diff --git a/html/index.html b/html/index.html index 708a30c7..8e942e0d 100644 --- a/html/index.html +++ b/html/index.html @@ -83,7 +83,7 @@

  • Install SOGo groupware on:

    • diff --git a/html/sogo-centos-6-mysql.html b/html/sogo-centos-6-mysql.html index 6b916e2b..ae96ba7b 100644 --- a/html/sogo-centos-6-mysql.html +++ b/html/sogo-centos-6-mysql.html @@ -28,7 +28,6 @@
  • Add required cron jobs
  • Access SOGo from web browser
  • Configure your mail clients or mobile devices to use CalDav/CardDAV services
    • -
  • TODO
    • @@ -203,6 +202,17 @@ for you, just replace MySQL username/password in this file, then it's done.

    } +

    Important note: sieve rules generated by SOGo is not compatible with Roundcube +webmail, so if you're running both Roundcube and SOGo, you must disable sieve +support (including forwarding and vacation support) in one of them to avoid +incompatible sieve rules. if you choose to run only SOGo, you can enable sieve +support by removing comment mark of below lines in above configuration:

    +
        SOGoSieveServer = sieve://127.0.0.1:4190;
+    SOGoSieveScriptsEnabled = YES;
+    SOGoVacationEnabled = YES;
+    SOGoForwardEnabled = YES;
+
    +

    Configure web server

    To access SOGo groupware (webmail/calendar/contact), we need to configure web server.

    @@ -288,8 +298,20 @@ the real directory which contains SOGo files:

    Add Dovecot Master User, used for vacation message expiration

    SOGo need a Dovecot Master User to cleanup vacation expiration, please follow -our tutorial to add a Dovecot Master User for this purpose:

    -

    Dovecot Master User

    +our tutorial to add a Dovecot Master User for this purpose: Dovecot Master User.

    +

    After added a Dovecot Master User for SOGo, we must store its username and +plain password in a separate file used by SOGo, we use /etc/sogo/sieve.cred +here for example.

    +

    Create file /etc/sogo/sieve.cred, write Dovecot Master User in this file in +format: username:password. For example:

    +
    my_master_user@non-exist.com:my_master_password
+
    + +

    Set strict file owner and permission:

    +
    # chown sogo:sogo /etc/sogo/sieve.cred
+# chmod 0400 /etc/sogo/sieve.cred
+
    +

    Add required cron jobs

    Please add below cron jobs for SOGo daemon user sogo. You can add them with command: crontab -l -u sogo

    @@ -311,11 +333,7 @@ command: crontab -l -u sogo

    word SOGo is case-sensitive), you can login with your email account credential.

    Configure your mail clients or mobile devices to use CalDav/CardDAV services

    Please check our documents here -to configure your mail clients or mobile devices.

    -

    TODO

    -

    Document published under a CC BY-ND 3.0 license. If you found something wrong, please do contact us to fix it. +to configure your mail clients or mobile devices.

    Document published under a CC BY-ND 3.0 license. If you found something wrong, please do contact us to fix it. + + \ No newline at end of file diff --git a/integrations/0-sogo-centos-6-mysql.md b/integrations/0-sogo-centos-6-mysql.md index 9b4130b9..ad14caa7 100644 --- a/integrations/0-sogo-centos-6-mysql.md +++ b/integrations/0-sogo-centos-6-mysql.md @@ -294,11 +294,28 @@ the real directory which contains SOGo files: ## Add Dovecot Master User, used for vacation message expiration SOGo need a Dovecot Master User to cleanup vacation expiration, please follow -our tutorial to add a Dovecot Master User for this purpose: +our tutorial to add a Dovecot Master User for this purpose: [Dovecot Master User](./dovecot.master.user.html). -[Dovecot Master User](./dovecot.master.user.html) +After added a Dovecot Master User for SOGo, we must store its username and +plain password in a separate file used by SOGo, we use `/etc/sogo/sieve.cred` +here for example. + +Create file `/etc/sogo/sieve.cred`, write Dovecot Master User in this file in +format: `username:password`. For example: + +``` +my_master_user@non-exist.com:my_master_password +``` + +Set strict file owner and permission: + +``` +# chown sogo:sogo /etc/sogo/sieve.cred +# chmod 0400 /etc/sogo/sieve.cred +``` ## Add required cron jobs + Please add below cron jobs for SOGo daemon user `sogo`. You can add them with command: `crontab -l -u sogo` @@ -325,8 +342,3 @@ word `SOGo` is case-sensitive), you can login with your email account credential Please check our documents [here](./index.html#configure-mail-client-applications) to configure your mail clients or mobile devices. - -## TODO - -* Add Dovecot Master User, for vacation message expiration - diff --git a/integrations/0-sogo-centos-6-openldap.md b/integrations/0-sogo-centos-6-openldap.md new file mode 100644 index 00000000..3f0246b6 --- /dev/null +++ b/integrations/0-sogo-centos-6-openldap.md @@ -0,0 +1,360 @@ +# Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend) + +[TOC] + +## Requirements + +* A working iRedMail server (OpenLDAP backend) on CentOS 6. + +## Install SOGo + +* Make sure you have EPEL repo enabled, if not, please follow [this wiki +tutorial](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F) +to enable it. + +``` +# yum repolist | grep -i 'epel' +epel Extra Packages for Enterprise Linux 6 - x86_64 11,109 +``` + +* Add yum repo file `/etc/yum.repos.d/sogo.repo`: + +``` +[SOGo] +name=Inverse SOGo Repository +baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch +gpgcheck=0 +``` + +* Install SOGo and dependences: + +``` +# yum install sogo sope49-gdl1-mysql sope49-ldap sogo-activesync libwbxml sogo-ealarms-notify sogo-tool +``` + +* Append an alias entry in Postfix config file `/etc/postfix/aliases`, so that + notifications of cron jobs will be sent to mail server administrator. + +``` +# Part of file: /etc/postfix/aliases + +sogo: root +``` + +Execute command to update alias db: + +``` +# postalias /etc/postfix/aliases +``` + +## Create required SQL database + +SOGo will store some data (e.g. user preferences, sieve rules) in SQL database, +so we need to create a database for it. + +``` +$ mysql -u root -p + +mysql> CREATE DATABASE sogo CHARSET='UTF8'; +mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password'; +``` + +Note: SOGo will create required SQL tables automatically, we don't need to +create them manually. + +## Configure SOGo + +Default SOGo config file is `/etc/sogo/sogo.conf`. We have a sample config file +for you, just replace MySQL username/password for sogo SQL database and LDAP +basedn, bind dn/passwordthen in this file, then it's done. + +With below config file, SOGo will listen on address `127.0.0.1`, port `20000`. + +``` +{ + // Official SOGo documents: + // - http://www.sogo.nu/english/support/documentation.html + // - http://wiki.sogo.nu + // + // Mailing list: + // - http://www.sogo.nu/english/support/community.html + + // Enable verbose logging. Reference: + // http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html + //ImapDebugEnabled = YES; + //LDAPDebugEnabled = YES; + //MySQL4DebugEnabled = YES; + //PGDebugEnabled = YES; + + // Daemon address and port + WOPort = 127.0.0.1:20000; + + // PID file + //WOPidFile = /var/log/sogo/sogo.log; + + // IMAP connection pool. + // Your performance will slightly increase, as you won't open a new + // connection for every access to your IMAP server. + // But you will get a lot of simultaneous open connections to your IMAP + // server, so make sure he can handle them. + // For debugging it is reasonable to turn pooling off. + //NGImap4DisableIMAP4Pooling = NO; + + SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile"; + OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info"; + OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder"; + + // Default language in the web interface + SOGoLanguage = English; + + // Specify which module to show after login: Calendar, Mail, Contacts. + SOGoLoginModule = Mail; + + // Must login with full email address + SOGoForceExternalLoginWithEmail = YES; + + // Allow user to change full name and email address. + SOGoMailCustomFromEnabled = YES; + + // Enable email-based alarms on events and tasks. + SOGoEnableEMailAlarms = YES; + OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder"; + + // IMAP server + //SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES"; + // Local connection is considered as secure by Dovecot. + SOGoIMAPServer = "imap://127.0.0.1:143/"; + + // SMTP server + SOGoMailingMechanism = smtp; + SOGoSMTPServer = 127.0.0.1; + //SOGoSMTPAuthenticationType = PLAIN; + + // Enable managesieve service + // + // WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube + // webmail, don't use sieve service in both webmails, otherwise + // it will be messy. + // + //SOGoSieveServer = sieve://127.0.0.1:4190; + //SOGoSieveScriptsEnabled = YES; + //SOGoVacationEnabled = YES; + //SOGoForwardEnabled = YES; + + // Memcached + SOGoMemcachedHost = 127.0.0.1; + + SOGoTimeZone = "America/New_York"; + + SOGoFirstDayOfWeek = 1; + + SOGoRefreshViewCheck = every_5_minutes; + SOGoMailReplyPlacement = below; + + SOGoAppointmentSendEMailNotifications = YES; + SOGoFoldersSendEMailNotifications = YES; + SOGoACLsSendEMailNotifications = YES; + + // PostgreSQL cannot update view + SOGoPasswordChangeEnabled = YES; + + // Authentication using LDAP + SOGoUserSources = ( + { + type = ldap; + hostname = "ldap://127.0.0.1:389"; + baseDN = "o=domains,dc=example,dc=com"; + //bindAsCurrentUser = YES; + bindDN = "cn=vmailadmin,dc=example,dc=com"; + bindPassword = "SLNHxbNmFwSd55gpZACnvZdTT10zSX"; + filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail"; + scope = SUB; + + // The algorithm used for password encryption when changing + // passwords without Password Policies enabled. + // Possible values are: plain, crypt, md5-crypt, ssha. + userPasswordAlgorithm = ssha; + + IDFieldName = mail; + bindFields = (mail); + CNFieldName = cn; + // value of UID field must be unique on whole server. + UIDFieldName = mail; + IMAPLoginFieldName = mail; + SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress); + canAuthenticate = YES; + displayName = "Global Address Book"; + id = ldap_auth; + isAddressBook = YES; + } + ); +} +``` + +Important note: + +* LDAP bind dn must have privilege to read and write mail accounts stored in + LDAP server, so that it can modify user password. `cn=vmailadmin,dc=xx,dc=xx` + is recommended, do __NOT__ use `cn=Manager,dc=xx,dc=xx`. You can find + `cn=vmailadmin,dc=xx,dc=xx` in iRedAdmin config file + (`/var/www/iredadmin/settings.py`). + +* sieve rules generated by SOGo is not compatible with Roundcube + webmail, so if you're running both Roundcube and SOGo, you must disable sieve + support (including forwarding and vacation support) in one of them to avoid + incompatible sieve rules. if you choose to run only SOGo, you can enable sieve + support by removing comment mark of below lines in above configuration: + +``` + SOGoSieveServer = sieve://127.0.0.1:4190; + SOGoSieveScriptsEnabled = YES; + SOGoVacationEnabled = YES; + SOGoForwardEnabled = YES; +``` + +## Configure web server + +To access SOGo groupware (webmail/calendar/contact), we need to configure +web server. + +### Apache web server + +SOGo installs config file `/etc/httpd/conf.d/SOGo.conf` by default, please +open it and find below lines: + +``` +#ProxyPass /Microsoft-Server-ActiveSync \ +# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ +# retry=60 connectiontimeout=5 timeout=360 +``` + +Remove `#` at the beginning to enable ActiveSync support: + +``` +ProxyPass /Microsoft-Server-ActiveSync \ + http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ + retry=60 connectiontimeout=5 timeout=360 +``` + +### Nginx web server + +If you're running Nginx web server configured by iRedMail, please open file +`/etc/nginx/conf.d/default.conf`, add some lines in `server {}` configured for +HTTPS: + +``` +server { + listen 443; + ... + + # Add below lines for SOGo + # SOGo + location ~ ^/sogo { rewrite ^ https://$host/SOGo; } + location ~ ^/SOGO { rewrite ^ https://$host/SOGo; } + + # For IOS 7 + location = /principals/ { + rewrite ^ https://$server_name/SOGo/dav; + allow all; + } + + location ^~ /SOGo { + proxy_pass http://127.0.0.1:20000; + #proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo; + # forward user's IP address + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header Host $host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + #proxy_set_header x-webobjects-remote-host 127.0.0.1; + #proxy_set_header x-webobjects-server-name $server_name; + #proxy_set_header x-webobjects-server-url $scheme://$host; + } + + location ^~ /Microsoft-Server-ActiveSync { + proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync; + proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /; + } + + location ^~ /SOGo/Microsoft-Server-ActiveSync { + proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync; + proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /; + } + + location /SOGo.woa/WebServerResources/ { + alias /usr/lib64/GNUstep/SOGo/WebServerResources/; + } + location /SOGo/WebServerResources/ { + alias /usr/lib64/GNUstep/SOGo/WebServerResources/; + } + location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ { + alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2; + } +} +``` + +__Important note__: You must replace path `/usr/lib/GNUstep/SOGo` with +the real directory which contains SOGo files: + +* on i386 platform, it's `/usr/lib/GNUstep/SOGo`. +* on x86_64, it's `/usr/lib64/GNUstep/SOGo`. + +## Start SOGo and dependent services + +``` +# service httpd restart # <- restart 'nginx' service if you're running Nginx +# service memcached restart +# service sogod restart +``` + +## Add Dovecot Master User, used for vacation message expiration + +SOGo need a Dovecot Master User to cleanup vacation expiration, please follow +our tutorial to add a Dovecot Master User for this purpose: [Dovecot Master User](./dovecot.master.user.html). + +After added a Dovecot Master User for SOGo, we must store its username and +plain password in a separate file used by SOGo, we use `/etc/sogo/sieve.cred` +here for example. + +Create file `/etc/sogo/sieve.cred`, write Dovecot Master User in this file in +format: `username:password`. For example: + +``` +my_master_user@non-exist.com:my_master_password +``` + +Set strict file owner and permission: + +``` +# chown sogo:sogo /etc/sogo/sieve.cred +# chmod 0400 /etc/sogo/sieve.cred +``` + +## Add required cron jobs + +Please add below cron jobs for SOGo daemon user `sogo`. You can add them with +command: `crontab -l -u sogo` + +``` +# iRedMail: SOGo email reminder, should be run every minute. +* * * * * /usr/sbin/sogo-ealarms-notify + +# iRedMail: SOGo session cleanup, should be run every minute. +# Ajust the [X]Minutes parameter to suit your needs +# Example: Sessions without activity since 30 minutes will be dropped: +* * * * * /usr/sbin/sogo-tool expire-sessions 30 + +# iRedMail: SOGo vacation messages expiration +# The credentials file should contain the sieve admin credentials (username:passwd) +0 0 * * * /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.cred +``` + +## Access SOGo from web browser + +Open your favourite web browser, access URL: `https://[your_server]/SOGo` (the +word `SOGo` is case-sensitive), you can login with your email account credential. + +## Configure your mail clients or mobile devices to use CalDav/CardDAV services + +Please check our documents [here](./index.html#configure-mail-client-applications) +to configure your mail clients or mobile devices. diff --git a/integrations/_links.md b/integrations/_links.md index 18fa2bf6..cf3a27d1 100644 --- a/integrations/_links.md +++ b/integrations/_links.md @@ -1,6 +1,6 @@ * Install SOGo groupware on: - * CentOS 6: [MySQL](./sogo-centos-6-mysql.html) + * CentOS 6: [MySQL](./sogo-centos-6-mysql.html), [OpenLDAP](./sogo-centos-6-openldap.html). Documents contributed by iRedMail users: