Author Topic: Quick Howto: SOGo  (Read 58215 times)

binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Quick Howto: SOGo
« on: April 05, 2010, 12:07:35 pm »
Hi there,

as far as I can understand, some people are interested in getting SOGo [1] running on ebox; or others are having trouble with their LDAP integration. It works fine for me with the setup as described later. I use SOGo with MySQL on Ubuntu Hardy 8.04 LTS. I am using ebox is 1.4.

Actually it might be worth getting an ebox module, but I never had time to look into it (yet) :-). For now here are some basic informations how I got it running. I just want to point out the most important steps. Please refer to the very nice official documentation from Inverse [3]. The MHC SoftWare SOGo WIKI [4] was also a big help for me.

1. SOGo apt source

Add
Code: [Select]
deb http://inverse.ca/debian lenny lenny to your /etc/apt/sources.list

2. Other dependencies

You need to build
gnustep-base-common_1.16.1-2ubuntu1_all.deb
gnustep-base-runtime_1.16.1-2ubuntu1_i386.deb
gnustep-common_2.0.6-2_i386.deb
libgnustep-base1.16_1.16.1-2ubuntu1_i386.deb
yourself or get them from the intrepid repository. There are only older hardy packages (maybe in backports?!). All other dependencies can be automatically obtained form the inverse or hardy repositories.

I can't remember any other problems respectively unmet dependencies.

Disclaimer: (a) the manually installed packages are not updated automatically, of course and (b) external packages and untrusted repositories can damage your system.

3. Installing SOGo

Should be sudo apt-get install gnustep-make sogo only.

The setup will be in the next post in this thread.

[1] http://www.scalableogo.org
[2] http://www.scalableogo.org/files/docs/SOGo%20Installation%20Guide.pdf
[3] http://inverse.ca/english.html
[4] http://wiki.mhcsoftware.de/SOGo
[5] http://www.scalableogo.org/english/support/faq/article/how-to-install-sogo-on-ubuntu.html
[6] http://www.scalableogo.org/english/support/faq/article/how-do-i-configure-sogo-to-use-mysql.html
« Last Edit: April 06, 2010, 11:04:31 am by binary-two »

J. A. Calvo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1986
  • Karma: +67/-3
    • View Profile
    • http://blogs.zentyal.org/jacalvo
Re: Quick Howto: SOGo
« Reply #1 on: April 05, 2010, 12:37:11 pm »
Thanks for your contribution!!
Zentyal Server Lead Developer

binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #2 on: April 05, 2010, 01:05:55 pm »
4. Basic setup

Please follow the installation guide ('General Preferences'):
Code: [Select]
su - sogo
defaults write sogod SOGoTimeZone "America/Montreal"
...
and so on.

All information will be stored in /home/sogo/GNUstep/Default/.GNUstepDefault.

If you want to use SOGo with MySQL as the DB backend, you need sope4.9-gdl1-mysql [6].

5. ebox/ldap integration

Here is my .GNUstepDefault with explanations below. All ${.*} have to be adjusted accordingly. Please refer to the official documentation.

SOGo does not support IMAPS yet (I think there are some patches or ideas out already). So you have to allow IMAP connections.

Code: [Select]
{
    NSGlobalDomain = {
    };
    sogod = {
        WOApplicationRedirectURL = "https://{$yoururl}/SOGo/";
        OCSFolderInfoURL = "mysql://{$sogouser}:{$sogopassword}@localhost:3306/{$sogodb}/sogo_folder_info";
        SOGoACLsSendEMailNotifications = YES;
        SOGoAppointmentSendEMailNotifications = YES;
        SOGoAuthenticationMethod = LDAP;
        SOGoDraftsFolderName = Drafts;
        SOGoFirstDayOfWeek = 1;
        SOGoFoldersSendEMailNotifications = YES;
        SOGoForceIMAPLoginWithEmail = YES;
        SOGoForwardEnabled = YES;
        SOGoIMAPServer = localhost;
        SOGoLanguage = {$language};
        SOGoMailDomain = {$maildomain}
        SOGoMailingMechanism = sendmail;
        SOGoOtherUsersFolderName = "Other Users";
        SOGoProfileURL = "mysql://{$sogouser}:{$sogopassword}@localhost:3306/{$sogodb}/sogo_user_profile";
        SOGoSMTPServer = localhost;
        SOGoSentFolderName = Sent;
        SOGoSharedFolderName = "Shared Folders";
        SOGoSuperUsernames = (
            {$adminuser1}, {$adminuser2}
        );
        SOGoTimeZone = {$timezone};
        SOGoTrashFolderName = Trash;
        SOGoUserSources = (
            {
                CNFieldName = cn;
                IDFieldName = uid;
                UIDFieldName = uid;
                baseDN = "ou=Users,dc=ebox";
                bindDN = "cn=ebox,dc=ebox";
                bindPassword = ${ldapsecret};
                canAuthenticate = YES;
                displayName = "Shared Addresses";
                hostname = localhost;
                id = public;
                isAddressBook = YES;
                port = 389;
            }
        );
        SOGoVacationEnabled = YES;
        WOMessageUseUTF8 = YES;
        WOParsersUseUTF8 = YES;
        WOPort = 20000;
        WOSendMail = "/usr/sbin/sendmail";
    };
}

WOApplicationRedirectURL = {$yoururl}: url of apache proxy stettings for SOGo (AFAIK this parameter is deprecated)
OCSFolderInfoURL = "mysql://{$sogouser}:{$sogopassword}@localhost:3306/{$sogodb}/sogo_folder_in: cf. [6,2]
SOGoMailDomain = {$maildomain}: ebox mail domain
SOGoForceIMAPLoginWithEmail = YES: important for the dovecot login
SOGoMailingMechanism = sendmail: SMTP can work as well if you adjust your ebox settings
SOGoProfileURL = "mysql://{$sogouser}:{$sogopassword}@localhost:3306/{$sogodb}/sogo_user_profil: cf. [6,2]
SOGoSuperUsernames = ({$adminuser1}: sogo admin(s)

bindDN = "cn=ebox,dc=ebox": for ebox 1.4 (or what you've chosen in the openldap setup); use "cn=admin,dc=ebox" for ebox 1.2
bindPassword = ${ldapsecret}: cat /etc/ldap.secret


There might be some more parameters that could be of interest. More detail in [2].

In addition: a similar setup using the xml-style configuration, a bit more complex (note: the bracket style configuration gets automatically converted into xml after using defaults write, both styles work):

Code: [Select]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" "http://www.gnustep.org/plist-0_9.xml">
<plist version="0.9">
<dict>
    <key>NSGlobalDomain</key>
    <dict>
    </dict>
    <key>sogod</key>
    <dict>
    <dict>
<------><key>OCSFolderInfoURL</key>
<------><string>mysql://sogo:sogo@127.0.0.1:3306/sogo_prod/sogo_folder_info</string>
<------><key>SOGoACLsSendEMailNotifications</key>
<------><string>YES</string>
<------><key>SOGoAppointmentSendEMailNotifications</key>
<------><string>YES</string>
<------><key>SOGoCacheCleanupInterval</key>
<------><string>300</string>
<------><key>SOGoDraftsFolderName</key>
<------><string>Drafts</string>
<------><key>SOGoFirstDayOfWeek</key>
<------><string>1</string>
<------><key>SOGoFoldersSendEMailNotifications</key>
<------><string>YES</string>
<------><key>SOGoForceIMAPLoginWithEmail</key>
<------><string>YES</string>
<------><key>SOGoForwardEnabled</key>
<------><string>YES</string>
<------><key>SOGoIMAPAclConformsToIMAPExt</key>
<------><string>YES</string>
<------><key>SOGoIMAPServer</key>
<------><string>127.0.0.1:143</string>
<------><key>SOGoLanguage</key>
<------><string>English</string>
<------><key>SOGoMailAuxiliaryUserAccountsEnabled</key>
<------><string>yes</string>
<------><key>SOGoMailingMechanism</key>
<------><string>sendmail</string>
<------><key>SOGoMemcachedHost</key>
<------><string>127.0.0.1</string>
<------><key>SOGoOtherUsersFolderName</key>
<------><string>Other Users</string>
<------><key>SOGoProfileURL</key>
<------><string>mysql://sogo:sogo@127.0.0.1:3306/sogo_prod/sogo_user_profile</string>
<------><key>SOGoSMTPServer</key>
<------><string>127.0.0.1</string>
<------><key>SOGoSentFolderName</key>
<------><string>Sent</string>
<------><key>SOGoSharedFolderName</key>
<------><string>Shared Folders</string>
<------><key>SOGoSuperUsernames</key>
<------><array>
<------>    <string>sogo</string>
<------>    <string>bartsimpson</string>
<------></array>
<------><key>SOGoTimeZone</key>
<------><string>America/Montreal</string>
<------><key>SOGoTrashFolderName</key>
<------><string>Trash</string>
<------><key>SOGoVacationEnabled</key>
<------><string>YES</string>
<------><key>WOMessageUseUTF8</key>
<------><string>YES</string>
<------><key>WOParsersUseUTF8</key>
<------><string>YES</string>
<------><key>WOPort</key>
<------><string>20000</string>
<------><key>WOSendMail</key>
<------><string>/usr/sbin/sendmail</string>
<------><key>WOWorkersCount</key>
<------><string>3</string>
<------><key>domains</key>
<------><dict>
<------>    <key>sogo.local</key>
<------>    <dict>
<------><------><key>SOGoMailDomain</key>
<------><------><string>sogo.local</string>
<------><------><key>SOGoUserSources</key>
<------><------><array>
<------><------>    <dict>
<------><------><------><key>CNFieldName</key>
<------><------><------><string>cn</string>
<------><------><------><key>IDFieldName</key>
<------><------><------><string>mail</string>
<------><------><------><key>MailFieldNames</key>
<------><------><------><array>
<------><------><------>    <string>mail</string>
<------><------><------>    <string>mozillaSecondEmail</string>
<------><------><------></array>
<------><------><------><key>SOGoLDAPContactInfoAttribute</key>
<------><------><------><string>uid</string>
<------><------><------><key>UIDFieldName</key>
<------><------><------><string>mail</string>
<------><------><------><key>bindFields</key>
<------><------><------><string>uid</string>
<------><------><------><key>SOGoForceIMAPLoginWithEmail</key>
<------><------><------><string>true</string>
<------><------><------><key>SOGoLDAPContactInfoAttribute</key>
<------><------><------><string>uid</string>
<------><------><------><key>baseDN</key>
<------><------><------><key>baseDN</key>
<------><------><------><string>ou=Users,dc=sogo</string>
<------><------><------><key>bindDN</key>
<------><------><------><string>cn=ebox,dc=sogo</string>
<------><------><------><key>bindPassword</key>
<------><------><------><string>sogoldappw</string>
<------><------><------><key>canAuthenticate</key>
<------><------><------><string>YES</string>
<------><------><------><key>displayName</key>
<------><------><------><string>Users Addresses</string>
<------><------><------><key>filter</key>
<------><------><------><string>(objectClass=inetOrgPerson)</string>
<------><------><------><key>hostname</key>
<------><------><------><string>127.0.0.1</string>
<------><------><------><key>id</key>
<------><------><------><string>users</string>
<------><------><------><key>isAddressBook</key>
<------><------><------><string>YES</string>
<------><------><------><key>port</key>
<------><------><------><string>389</string>
<------><------><------><key>type</key>
<------><------><------><string>ldap</string>
<------><------>    </dict>
<------><------></array>
<------>    </dict>
<------></dict>
    </dict>
</dict>
</plist>

Make sure you make a backup of your config, because typos in the config can cause the whole config reset.

6. Apache integration

The proxy settings for the apache/SOGo integration are done /etc/apache2/conf.d/SOGo.conf. You need to adjust several settings. Things are further explained in [2].

If you use mod_security you have to disable rules 960010, 960032, 960038, 970903 and
970902.


That's it (hopefully).

Have fun. I really like SOGo, its a great open source group ware.

So long,

Björn

EDIT: corrected missing quotes in the database connection string
« Last Edit: October 25, 2010, 11:28:51 pm by binary-two »

poundjd

  • Zen Warrior
  • ***
  • Posts: 243
  • Karma: +0/-0
  • To your own morals be true!
    • View Profile
Re: Quick Howto: SOGo
« Reply #3 on: April 05, 2010, 08:26:17 pm »
Thanks a million.
-jef
Jeffrey D. Pound, Sr.
CISSP
Still learning, hope to never stop!

binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #4 on: April 06, 2010, 11:07:08 am »
Btw. with the MailFieldNames attribute ...

Code: [Select]
SOGoUserSources = (
            {
                ...
                MailFieldNames = ( mail, AstVoicemailEmail);

... you can get more mail addresses pulled out of the LDAP.

So long,

Björn

JuanjoA

  • Zen Monk
  • **
  • Posts: 79
  • Karma: +0/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #5 on: April 06, 2010, 02:48:26 pm »
Is spanish language supported?

Thx
Juanjo A.

kbrault

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +1/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #6 on: April 06, 2010, 09:35:18 pm »
Thanks Björn nice work,

I can't wait to try this!

Kevin

chrischnian

  • Zen Monk
  • **
  • Posts: 53
  • Karma: +0/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #7 on: April 13, 2010, 10:43:25 am »
The user password is stored in the LDAP server?

For we must say yes when the LDAP server field in which it is stored.

Under "bindPassword" yes you have the box where the user's password is stored in LDAP. Should be the field yet, so the user password is not stored in the LDAP how can I create a box and store it as a password?

Greeting

in German  ;)

Das User Passwort wird das auch im LDAP Server gespeichert?

Denn man muss ja sagen wo in welchen Feld des LDAP Servers es gespeichert wird.

Unter "bindPassword" muss man ja das Feld angeben das wo das User Passwort im LDAP gespeichert wird. Sollte das Feld noch nicht bestehen, also das User Passwort nicht im LDAP gespeichert werden wie kann ich ein Feld anlegen und darin ein Passwort ablegen?

Gruss

chris

binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #8 on: April 13, 2010, 11:00:07 am »
Nope, bindPassword is the admin password (cn=ebox,dc=ebox) for openldap. Therefore you need to take the value stored in /etc/ldap.secret.

With this configuration, ebox users passwords are pulled automatically from the LDAP. The attribute for the user password in the LDAP is standardised. Just add users via ebox.

Björn

chrischnian

  • Zen Monk
  • **
  • Posts: 53
  • Karma: +0/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #9 on: April 13, 2010, 11:08:34 am »
Ok thanks

I'll have to test it, I understood what wrong!

snarf77

  • Zen Apprentice
  • *
  • Posts: 35
  • Karma: +0/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #10 on: September 01, 2010, 11:19:58 am »
Hello,

  I'm very interested in setting up Sogo for thunderbird with LDAP integration but for the moment I just can't succeed in. I found this old post very interesting and I try to follow it but I'm confused mainly concerning three items:

   1) my GNUStepDefault is xml format instead of plain text as yours.
    can I copy / paste yours instead (and modifying custom data of course) or should I enter these manually following xml format (<key>, <string>) ?

    2) are all the options related to mysql mandatory or is these necessary only ot authentication is set to mysql instead of LDAP (OCSFolderInfoURL and SOGoProfileURL) ?

    3) finallly, what is WOApplicationRedirectURL purpose ? Before I was able to access the Sogo page with http://myIP:20000 but after modifying this line the web page is no more available. Is it due to this line or have I another connection problem ?

  Thanks in advance for your answer.
 
  Snarf77

binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #11 on: September 01, 2010, 05:07:59 pm »
Hi Snarf77,

Are you using Ubuntu 10 already? I have only hardy installations, so far. I am not aware of any changes of the file format (i.e, xml). You can manually add the key, values with a SOGo command, please check the SOGo manual (i.e., su - sogo; defaults write sogod ...). Please let us know if it works.

There is SOGo-specific profile data stored in a database (mysql or postgres). The authentication is still via LDAP, if configured so.

Please do not access the sogod directly. You need to configure a reverse proxy in Apache. Please see the manual again.

You might want to check the excellent SOGo documentation or the SOGo mailing list as well.

So long,

Björn

snarf77

  • Zen Apprentice
  • *
  • Posts: 35
  • Karma: +0/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #12 on: September 01, 2010, 10:52:33 pm »
Hi Björn,

thanks for your reply,

Yes I'm running a 10.04 LTS server.
I have alreaedy added values with the Sogo command (defaults write ...) but it's far less convenient than copy/paste into a text file !! especially when you must fill with array like usersgroup ...

Anyway that is not the main item, I can handle that.

I'm not sure to understand your second point. My understanding is that Sogo requires a database whatever the authentication type (ldap or other). Hence I presume that both OCSFolderInfoURL and SOGoProfileURL are requires even if I only use LDAP to authenticate. Please correct me if I'm wrong.

At last, concerning the "direct" access, you mean http://myserverip:20000 ? I will double check the manual concerning the reverse proxy as I must confess I didn't do anything concerning that point.

I already got the last sogo docs but I'm a little bit confused how to customize the settings to make it works with ebox. Concerning that point, what rules did you add to your ebox firewall ? Additionnaly to the TCP port 20000, I saw some requests concerning UDP port 5353 ? Is it possible for you to share your ebox conf with me (firewall rules and mainly ldap settings (listening port and other parameters you might think useful)).

Many thanks for this first step again

Bye

Snarf


binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #13 on: September 05, 2010, 08:10:56 pm »
Hi Snarf,

I will check with Ubuntu 10.4 soon. It could be that there were changes in the GNUStep environment, but I have no Lucid test system yet. Did you try to use the text version as described here?

Yes you need the database.

As far as I understand and read the documentation, you must use a reverse proxy. You must not access it directly (i.e., port 20000). You can find more in the SOGo mailing list. Also, there should be a sogo.conf in /etc/apache2/conf.d. Theoretically it should be included automatically, but you might need to tweak something.

Please see "Chapter 5 - Apache Configuration" in the SOGo doc.

I did not change any ldap or firewall configurations for the basic SOGo setup. I have customised things, but for other purposes.

So long,

Björn

binary-two

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +3/-0
    • View Profile
Re: Quick Howto: SOGo
« Reply #14 on: September 10, 2010, 11:20:43 am »
Yes, works with the same config file.