sogo installation guide.pdf

8/10/2019 SOGo Installation Guide.pdf

1/58

version 2.2.5

Installation and Confguration Guide


2/58

Copyright 2008-2014 Inverse inc. (http://inverse.ca)

Permission is grante to copy! istri"#te an/or moi$y this oc#ment #ner the terms o$ the%&' ree oc#mentation *icense! +ersion 1.2 or any ,ater version p#",ishe "y the reeo$tare o#nation ith no Invariant ections! no ront-Cover ets! an no ac3-Cover ets.

P,ease re$er to http://.gn#.org/,icenses/$,-1.2.tt $or the $#,, ,icense.

+ersion 2.2. 5 6ay 2014
http://inverse.ca/http://www.gnu.org/licenses/fdl-1.2.txthttp://www.gnu.org/licenses/fdl-1.2.txthttp://www.gnu.org/licenses/fdl-1.2.txthttp://inverse.ca/


3/58

Contents

Chapter 1 About this Guide 3

Chapter 2 Introduction 4

7rchitect#re an Compati"i,ity

Chapter 3 System Requirements 6

7ss#mptions

6inim#m 9arare e;#irements

o$tare Insta,,ation >

Chapter Con!"uration 1#

%&'step ?nvironment =vervie 10

Pre$erences 9ierarchy 11

%enera, Pre$erences 12

7#thentication #sing *7P 18

*7P 7ttri"#tes Ineing 24

*7P 7ttri"#tes 6apping 24

7#thenticating #sing C.7.. 2

7#thenticating #sing 76*2 2

6oFi,,a h#ner"ir an *ightning 4>

7pp,e iCa, 0

7pp,e 7ressoo3 06icroso$t 7ctiveync / 6o"i,e evices 2

Chapter 9 %p"radin" 3

Chapter 1# Additional In'ormation

Chapter 11 Commercial Support and Contact In'ormation 6


5/58

Chapter 1

1 About this Guide

his g#ie i,, a,3 yo# thro#gh the insta,,ation an con@g#ration o$ the =%o so,#tion. It a,socovers the insta,,ation an con@g#ration o$ =%o 7ctiveync s#pport 5 the so,#tion #se tosynchroniFe mo"i,e evices ith =%o.

he instr#ctions are "ase on version 2.2. o$ =%o.

he ,atest version o$ this g#ie is avai,a",e athttp://.sogo.n#/on,oas/oc#mentation.htm,.

2008-2014 Inverse inc. 7"o#t this %#ie B
http://www.sogo.nu/downloads/documentation.htmlhttp://www.sogo.nu/downloads/documentation.html


6/58

Chapter 2

2 Introduction

=%o is a $ree an moern sca,a",e gro#pare server. It o$$ers share ca,enars! aress "oo3s!an emai,s thro#gh yo#r $avo#rite e" "roser an "y #sing a native c,ient s#ch as 6oFi,,ah#ner"ir an *ightning.

=%o is stanar-comp,iant. It s#pports Ca,7+! Car7+! %ro#p7+! i6IP an iIP anre#ses eisting I67P! 6P an ata"ase servers - ma3ing the so,#tion easy to ep,oy aninteropera",e ith many app,ications.

=%o $eat#res :

ca,a",e architect#re s#ita",e $or ep,oyments $rom oFens to many tho#sans o$ #sers

ich e"-"ase inter$ace that shares the ,oo3 an $ee,! the $eat#res an the ata o$ 6oFi,,ah#ner"ir an *ightning

Improve integration ith 6oFi,,a h#ner"ir an *ightning "y #sing the =%o Connectoran the =%o Integrator

&ative compati"i,ity $or 6icroso$t =#t,oo3 200B! 200

o-ay synchroniFation s#pport ith any 6icroso$t 7ctiveync-capa",e evice! or =#t,oo3201B

=%o is eve,ope "y a comm#nity o$ eve,opers ,ocate main,y in &orth 7merica an?#rope. 6ore in$ormation can "e $o#n at http://.sogo.n#

2008-2014 Inverse inc. Intro#ction 4
http://www.sogo.nu/http://www.sogo.nu/


7/58

Chapter 2

Architecture and Compatibility

tanar protoco,s s#ch as Ca,7+! Car7+! %ro#p7+! 9P! I67P an 6P are #se tocomm#nicate ith the =%o p,at$orm or its s#"-components. 6o"i,e evices s#pporting the6icroso$t 7ctiveync protoco, are a,so s#pporte.

o insta,, an con@g#re the native 6icroso$t =#t,oo3 compati"i,ity ,ayer! p,ease re$er to theSOGo Native Microsot Outlook Confguration Guide.

2008-2014 Inverse inc. Intro#ction


8/58

Chapter B

3 System Requirements

Assumptions

=%o re#ses many components in an in$rastr#ct#re. h#s! it re;#ires the $o,,oing :

ata"ase server (6yA*! PostgreA* or =rac,e)

*7P server (=pen*7P! &ove,, eirectory! 6icroso$t 7ctive irectory an others) 6P server (Post@! enmai, an others) I67P server (Co#rier! Cyr#s I67P erver! ovecot an others)

In this g#ie! e ass#me that a,, those components are r#nning on the same server (i.e.!GlocalhostH or G127.0.0.1H) that =%o i,, "e insta,,e on.

%oo #nerstaning o$ those #ner,ying components an %&'/*in# is re;#ire to insta,,=%o. I$ yo# miss some o$ those re;#ire components! p,ease re$er to the appropriateoc#mentation an procee ith the insta,,ation an con@g#ration o$ these re;#irements "e$orecontin#ing ith this g#ie.

he $o,,oing ta",e provies recommenations $or the re;#ire components! together ithversion n#m"ers :

ata"ase server PostgreA*


9/58

Chapter B

inimum !ard"are Requirements

he $o,,oing ta",e provies harare recommenations $or the server! es3tops an mo"i,eevices :

erver ?va,#ation an testingInte,! 76! or PoerPC CP' 1 %9F12 6 o$ 761 % o$ is3 space

Pro#ctionInte,! 76 or PoerPC CP' B %9F2048 6 o$ 7610 % o$ is3 space (ec,#ing the mai, store)

es3top %enera,Inte,! 76! or PoerPC CP' 1. %9F1024


10/58

Chapter B

#peratin$ System Requirements

he $o,,oing B2-"it an 4-"it operating systems are c#rrent,y s#pporte "y =%o :

e 9at ?nterprise *in# (9?*) erver an Comm#nity ?&erprise =perating ystem (Cent=) an e"ian %&'/*in# .0 (*enny) to


11/58

Chapter 4

% Installation

his section i,, g#ie yo# thro#gh the insta,,ation o$ =%o together ith its epenencies. hesteps escri"e here app,y to an P6-"ase insta,,ation $or a e 9at or Cent= istri"#tion.

So&t"are 'o"nloads

=%o can "e insta,,e #sing the yum#ti,ity. o o so! @rst create the/etc/yum.repos.d/inverse.repocon@g#ration @,e ith the $o,,oing content :

[SOGo]

name=Inverse SOGo epository!aseurl=http"//inverse.ca/do#nloads/SOGo/$%&'/(!asearch

)p)chec*=0

ome o$ the so$tares on hich =%o epens are avai,a",e $rom the repository o$ epoorge(previo#s,y 3non as P6$orge). o a epoorge to yo#r pac3ages so#rces! on,oa aninsta,, the appropriate P6 pac3age $rom http://pac3ages.s."e/rpm$orge-re,ease/. 7,so ma3es#re yo# ena",e the Grpm$orge-etrasH repository.

or more in$ormation on #sing epoorge! visit http://repo$orge.org/#se/.

So&t"are Installation

=nce the y#m con@g#ration @,e has "een create! yo# are no reay to insta,, =%o an itsepenencies. o o so! procee ith the $o,,oing comman :

yum install so)o

his i,, insta,, =%o an its epenencies s#ch as %&'step! the =P? pac3ages an

memcache. =nce the "ase pac3ages are insta,,e! yo# nee to insta,, the proper ata"aseconnector s#ita",e $or yo#r environment. Ko# nee to insta,, sope+,-)dl1-post)resl$or thePostgreA* ata"ase system! sope+,-)dl1-mysl$or 6yA* or sope+,-)dl1-oracle$or=rac,e. he insta,,ation comman i,, th#s ,oo3 ,i3e this :

yum install sope+,-)dl1-post)resl

=nce comp,ete! =%o i,, "e $#,,y insta,,e on yo#r server. Ko# are no reay to con@g#re it.

2008-2014 Inverse inc. Insta,,ation >
http://packages.sw.be/rpmforge-release/http://repoforge.org/use/http://repoforge.org/use/http://packages.sw.be/rpmforge-release/http://repoforge.org/use/


12/58

Chapter

5 Con($uration

In this section! yo#L,, ,earn ho to con@g#re =%o to #se yo#r eisting *7P! 6P anata"ase servers. 7s previo#s,y mentione! e ass#me that those components r#n on the sameserver on hich =%o is "eing insta,,e. I$ this is not the case! p,ease aD#st the con@g#rationparameters to reMect those changes.

G)*step +nvironment #vervie"

=%o ma3es #se o$ the %&'step environment. %&'step is a $ree so$tare imp,ementation o$the =pentep speci@cation hich provies many $aci,ities $or "#i,ing a,, types o$ server anes3top app,ications. 7mong those $aci,ities! there is a con@g#ration 7PI simi,ar to the NegistryNparaigm in 6icroso$t inos. In =pen?P! %&'step an 6ac= J! these are ca,,e theN#ser e$a#,tsN.

In =%o! the #serLs app,ications settings are store in /etc/so)o/so)o.con. Ko# can #seyo#r $avo#rite tet eitor to moi$y the @,e.

he so)o.con@,e is a seria,iFeproperty list. his simp,e $ormat encaps#,ates $o#r "asic atatypes: arrays! ictionaries (or hashes)! strings an n#m"ers. m"ers are represente as-is!

ecept $or "oo,eans hich can ta3e the #n;#ote va,#es GK?H an G&=H. trings are notmanatori,y ;#ote! "#t oing so i,, avoi yo# many pro",ems. 7 ictionary is a se;#ence o$3ey an va,#e pairs separate in their mi,e ith a GOH sign. It starts ith a GG an ens ith acorresponing GQH. ?ach va,#e e@nition in a ictionary ens ith a semico,on. 7n array is achain o$ va,#es starting ith G(G an ening ith G)H! here the va,#es are separate ith a G!H.7,so! the @,e genera,,y $o,,os a C-sty,e inentation $or c,arity "#t this inentation is notre;#ire! on,y recommene. ,oc3 comments are e,imite "y /R an R/ an can span m#,tip,e,ines hi,e ,ine comments m#st start ith //.

2008-2014 Inverse inc. Con@g#ration 10


13/58

Chapter

,re&erences !ierarchy

=%o s#pports omain names segregation! meaning that yo# can separate m#,tip,e gro#ps o$#sers ithin one insta,,ation o$ =%o. 7 #ser associate to a omain is ,imite to access on,ythe #sers ata $rom the same omain. Conse;#ent,y! the con@g#ration parameters o$ =%o aree@ne on three ,eve,s:

?ach ,eve, inherits the pre$erences o$ the parent ,eve,. here$ore! omain pre$erences e@ne thee$a#,ts va,#es o$ the #ser pre$erences! an the system pre$erences e@ne the e$a#,t va,#es o$a,, omains pre$erences. oth system an omains pre$erences are e@ne in the

/etc/so)o/so)o.con! hi,e the #sers pre$erences are con@g#ra",e "y the #ser an store in=%oLs ata"ase.

o ienti$y the ,eve, in hich each parameter can "e e@ne! e #se the $o,,oinga""reviations in the ta",es o$ this oc#ment :

Parameter ec,#sive to the system an not con@g#ra",e per omain

Parameter ec,#sive to a omain an not con@g#ra",e per #ser

' Parameter con@g#ra",e "y the #ser

emem"er that the hierarchy paraigm a,,o the e$a#,t va,#e o$ a parameter to "e e@ne at aparent ,eve,.



14/58

Chapter

General ,re&erences

he $o,,oing ta",e escri"es the genera, parameters that can "e set :

=or3ersCo#nt he amo#nt o$ instances o$ =%o that i,, "espane to han,e m#,tip,e re;#estssim#,taneo#s,y. hen starte $rom the initscript! that amo#nt is overrien "y theGP?=H va,#e in /etc/sysconi)/so)oor /etc/deault/so)o. 7 va,#e o$ B is areasona",e e$a#,t $or ,o #sage. hemaim#m va,#e epens on the CP' an I=poer provie "y yo#r machine : a va,#e settoo high i,, act#a,,y ecrease per$ormances#ner high ,oa.e$a#,ts to 1 hen #nset.

=*istenA#e#eiFe his parameter contro,s the "ac3,og siFe o$ thesoc3et ,isten ;#e#e. or ,arge-sca,eep,oyments! this va,#e m#st "e aD#ste incase a,, or3ers are "#sy an the parentprocesses receives ,ots o$ incomingconnections. e$a#,ts to hen #nset.

=Port he CP ,istening aress an port #se "y the=%o aemon. he $ormat isipaddress"port

e$a#,ts to 12


15/58

Chapter

=%o6emcache9ost Parameter #se to set the hostname anoptiona,,y the port o$ the memcache server.7 path can a,so "e #se i$ the server m#st "ereache via a 'ni soc3et.e$a#,ts to localhost.

ee memcachedserversparse34$or etai,son the synta.

=%oCacheC,ean#pInterva, Parameter #se to set the epiration (insecons) o$ each o"Dect in the cache.e$a#,ts to 00.

=%o7#thenticationype Parameter #se to e@ne the ay "y hich#sers i,, "e a#thenticate. or C.7..! speci$yGcasH. or 76*2! speci$y Gsam,2H. oranything e,se! ,eave that va,#e empty.

=%or#stProy7#thentication Parameter #se to set hether 9P #sernamesho#, "e tr#ste.

e$a#,ts to 5Ohen #nset.=%o?ncryptioney Parameter #se to e@ne a 3ey to encrypt the

passors o$ remote e" ca,enars henSOGoTrustProxyAutentication is ena",e.

=%oC7ervice'* hen #sing C.7.. a#thentication! thisspeci@es the "ase #r, $or reaching the C.7..service. his i,, "e #se "y =%o to e#cethe proper ,ogin page as e,, as the otherC.7.. services that =%o i,, #se.

=%oC7*ogo#t?na",e oo,ean va,#e inicating hether the G*ogo#tH,in3 is ena",e hen #sing C.7.. as

a#thentication mechanism.he G*ogo#tH,in3 i,, en #p ca,,ingSOGo6SService8&/lo)outto terminate thec,ientLs sing,e sign-on C.7.. session.

=%o7ressoo37+7ccess?na",e Parameter contro,,ing e"7+ access to theContactsco,,ections.his can "e #se to eny access to thesereso#rces $rom *ightning $or eamp,e.e$a#,ts to 9%Shen #nset.

=%oCa,enar7+7ccess?na",e Parameter contro,,ing e"7+ access to theCalendarco,,ections.his can "e #se to eny access to these

reso#rces $rom *ightning $or eamp,e.e$a#,ts to 9%Shen #nset.

=%o76*2Privateey*ocation he ,ocation o$ the * private 3ey @,e on the@,esystem that is #se "y =%o to sign anencrypt comm#nications ith the 76*2ientity provier. his @,e m#st "e generate$or each r#nning =%o service (rather than

2008-2014 Inverse inc. Con@g#ration 1B


16/58

Chapter

host).

=%o76*2Certiticate*ocation he ,ocation o$ the * certi@cate @,e. his @,em#st "e generate $or each r#nning =%oservice.

=%o76*2Ip6etaata*ocation he ,ocation o$ the metaata @,e that escri"esthe services avai,a",e on the 76*2 ienti$yprovier.

=%o76*2IpP#",icey*ocation he ,ocation o$ the * p#",ic 3ey @,e on the@,esystem that is #se "y =%o to sign anencrypt comm#nications ith the 76*2ientity provier. his @,e sho#, "e part o$ theset#p o$ yo#r ientity provier.

=%o76*2IpCerti@cate*ocation he ,ocation o$ the * certi@cate @,e. his @,esho#, "e part o$ the set#p o$ yo#r ientityprovier.

=%o76*2*ogo#t?na",e oo,ean va,#e inicate hether the G*ogo#tH,in3 is ena",e hen #sing 76*2 asa#thentication mechanism.

=%oimeSone Parameter #se to set a e$a#,t time Fone $or#sers. he e$a#,t timeFone is set to 8:6. he=,son ata"ase is a stanar ata"ase thatta3es a,, the time Fones aro#n the or, intoacco#nt an represents them a,ong ith theirhistory. =n %&'/*in# systems! time Fonee@nition @,es are avai,a",e #ner/usr/share/;oneino. *isting the avai,a",e@,es i,, give yo# the name o$ the avai,a",e

time Fones. his co#, "e merica/5e#9or*ontreal

=%o6ai,omain Parameter #se to set the e$a#,t omain name#se "y =%o. =%o #ses this parameter to"#i, the ,ist o$ va,i emai, aresses $or #sers.In o#r eamp,e! e set the e$a#,t omain toacme.com

=%o7ppointmenten?6ai,&oti@cations Parameter #se to set hether =%o sens ornot emai, noti@cations to meeting participants.

Possi",e va,#es are :T K? 5 to sen noti@cationsT &= 5 to not sen noti@cations

e$a#,ts to 5Ohen #nset.

=%oo,ersen?6ai,&oti@cations ame as a"ove! "#t the noti@cations aretriggere on the creation o$ a ca,enar or anaress "oo3.



17/58

Chapter

=%o7C*sen?6ai,&oti@cations ame as a"ove! "#t the noti@cations are sent tothe invo,ve #sers o$ a ca,enar or aress"oo3Ls 7C*s.

=%oCa,enare$a#,to,es Parameter #se to e@ne the e$a#,t ro,es hengiving permissions to a #ser to access aca,enar. e$a#,ts ro,es are ignore $or p#",icaccesses. 6#st "e an array o$ #p to @ve strings.?ach string e@ning a ro,e $or an eventcategory m#st "egin ith one o$ those va,#es:T P#",icT Con@entia,T Private7n each string m#st en ith one o$ thoseva,#es:T +ieerT 7n+ieerT 6oi@er

T esponerhe array can a,so contain one or many o$ the$o,,oing strings:T ="DectCreatorT ="Dect?raser?amp,e: SOGo6alendar?eaultoles =3@O!Aect6reator@< @Bu!licCie#er@4D

e$a#,ts to no ro,e hen #nset. ecommeneva,#es are @Bu!licCie#er@ anE6onidential?nd:Cie#erF.

=%oContactse$a#,to,es Parameter #se to e@ne the e$a#,t ro,es hengiving permissions to a #ser to access an

aress "oo3. e$a#,ts ro,es are ignore $orp#",ic accesses. 6#st "e an array o$ one ormany o$ the $o,,oing strings:T ="Dect+ieerT ="Dect?itorT ="DectCreatorT ="Dect?raser?amp,e: SOGo6ontacts?eaultoles =3@O!Aect%ditor@4D

e$a#,ts to no ro,e hen #nset.

=%o#per'sernames Parameter #se to set hich #sernames re;#ireaministrative privi,eges over a,, the #sers

ta",es. or eamp,e! this co#, "e #se to postevents in the #sers ca,enar itho#t re;#iringthe #ser to con@g#re his/her 7C*s. In this caseyo# i,, nee to speci$y those s#per#serLs#sernames ,i3e this :SOGoSuper8sernames = 3username1H[ail! an/or 6alendar! $or eamp,e:>odules6onstraints = K6alendar = K

ou = employeesD

LDLD

mapping 7 ictionary that maps contact attri"#tes #se "y =%oto the *7P attri"#tes #se "y the schema o$ the *7Pso#rce. ?ach entry m#st have an attri"#te name as 3eyan an array o$ strings as va,#e. his ena",es act#a, @e,sto "e mappe one a$ter another hen $etching contactin$ormations.

ee the *7P 7ttri"#te 6apping section "e,o $or aneamp,e an a ,ist o$ s#pporte attri"#tes.

o"DectC,asses hen the Gmoi@ersH ,ist (see "e,o) is set! or hen#sing *7P-"ase #ser aress"oo3s (see Ga"='H"e,,o)! this ,ist o$ o"Dect c,asses i,, "e app,ie to nerecors as they are create

moi@ers a ,ist (array) o$ #sernames that are a#thoriFe to per$ormmoi@cations to the aress "oo3 e@ne "y this *7Pso#rce

a"=' this @e, ena",es *7P-"ase #ser aress"oo3s "yspeci$ying the va,#e o$ the aress "oo3 container"eneath each #ser entry! $or eamp,e:ou=address!oo*s


26/58

Chapter

=%o*7PContactIn$o7ttri"#te Parameter #se to speci$y an attri"#te thatsho#, appear in a#tocomp,etion o$ the e"inter$ace.

=%o*7PA#ery*imit Parameter #se to ,imit the n#m"er o$ ret#rneres#,ts $rom the *7P server henever =%oper$orms a *7P ;#ery ($or eamp,e! #ringaresses comp,etion in a share aress "oo3).

=%o*7PA#eryimeo#t Parameter to e@ne the timeo#t o$ *7P;#eries. he act#a, time ,imit $or operations isa,so "o#ne "y the maim#m time that theserver is con@g#re to a,,o.e$a#,ts to 0 (#n,imite).

-'A, Attributes Indein$

o ens#re proper per$ormance o$ the =%o app,ication! the $o,,oing *7P attri"#tes m#st "e$#,,y inee :

given&ame cn mai, sn

P,ease re$er to the oc#mentation o$ the so$tare yo# #se in orer to ine those attri"#tes.

-'A, Attributes appin$

ome *7P attri"#tes are mappe to contacts attri"#tes in the =%o 'I. he ta",e "e,o ,istmost o$ them. It is possi",e to overrie these "y #sing the (appingcon@g#ration parameter.

or eamp,e! i$ the *7P schema #ses the axattri"#te to store the $a n#m"er! one co#, mapit to the acsi(ileteleponenu(/erattri"#te ,i3e this:

mappin) = K

acsimiletelephonenum!er = 3@a@< @acsimiletelephonenum!er@4D

LD



27/58

Chapter

&ame

irst given&ame

*ast sn

isp,ay&ame isp,ay&ame orcn orgiven&ame U sn

&ic3name moFi,,anic3name

Internet

?mai, mai,

econary emai, moFi,,aseconemai,

creen&ame nsaimi

Phones

or3 te,ephonem"er

9ome homephone

6o"i,e mo"i,ea $acsimi,ete,ephonen#m"er

Pager pager

9ome

7ress moFi,,ahomestreet U moFi,,ahomestreet2

City moFi,,ahome,oca,ityname

tate/Province moFi,,ahomestate

Sip/Posta, Coe moFi,,ahomeposta,coe

Co#ntry moFi,,ahomeco#ntryname

e" page moFi,,ahome#r,

or3

it,e tit,e

epartment o#

=rganiFation o

7ress street U moFi,,aor3street2

City ,

tate/Province st

Sip/Posta, coe posta,Coe

Co#ntry c

e" page moFi,,aor3#r,

=ther

irthay "irthyear-"irthmonth-"irthay

&ote escription



28/58

Chapter

Authenticatin$ usin$ C.A.S.

=%o native,y s#pports C.7.. a#thentication. or activating C.7.. a#thentication yo# nee@rst to ma3e s#re that the SOGouthentication:ypesetting is set to GcasH an that theSOGo6SService8&setting is con@g#re appropriate,y.

he tric3y part shos #p hen #sing =%o as a $ronten inter$ace to an I67P server as thisimposes constraints neee "y the C.7.. protoco, to ens#re sec#re comm#nication "eteenthe i$$erent services. ai,ing to ta3e those preca#tions i,, prevent #sers $rom accessing theirmai,s! hi,e sti,, granting "asic a#thentication to =%o itse,$.

he @rst constraint is that the amount of workers that SOGo uses must be higher than 1 inorder to enable the C.A.S.service to per$orm some va,iation re;#ests #ring I67P

a#thentication. 7 sing,e or3er a,one o#, not! "y e@nition! "e a",e to respon to the C.7..re;#ests hi,e treating the #ser re;#est that re;#ire the triggering o$ those re;#ests. Ko# m#stthere$ore con@g#re the Oor*ers6ountsetting appropriate,y.

he secon constraint is that theSOGo service must be accessible and accessed via https.6oreover! the certi@cate #se "y the =%o server has to "e recogniFe an tr#ste "y theC.7.. service. In the case o$ a certi@cate iss#e "y a thir-party a#thority! there sho#, "enothing to orry a"o#t. In the case o$ a se,$-signe certi@cate! the certi@cate m#st "e registerein the tr#ste 3eystore o$ the C.7.. app,ication. he proce#re to achieve this can "es#mmariFe as importing the certi@cate in the proper G3eystoreH #sing the *eytool#ti,ity anspeci$ying the path $or that 3eystore to the omcat instance hich provies the C.7.. service.his is one "y tea3ing the Aava.net.ssl.trustStoresetting! either in thecata,ina.properties @,e or in the comman-,ine parameters. =n e"ian! the =%o certi@cate can

a,so "e ae to the tr#ststore as $o,,os:

openssl 0, -in /etc/ssl/certs/so)o-cert.pem -outorm ?% T

-out /tmp/so)o-cert.der*eytool -import -*eystore /etc/ssl/certs/Aava/cacerts T

-ile /tmp/so)o-cert.der -alias so)o-certU :he *eystore pass#ord is Mchan)eitMU tomcat must !e restarted ater this operation

The certicate used b! the CAS server must also be trusted b! SOGo. In case o$ a se,$-signecerti@cate! this means eporting tomcatLs certi@cate #sing the *eytool#ti,ity! converting it toP?6 $ormat an appening it to the [email protected] @,e. (he name an ,ocation o$ that @,ei$$ers "eteen istri"#tions). asica,,y:



29/58

Chapter

U eport tomcatMs cert to openssl ormat

*eytool -*eystore /etc/tomcat7/*eystore -eportcert -alias tomcat V Topenssl 0, -inorm der Htomcat.pem

%nter *eystore pass#ord" tomcat

U add the pem to the trusted certscp tomcat.pem /etc/ssl/certs

cat tomcat.pem HH/etc/ssl/certs/ca-certiicates

I$ any o$ those constraints is not satis@e! the e"mai, inter$ace o$ =%o i,, isp,ay an emptyemai, acco#nt. 'n$ort#nate,y! =%o has no possi"i,ity to etect hich one is the ca#se o$ thepro",em. he on,y inicators are ,og messages that at ,east pinpoint the symptoms:

2ailure to o/tain a PGT ro( te C-A-S- service3

#ch an error i,, sho #p #ring a#thentication o$ the #ser to =%o. It happens hen thea#thentication service has accepte the #ser a#thentication tic3et "#t has not ret#rne a GProy

%ranting ic3etH.

2a CAS ailure occurred during operation----3

his error inicate that an attempt as mae to retrieve an a#thentication tic3et $or a thir-partyservice s#ch as I67P or sieve. 6ost o$ the time! this happens as a conse;#ence to the pro",emescri"e a"ove. o tro#",eshoot these iss#es! one sho#, "e tai,ing cas.,og! pam ,ogs an sogo,ogs.

C#rrent,y! =%o i,, as3 $or a C7 tic3et #sing the same C7 service name $or "oth I67P anieve. "hen CASif!ing sieve# this means that the -s parameter of pam2 asshould be thesame for both $%A& and Sieve! otherise the C7 server i,, comp,ain:

%O [or).Aasi).cas.6entraluthenticationServiceImpl] - Service:ic*et [S:-17+0-hoC1!rhh#>5n*S>C8#-ocas] #ith service [imap"//myimapserver does not

match supplied service [sieve"//mysieveserver"2000]

ina,,y! hen #sing imapproy to spee #p the imap accesses! the =%oI67PC7ervice&amesho#, "e set to the act#a, imap service name epecte "y pamVcas! otherise it i,, $ai, toa#thenticate incoming connection proper,y.

Authenticatin$ usin$ SA-2

=%o native,y s#pports 76*2 a#thentication. P,ease re$er to the oc#mentation o$ yo#rientity provier an the 76*2 con@g#ration 3eys that are ,iste a"ove $or proper set#p. =ncea =%o instance is con@g#re proper,y! the metaata $or that instance can "e retrieve $romhttp"//hostnameH/SOGo/saml2-metadata$or registration ith the ientity provier.



30/58

Chapter

In orer to re,ay a#thentication in$ormation to yo#r I67P server an i$ yo# ma3e #se o$ theCr#e76* 7* p,#gin! yo# nee to ma3e s#re that G&%Imap47#th6echanismH is con@g#reto #se the SAM+mechanism. I$ yo# ma3e #se o$ the Cr#e76* P76 p,#gin! this va,#e may "e,e$t empty.

'atabase Con($uration

=%o re;#ires a re,ationa, ata"ase system in orer to store appointments! tas3s an contactsin$ormation. It a,so #ses the ata"ase system to store persona, pre$erences o$ =%o #sers. In thisg#ie! e ass#me yo# #se PostgreA* so commans provie the create the ata"ase arere,ate to this app,ication. 9oever! other ata"ase servers are s#pporte! s#ch as 6yA* an=rac,e.

irst! ma3e s#re that yo#r PostgreA* server has CP/IP connections s#pport ena",e.

Create the ata"ase #ser an schema #sing the $o,,oing commans :

su W post)res

createuser --no-superuser --no-created! W-no-createrole TW-encrypted --p#prompt so)o

3speciy Eso)oF as pass#ord4

created! -O so)o so)o

Ko# sho#, then aD#st the access rights to the ata"ase. o o so! moi$y the con@g#ration @,e/var/li!/p)sl/data/p)h!a.conin orer to a the $o,,oing ,ine at the very "eginningo$ the @,e:

host so)o so)o 127.0.0.1/2 md

=nce ae! restart the PostgreA* ata"ase service. hen! moi$y the =%o con@g#ration @,e(/etc/so)o/so)o.con) to reMect yo#r ata"ase settings :

SOGoBroile8& =

@post)resl"//so)o"so)oPlocalhost"+2/so)o/so)ouserproile@DO6SJolderIno8& = @post)resl"//so)o"so)oPlocalhost"+2/so)o/so)oolderino@D

O6SSessionsJolder8& = @post)resl"//so)o"so)oPlocalhost"+2/so)o/so)osessionsolder@D

he $o,,oing ta",e escri"es the parameters that ere set :

=%oPro@,e'* Parameter #se to set the ata"ase '* so that =%o canretrieve #ser pro@,es.or 6yA*! set the ata"ase '* to something ,i3e :mysl"//so)o"so)oPlocalhost"0'/so)o/so)ouserproile

=Co,erIn$o'* Parameter #se to set the ata"ase '* so that =%o can

mailto:sogo@localhostmailto:sogo@localhost


31/58

Chapter

retrieve the ,ocation o$ #ser $o,ers (aress "oo3s anca,enars)or =rac,e! set the ata"ase '* to something ,i3e :oracle"//so)o"so)oPlocalhost"12'/so)o/so)oolderino

=Cessionso,er'* Parameter #se to set the ata"ase '* so that =%o canstore an retrieve sec#re #ser sessions in$ormation. orPostgreA*! the ata"ase '* co#, "e set to something,i3e :post)resl"//so)o"so)oPlocalhost"+2/so)o/so)os

essionsolder

=C?6ai,7,armso,er'* Parameter #se to set the ata"ase '* $or emai,-"asea,arms (that can "e set on events an tas3s). his parameter isre,evant on,y i$ =%o?na",e?6ai,7,arms is set to K?. orPostgreA*! the ata"ase '* co#, "e set to something,i3e :post)resl"//so)o"so)oPlocalhost"+2/so)o/so)oa

larmsolder

ee the G?6ai, reminersH section in this oc#ment $or morein$ormation.

I$ yo#Lre #sing 6yA*! ma3e s#re in yo#r my.cn@,e yo# have :

[mysld]...charactersetserver=ut

charactersetclient=ut

[client]deault-character-set=ut

[mysl]

deault-character-set=ut

an hen yo# create the =%o ata"ase! yo# correct,y speci$y the charset :

create data!ase so)o 6$S%:=M8:JMD

Authentication usin$ S/-

=%o can #se a A*-"ase ata"ase server $or a#thentication. he con@g#ration is very simi,arto *7P-"ase a#thentication.

he $o,,oing ta",e escri"es a,, the possi",e parameters re,ate to a A* so#rce :

2008-2014 Inverse inc. Con@g#ration 2>


32/58

Chapter

=%o'sero#rces Parameter #se to set the A* an/or *7P so#rces #se $ora#thentication an g,o"a, aress "oo3s. 6#,tip,e so#rces can"e speci@e as an array o$ ictionaries. 7 ictionary thate@nes a A* so#rce can contain the $o,,oing va,#es :

type the type o$ this #ser so#rce! set to sl$or a A* so#rce

i the ienti@cation name o$ the A* repository. his m#st "e#ni;#e 5 even hen #sing m#,tip,e omains.

vie'* ata"ase '* o$ the vie #se "y =%o. he vie epectsco,#mns to "e present. e;#ire co,#mns are :T cuid: i,, "e #se $or a#thentication 5 itLs a #sernameor #sernameWomain.t,T cname: i,, "e #se to #ni;#e,y ienti$y entries 5 hichcan "e ientica, to cV#iT cpass#ord: passor o$ the #ser! p,ain tet! crypt! mor sha encoeT ccn: the #serLs common name

T mail: the #serLs emai, aress=ther co,#mns can eist an i,, act#a,,y "e mappea#tomatica,,y i$ they have the same name as pop#,ar *7Pattri"#tes (s#ch as )iven5ame! sn! department! title!telephone5um!er! etc.)

#serPassor7,gorithm he e$a#,t a,gorithm #se $or passor encryption henchanging passors.Possi",e va,#es are: none! p,ain! crypt! m! m-crypt!sm! cram-m! ,ap-m! an sha! sha2! sha12 anits ssha (e.g. ssha or ssha2) variants. Passors can havethe scheme prepene in the $ormKschemeLencryptedBass.

I$ no scheme is given! #serPassor7,gorithm is #seinstea. he schemes ,iste a"ove $o,,o the a,gorithmsescri"e inhttp://i3i.ovecot.org/7#thentication/Passorchemes .&ote that cram-m is not act#a,,y #sing cram-m (#e tothe ,ac3 o$ cha,,enge-response mechanism)! its

D#st saving the intermeiate 6 contet as ovecot storesin its ata"ase.

prepenPassorcheme he e$a#,t "ehavio#r is to store ne,y set passorsitho#t the scheme (e$a#,t: prependBass#ordScheme =5O) .his can "e overrien "y setting prependBass#ordScheme

to9%S

an i,, res#,t in passors store asKschemeLencryptedBass.

can7#thenticate i$ set to 9%S! this A* so#rce is #se $or a#thentication

is7ressoo3 i$ set to K?! this A* so#rce is #se as a share aress"oo3 (ith rea-on,y access). &ote that i$ set to &=!a#tocomp,etion i,, not or3 $or entries in this so#rce anth#s! $ree"#sy ,oo3#ps.

2008-2014 Inverse inc. Con@g#ration B0
http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes


33/58

Chapter

a#thenticationi,ter(optiona,)

a @,ter that ,imits hich #sers can a#thenticate $rom thisso#rce

isp,ay&ame (optiona,) i$ set as an aress "oo3! the h#man ienti@cation name o$the A* repository

*oginie,&ames (optiona,) an array o$ @e,s that speci@es the co,#mn names thatcontain va,i a#thentication #sernames (e$a#,ts to cuidhen #nset)

6ai,ie,&ames (optiona,) an array o$ @e,s that speci@es the co,#mn names that ho,aitiona, emai, aresses ("esie the mailco,#mn) $oreach #ser

I67P9ostie,&ame(optiona,)

the @e, that ret#rns the I67P hostname $or the #ser

I67P*oginie,&ame(optiona,)

the @e, that ret#rns the I67P ,ogin name $or the #ser(e$a#,ts to cuidhen #nset)

ieve9ostie,&ame

(optiona,)

the @e, that ret#rns the ieve hostname $or the #ser

inie,&ame (optiona,) i$ set! =%o i,, try to etermine i$ the va,#e o$ the @e,correspons to either Ggro#pH! G,ocationH or GthingH. I$thatLs the case! =%o i,, consier the ret#rne entry to "ea reso#rce.

6#,tip,eoo3ingsie,&ame (optiona,)

he va,#e o$ this @e, is the maim#m n#m"er o$conc#rrent events to hich a reso#rce can "e part o$ at anypoint in time.

I$ this is set to 0! or i$ the attri"#te is missing! it means no,imit.

omainie,&ame(optiona,)

I$ set! =%o i,, #se the va,#e o$ that @e, as the omainassociate to the #ser. ee the G6#,ti-omainsCon@g#ration3section in this oc#ment $or morein$ormation.

9ere is an eamp,e o$ an A*-"ase a#thentication an aress "oo3 so#rce:

SOGo8serSources =3

K type = slD

id = directoryD vie#8& = @post)resl"//so)o"so)oP127.0.0.1"+2/so)o/so)ovie#@D canuthenticate = 9%SD

isddressoo* = 9%SD userBass#ordl)orithm = mdD

L4D

Certain ata"ase co,#mns m#st "e present in the vie/ta",e! s#ch as :



34/58

Chapter

cuid- i,, "e #se $or a#thentication 5 itLs the #sername or #sernameWomain.t,) cname- hich can "e ientica, to cV#i 5 i,, "e #se to #ni;#e,y ienti$y entries cpass#ord5 passor o$ the #ser! p,ain-tet! m or sha encoe $or no ccn- the #serLs common name 5 s#ch as GXohn oeH

mail5 the #serLs mai, aress&ote that gro#ps are c#rrent,y not s#pporte $or A*-"ase a#thentication so#rces.

S0, Server Con($uration

=%o ma3es #se o$ a 6P server to sen emai,s $rom the e" inter$ace! i6IP/iIP messagesan vario#s noti@cations.

he $o,,oing ta",e escri"es the re,ate parameters.

=%o6ai,ing6echanism Parameter #se to set ho =%o sens mai,

messages. Possi",e va,#es are :X sendmail5 to #se the senmai, "inaryX smtp5 to #se the 6P protoco,

=%o6Perver he & name or IP aress o$ the 6P server #sehen SOGo>ailin)>echanismis set to smtp.

=%o6P7#thenticationype 7ctivate 6P a#thentication an speci@es hichtype is in #se. C#rrent! on,y GP*7I&H is s#pportean other va,#es i,, "e ignore.

=en6ai, he path o$ the senmai, "inary.e$a#,ts to /usr/li!/sendmail.

=%oorce?terna,*oginith?mai, Parameter #se to speci$y i$! hen ,ogging in to the6P server! the primary emai, aress o$ the #seri,, "e #se instea o$ the #sername. Possi",e va,#esare :T K?T &=e$a#,ts to 5Ohen #nset.

IA, Server Con($uration

=%o re;#ires an I67P server in orer to ,et #sers cons#,t their emai, messages! manage their$o,ers an more.

he $o,,oing ta",e escri"es the re,ate parameters.

' =%ora$tso,er&ame Parameter #se to set the I67P $o,er name #se

mailto:[email protected]:[email protected]:[email protected]


35/58

Chapter

to store ra$ts messages.e$a#,ts to Gra$tsH hen #nset.'se a G/H as a hierarchy separator i$ re$erring toan I67P s#"$o,er.or eamp,e : I5OY/?rats

' =%oento,er&ame Parameter #se to set the I67P $o,er name #seto store sent messages. e$a#,ts to GentH hen#nset.'se a G/H as a hierarchy separator i$ re$erring toan I67P s#"$o,er.or eamp,e :I5OY/Sent

' =%orasho,er&ame Parameter #se to set the I67P $o,er name #seto store e,ete messages. e$a#,ts to GrashHhen #nset.'se a G/H as a hierarchy separator i$ re$erring toan I67P s#"$o,er.or eamp,e : I5OY/:rash

=%oI67PC7ervice&ame Parameter #se to set the C7 service name ('*)o$ the imap service. his is #se$#, i$ =%o isconnecting to the I67P service thro#gh a proy.hen #sing pamcas! this parameter sho#, "eset to the same va,#e as the -sarg#ment o$ theimap pam service.

=%oI67Perver Parameter #se to set the & name or IP aresso$ the I67P server #se "y =%o. Ko# can a,so#se * or * "y proviing a va,#e #sing an '*!s#ch as :Timaps"//localhost",,

Timaps"//localhost"1+/Qtls=9%S =%oieveerver Parameter #se to set the & name or IP aress

o$ the ieve (managesieve) server #se "y =%o.Ko# m#st #se an '* s#ch as:Tsieve"//localhostTsieve"//localhost"2000Tsieve"//localhost"2000/Qtls=9%S&ote that * is s#pporte "#t * is not.

=%oieveo,er?ncoing Parameter #se to speci$y hich encoing is #se$or I67P $o,er names in ieve @,ters. e$a#,ts toG'-


36/58

Chapter

va,#es are :Trc20'Trc+1+e$a#,ts to rc+1+hen #nset.

=%oI67P7c,Con$ormsoI67P?t Parameter #se to speci$y i$ the I67P serverimp,ements the Internet 6essage 7ccess Protoco,?tension. Possi",e va,#es are :T K?T &=e$a#,ts to 5Ohen #nset.

=%oorce?terna,*oginith?mai, Parameter #se to speci$y i$! hen ,ogging in tothe I67P server! the primary emai, aress o$ the#ser i,, "e #se instea o$ the #sername.Possi",e va,#es are :T K?T &=e$a#,ts to 5Ohen #nset.

=%o6ai,poo,Path Parameter #se to set the path here temporaryemai, ra$ts are ritten. I$ yo# change this va,#e!yo# m#st a,so moi$y the ai,y cronDo" so)o-tmp#atch.e$a#,ts to /var/spool/so)o.

&%Imap4Connectiontringeparator Parameter #se to set the I67P mai,"o separator.etting this i,, a,so have an impact on themai,"o separator #se "y ieve @,ters. he e$a#,tseparator is G/H.

&%Imap47#th6echanism rigger the #se o$ the I67P G7'9?&IC7?Hcomman ith the speci@e 7* mechanism.

P,ease note that $eat#re might "e ,imite at thistime.

&%Imap4Connection%ro#pIPre@ Pre@ to prepen to names in I67P 7C*transactions! to inicate the name is a gro#p namenot a #ser name. C4B14 gives eamp,es heregro#p names are pre@e ith LYL. ovecot! $orone! $o,,os this scheme! an i,,! $or eamp,e!app,y permissions $or LYaminsL to a,, #sers ingro#p LaminsL in the a"sence o$ speci@cpermissions $or the inivi#a, #ser. he e$a#,tpre@ is LYL.

eb Inter&ace Con($uration

he $o,,oing aitiona, parameters on,y a$$ect the e" inter$ace "ehavio#r o$ =%o.



37/58


38/58


39/58

Chapter

#nay.e$a#,ts to 0 hen #nset.

' =%oirstee3=$Kear Parameter #se to e@ne ho is ienti@e the@rst ee3 o$ the year. Possi",e va,#es are :TZanuary1TJirst+?ayee*TJirstJullee*e$a#,ts to Zanuary1hen #nset.

' =%oimeormat he $ormat #se to isp,ay time in the time,ineo$ the ay an ee3 vies. P,ease re$er to theoc#mentation $or the datecomman or thestrti(eC $#nction $or the ,ist o$ avai,a",e$ormat se;#ence.e$a#,ts to $">.

' =%oCa,enarCategories Parameter #se to e@ne the categories that can"e associate to events. his parameter is an

array o$ ar"itrary strings.e$a#,ts to a ,ist that epens on the ,ang#age.

' =%oCa,enare$a#,tCategoryCo,or Parameter #se to e@ne the e$a#,t co,o#r o$categories.e$a#,ts to UJ0J0J0hen #nset.

' =%oCa,enar?ventse$a#,tC,assi@cation Parameter #se to e@ne the e$a#,tc,assi@cation $or ne events. Possi",e va,#esare :TB8&I6T6O5JI?%5:I&TBIC:%e$a#,ts to B8&I6hen #nset.

' =%oCa,enaras3se$a#,tC,assi@cation Parameter #se to e@ne the e$a#,tc,assi@cation $or ne tas3s. Possi",e va,#esare :TB8&I6T6O5JI?%5:I&TBIC:%e$a#,ts to B8&I6hen #nset.

' =%oCa,enare$a#,teminer Parameter #se to e@ne a e$a#,t reminer$or ne events. Possi",e va,#es are :T -B:>T -B:10>

T-B:1>

T -B:0>T -P46T -B:1$T -B:2$T -B:$T -B:1$T -B1?

2008-2014 Inverse inc. Con@g#ration B


40/58


41/58

Chapter

Thtmle$a#,ts to tet.

=%o?na",e?6ai,7,arms Parameter #se to ena",e emai,-"ase a,armson events an tas3s.

e$a#,ts to 5Ohen #nset.or this $eat#re to or3 correct,y! one m#st a,soset the =C?6ai,7,armso,er'* parameteran ena",e the associate cron4o/.ee the GCron4o/E ?6ai, reminersH section$rom this oc#ment $or more in$ormation.

' =%oContactsCategories Parameter #se to e@ne the categories that can"e associate to contacts. his parameter is anarray o$ ar"itrary strings.e$a#,ts to a ,ist that epens on the ,ang#age.

=%o'I7itiona,Xi,es Parameter #se to e@ne a ,ist o$ aitiona,Xavacript @,es ,oae "y =%o $or a,,

isp,aye e" pages. his parameter is an arrayo$ strings corresponing o$ paths to thear"itrary Xavacript @,es. he paths are re,ativeto the e!Serveresourcesirectory! hichis #s#a,,y $o#n #ner/usr/li!/G58step/SOGo/.

=%o6ai,C#stomrom?na",e Parameter #se to a,,o or not #sers to speci$yc#stom GromH aresses $rom =%oLspre$erences pane,.


=%o'I7itiona,Pre$erences Parameter #se to ena",e an etra pre$erencesta" #sing the content o$ the temp,ate name8IdditionalBreerences.#o. histemp,ate sho#, "e p#t #nerZso)o/G58step/&i!rary/SOGo/:emplates/Breerences8I/.


2008-2014 Inverse inc. Con@g#ration B>


42/58


43/58

Chapter

ultidomains Con($uration

I$ yo# ant yo#r insta,,ation to iso,ate to gro#ps o$ #sers! yo# m#st e@ne a istinct

a#thentication so#rce $or each do(ain. o,,oing is the same con@g#ration that no inc,#esto omains (acme.com an coyote.com) :

K SOGoBroile8& = @post)resl"//so)o"so)oPlocalhost"+2/so)o/so)ouserproile@D

O6SJolderIno8& = @post)resl"//so)o"so)oPlocalhost"+2/so)o/so)oolderino@D

O6SSessionsJolder8& = @post)resl"//so)o"so)oPlocalhost"+2/so)o/so)osessionsolder@D

SOGoppointmentSend%>ail5otiications = 9%SD SOGo6alendar?eaultoles = 3 Bu!licCie#erailin)>echanism = smtpD

SOGoS>:BServer = 127.0.0.1D SOGoSentJolder5ame = SentD SOGo:ime\one = merica/>ontrealD

SOGo:rashJolder5ame = :rashD SOGoI>BServer = localhostD

domains = K acme = K

SOGo>ail?omain = acme.comD SOGo?ratsJolder5ame = ?ratsD

SOGo8serSources = 3 K type = ldapD

65Jield5ame = cnD I?Jield5ame = uidD

8I?Jield5ame = uidD !ase?5 = @ou=users


44/58

Chapter

SOGoI>BServer = imap.coyote.comD

SOGo8serSources = 3 K type = ldapD

65Jield5ame = cnD

I?Jield5ame = uidD 8I?Jield5ame = uidD !ase?5 = @ou=users


45/58

Chapter

e$a#,ts to an empty array! hich means omainsare iso,ate $rom each other.

Apache Con($uration

he =%o con@g#ration $or 7pache is ,ocate in /etc/httpd/con.d/SOGo.con.

'pon =%o insta,,ation! a e$a#,t con@g#ration @,e is create hich is s#ita",e $or mostcon@g#rations.

Ko# m#st a,so con@g#re the $o,,oing parameters in the =%o con@g#ration @,e $or 7pache inorer to have a or3ing insta,,ation :

euest$eader set @-#e!o!Aects-server-port@ @0@

euest$eader set @-#e!o!Aects-server-name@ @yourhostname@euest$eader set @-#e!o!Aects-server-url@ @http"//yourhostname@

Ko# may consier ena",ing * on top o$ this c#rrent insta,,ation to sec#re access to yo#r =%oinsta,,ation.

eehttp://http.apache.org/ocs/2.2/ss,/$or etai,s.

Ko# might a,so have to aD#st the con@g#ration i$ yo# have ?*in# ena",e.

he e$a#,t con@g#ration i,, #se modproyan modheadersto re,ay re;#ests to the so)odparent process. his is s#ita",e $or sma,, to mei#m ep,oyments.

Startin$ Services

=nce =%o i$ $#,,y insta,,e an con@g#re! start the services #sing the $o,,oing comman :

service so)od start

Ko# may veri$y #sing the chkconfigcomman that the =%o service is a#tomatica,,y starteat "oot time. estart the 7pache service since mo#,es an con@g#ration @,es ere ae :

service httpd restart

ina,,y! yo# sho#, a,so ma3e s#re that the memcachedservice is starte an that it is a,soa#tomatica,,y starte at "oot time.

2008-2014 Inverse inc. Con@g#ration 4B
http://httpd.apache.org/docs/2.2/ssl/http://httpd.apache.org/docs/2.2/ssl/http://httpd.apache.org/docs/2.2/ssl/


46/58

Chapter

Cronjob +ail reminders

=%o a,,os yo# to set emai,-"ase reminers $or events an tas3s. o ena",e this! yo# m#stena",e the SOGo%na!le%>aillarmspre$erence an set the O6S%>aillarmsJolder8&pre$erence accoring,y.

=nce yo#Lve correct,y set those to pre$erences! yo# m#st create a cron4o/that i,, r#n #nerthe GsogoH #ser. his cron4o/sho#, "e r#n every min#te.

7 commente o#t eamp,e sho#, have "een insta,,e in /etc/cron.d/so)o! to ena",e it!simp,y #ncomment it.

7s a re$erence! the cron4o/sho#, e e@ne ,i3e this:

N N N N N /usr/s!in/so)o-ealarms-notiy

I$ yo#r mai, server re;#ires #se o$ 6P 7'9! speci$y a creentia, @,e #sing -p/path/to/credJile. his @,e sho#, contain the #sername an passor! separate "y aco,on (#sername:passor)

Cronjob 4acation messa$es epiration

hen vacation messages are ena",e (see the parameter SOGoCacation%na!led)! #sers can setan epiration ate to messages a#to-rep,y. or this $eat#re to or3! yo# m#st r#n a cron4o/#ner the GsogoH #ser.

7 commente o#t eamp,e sho#, have "een insta,,e in /etc/cron.d/so)o. o or3correct,y this too, m#st ,ogin as an aministrative #ser on the sieve server. he re;#irecreentia,s m#st "e speci@e in a @,e "y #sing -p /path/to/credJile. his @,e sho#,contain the #sername an passor! separate "y a co,on (#sername:passor)

he cron4o/sho#, ,oo3 ,i3e this :

0 0 N N N so)o /usr/s!in/so)o-tool epire-autoreply -p/etc/so)o/sieve.creds



47/58


48/58

Chapter

Creatin$ a *ser Account

=%o #ses *7P irectories to a#thenticate #sers. 'se the $o,,oing *I @,e (Adoe.ldi) asan eamp,e to create a =%o #ser acco#nt :

dn" uid=Adoe


49/58

Chapter icrosot-Server-ctiveSync Thttp"//127.0.0.1"20000/SOGo/>icrosot-Server-ctiveSyncT

retry='0 connectiontimeout= timeout='0

estart 7pache a$terars.

he $o,,oing aitiona, parameters on,y a$$ect =%o hen #sing 7ctiveync:

=%o6aim#mPingInterva, Parameter #se to set the maim#m amo#nt o$

time! in secons! =%o i,, ait "e$ore rep,yingto a Ping comman. I$ not set! it e$a#,ts to secons.

=%o6aim#myncInterva, Parameter #se to set the maim#m amo#nt o$time! in secons! =%o i,, ait "e$ore rep,yingto a ync comman. I$ not set! it e$a#,ts to B0secons.

=%oInterna,yncInterva, Parameter #se to set the maim#m amo#nt o$time! in secons! =%o i,, ait "e$ore oing aninterna, chec3 $or ata changes (a! e,ete! an#pate). his parameter m#st "e ,oer thanSOGo>aimumSyncInterval. I$ not set! it e$a#,ts

to 10 secons. =%o6aim#myncinoiFe Parameter #se to overrite the maim#m n#m"er

o$ items ret#rne #ring a ync operation.e$a#,ts to 0! hich means no overrite isper$orme. etting this parameter to a va,#egreater than 12 i,, have #nepecte "ehavio#rith vario#s 7ctiveync c,ients.

2008-2014 Inverse inc. 6icroso$t 7ctiveync 4


50/58

Chapter 121$or con@g#ration instr#ctions. =n the=%o sie! SOGo%na!leBu!licccessm#st "e set to K? an the '* to #se m#st "e o$ the$o,,oing $ormat: http"//hostnameH/SOGo/dav/pu!lic/5>%/ree!usy.i!

In orer to #se the =%o 7ctiveync s#pport coe in pro#ction environments! yo# nee to geta proper #sage ,icense $rom 6icroso$t. P,ease contact them irect,y to negotiate the $eesassociate to yo#r #ser "ase.

o contact 6icroso$t! p,ease visit:

http://.microso$t.com/en-

#s/,ega,/inte,,ect#a,property/IP*icensing/Programs/echangeactivesyncprotoco,.asp

an sen an emai, toip,icre;Wmicroso$t.com

Inverse inc. provies this so$tare $or $ree! "#t is not responsi",e $or anything re,ate to its#sage.

2008-2014 Inverse inc. 6icroso$t 7ctiveync 48
http://www.vionblog.com/connect-zimbra-community-with-outlook-2013http://support.microsoft.com/kb/291621http://support.microsoft.com/kb/291621http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxmailto:[email protected]:[email protected]://www.vionblog.com/connect-zimbra-community-with-outlook-2013http://support.microsoft.com/kb/291621http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxmailto:[email protected]


51/58

Chapter 8

7 *sin$ S#Go

S#Go eb Inter&ace

o acces the =%o e" Inter$ace! point yo#r e" "roser! hich is r#nning $rom the sameserver here =%o as insta,,e! to the $o,,oing '* : http://,oca,host/=%o

*og in #sing the GDoeH #ser an the G;ertyH passor. he #ner,ying ata"ase ta",es i,,a#tomatica,,y "e create "y =%o.

o8illa 0hunderbird and -i$htnin$

7,ternative,y! yo# can access =%o ith a %ro#p7+ an a Ca,7+ c,ient. 7 typica, e,,-integrate set#p is to #se 6oFi,,a h#ner"ir an 6oFi,,a *ightning a,ong ith InverseLs SOGoConnectorp,#g in to synchroniFe yo#r aress "oo3s an the InverseLs SOGo Integratorp,#g into provie a comp,ete integration o$ the $eat#res o$ =%o into h#ner"ir an *ightning. e$erto the oc#mentation o$ h#ner"ir to con@g#re an initia, I67P acco#nt pointing to yo#r

=%o server an #sing the #ser name an passor mentione a"ove.

ith the =%o Integrator p,#g in! yo#r ca,enars an aress "oo3s i,, "e a#tomatica,,yiscovere hen yo# ,ogin in h#ner"ir. his p,#g in can a,so propagate speci@c etensionsan e$a#,t #ser settings among yo#r site. 9oever! "e aare that in orer to #se the =%oIntegrator p,#g in! yo# i,, nee to repac3age it ith speci@c moi@cations. P,ease re$er to theoc#mentation p#",ishe on,ine:

http://.sogo.n#/on,oas/oc#mentation.htm,.

I$ yo# on,y #se the =%o Connector p,#g in! yo# can sti,, easi,y access yo#r ata.

o access yo#r persona, aress "oo3:

Choose %o [ 7ress oo3.

Choose i,e [ &e [ emote 7ress oo3.

?nter a signi@cant name $or yo#r ca,enar in the &ame @e,.

ype the $o,,oing '* in the '* @e,:http://\hostname[/=%o/av/Doe/Contacts/persona,/

2008-2014 Inverse inc. 'sing =%o 4>
http://localhost/SOGohttp://www.sogo.nu/downloads/documentation.htmlhttp://localhost/SOGo/dav/jdoe/Contacts/personal/http://localhost/SOGohttp://www.sogo.nu/downloads/documentation.htmlhttp://localhost/SOGo/dav/jdoe/Contacts/personal/


52/58

Chapter 8

C,ic3 on =.

o access yo#r persona, ca,enar:

Choose %o [ Ca,enar.

Choose Ca,enar [ &e Ca,enar.

e,ect =n the &etor3 an c,ic3 on Contin#e.

e,ect Ca,7+.

ype the $o,,oing '* in the '* @e,:http://,oca,host/=%o/av/Doe/Ca,enar/persona,/

C,ic3 on Contin#e.

Apple iCal

7pp,e iCa, can a,so "e #se as a c,ient app,ication $or =%o.

o con@g#re it so it or3s ith =%o! create a ne acco#nt an speci$y! as the 7cco#nt '*!an '* s#ch as :

http://,oca,host/=%o/av/Doe/

&ote that the trai,ing s,ash is important $or 7pp,e iCa, B.

Apple Address9oo:

ince 6ac = J 10. (no *eopar)! 7pp,e 7ressoo3 can "e con@g#re to #se =%o.

In orer to ma3e this or3! yo# m#st a a ne virt#a, host in yo#r 7pache con@g#ration @,e to,isten on port 8800 an han,e re;#ests coming $rom i= evices.

he virt#a, host sho#, "e e@ne ,i3e :

Cirtual$ost N"00H e#rite%n)ine O

Broyeuests O Set%nv proy-no*eepalive 1

BroyBreserve$ost On BroyBassInterpolate%nv On BroyBass /principals http"//127.0.0.1"20000/SOGo/dav/ interpolate

BroyBass /SOGo http"//127.0.0.1"20000/SOGo interpolate BroyBass / http"//127.0.0.1"20000/SOGo/dav/ interpolate

2008-2014 Inverse inc. 'sing =%o 0
http://localhost/SOGo/dav/jdoe/Calendar/personal/http://localhost/SOGo/dav/jdoe/http://localhost/SOGo/dav/jdoe/Calendar/personal/http://localhost/SOGo/dav/jdoe/


53/58

Chapter 8

&ocation /H

Order allo#


54/58

Chapter 8

icroso&t ActiveSync ; obile 'evices

Ko# can synchroniFe contacts! emai,s! events an tas3s $rom =%o ith any mo"i,e evicesthat s#pport 6icroso$t 7ctiveync. 6icroso$t =#t,oo3 201B is a,so s#pporte.

he 6icroso$t 7ctiveync server '* is genera,,y something ,i3e: http://\hostname[/6icroso$t-7ctive-ync.

2008-2014 Inverse inc. 'sing =%o 2
http://localhost/Microsoft-Active-Synchttp://localhost/Microsoft-Active-Synchttp://localhost/Microsoft-Active-Synchttp://localhost/Microsoft-Active-Sync


55/58

Chapter >

< *p$radin$

his section escri"es hat nees to "e one hen #pgraing to the c#rrent version o$ =%o$rom the previo#s re,ease.

'.(.)

he con@g#ration is no store in /etc/sogo/sogo.con$. Per$orm the $o,,oing commans asroot to migrate yo#r previo#s #ser e$a#,ts:

install -d -m 70 -o so)o -) so)o /etc/so)osudo -u so)o so)o-tool dump-deaults H /etc/so)o/so)o.concho#n root"so)o /etc/so)o/so)o.con

chmod '+0 /etc/so)o/so)o.consudo -u so)o mv /G58step/?eaults/.G58step?eaults T /G58step/?eaults/G58step?eaults.old

'.(.*

he parameter SOGoJorceI>B&o)inith%mailis no eprecate an is rep,ace "ySOGoJorce%ternal&o)inith%mail(hich etens the $#nctiona,ity to 6Pa#thentication). 'pate yo#r con@g#ration i$ yo# #se this parameter.

he sogo #ser is no a system #ser. or ne insta,,s! this means that Gsu - so)oG onLt or3anymore. P,ease #se Gsudo -u so)o cmdHH instea. I$ #se in scripts $rom cronDo"s!re1uirettym#st "e isa",e in s#oers.

1.+.1,

#n the she,, script sl-update-1..1'to1..17.shor sl-update-1..1'to1..17-mysl.sh(i$ yo# #se 6yA*).

his i,, gro the Gcyc,e in$oH @e, o$ ca,enar ta",es to a ,arger siFe.

1.+.1'

=nce yo# have #pate an restarte =%o! r#n the she,, script sl-update-

1..11to1..12.sh or sl-update-1..11to1..12-mysl.sh 3i$ yo# #se6yA*).

his i,, gro the GcontentH @e, o$ ca,enar an aress"oo3 ta",es to a ,arger siFe an @the primary 3ey o$ the session ta",e.

1.+.-

or e 9at-"ase istri"#tions! version 1.2B o$ %&'step i,, "e insta,,e. ince the ,ocation

2008-2014 Inverse inc. 'pgraing B


56/58

Chapter >

o$ the e" reso#rces changes! the 7pache con@g#ration @,e (=%o.con$) has "een aapte.+eri$y yo#r 7pache con@g#ration i$ yo# have c#stomiFe this @,e.

2008-2014 Inverse inc. 4


57/58

Chapter 10

1= Additional In&ormation

or more in$ormation! p,ease cons#,t the on,ine 7As (re;#ent,y 7s3e A#estions) :

http://.sogo.n#/eng,ish/s#pport/$a;.htm,

Ko# can a,so rea the mai,ing archives or post yo#r ;#estions to it. or etai,s! see :

https:// ,ists. inverse.ca/sogo

2008-2014 Inverse inc. 7itiona, In$ormation
http://www.sogo.nu/english/support/faq.htmlhttps://lists.inverse.ca/sogohttps://lists.inverse.ca/sogohttps://lists.inverse.ca/sogohttp://www.sogo.nu/english/support/faq.htmlhttps://lists.inverse.ca/sogohttps://lists.inverse.ca/sogohttps://lists.inverse.ca/sogo


58/58

Chapter 11

11 Commercial Support and ContactIn&ormation

or any ;#estions or comments! o not hesitate to contact #s "y riting an emai, to :

s#pportWinverse.ca

Inverse (http://inverse.ca) o$$ers pro$essiona, services aro#n =%o to he,p organiFations ep,oythe so,#tion an migrate $rom their ,egacy systems.
mailto:[email protected]://inverse.ca/mailto:[email protected]://inverse.ca/

sogo installation guide.pdf

Documents