Back to the sea ; the Open Source Groupware (SOGo), episode XI
1099 words, 6 minutes
Quoting SOGo: Open Source Groupware
homepage: SOGo is groupware server with a focus on scalability and open standards. SOGo provides a rich AJAX-based Web interface and supports multiple native clients.
It is a set of access tools to your Mail, Calendar and Address book. It provides Webmail, a CalDAV and a CardDAV services. It also enables integration with native clients, like Mozilla Thunderbird, Microsoft Outlook and Apple Mail.
The difference with M$ Exchange is that it is Open Source software. The difference with Zafara or Zimbra is that it doesn’t come with its own backend ; it sits on top of some already running SMTP and IMAP servers.
Prerequisites
Quoting SOGo homepage: SOGo reuses your existing services such as Microsoft Active Directory, OpenLDAP, your SQL database, or even your IMAP server. This
is why we installed the LDAP, SMTP and IMAP servers. Now that all those are
working, let’s access them in the Web 2.0 way :p
The SOGo package for OpenBSD is quite new and requires -current.
So, first of all, upgrade the system to 4.8-current. And upgrade every
package you already have.
Installation
SOGo can either use PostgreSQL or MySQL as a backend service. I’ll use MySQL.
SOGo is not (yet) available as binary packages.
We need to compile it from source:
# ftp http://ftp.openbsd.org/pub/OpenBSD/snapshots/ports.tar.gz
# tar xzf ports.tar.gz -C /usr/
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/sope-mysql-1.3.4p2.tgz
# cat >> /etc/rc.conf.local
multicast_host=YES
# ln -sf /usr/local/bin/python2.6 /usr/local/bin/python
# ln -sf /usr/local/bin/python2.6-config /usr/local/bin/python-config
# ln -sf /usr/local/bin/pydoc2.6 /usr/local/bin/pydoc
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/gmake-3.81p1.tgz
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/libmemcached-0.44p0.tgz
# cd /usr/ports/www/sogo/
# make install clean-depends
Alternatively, if you did not compile SOGo on the production machine (which is
a “best practice”), you may install the binary package: # pkg_add /usr/ports/packages/amd64/all/sogo-1.3.4p3.tgz
A README file is available here:
/usr/local/share/doc/pkg-readmes/sogo-1.3.4p3.
It explains the requirements and differences that apply to an OpenBSD
installation.
Configuration
A _sogo user has been created. It will be used to store SOGo’s configuration.
The complete SOGo configuration file is located here:
/var/sogo/GNUstep/Defaults/.GNUstepDefaults
SOGo’s configuration is manageable in the GNUstep way:
# su - _sogo
$ cat >> .profile
export PS1="`whoami`@`hostname -s` $ "
$ defaults write sogod SOGoTimeZone "Europe/Paris"
$ defaults write sogod SOGoMailDomain "tumfatig.net"
$ defaults write sogod SOGoLanguage French
$ defaults write sogod SOGoAppointmentSendEMailNotifications YES
$ defaults write sogod SOGoFoldersSendEMailNotifications YES
$ defaults write sogod SOGoACLsSendEMailNotifications YES
LDAP authentication
The LDAP server has been created during last episodes.
The configuration looks like the Dovecot one:
# su - _sogo
$ defaults write sogod SOGoUserSources '({
type = ldap;
id = tumfatig;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=tumfatig,dc=net";
filter = "(objectClass=CourierMailAccount)";
bindDN = "cn=email,dc=tumfatig,dc=net";
bindPassword = "password";
hostname = "ldap.tumfatig.net";
port = 636;
encryption = SSL;
canAuthenticate = YES;
isAddressBook = YES;
displayName = "TuMFatig";
})'
The LDAP server should maintain indexes on the following fields : objectClass, cn, givenName, sn, mail, uid.
Database configuration
SOGo store things in a database. We chose MySQL:
# mysql -u root -p
mysql> CREATE DATABASE sogo CHARSET='UTF8';
Query OK, 1 row affected (0.45 sec)
mysql> GRANT ALL PRIVILEGES ON sogo.* TO sogo@bagheera.tumfatig.net IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.41 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.02 sec)
mysql> EXIT
Bye
# su - _sogo
$ defaults write sogod SOGoProfileURL 'mysql://sogo:pass@sql.tumfatig.net:3306/sogo/sogo_user_profile'
$ defaults write sogod OCSFolderInfoURL 'mysql://sogo:pass@sql.tumfatig.net:3306/sogo/sogo_folder_info'
$ defaults write sogod OCSEMailAlarmsFolderURL 'mysql://sogo:pass@sql.tumfatig.net:3306/sogo/sogo_alarms_folder'
SMTP configuration
SOGo will use SMTP to send e-mails:
$ defaults write sogod SOGoMailingMechanism smtp
$ defaults write sogod SOGoSMTPServer mail.tumfatig.net
IMAP configuration
SOGo uses any external IMAP server:
$ defaults write sogod SOGoIMAPServer imaps://www.tumfatig.net:993
$ defaults write sogod SOGoDraftsFolderName Drafts
$ defaults write sogod SOGoSentFolderName Sent
$ defaults write sogod SOGoTrashFolderName Trash
Webmail configuration
Setup default values for the Web interface:
$ defaults write sogod SOGoLoginModule Mail
$ defaults write sogod SOGoMailAuxiliaryUserAccountsEnabled YES
$ defaults write sogod SOGoMailMessageCheck every_2_minutes
$ defaults write sogod SOGoFirstDayOfWeek 1
$ defaults write sogod SOGoEnableEMailAlarms YES
Automatic start
The OpenBSD package ships with a rc.d management script: /etc/rc.d/sogod.
# mkdir /var/run/sogo
# chown _sogo:_sogo /var/run/sogo
# vi /etc/rc.local
(...)
if [ -x /etc/rc.d/sogod ]; then
echo -n ' sogo';
install -d -o _sogo -g _sogo -m 0750 /var/run/sogo
/etc/rc.d/sogod start
fi
(...)
Apache configuration
I will use the default OpenBSD’s Apache server and SOGo will only be available
from HTTPS:
# mkdir -p /var/www/lib/sogo/www
# cp -pR /usr/local/lib/GNUstep/SOGo/WebServerResources/* /var/www/lib/sogo/www/
# vi /var/www/conf/httpd.conf
(...)
# customization of HTTP response headers
LoadModule headers_module /usr/lib/apache/modules/mod_headers.so
(...)
# caching proxy
LoadModule proxy_module /usr/lib/apache/modules/libproxy.so
(...)
Alias /SOGo.woa/WebServerResources/
/lib/sogo/www/
Alias /SOGo/WebServerResources/
/lib/sogo/www/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*)
/lib/sogo/$1.SOGo/Resources/$2
<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>
(...)
<IfModule mod_proxy.c>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
</IfModule>
(...)
<VirtualHost _default_:8443>
(...)
ProxyPass /SOGo http://127.0.0.1:20000/SOGo
ProxyPassReverse /SOGo http://127.0.0.1:20000/SOGo
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "www.tumfatig.net"
RequestHeader set "x-webobjects-server-url" "https://www.tumfatig.net"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
(...)
</VirtualHost>
Restart Apache to apply changes.
The SOGo Webmail interface is now available from
https://www.tumfatig.net/SOGo/.
EMail reminders
The e-mail reminders are enabled via SOGoEnableEMailAlarms and a cron job:
# su - _sogo
$ crontab -e
# min hour dmonth month dweek user command
#
* * * * * /usr/local/sbin/sogo-ealarms-notify
CalDAV configuration
The user’s calendar are available from the CalDAV server.
Thunderbird (and Lightning) users must connect to
https://www.tumfatig.net/SOGo/dav/<b><i>USER</i></b>/Calendar/personal/using
their LDAP credentials.
iCal users must connect to
https://www.tumfatig.net/SOGo/dav/USER/ using their LDAP
credentials.
CardDAV configuration
The user’s address-book are available from the CardDAV server.
Thunderbird (and Lightning) users must connect to
https://www.tumfatig.net/SOGo/dav/USER/Contacts/personal/ using
their LDAP credentials.
For the Mac users, we’ll need to add a (secured) VirtualHost to the Apache configuration:
<IfDefine SSL>
Listen 8800
<VirtualHost *:8800>
DocumentRoot "/var/www/www.tumfatig.net"
ServerName www.tumfatig.net
ServerAdmin joe@tumfatig.net
ErrorLog syslog:daemon
CustomLog "|/usr/bin/logger -t httpd -p info" ssl
ProxyRequests Off
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/
ProxyPass /SOGo http://127.0.0.1:20000/SOGo
ProxyPass / http://127.0.0.1:20000/SOGo/dav/
AddDefaultCharset UTF-8
SSLEngine on
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>
</IfDefine>
The “Address Book.app” users must then connect to www.tumfatig.net using
their LDAP credentials and activating SSL.
Conclusion
This ends the “Back to the sea” articles series.
There are quite a few more things to dig-on. Change the user’s password from
the Web interface. Check if there are differences between OpenLDAP and
OpenBSD’s ldapd ; I mean things that don’t work with the latter (so far, I
didn’t found any).
Now comes the time to redo the whole installation on a real machine and put it
in production.
That will be the occasion to review the whole process and correct things I
would have forgotten to write down.
Later on, there may be some small “howto” posts ; like “howto migrate your IMAP data”, “howto change your user password”, “how to configure your Foo client”…
That’s All Folks!