elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/html_bk/sogo-centos-6-openldap.html

391 lines
17 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="install-sogo-groupware-on-centos-6-with-iredmail-openldap-backend">Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)</h1>
<div class="toc">
<ul>
<li><a href="#install-sogo-groupware-on-centos-6-with-iredmail-openldap-backend">Install SOGo groupware on CentOS 6 with iRedMail (OpenLDAP backend)</a><ul>
<li><a href="#requirements">Requirements</a></li>
<li><a href="#install-sogo">Install SOGo</a></li>
<li><a href="#create-required-sql-database">Create required SQL database</a></li>
<li><a href="#configure-sogo">Configure SOGo</a></li>
<li><a href="#configure-web-server">Configure web server</a><ul>
<li><a href="#apache-web-server">Apache web server</a></li>
<li><a href="#nginx-web-server">Nginx web server</a></li>
</ul>
</li>
<li><a href="#start-sogo-and-dependent-services">Start SOGo and dependent services</a></li>
<li><a href="#add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</a></li>
<li><a href="#add-required-cron-jobs">Add required cron jobs</a></li>
<li><a href="#access-sogo-from-web-browser">Access SOGo from web browser</a></li>
<li><a href="#configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</a></li>
<li><a href="#references">References</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="requirements">Requirements</h2>
<ul>
<li>A working iRedMail server (OpenLDAP backend) on CentOS 6.</li>
</ul>
<h2 id="install-sogo">Install SOGo</h2>
<ul>
<li>Make sure you have EPEL repo enabled, if not, please follow <a href="https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F">this wiki
tutorial</a>
to enable it.</li>
</ul>
<pre><code># yum repolist | grep -i 'epel'
epel Extra Packages for Enterprise Linux 6 - x86_64 11,109
</code></pre>
<ul>
<li>Add yum repo file <code>/etc/yum.repos.d/sogo.repo</code>:</li>
</ul>
<pre><code>[SOGo]
name=Inverse SOGo Repository
baseurl=http://packages.inverse.ca/SOGo/nightly/3/rhel/6/$basearch
gpgcheck=0
</code></pre>
<ul>
<li>Install SOGo and dependences:</li>
</ul>
<pre><code># yum install sogo sope49-gdl1-mysql sope49-ldap sogo-activesync libwbxml sogo-ealarms-notify sogo-tool
</code></pre>
<ul>
<li>Append an alias entry in Postfix config file <code>/etc/postfix/aliases</code>, so that
notifications of cron jobs will be sent to mail server administrator.</li>
</ul>
<pre><code># Part of file: /etc/postfix/aliases
sogo: root
</code></pre>
<p>Execute command to update alias db:</p>
<pre><code># postalias /etc/postfix/aliases
</code></pre>
<h2 id="create-required-sql-database">Create required SQL database</h2>
<p>SOGo will store some data (e.g. user preferences, sieve rules) in SQL database,
so we need to create a database for it.</p>
<pre><code>$ mysql -u root -p
mysql&gt; CREATE DATABASE sogo CHARSET='UTF8';
mysql&gt; GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
</code></pre>
<p>Note: SOGo will create required SQL tables automatically, we don't need to
create them manually.</p>
<h2 id="configure-sogo">Configure SOGo</h2>
<p>Default SOGo config file is <code>/etc/sogo/sogo.conf</code>. We have a sample config file
for you, just replace MySQL username/password for sogo SQL database and LDAP
basedn, bind dn/passwordthen in this file, then it's done.</p>
<p>With below config file, SOGo will listen on address <code>127.0.0.1</code>, port <code>20000</code>.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Sample config file below may be out of date, please check the <a href="https://github.com/iredmail/iRedMail/blob/1.0/samples/sogo/sogo.conf">latest one
in iRedMail source code repository</a>.</p>
</div>
<pre><code>{
// Official SOGo documents:
// - http://www.sogo.nu/english/support/documentation.html
// - http://wiki.sogo.nu
//
// Mailing list:
// - http://www.sogo.nu/english/support/community.html
// Enable verbose logging. Reference:
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
//ImapDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//PGDebugEnabled = YES;
// Daemon address and port
WOPort = 127.0.0.1:20000;
// PID file
//WOPidFile = /var/run/sogo/sogo.log;
// Log file
//WOLogFile = /var/log/sogo/sogo.log;
// IMAP connection pool.
// Your performance will slightly increase, as you won't open a new
// connection for every access to your IMAP server.
// But you will get a lot of simultaneous open connections to your IMAP
// server, so make sure he can handle them.
// For debugging it is reasonable to turn pooling off.
//NGImap4DisableIMAP4Pooling = NO;
SOGoProfileURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile&quot;;
OCSFolderInfoURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info&quot;;
OCSSessionsFolderURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder&quot;;
OCSEMailAlarmsFolderURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder&quot;;
// With 3 parameters below, SOGo requires only 9 SQL tables in total
// instead of creating 4 SQL tables for each user.
OCSCacheFolderURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_cache_folder&quot;;
OCSStoreURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_store&quot;;
OCSAclURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_acl&quot;;
// Default language in the web interface
SOGoLanguage = English;
// Specify which module to show after login: Calendar, Mail, Contacts.
SOGoLoginModule = Mail;
// Must login with full email address
SOGoForceExternalLoginWithEmail = YES;
// Allow user to change full name and email address.
SOGoMailCustomFromEnabled = YES;
// Enable email-based alarms on events and tasks.
SOGoEnableEMailAlarms = YES;
// IMAP server
//SOGoIMAPServer = &quot;imaps://127.0.0.1:143/?tls=YES&quot;;
// Local connection is considered as secure by Dovecot.
SOGoIMAPServer = &quot;imap://127.0.0.1:143/&quot;;
// SMTP server
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1;
//SOGoSMTPAuthenticationType = PLAIN;
// Enable managesieve service
//
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
// webmail, don't use sieve service in both webmails, otherwise
// it will be messy.
//
//SOGoSieveServer = sieve://127.0.0.1:4190;
//SOGoSieveScriptsEnabled = YES;
//SOGoVacationEnabled = YES;
//SOGoForwardEnabled = YES;
// Memcached
SOGoMemcachedHost = 127.0.0.1;
SOGoTimeZone = &quot;America/New_York&quot;;
SOGoFirstDayOfWeek = 1;
SOGoRefreshViewCheck = every_5_minutes;
SOGoMailReplyPlacement = below;
SOGoAppointmentSendEMailNotifications = YES;
SOGoFoldersSendEMailNotifications = YES;
SOGoACLsSendEMailNotifications = YES;
// PostgreSQL cannot update view
SOGoPasswordChangeEnabled = YES;
// Authentication using LDAP
SOGoUserSources = (
{
type = ldap;
hostname = &quot;ldap://127.0.0.1:389&quot;;
baseDN = &quot;o=domains,dc=example,dc=com&quot;;
//bindAsCurrentUser = YES;
bindDN = &quot;cn=vmailadmin,dc=example,dc=com&quot;;
bindPassword = &quot;SLNHxbNmFwSd55gpZACnvZdTT10zSX&quot;;
filter = &quot;objectClass=mailUser AND accountStatus=active AND enabledService=mail&quot;;
scope = SUB;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha.
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
// value of UID field must be unique on whole server.
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
canAuthenticate = YES;
displayName = &quot;Global Address Book&quot;;
id = ldap_auth;
isAddressBook = YES;
}
);
}
</code></pre>
<p>Important note:</p>
<ul>
<li>
<p>LDAP bind dn must have privilege to read and write mail accounts stored in
LDAP server, so that it can modify user password. <code>cn=vmailadmin,dc=xx,dc=xx</code>
is recommended, do <strong>NOT</strong> use <code>cn=Manager,dc=xx,dc=xx</code>. You can find
<code>cn=vmailadmin,dc=xx,dc=xx</code> in iRedAdmin config file
(<code>/var/www/iredadmin/settings.py</code>).</p>
</li>
<li>
<p>sieve rules generated by SOGo is not compatible with Roundcube
webmail, so if you're running both Roundcube and SOGo, you must disable sieve
support (including forwarding and vacation support) in one of them to avoid
incompatible sieve rules. if you choose to run only SOGo, you can enable sieve
support by removing comment mark of below lines in above configuration:</p>
</li>
</ul>
<pre><code> SOGoSieveServer = sieve://127.0.0.1:4190;
SOGoSieveScriptsEnabled = YES;
SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;
</code></pre>
<h2 id="configure-web-server">Configure web server</h2>
<p>To access SOGo groupware (webmail/calendar/contact), we need to configure
web server.</p>
<h3 id="apache-web-server">Apache web server</h3>
<p>SOGo installs Apache config file <code>/etc/httpd/conf.d/SOGo.conf</code> by default, please
open it and find below lines:</p>
<pre><code>#ProxyPass /Microsoft-Server-ActiveSync \
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
# retry=60 connectiontimeout=5 timeout=360
</code></pre>
<p>Remove <code>#</code> at the beginning to enable ActiveSync support:</p>
<pre><code>ProxyPass /Microsoft-Server-ActiveSync \
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
retry=60 connectiontimeout=5 timeout=360
</code></pre>
<ul>
<li>
<p>Find string <code>yourhostname</code> in the same file, replace all <code>yourhostname</code> by
your FQDN server hostname. (Tip: you can get your FQDN hostname with command
<code>hostname -f</code>.)</p>
</li>
<li>
<p>Append line below in <code>/etc/httpd/conf.d/SOGo.conf</code>, no matter upper or lower
case letters of <code>SOGo</code> in the url, Apache will always to https:</p>
</li>
</ul>
<pre><code>RedirectMatch ^/[Ss][Oo][Gg][Oo](.*) /SOGo$1
</code></pre>
<h3 id="nginx-web-server">Nginx web server</h3>
<p>If you're running Nginx web server configured by iRedMail, please open file
<code>/etc/nginx/conf.d/default.conf</code>, add some lines in <code>server {}</code> configured for
HTTPS:</p>
<pre><code>server {
listen 443;
...
# Add below lines for SOGo
# SOGo
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
# For IOS 7
location = /principals/ {
rewrite ^ https://$server_name/SOGo/dav;
allow all;
}
location ^~ /SOGo {
proxy_pass http://127.0.0.1:20000;
#proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
# forward user's IP address
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
#proxy_set_header x-webobjects-remote-host 127.0.0.1;
#proxy_set_header x-webobjects-server-name $server_name;
#proxy_set_header x-webobjects-server-url $scheme://$host;
}
location ^~ /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
}
location ^~ /SOGo/Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
}
location /SOGo.woa/WebServerResources/ {
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
}
location /SOGo/WebServerResources/ {
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
}
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
}
</code></pre>
<p><strong>Important note</strong>: You must replace path <code>/usr/lib/GNUstep/SOGo</code> with
the real directory which contains SOGo files:</p>
<ul>
<li>on i386 platform, it's <code>/usr/lib/GNUstep/SOGo</code>.</li>
<li>on x86_64, it's <code>/usr/lib64/GNUstep/SOGo</code>.</li>
</ul>
<h2 id="start-sogo-and-dependent-services">Start SOGo and dependent services</h2>
<pre><code># service httpd restart # &lt;- restart 'nginx' service if you're running Nginx
# service memcached restart
# service sogod restart
</code></pre>
<h2 id="add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</h2>
<p>SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
our tutorial to add a Dovecot Master User for this purpose: <a href="./dovecot.master.user.html">Dovecot Master User</a>.</p>
<p>After added a Dovecot Master User for SOGo, we must store its username and
plain password in a separate file used by SOGo, we use <code>/etc/sogo/sieve.cred</code>
here for example.</p>
<p>Create file <code>/etc/sogo/sieve.cred</code>, write Dovecot Master User in this file in
format: <code>username:password</code>. For example:</p>
<pre><code>my_master_user@non-exist.com:my_master_password
</code></pre>
<p>Set strict file owner and permission:</p>
<pre><code># chown sogo:sogo /etc/sogo/sieve.cred
# chmod 0400 /etc/sogo/sieve.cred
</code></pre>
<h2 id="add-required-cron-jobs">Add required cron jobs</h2>
<p>Please add below cron jobs for SOGo daemon user <code>sogo</code>. You can add them with
command: <code>crontab -l -u sogo</code></p>
<pre><code># iRedMail: SOGo email reminder, should be run every minute.
* * * * * /usr/sbin/sogo-ealarms-notify
# iRedMail: SOGo session cleanup, should be run every minute.
# Ajust the [X]Minutes parameter to suit your needs
# Example: Sessions without activity since 30 minutes will be dropped:
* * * * * /usr/sbin/sogo-tool expire-sessions 30
# iRedMail: SOGo vacation messages expiration
# The credentials file should contain the sieve admin credentials (username:passwd)
0 0 * * * /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.cred
</code></pre>
<h2 id="access-sogo-from-web-browser">Access SOGo from web browser</h2>
<p>Open your favourite web browser, access URL: <code>https://[your_server]/SOGo</code> (the
word <code>SOGo</code> is case-sensitive), you can login with your email account credential.</p>
<h2 id="configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</h2>
<p>Please check our documents <a href="./index.html#configure-mail-client-applications">here</a>
to configure your mail clients or mobile devices.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://sogo.nu">SOGo web site</a></li>
<li>
<p>Outlook plugins:</p>
<ul>
<li>
<p><a href="https://github.com/aluxnimm/outlookcaldavsynchronizer">Outlook CalDav Synchronizer</a></p>
<blockquote>
<p>Outlook Plugin, which synchronizes events, tasks and contacts(beta) between Outlook and Google, SOGo, Horde or any other CalDAV or CardDAV server. Supported Outlook versions are 2016, 2013, 2010 and 2007.</p>
</blockquote>
</li>
</ul>
</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>
Reference in New Issue View Git Blame Copy Permalink