolderURL = "postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder"; SOGoAppointmentSendEMailNotifications = YES; SOGoCalendarDefaultRoles = ( PublicViewer, ConfidentialDAndTViewer ); SOGoLanguage = English; SOGoTimeZone = America/Montreal; SOGoMailDomain = acme.com; SOGoIMAPServer = localhost; SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent; SOGoTrashFolderName = Trash; SOGoMailingMechanism = smtp; SOGoSMTPServer = 127.0.0.1; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users,dc=acme,dc=com"; bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = localhost; id = public; isAddressBook = YES; port = 389; } );}
Multi-domainsConfiguration
Ifyouwantyourinstallationtoisolatetwogroupsofusers,youmustdefineadistinctauthentica-tionsourceforeachdomain.Followingisthesameconfigurationthatnowincludestwodomains(acme.comandcoyote.com):
-
Chapter5
Configuration 42
{... domains = { acme = { SOGoMailDomain = acme.com; SOGoDraftsFolderName = Drafts; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users,dc=acme,dc=com"; bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = localhost; id = public_acme; isAddressBook = YES; port = 389; } ); }; coyote = { SOGoMailDomain = coyote.com; SOGoIMAPServer = imap.coyote.com; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users,dc=coyote,dc=com"; bindDN = "uid=sogo,ou=users,dc=coyote,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = localhost; id = public_coyote; isAddressBook = YES; port = 389; } ); }; };}
ThefollowingadditionalparametersonlyaffectSOGowhenusingmultipledomains.
S SOGoEnableDomainBasedUID Parameterusedtoactivateuseridentifi-cationbydomain.Userswillbeable(with-outbeingrequired)tologinusingtheform
-
Chapter5
Configuration 43
username@domain,meaningthatvaluesofUID-FieldNamenolongerhavetobeuniqueamongalldomainsbutonlywithinthesamedomain.Internally,userswillalwaysbeidentifiedbytheconcatenationoftheirusernameanddomain.
Consequently,activatingthisparameteronanexistingsystemimpliesthatuseridentifierswillchangeandtheirpreviouscalendarsandad-dressbookswillnolongerbeaccessibleunlessaconversionisperformed.
DefaultstoNOwhenunset.
S SOGoLoginDomains Parameterusedtodefinewhichdomainsshouldbeselectablefromtheloginpage.Thisparameterisanarrayofkeysfromthedomainsdictionary.
Defaultstoanemptyarray,whichmeansthatnodomainsappearontheloginpage.Ifyoupreferhavingthedomainnameslisted,justusetheseaskeysforthethedomainsdictionary.
S SOGoDomainsVisibility Parameterusedtosetdomainsvisibleamongthemselves.Thisparameterisanarrayofar-rays.
Example:SOGoDomainsVisibility = ((acme,coyote));
Defaultstoanemptyarray,whichmeansdo-mainsareisolatedfromeachother.
ApacheConfiguration
TheSOGoconfigurationforApacheislocatedin/etc/httpd/conf.d/SOGo.conf.
UponSOGoinstallation,adefaultconfigurationfileiscreatedwhichissuitableformostconfigu-rations.
YoumustalsoconfigurethefollowingparametersintheSOGoconfigurationfileforApacheinordertohaveaworkinginstallation:
RequestHeader set "x-webobjects-server-port" "80"RequestHeader set "x-webobjects-server-name" "yourhostname"RequestHeader set "x-webobjects-server-url" "http://yourhostname"
YoumayconsiderenablingSSLontopofthiscurrentinstallationtosecureaccesstoyourSOGoinstallation.
Seehttp://httpd.apache.org/docs/2.2/ssl/fordetails.
http://httpd.apache.org/docs/2.2/ssl/
-
Chapter5
Configuration 44
YoumightalsohavetoadjusttheconfigurationifyouhaveSELinuxenabled.
Thedefaultconfigurationwillusemod_proxyandmod_headerstorelayrequeststothesogodparentprocess.Thisissuitableforsmalltomediumdeployments.
StartingServices
OnceSOGoiffullyinstalledandconfigured,starttheservicesusingthefollowingcommand:
service sogod start
YoumayverifyusingthechkconfigcommandthattheSOGoserviceisautomaticallystartedatboottime.RestarttheApacheservicesincemodulesandconfigurationfileswereadded:
service httpd restart
Finally,youshouldalsomakesurethatthememcachedserviceisstartedandthatitisalsoautomat-icallystartedatboottime.
CronjobEMailreminders
SOGoallowsyoutosetemail-basedremindersforeventsandtasks.Toenablethis,youmustenabletheSOGoEnableEMailAlarmspreferenceandsettheOCSEMailAlarmsFolderURLpreferenceaccord-ingly.
Onceyouvecorrectlysetthosetwopreferences,youmustcreateacronjobthatwillrununderthe"sogo"user.Thiscronjobshouldberuneveryminute.
Acommentedoutexampleshouldhavebeeninstalledin/etc/cron.d/sogo,toenableit,simplyuncommentit.
Asareference,thecronjobshoulddedefinedlikethis:
* * * * * /usr/sbin/sogo-ealarms-notify
If your mail server requires use of SMTP AUTH, specify a credential file using -p /path/to/credFile. This file should contain the username and password, separated by a colon(username:password)
-
Chapter5
Configuration 45
CronjobVacationmessagesexpiration
Whenvacationmessagesareenabled(seetheparameterSOGoVacationEnabled ),userscansetanexpirationdatetomessagesauto-reply.Forthisfeaturetowork,youmustrunacronjobunderthe"sogo"user.
Acommentedoutexample shouldhavebeen installed in/etc/cron.d/sogo.Toworkcorrectlythistoolmustloginasanadministrativeuseronthesieveserver.Therequiredcredentialsmustbespecifiedinafilebyusing-p /path/to/credFile.Thisfileshouldcontaintheusernameandpassword,separatedbyacolon(username:password).
Thecronjobshouldlooklikethis:
0 0 * * *sogo /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds
-
Chapter6
ManagingUserAccounts 46
ManagingUserAccounts
CreatingtheSOGoAdministrativeAccount
First, create the SOGo administrative account in your LDAP server. The following LDIF file(sogo.ldif)canbeusedasanexample:
dn: uid=sogo,ou=users,dc=acme,dc=comobjectClass: topobjectClass: inetOrgPersonobjectClass: personobjectClass: organizationalPersonuid: sogocn: SOGo Administratormail: [email protected]: AdministratorgivenName: SOGo
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f sogo.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com uid=sogo,ou=users,dc=acme,dc=com -s qwerty
CreatingaUserAccount
SOGousesLDAPdirectoriestoauthenticateusers.UsethefollowingLDIFfile(jdoe.ldif)asanexampletocreateaSOGouseraccount:
-
Chapter6
ManagingUserAccounts 47
dn: uid=jdoe,ou=users,dc=acme,dc=comobjectClass: topobjectClass: inetOrgPersonobjectClass: personobjectClass: organizationalPersonuid: jdoecn: John Doemail: [email protected]: DoegivenName: John
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f jdoe.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com uid=jdoe,ou=users,dc=acme,dc=com -s qwerty
Asanalternativetousingcommand-linetools,youcanalsouseLDAPeditorssuchasLumaorApacheDirectoryStudiotomakeyourworkeasier.TheseGUIutilitiescanmakeuseoftemplatestocreateandpre-configuretypicaluseraccountsoranystandardizedLDAPrecord,alongwiththecorrectobjectclasses,fieldsanddefaultvalues.
-
Chapter7
MicrosoftActiveSync 48
MicrosoftActiveSync
SOGosupportstheMicrosoftActiveSyncprotocol.
ActiveSyncclientscanfullysynchronizecontacts,emails,eventsandtaskswithSOGo.FreebusyandGALlookupsarealsosupported,aswellas"Smartreply"and"Smartforward"operations.
ToenableMicrosoftActiveSyncsupportinSOGo,youmustinstalltherequiredpackages.
yum install sogo-activesync libwbxml
Onceinstalled,simplyuncommentthefollowinglinesfromyourSOGoApacheconfiguration:
ProxyPass /Microsoft-Server-ActiveSync \ http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ retry=60 connectiontimeout=5 timeout=360
RestartApacheafterwards.
ThefollowingadditionalparametersonlyaffectSOGowhenusingActiveSync:
S SOGoMaximumPingInterval Parameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaPingcommand.
Ifnotset,itdefaultsto5seconds.
S SOGoMaximumSyncInterval Parameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaSynccommand.
Ifnotset,itdefaultsto30seconds.
S SOGoInternalSyncInterval Parameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforedo-inganinternalcheckfordatachanges(add,delete,andupdate).ThisparametermustbelowerthanSOGoMaximumSyncInterval.
Ifnotset,itdefaultsto10seconds.
S SOGoMaximumSyncWindowSize ParameterusedtooverwritethemaximumnumberofitemsreturnedduringaSyncopera-tion.
Defaultsto0,whichmeansnooverwriteisper-formed.
-
Chapter7
MicrosoftActiveSync 49
Settingthisparametertoavaluegreaterthan512willhaveunexpectedbehaviourwithvari-ousActiveSyncclients.
Pleasebeawareofthefollowinglimitations:
Currently,onlythepersonalcalendarandaddressbookaresynchronized.Addingsupportforallfoldersisplanned.
WhencreatinganOutlook2013profile,youmustactuallykillOutlookbeforetheendofthecreationprocess.Seehttp://www.vionblog.com/connect-zimbra-community-with-outlook-2013foraprocedureexample.
Outlook2013doesnotsearchtheGAL.OnepossiblealternativesolutionistoconfigureOutlooktouseaLDAPserver(overSSL)withauthentication.Alternatively,whensupportingmorethanjustthepersonaladdressbook,wellalsobeabletoexposetheLDAP/SQLbasedaddressbooksinSOGooverActiveSync.
Makesureyoudonotuseaself-signedcertificate.Whilethiswillwork,Outlookwillworkinter-mittentlyasitwillraisepopupsforcertificatevalidation,sometimesinbackground,preventingtheusertoseethewarningandthus,preventinganysynchronizationtohappen.
ActiveSyncclientskeepconnectionsopenforawhile.Eachconnectionwillgrabaholdonasogodprocesssoyouwillneedalotofprocessestohandlemanyclients.ThislimitationwilleventuallybeovercomeinSOGo.
Repetitiveeventswithoccurrencesexceptionsarecurrentlynotsupported.
Outlook2013Autodiscoveryiscurrentlynotsupported.
Outlook2013freebusylookupsaresupportedusingtheInternetFree/BusyfeatureofOutlook2013.Pleaseseehttp://support.microsoft.com/kb/291621forconfigurationinstructions.OntheSOGoside,SOGoEnablePublicAccessmustbesettoYESandtheURLtousemustbeofthefol-lowingformat:http:///SOGo/dav/public/%NAME%/freebusy.ifb
InordertousetheSOGoActiveSyncsupportcodeinproductionenvironments,youneedtogetaproperusagelicensefromMicrosoft.Pleasecontactthemdirectlytonegotiatethefeesassociatedtoyouruserbase.
TocontactMicrosoft,pleasevisit:
http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspx and send [email protected]
Inverseinc.providesthissoftwareforfree,butisnotresponsibleforanythingrelatedtoitsusage.
http://www.vionblog.com/connect-zimbra-community-with-outlook-2013http://support.microsoft.com/kb/291621http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxmailto:[email protected]
-
Chapter8
UsingSOGo 50
UsingSOGo
SOGoWebInterface
ToaccestheSOGoWebInterface,pointyourWebbrowser,whichisrunningfromthesameserverwhereSOGowasinstalled,tothefollowingURL:http://localhost/SOGo.
Loginusingthe"jdoe"userandthe"qwerty"password.Theunderlyingdatabasetableswillauto-maticallybecreatedbySOGo.
MozillaThunderbirdandLightning
Alternatively,youcanaccessSOGowithaGroupDAVandaCalDAVclient.Atypicalwell-integratedsetupistouseMozillaThunderbirdandMozillaLightningalongwithInversesSOGoConnectorplugintosynchronizeyouraddressbooksandtheInversesSOGoIntegratorplugintoprovideacompleteintegrationofthefeaturesofSOGointoThunderbirdandLightning.RefertothedocumentationofThunderbirdtoconfigureaninitialIMAPaccountpointingtoyourSOGoserverandusingtheusernameandpasswordmentionedabove.
WiththeSOGoIntegratorplugin,yourcalendarsandaddressbookswillbeautomaticallydiscoveredwhenyoulogininThunderbird.Thisplugincanalsopropagatespecificextensionsanddefaultusersettingsamongyoursite.However,beawarethatinordertousetheSOGoIntegratorplugin,youwillneedtorepackageitwithspecificmodifications.Pleaserefertothedocumentationpublishedonline:
http://www.sogo.nu/downloads/documentation.html
IfyouonlyusetheSOGoConnectorplugin,youcanstilleasilyaccessyourdata.
Toaccessyourpersonaladdressbook:
ChooseGo>AddressBook.
ChooseFile>New>RemoteAddressBook.
EnterasignificantnameforyourcalendarintheNamefield.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Contacts/person-al/
http://localhost/SOGohttp://www.sogo.nu/downloads/documentation.html
-
Chapter8
UsingSOGo 51
ClickonOK.
Toaccessyourpersonalcalendar:
ChooseGo>Calendar.
ChooseCalendar>NewCalendar.
SelectOntheNetworkandclickonContinue.
SelectCalDAV.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Calendar/person-al/
ClickonContinue.
AppleiCal
AppleiCalcanalsobeusedasaclientapplicationforSOGo.
ToconfigureitsoitworkswithSOGo,createanewaccountandspecify,astheAccountURL,anURLsuchas:
http://localhost/SOGo/dav/jdoe/
NotethatthetrailingslashisimportantforAppleiCal3.
AppleAddressBook
SinceMacOSX10.6(SnowLeopard),AppleAddressBookcanbeconfiguredtouseSOGo.
Inordertomakethiswork,youmustaddanewvirtualhostinyourApacheconfigurationfiletolistenonport8800andhandlerequestscomingfromiOSdevices.
Thevirtualhostshouldbedefinedlike:
http://localhost/SOGo/dav/jdoe/
-
Chapter8
UsingSOGo 52
RewriteEngine Off ProxyRequests Off SetEnv proxy-nokeepalive 1 ProxyPreserveHost On ProxyPassInterpolateEnv On ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
Order allow,deny Allow from all RequestHeader set "x-webobjects-server-port" "8800" RequestHeader set "x-webobjects-server-name" "acme.com:8800" RequestHeader set "x-webobjects-server-url" "http://acme.com:8800" RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" RequestHeader set "x-webobjects-remote-host" "127.0.0.1" AddDefaultCharset UTF-8 ErrorLog /var/log/apache2/ab-error.log CustomLog /var/log/apache2/ab-access.log combined
ThisconfigurationisalsorequiredifyouwanttoconfigureaCardDAVaccountonanAppleiOSdevice(version4.0andlater).
MicrosoftActiveSync/MobileDevices
Youcansynchronizecontacts,emails,eventsandtasksfromSOGowithanymobiledevicesthatsupportMicrosoftActiveSync.MicrosoftOutlook2013isalsosupported.
The Microsoft ActiveSync server URL is generally something like: http://localhost/Mi-crosoft-Active-Sync.
-
Chapter9
Upgrading 53
Upgrading
ThissectiondescribeswhatneedstobedonewhenupgradingtothecurrentversionofSOGofromthepreviousrelease.
2.2.8
Theconfigurationconfigurationparameterswererenamed:
SOGoMailMessageCheckwasreplacedwithSOGoRefreshViewCheck SOGoMailPollingIntervalswasreplacedwithSOGoRefreshViewIntervals
Backwardcompatibilityisinplacefortheoldpreferencesvalues.
2.0.5
Theconfigurationisnowstoredin/etc/sogo/sogo.conf.Performthefollowingcommandsasroottomigrateyourprevioususerdefaults:
install -d -m 750 -o sogo -g sogo /etc/sogosudo -u sogo sogo-tool dump-defaults > /etc/sogo/sogo.confchown root:sogo /etc/sogo/sogo.confchmod 640 /etc/sogo/sogo.confsudo -u sogo mv ~/GNUstep/Defaults/.GNUstepDefaults \ ~/GNUstep/Defaults/GNUstepDefaults.old
2.0.4
TheparameterSOGoForceIMAPLoginWithEmailisnowdeprecatedandisreplacedbySOGoForce-ExternalLoginWithEmail(whichextendsthefunctionalitytoSMTPauthentication).Updateyourconfigurationifyouusethisparameter.
Thesogouserisnowasystemuser.Fornewinstalls,thismeansthatsu - sogowontworkany-more.Pleaseusesudo -u sogo instead.Ifusedinscriptsfromcronjobs,requirettymustbedisabledinsudoers.
1.3.17
Runtheshellscriptsql-update-1.3.16_to_1.3.17.shorsql-update-1.3.16_to_1.3.17-mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"cycleinfo"fieldofcalendartablestoalargersize.
1.3.12
OnceyouhaveupdatedandrestartedSOGo,runtheshellscriptsql-update-1.3.11_to_1.3.12.shorsql-update-1.3.11_to_1.3.12-mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"content"fieldofcalendarandaddressbooktablestoalargersizeandfixtheprimarykeyofthesessiontable.
1.3.9
-
Chapter9
Upgrading 54
ForRedHat-baseddistributions,version1.23ofGNUstepwillbeinstalled.SincethelocationoftheWebresourceschanges,theApacheconfigurationfile(SOGo.conf)hasbeenadapted.VerifyyourApacheconfigurationifyouhavecustomizedthisfile.
-
Chapter10
AdditionalInformation 55
AdditionalInformation
Formoreinformation,pleaseconsulttheonlineFAQs(FrequentlyAskedQuestions):
http://www.sogo.nu/english/support/faq.html
Youcanalsoreadthemailingarchivesorpostyourquestionstoit.Fordetails,see:
https://lists.inverse.ca/sogo
http://www.sogo.nu/english/support/faq.htmlhttps://lists.inverse.ca/sogo
-
Chapter11
CommercialSupportandContactInformation 56
CommercialSupportandContactInformation
Foranyquestionsorcomments,donothesitatetocontactusbywritinganemailto:
Inverse(http://inverse.ca)offersprofessionalservicesaroundSOGotohelporganizationsdeploythesolutionandmigratefromtheirlegacysystems.
mailto:[email protected]://inverse.ca/