2014-07-11 19:54:42 +02:00
|
|
|
|
Installation and Configuration Guide
|
|
|
|
|
====================================
|
2015-12-15 20:24:12 +01:00
|
|
|
|
:toc: left
|
|
|
|
|
:icons: font
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
////
|
|
|
|
|
|
|
|
|
|
This file is part of the SOGo project.
|
|
|
|
|
|
2014-09-10 00:32:53 +02:00
|
|
|
|
See docinfo.xml for authors, copyright and license information.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
////
|
|
|
|
|
|
|
|
|
|
include::includes/global-attributes.asciidoc[]
|
|
|
|
|
|
|
|
|
|
About this Guide
|
|
|
|
|
----------------
|
|
|
|
|
|
|
|
|
|
This guide will walk you through the installation and configuration of
|
|
|
|
|
the SOGo solution. It also covers the installation and configuration of
|
|
|
|
|
SOGo ActiveSync support – the solution used to synchronize mobile
|
|
|
|
|
devices with SOGo.
|
|
|
|
|
|
|
|
|
|
The instructions are based on version {release_version} of SOGo.
|
|
|
|
|
|
|
|
|
|
The latest version of this guide is available
|
|
|
|
|
at http://www.sogo.nu/downloads/documentation.html.
|
|
|
|
|
|
|
|
|
|
Introduction
|
|
|
|
|
------------
|
|
|
|
|
|
|
|
|
|
SOGo is a free and modern scalable groupware server. It offers shared
|
|
|
|
|
calendars, address books, and emails through your favourite Web browser
|
|
|
|
|
and by using a native client such as Mozilla Thunderbird and Lightning.
|
|
|
|
|
|
|
|
|
|
SOGo is standard-compliant. It supports CalDAV, CardDAV, GroupDAV, iMIP
|
|
|
|
|
and iTIP and reuses existing IMAP, SMTP and database servers - making
|
|
|
|
|
the solution easy to deploy and interoperable with many applications.
|
|
|
|
|
|
|
|
|
|
SOGo features:
|
|
|
|
|
|
|
|
|
|
* Scalable architecture suitable for deployments from dozens to many
|
|
|
|
|
thousands of users
|
|
|
|
|
* Rich Web-based interface that shares the look and feel, the features
|
|
|
|
|
and the data of Mozilla Thunderbird and Lightning
|
|
|
|
|
* Improved integration with Mozilla Thunderbird and Lightning by using
|
|
|
|
|
the SOGo Connector and the SOGo Integrator
|
|
|
|
|
* Native compatibility for Microsoft Outlook 2003, 2007, 2010, and 2013
|
|
|
|
|
* Two-way synchronization support with any Microsoft ActiveSync-capable
|
|
|
|
|
device, or Outlook 2013
|
|
|
|
|
|
|
|
|
|
SOGo is developed by a community of developers located mainly in North
|
|
|
|
|
America and Europe. More information can be found
|
|
|
|
|
at http://www.sogo.nu/
|
|
|
|
|
|
|
|
|
|
Architecture and Compatibility
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
2015-12-15 20:24:12 +01:00
|
|
|
|
image::images/architecture.png[System Architecture, 400, 964]
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
Standard protocols such as CalDAV, CardDAV, GroupDAV, HTTP, IMAP and
|
|
|
|
|
SMTP are used to communicate with the SOGo platform or its
|
|
|
|
|
sub-components. Mobile devices supporting the Microsoft ActiveSync
|
|
|
|
|
protocol are also supported.
|
|
|
|
|
|
|
|
|
|
To install and configure the native Microsoft Outlook compatibility
|
|
|
|
|
layer, please refer to the _SOGo Native Microsoft Outlook Configuration
|
|
|
|
|
Guide_.
|
|
|
|
|
|
|
|
|
|
System Requirements
|
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
|
|
Assumptions
|
|
|
|
|
~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo reuses many components in an infrastructure. Thus, it requires the
|
|
|
|
|
following:
|
|
|
|
|
|
|
|
|
|
* Database server (MySQL, PostgreSQL or Oracle)
|
|
|
|
|
* LDAP server (OpenLDAP, Novell eDirectory, Microsoft Active Directory
|
|
|
|
|
and others)
|
|
|
|
|
* SMTP server (Postfix, Sendmail and others)
|
|
|
|
|
* IMAP server (Courier, Cyrus IMAP Server, Dovecot and others)
|
|
|
|
|
|
2014-12-16 16:55:12 +01:00
|
|
|
|
If you plan to use ActiveSync, an IMAP server supporting the ACL,
|
|
|
|
|
UIDPLUS, QRESYNC, ANNOTATE (or X-GUID) IMAP extensions is required,
|
|
|
|
|
such as Cyrus IMAP version 2.4 or later, or Dovecot version
|
|
|
|
|
2.1 or later. If your current IMAP server does not support these
|
|
|
|
|
extensions, you can use Dovecot's proxying capabilities.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
In this guide, we assume that all those components are running on the
|
|
|
|
|
same server (i.e., `localhost` or `127.0.0.1`) that SOGo will be
|
|
|
|
|
installed on.
|
|
|
|
|
|
|
|
|
|
Good understanding of those underlying components and GNU/Linux is
|
|
|
|
|
required to install SOGo. If you miss some of those required components,
|
|
|
|
|
please refer to the appropriate documentation and proceed with the
|
|
|
|
|
installation and configuration of these requirements before continuing
|
|
|
|
|
with this guide.
|
|
|
|
|
|
|
|
|
|
The following table provides recommendations for the required
|
|
|
|
|
components, together with version numbers:
|
|
|
|
|
|
|
|
|
|
|=============================================
|
|
|
|
|
|Database server |PostgreSQL 7.4 or later
|
|
|
|
|
|LDAP server |OpenLDAP 2.3.x or later
|
|
|
|
|
|SMTP server |Postfix 2.x
|
|
|
|
|
|IMAP server |Cyrus IMAP Server 2.3.x or later
|
|
|
|
|
|=============================================
|
|
|
|
|
|
|
|
|
|
More recent versions of the software mentioned above can also be used.
|
|
|
|
|
|
|
|
|
|
Minimum Hardware Requirements
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
The following table provides hardware recommendations for the server,
|
|
|
|
|
desktops and mobile devices:
|
|
|
|
|
|
|
|
|
|
[cols="2,8a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|Server
|
|
|
|
|
|Evaluation and testing
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* Intel, AMD, or PowerPC CPU 1 GHz
|
|
|
|
|
* 512 MB of RAM
|
|
|
|
|
* 1 GB of disk space
|
|
|
|
|
|
|
|
|
|
Production
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* Intel, AMD or PowerPC CPU 3 GHz
|
|
|
|
|
* 2048 MB of RAM
|
|
|
|
|
* 10 GB of disk space (excluding the mail store)
|
|
|
|
|
|
|
|
|
|
|Desktop
|
|
|
|
|
|General
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* Intel, AMD, or PowerPC CPU 1.5 GHz
|
|
|
|
|
* 1024x768 monitor resolution
|
|
|
|
|
* 512 MB of RAM
|
|
|
|
|
* 128 Kbps or higher network connection
|
|
|
|
|
|
|
|
|
|
Microsoft Windows
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* Microsoft Windows XP SP2 or Vista
|
|
|
|
|
|
|
|
|
|
Apple Mac OS X
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* Apple Mac OS X 10.2 or later
|
|
|
|
|
|
|
|
|
|
Linux
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* Your favourite GNU/Linux distribution
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|Mobile Device
|
|
|
|
|
|Any mobile device which supports CalDAV, CardDAV or
|
|
|
|
|
Microsoft ActiveSync.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
Operating System Requirements
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
The following 32-bit and 64-bit operating systems are currently
|
|
|
|
|
supported by SOGo:
|
|
|
|
|
|
2015-05-22 19:50:06 +02:00
|
|
|
|
* Red Hat Enterprise Linux (RHEL) Server 5, 6 and 7
|
|
|
|
|
* Community ENTerprise Operating System (CentOS) 5, 6 and 7
|
|
|
|
|
* Debian GNU/Linux 6.0 (Squeeze) to 8.0 (Jessie)
|
2015-11-05 21:39:08 +01:00
|
|
|
|
* Ubuntu 12.04 (Precise) to 14.04 (Trusty)
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
Make sure the required components are started automatically at boot time
|
|
|
|
|
and that they are running before proceeding with the SOGo configuration.
|
|
|
|
|
Also make sure that you can install additional packages from your
|
|
|
|
|
standard distribution. For example, if you are using Red Hat Enterprise
|
|
|
|
|
Linux 5, you have to be subscribed to the Red Hat Network before
|
|
|
|
|
continuing with the SOGo software installation.
|
|
|
|
|
|
2015-12-15 20:24:12 +01:00
|
|
|
|
NOTE: This document covers the installation of SOGo under RHEL 6.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
For installation instructions on Debian and Ubuntu, please refer
|
|
|
|
|
directly to the SOGo website at http://www.sogo.nu/.
|
|
|
|
|
Under the downloads section, you will find links for installation steps
|
|
|
|
|
for Debian and Ubuntu.
|
|
|
|
|
|
|
|
|
|
Note that once the SOGo packages are installed under Debian and Ubuntu,
|
|
|
|
|
this guide can be followed in order to fully configure SOGo.
|
|
|
|
|
|
|
|
|
|
Installation
|
|
|
|
|
------------
|
|
|
|
|
|
|
|
|
|
This section will guide you through the installation of SOGo together
|
|
|
|
|
with its dependencies. The steps described here apply to an RPM-based
|
2015-05-22 19:50:06 +02:00
|
|
|
|
installation for a Red Hat or CentOS 6 distribution. Most of these steps
|
|
|
|
|
should apply to all supported operating systems.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
Software Downloads
|
|
|
|
|
~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
2014-10-08 10:01:17 +02:00
|
|
|
|
SOGo can be installed using the `yum` utility. To do so, first create
|
2014-07-11 19:54:42 +02:00
|
|
|
|
the `/etc/yum.repos.d/inverse.repo` configuration file with the following
|
|
|
|
|
content:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
[SOGo]
|
|
|
|
|
name=Inverse SOGo Repository
|
|
|
|
|
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
|
|
|
|
|
gpgcheck=0
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Some of the softwares on which SOGo depends are available from the
|
|
|
|
|
repository of RepoForge (previously known as RPMforge). To add RepoForge
|
|
|
|
|
to your packages sources, download and install the appropriate RPM
|
|
|
|
|
package
|
|
|
|
|
from http://packages.sw.be/rpmforge-release/.
|
|
|
|
|
Also make sure you enabled the "rpmforge-extras" repository.
|
|
|
|
|
|
|
|
|
|
For more information on using RepoForge,
|
|
|
|
|
visit http://repoforge.org/use/.
|
|
|
|
|
|
|
|
|
|
Software Installation
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Once the yum configuration file has been created, you are now ready to
|
|
|
|
|
install SOGo and its dependencies. To do so, proceed with the following
|
|
|
|
|
command:
|
|
|
|
|
|
|
|
|
|
yum install sogo
|
|
|
|
|
|
|
|
|
|
This will install SOGo and its dependencies such as GNUstep, the SOPE
|
|
|
|
|
packages and memcached. Once the base packages are installed, you need
|
|
|
|
|
to install the proper database connector suitable for your environment.
|
|
|
|
|
You need to install `sope49-gdl1-postgresql` for the PostgreSQL database
|
|
|
|
|
system, `sope49-gdl1-mysql` for MySQL or `sope49-gdl1-oracle` for Oracle.
|
|
|
|
|
The installation command will thus look like this:
|
|
|
|
|
|
|
|
|
|
yum install sope49-gdl1-postgresql
|
|
|
|
|
|
|
|
|
|
Once completed, SOGo will be fully installed on your server. You are now
|
|
|
|
|
ready to configure it.
|
|
|
|
|
|
|
|
|
|
Configuration
|
|
|
|
|
-------------
|
|
|
|
|
|
|
|
|
|
In this section, you'll learn how to configure SOGo to use your existing
|
|
|
|
|
LDAP, SMTP and database servers. As previously mentioned, we assume that
|
|
|
|
|
those components run on the same server on which SOGo is being
|
|
|
|
|
installed. If this is not the case, please adjust the configuration
|
|
|
|
|
parameters to reflect those changes.
|
|
|
|
|
|
|
|
|
|
GNUstep Environment Overview
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo makes use of the GNUstep environment. GNUstep is a free software
|
|
|
|
|
implementation of the OpenStep specification which provides many
|
|
|
|
|
facilities for building all types of server and desktop applications.
|
|
|
|
|
Among those facilities, there is a configuration API similar to the
|
|
|
|
|
"Registry" paradigm in Microsoft Windows. In OpenSTEP, GNUstep and MacOS
|
|
|
|
|
X, these are called the "user defaults".
|
|
|
|
|
|
|
|
|
|
In SOGo, the user's applications settings are stored
|
|
|
|
|
in `/etc/sogo/sogo.conf`. You can use your favourite text editor to
|
|
|
|
|
modify the file.
|
|
|
|
|
|
2014-11-09 22:11:37 +01:00
|
|
|
|
The `sogo.conf` file is a serialized _property list_. This simple format
|
2014-07-11 19:54:42 +02:00
|
|
|
|
encapsulates four basic data types: arrays, dictionaries (or hashes),
|
|
|
|
|
strings and numbers. Numbers are represented as-is, except for booleans
|
|
|
|
|
which can take the unquoted values `YES` and `NO`. Strings are not
|
|
|
|
|
mandatorily quoted, but doing so will avoid you many problems. A
|
|
|
|
|
dictionary is a sequence of key and value pairs separated in their
|
2014-11-09 22:11:37 +01:00
|
|
|
|
middle with a `=` sign. It starts with a `{` and ends with a
|
2014-07-11 19:54:42 +02:00
|
|
|
|
corresponding `}`. Each value definition in a dictionary ends with a
|
|
|
|
|
semicolon. An array is a chain of values starting with `(` and ending
|
|
|
|
|
with `)`, where the values are separated with a `,`. Also, the file
|
|
|
|
|
generally follows a C-style indentation for clarity but this indentation
|
|
|
|
|
is not required, only recommended. Block comments are delimited by `/*`
|
|
|
|
|
and `*/` and can span multiple lines while line comments must start with
|
|
|
|
|
`//`.
|
|
|
|
|
|
2014-12-09 13:23:21 +01:00
|
|
|
|
The configuration must be contained in a root dictionary, thus be completely
|
|
|
|
|
wrapped within curly brackets `{ [configuration] }`. If SOGo refuses to
|
|
|
|
|
start due to syntax errors in its configuration file, `plparse` is helpful
|
|
|
|
|
for finding these, as it indicates the line containing the problem.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
Preferences Hierarchy
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo supports domain names segregation, meaning that you can separate
|
|
|
|
|
multiple groups of users within one installation of SOGo. A user
|
|
|
|
|
associated to a domain is limited to access only the users data from the
|
|
|
|
|
same domain. Consequently, the configuration parameters of SOGo are
|
|
|
|
|
defined on three levels:
|
|
|
|
|
|
2015-12-15 20:24:12 +01:00
|
|
|
|
image::images/preferences-hierarchy.png[Preferences Hierarchy, 400, 400]
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
Each level inherits the preferences of the parent level. Therefore,
|
|
|
|
|
domain preferences define the defaults values of the user preferences,
|
|
|
|
|
and the system preferences define the default values of all domains
|
|
|
|
|
preferences. Both system and domains preferences are defined in
|
|
|
|
|
the `/etc/sogo/sogo.conf`, while the users preferences are configurable
|
|
|
|
|
by the user and stored in SOGo's database.
|
|
|
|
|
|
|
|
|
|
To identify the level in which each parameter can be defined, we use the
|
|
|
|
|
following abbreviations in the tables of this document:
|
|
|
|
|
|
|
|
|
|
[cols="^3,97"]
|
|
|
|
|
|====================================================================
|
|
|
|
|
|S |Parameter exclusive to the system and not configurable per domain
|
|
|
|
|
|D |Parameter exclusive to a domain and not configurable per user
|
|
|
|
|
|U |Parameter configurable by the user
|
|
|
|
|
|====================================================================
|
|
|
|
|
|
|
|
|
|
Remember that the hierarchy paradigm allow the default value of a
|
|
|
|
|
parameter to be defined at a parent level.
|
|
|
|
|
|
|
|
|
|
General Preferences
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
The following table describes the general parameters that can be set:
|
|
|
|
|
|
|
|
|
|
[cols="^3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|S |WOWorkersCount
|
|
|
|
|
|The amount of instances of SOGo that will be spawned
|
|
|
|
|
to handle multiple requests simultaneously. When started from the init
|
|
|
|
|
script, that amount is overriden by the `PREFORK` value
|
|
|
|
|
in `/etc/sysconfig/sogo` or `/etc/default/sogo`. A value of 3 is a
|
|
|
|
|
reasonable default for low usage. The maximum value depends on the CPU
|
|
|
|
|
and IO power provided by your machine: a value set too high will
|
|
|
|
|
actually decrease performances under high load.
|
|
|
|
|
|
|
|
|
|
Defaults to 1 when unset.
|
|
|
|
|
|
|
|
|
|
|S |WOListenQueueSize |
|
|
|
|
|
This parameter controls the backlog size of the
|
|
|
|
|
socket listen queue. For large-scale deployments, this value must be
|
|
|
|
|
adjusted in case all workers are busy and the parent processes receives
|
|
|
|
|
lots of incoming connections.
|
|
|
|
|
|
|
|
|
|
Defaults to 5 when unset.
|
|
|
|
|
|
|
|
|
|
|S |WOPort
|
|
|
|
|
|The TCP listening address and port used by the SOGo
|
|
|
|
|
daemon. The format is `ipaddress:port`.
|
|
|
|
|
|
|
|
|
|
Defaults to `127.0.0.1:20000` when unset.
|
|
|
|
|
|
|
|
|
|
|S |WOLogFile
|
|
|
|
|
|The file path where to log messages. Specify `-` to log to
|
|
|
|
|
the console.
|
|
|
|
|
|
|
|
|
|
Defaults to `/var/log/sogo/sogo.log`.
|
|
|
|
|
|
|
|
|
|
|S |WOPidFile
|
|
|
|
|
|The file path where the parent process id will be written.
|
|
|
|
|
|
|
|
|
|
Defaults to `/var/run/sogo/sogo.pid`.
|
|
|
|
|
|
|
|
|
|
|S |WOWatchDogRequestTimeout
|
|
|
|
|
|This parameter specifies the number of minutes after which a busy child
|
|
|
|
|
process will be killed by the parent process.
|
|
|
|
|
|
|
|
|
|
Defaults to 10 (minutes).
|
|
|
|
|
|
|
|
|
|
Do not set this too low as child processes replying to clients on a slow
|
|
|
|
|
internet connection could be killed prematurely.
|
|
|
|
|
|
|
|
|
|
|S |SxVMemLimit
|
|
|
|
|
|Parameter used to set the maximum amount of memory (in
|
|
|
|
|
megabytes) that a child can use. Reaching that value will force children
|
|
|
|
|
processes to restart, in order to preserve system memory.
|
|
|
|
|
|
|
|
|
|
Defaults to `384`.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMemcachedHost
|
|
|
|
|
|Parameter used to set the hostname and optionally the port of the
|
|
|
|
|
memcached server.
|
|
|
|
|
|
|
|
|
|
A path can also be used if the server must be reached via a Unix socket.
|
|
|
|
|
|
|
|
|
|
Defaults to `localhost`.
|
|
|
|
|
|
|
|
|
|
See `memcached_servers_parse(3)` for details on the syntax.
|
|
|
|
|
|
|
|
|
|
|S |SOGoCacheCleanupInterval
|
|
|
|
|
|Parameter used to set the expiration (in seconds) of each object in the
|
|
|
|
|
cache.
|
|
|
|
|
|
|
|
|
|
Defaults to `300`.
|
|
|
|
|
|
|
|
|
|
|S |SOGoAuthenticationType
|
|
|
|
|
|Parameter used to define the way by which users will be authenticated.
|
|
|
|
|
For C.A.S., specify `cas`. For SAML2, specify `saml2`. For anything
|
|
|
|
|
else, leave that value empty.
|
|
|
|
|
|
|
|
|
|
|S |SOGoTrustProxyAuthentication
|
|
|
|
|
|Parameter used to set whether HTTP username should be trusted.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoEncryptionKey
|
|
|
|
|
|Parameter used to define a key to encrypt the passwords of remote Web
|
|
|
|
|
calendars when _SOGoTrustProxyAuthentication_ is enabled.
|
|
|
|
|
|
|
|
|
|
|S |SOGoCASServiceURL
|
|
|
|
|
|When using C.A.S. authentication, this specifies the base url for
|
|
|
|
|
reaching the C.A.S. service. This will be used by SOGo to deduce the
|
|
|
|
|
proper login page as well as the other C.A.S. services that SOGo will
|
|
|
|
|
use.
|
|
|
|
|
|
|
|
|
|
|S |SOGoCASLogoutEnabled
|
|
|
|
|
|Boolean value indicating whether the "Logout" link is enabled when
|
|
|
|
|
using C.A.S. as authentication mechanism.
|
|
|
|
|
|
|
|
|
|
The "Logout" link will end up calling _SOGoCASServiceURL_/logout to
|
|
|
|
|
terminate the client's single sign-on C.A.S. session.
|
|
|
|
|
|
|
|
|
|
|S |SOGoAddressBookDAVAccessEnabled
|
|
|
|
|
|Parameter controlling WebDAV access to the Contacts collections.
|
|
|
|
|
This can be used to deny access to these resources from Lightning for
|
|
|
|
|
example.
|
|
|
|
|
|
|
|
|
|
Defaults to `YES` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoCalendarDAVAccessEnabled
|
|
|
|
|
|Parameter controlling WebDAV access to the Calendar collections.
|
|
|
|
|
|
|
|
|
|
This can be used to deny access to these resources from Lightning for
|
|
|
|
|
example.
|
|
|
|
|
|
|
|
|
|
Defaults to `YES` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2PrivateKeyLocation
|
|
|
|
|
|The location of the SSL private key file on the filesystem that is used
|
|
|
|
|
by SOGo to sign and encrypt communications with the SAML2 identity
|
|
|
|
|
provider. This file must be generated for each running SOGo service
|
2014-11-26 21:09:30 +01:00
|
|
|
|
(rather than host). Make sure this file is readable by the SOGo user.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2CertiticateLocation
|
|
|
|
|
|The location of the SSL certificate file. This file must be generated
|
2014-11-26 21:09:30 +01:00
|
|
|
|
for each running SOGo service. Make sure this file is readable by the SOGo user.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2IdpMetadataLocation
|
|
|
|
|
|The location of the metadata file that describes the services available
|
2014-11-26 21:09:30 +01:00
|
|
|
|
on the SAML2 identify provider. The content of this file is usually generated
|
|
|
|
|
directly by your SAML 2.0 IdP solution. For example, using SimpleSAMLphp, you
|
|
|
|
|
can get the metadata directly from https://MYSERVER/simplesaml/saml2/idp/metadata.php
|
|
|
|
|
Make sure this file is readable by the SOGo user.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2IdpPublicKeyLocation
|
|
|
|
|
|The location of the SSL public key file on the filesystem that is used
|
|
|
|
|
by SOGo to sign and encrypt communications with the SAML2 identity
|
|
|
|
|
provider. This file should be part of the setup of your identity
|
2014-11-26 21:09:30 +01:00
|
|
|
|
provider. Make sure this file is readable by the SOGo user.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2IdpCertificateLocation
|
|
|
|
|
|The location of the SSL certificate file. This file should be part of
|
2014-11-26 21:09:30 +01:00
|
|
|
|
the setup of your identity provider. Make sure this file is readable by the SOGo user.
|
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2LoginAttribute
|
|
|
|
|
|The attribute provided by the IdP to identify the user in SOGo.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|S |SOGoSAML2LogoutEnabled
|
|
|
|
|
|Boolean value indicated whether the "Logout" link is enabled when using
|
2014-11-27 17:37:08 +01:00
|
|
|
|
SAML2 as authentication mechanism. When using this feature, SOGo will invoke
|
|
|
|
|
the IdP to proceed with the logout procedure. When the user clicks on the logout
|
|
|
|
|
button, a redirection will be made to the IdP to trigger the logout.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
2014-12-04 23:59:17 +01:00
|
|
|
|
|S |SOGoSAML2LogoutURL
|
|
|
|
|
|The URL to which redirect the user after the "Logout" link is clicked.
|
|
|
|
|
SOGoSAML2LogoutEnabled must be set to YES. If unset, the user will be
|
|
|
|
|
redirected to a blank page.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|D |SOGoTimeZone
|
|
|
|
|
|Parameter used to set a default time zone for users. The default
|
|
|
|
|
timezone is set to UTC. The Olson database is a standard database that
|
|
|
|
|
takes all the time zones around the world into account and represents
|
|
|
|
|
them along with their history. On GNU/Linux systems, time zone
|
|
|
|
|
definition files are available under `/usr/share/zoneinfo`. Listing the
|
|
|
|
|
available files will give you the name of the available time zones.
|
|
|
|
|
This could be `America/New_York`, `Europe/Berlin`, `Asia/Tokyo` or
|
|
|
|
|
`Africa/Lubumbashi`.
|
|
|
|
|
|
|
|
|
|
In our example, we set the time zone to `America/Montreal`.
|
|
|
|
|
|
|
|
|
|
|D |SOGoMailDomain
|
|
|
|
|
|Parameter used to set the default domain name used by SOGo. SOGo uses
|
|
|
|
|
this parameter to build the list of valid email addresses for users.
|
|
|
|
|
|
|
|
|
|
In our example, we set the default domain to `acme.com`.
|
|
|
|
|
|
|
|
|
|
|D |SOGoAppointmentSendEMailNotifications
|
|
|
|
|
|Parameter used to set whether SOGo sends or not email notifications to
|
|
|
|
|
meeting participants. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES` – to send notifications
|
|
|
|
|
* `NO` – to not send notifications
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoFoldersSendEMailNotifications
|
|
|
|
|
|Same as above, but the notifications are triggered on the creation of a
|
|
|
|
|
calendar or an address book.
|
|
|
|
|
|
|
|
|
|
|D |SOGoACLsSendEMailNotifications
|
|
|
|
|
|Same as above, but the notifications are sent to the involved users of
|
|
|
|
|
a calendar or address book's ACLs.
|
|
|
|
|
|
|
|
|
|
|D |SOGoCalendarDefaultRoles
|
|
|
|
|
|Parameter used to define the default roles when giving permissions to a
|
|
|
|
|
user to access a calendar. Defaults roles are ignored for public
|
|
|
|
|
accesses. Must be an array of up to five strings. Each string defining a
|
|
|
|
|
role for an event category must begin with one of those values:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `Public`
|
|
|
|
|
* `Confidential`
|
|
|
|
|
* `Private`
|
|
|
|
|
|
|
|
|
|
And each string must end with one of those values:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `Viewer`
|
|
|
|
|
* `DAndTViewer`
|
|
|
|
|
* `Modifier`
|
|
|
|
|
* `Responder`
|
|
|
|
|
|
|
|
|
|
The array can also contain one or many of the following strings:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `ObjectCreator`
|
|
|
|
|
* `ObjectEraser`
|
|
|
|
|
|
|
|
|
|
Example: `SOGoCalendarDefaultRoles = ("ObjectCreator", "PublicViewer");`
|
|
|
|
|
|
|
|
|
|
Defaults to no role when unset. Recommended values are `PublicViewer`
|
|
|
|
|
and `ConfidentialDAndTViewer`.
|
|
|
|
|
|
|
|
|
|
|D |SOGoContactsDefaultRoles
|
|
|
|
|
|Parameter used to define the default roles when giving permissions to a
|
|
|
|
|
user to access an address book. Defaults roles are ignored for public
|
|
|
|
|
accesses. Must be an array of one or many of the following strings:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* ObjectViewer
|
|
|
|
|
* ObjectEditor
|
|
|
|
|
* ObjectCreator
|
|
|
|
|
* ObjectEraser
|
|
|
|
|
|
|
|
|
|
Example: `SOGoContactsDefaultRoles = ("ObjectEditor");`
|
|
|
|
|
|
|
|
|
|
Defaults to no role when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoSuperUsernames
|
|
|
|
|
|Parameter used to set which usernames require administrative privileges
|
|
|
|
|
over all the users tables. For example, this could be used to post
|
|
|
|
|
events in the users calendar without requiring the user to configure
|
|
|
|
|
his/her ACLs. In this case you will need to specify those superuser's
|
|
|
|
|
usernames like this: `SOGoSuperUsernames = (<username1>[, <username2>, ...]);`
|
|
|
|
|
|
|
|
|
|
|U |SOGoLanguage
|
|
|
|
|
|Parameter used to set the default language used in the Web interface
|
|
|
|
|
for SOGo. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Arabic`
|
|
|
|
|
* `Basque`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `BrazilianPortuguese`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Catalan`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `Czech`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Danish`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `Dutch`
|
|
|
|
|
* `English`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Finnish`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `French`
|
|
|
|
|
* `German`
|
|
|
|
|
* `Hungarian`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Icelandic`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `Italian`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `NorwegianBokmal`
|
|
|
|
|
* `NorwegianNynorsk`
|
|
|
|
|
* `Polish`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `Russian`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Slovak`
|
|
|
|
|
* `SpanishSpain`
|
|
|
|
|
* `SpanishArgentina`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `Swedish`
|
2015-05-28 14:30:30 +02:00
|
|
|
|
* `Ukrainian`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* `Welsh`
|
|
|
|
|
|
|
|
|
|
|D |SOGoNotifyOnPersonalModifications
|
|
|
|
|
|Parameter used to set whether SOGo sends or not email receipts when
|
|
|
|
|
someone changes his/her own calendar. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
- `YES` – to send notifications
|
|
|
|
|
- `NO` – to not send notifications
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset. User can overwrite this from the calendar
|
|
|
|
|
properties window.
|
|
|
|
|
|
|
|
|
|
|D |SOGoNotifyOnExternalModifications
|
|
|
|
|
|Parameter used to set whether SOGo sends or not email receipts when a
|
|
|
|
|
modification is being done to his/her own calendar by someone else.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES` – to send notifications
|
|
|
|
|
* `NO` – to not send notifications
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset. User can overwrite this from the calendar
|
|
|
|
|
properties window.
|
|
|
|
|
|
|
|
|
|
|D |SOGoLDAPContactInfoAttribute
|
|
|
|
|
|Parameter used to specify an LDAP attribute that should be displayed
|
|
|
|
|
when auto-completing user searches.
|
|
|
|
|
|
|
|
|
|
|D |SOGoiPhoneForceAllDayTransparency
|
|
|
|
|
|When set to `YES`, this will force all-day events sent over by iPhone
|
|
|
|
|
OS based devices to be transparent. This means that the all-day events
|
|
|
|
|
will not be considered during freebusy lookups.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoEnablePublicAccess
|
|
|
|
|
|Parameter used to allow or not your users to share publicly (ie.,
|
|
|
|
|
requiring not authentication) their calendars and address books.
|
|
|
|
|
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES` – to allow them
|
|
|
|
|
* `NO` – to prevent them from doing so
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoPasswordChangeEnabled
|
|
|
|
|
|Parameter used to allow or not users to change their passwords from
|
|
|
|
|
SOGo.
|
|
|
|
|
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES` – to allow them
|
|
|
|
|
* `NO` – to prevent them from doing so
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
For this feature to work properly when authenticating against AD or
|
|
|
|
|
Samba4, the LDAP connection must use SSL/TLS. Server side restrictions
|
|
|
|
|
can also cause the password change to fail, in which case SOGo will only
|
|
|
|
|
log a 'Constraint violation (0x13)' error. These restrictions include
|
|
|
|
|
password too young, complexity constraints not satisfied, user cannot
|
|
|
|
|
change password, etc... Also note that Samba has a minimum password age
|
|
|
|
|
of 1 day by default.
|
|
|
|
|
|
|
|
|
|
|S |SOGoSupportedLanguages
|
|
|
|
|
|Parameter used to configure which languages are available from SOGo's
|
|
|
|
|
Web interface. Available languages are specified as an array of string.
|
|
|
|
|
|
2015-05-28 14:30:30 +02:00
|
|
|
|
The default value is: `( "Arabic", "Basque", "Catalan", "Czech", "Dutch", "Danish", "Welsh", "English", "SpanishSpain", "SpanishArgentina", "Finnish", "French", "German", "Icelandic", "Italian", "Hungarian", "BrazilianPortuguese", "NorwegianBokmal", "NorwegianNynorsk", "Polish", "Russian", "Slovak", "Ukrainian", "Swedish" )`
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|D |SOGoHideSystemEMail
|
|
|
|
|
|Parameter used to control if SOGo should hide or not the system email
|
|
|
|
|
address (UIDFieldName@SOGoMailDomain). This is currently limited to
|
|
|
|
|
CalDAV (calendar-user-address-set).
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoSearchMinimumWordLength
|
|
|
|
|
|Parameter used to control the minimum length to be used for the search
|
|
|
|
|
string (attendee completion, address book search, etc.) prior triggering
|
|
|
|
|
the server-side search operation.
|
|
|
|
|
|
|
|
|
|
Defaults to `2` when unset – which means a search operation will be
|
|
|
|
|
triggered on the 3rd typed character.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMaximumFailedLoginCount
|
|
|
|
|
|Parameter used to control the number of failed login attempts required
|
|
|
|
|
during _SOGoMaximumFailedLoginInterval_ seconds or more. If conditions
|
|
|
|
|
are met, the account will be blocked for _SOGoFailedLoginBlockInterval_
|
|
|
|
|
seconds since the first failed login attempt.
|
|
|
|
|
|
|
|
|
|
Default value is `0`, or disabled.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMaximumFailedLoginInterval
|
|
|
|
|
|Number of seconds, defaults to `10`.
|
|
|
|
|
|
|
|
|
|
|S |SOGoFailedLoginBlockInterval
|
|
|
|
|
|Number of seconds, defaults to `300` (or 5 minutes). Note that
|
|
|
|
|
_SOGoCacheCleanupInterval_ must be set to a value equal or higher than
|
|
|
|
|
_SOGoFailedLoginBlockInterval_.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMaximumMessageSubmissionCount
|
|
|
|
|
|Parameter used to control the number of email messages a user can send
|
|
|
|
|
from SOGo's webmail interface, to _SOGoMaximumRecipientCount_, in
|
|
|
|
|
_SOGoMaximumSubmissionInterval_ seconds or more. If conditions are met
|
|
|
|
|
or exceeded, the user won't be able to send mails for
|
|
|
|
|
_SOGoMessageSubmissionBlockInterval_ seconds.
|
|
|
|
|
|
|
|
|
|
Default value is `0`, or disabled.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMaximumRecipientCount
|
|
|
|
|
|Maximum number of recipients. Default value is `0`, or disabled.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMaximumSubmissionInterval
|
|
|
|
|
|Number of seconds, defaults to `30`.
|
|
|
|
|
|
|
|
|
|
|S |SOGoMessageSubmissionBlockInterval
|
|
|
|
|
|Number of seconds, default to `300` (or 5 minutes). Note that
|
|
|
|
|
_SOGoCacheCleanupInterval_ must be set to a value equal or higher than
|
|
|
|
|
_SOGoFailedLoginBlockInterval_.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
Authentication using LDAP
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo can use a LDAP server to authenticate users and, if desired, to
|
|
|
|
|
provide global address books. SOGo can also use an SQL backend for this
|
|
|
|
|
purpose (see the section_Authentication using SQL_ later in this
|
|
|
|
|
document). Insert the following text into your configuration file to
|
|
|
|
|
configure an authentication and global address book using an LDAP
|
|
|
|
|
directory server:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
SOGoUserSources = (
|
|
|
|
|
{
|
|
|
|
|
type = ldap;
|
|
|
|
|
CNFieldName = cn;
|
|
|
|
|
IDFieldName = uid;
|
|
|
|
|
UIDFieldName = uid;
|
|
|
|
|
IMAPHostFieldName = mailHost;
|
|
|
|
|
baseDN = "ou=users,dc=acme,dc=com";
|
|
|
|
|
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
|
|
|
|
|
bindPassword = qwerty;
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
displayName = "Shared Addresses";
|
|
|
|
|
hostname = "ldap://127.0.0.1:389";
|
|
|
|
|
id = public;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
In our example, we use a LDAP server running on the same host where SOGo
|
|
|
|
|
is being installed.
|
|
|
|
|
|
|
|
|
|
You can also, using the filter attribute, restrict the results to match
|
|
|
|
|
various criteria. For example, you could define, in your
|
|
|
|
|
`.GNUstepDefaults` file, the following filter to return only entries
|
|
|
|
|
belonging to the organization _Inverse_ with a _mail_ address and
|
|
|
|
|
not _inactive_:
|
|
|
|
|
|
|
|
|
|
filter = "(o='Inverse' AND mail='*' AND status <> 'inactive')";
|
|
|
|
|
|
|
|
|
|
Since LDAP sources can serve as user repositories for authentication as
|
|
|
|
|
well as address books, you can specify the following for each source to
|
|
|
|
|
make them appear in the address book module:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
displayName = "<human identification name of the address book>";
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
For certain LDAP sources, SOGo also supports indirect binds for user
|
|
|
|
|
authentication. Here is an example:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
SOGoUserSources = (
|
|
|
|
|
{
|
|
|
|
|
type = ldap;
|
|
|
|
|
CNFieldName = cn;
|
|
|
|
|
IDFieldName = cn;
|
|
|
|
|
UIDFieldName = sAMAccountName;
|
|
|
|
|
baseDN = "cn=Users,dc=acme,dc=com";
|
|
|
|
|
bindDN = "cn=sogo,cn=Users,dc=acme,dc=com";
|
|
|
|
|
bindFields = (sAMAccountName);
|
|
|
|
|
bindPassword = qwerty;
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
displayName = "Active Directory";
|
|
|
|
|
hostname = ldap://10.0.0.1:389;
|
|
|
|
|
id = directory;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
In this example, SOGo will use an indirect bind by first determining the
|
|
|
|
|
user DN. That value is found by doing a search on the fields specified
|
|
|
|
|
in `bindFields`. Most of the time, there will be only one field but it
|
|
|
|
|
is possible to specify more in the form of an array (for example,
|
|
|
|
|
`bindFields = (sAMAccountName, cn)`). When using multiple fields, only
|
|
|
|
|
one of the fields needs to match the login name. In the above example,
|
|
|
|
|
when a user logs in, the login will be checked against the
|
|
|
|
|
`sAMAccountName` entry in all the user cards, and once this card is
|
|
|
|
|
found, the user DN of this card will be used for checking the user's
|
|
|
|
|
password.
|
|
|
|
|
|
|
|
|
|
Finally, SOGo supports LDAP-based groups. Groups must be defined like
|
|
|
|
|
any other authentication sources (ie., _canAuthenticate_ must be set
|
|
|
|
|
to `YES` and a group must have a valid email address). In order for SOGo
|
|
|
|
|
to determine if a specific LDAP entry is a group, SOGo will look for one
|
|
|
|
|
of the following objectClass attributes:
|
|
|
|
|
|
|
|
|
|
* `group`
|
|
|
|
|
* `groupOfNames`
|
|
|
|
|
* `groupOfUniqueNames`
|
|
|
|
|
* `posixGroup`
|
|
|
|
|
|
|
|
|
|
You can set ACLs based on group membership and invite a group to a
|
|
|
|
|
meeting (and the group will be decomposed to its list of members upon
|
|
|
|
|
save by SOGo). You can also control the visibility of the group from the
|
|
|
|
|
list of shared address books or during mail autocompletion by setting
|
|
|
|
|
the `isAddressBook` parameter to `YES` or `NO`. The following LDAP entry
|
|
|
|
|
shows how a typical group is defined:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
dn: cn=inverse,ou=groups,dc=inverse,dc=ca
|
|
|
|
|
objectClass: groupOfUniqueNames
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: extensibleObject
|
|
|
|
|
uniqueMember: uid=alice,ou=users,dc=inverse,dc=ca
|
|
|
|
|
uniqueMember: uid=bernard,ou=users,dc=inverse,dc=ca
|
|
|
|
|
uniqueMember: uid=bob,ou=users,dc=inverse,dc=ca
|
|
|
|
|
cn: inverse
|
|
|
|
|
structuralObjectClass: groupOfUniqueNames
|
|
|
|
|
mail: inverse@inverse.ca
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
The corresponding _SOGoUserSources_ entry to handle groups like this one
|
|
|
|
|
would be:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
{
|
|
|
|
|
type = ldap;
|
|
|
|
|
CNFieldName = cn;
|
|
|
|
|
IDFieldName = cn;
|
|
|
|
|
UIDFieldName = cn;
|
|
|
|
|
baseDN = "ou=groups,dc=inverse,dc=ca”;
|
|
|
|
|
bindDN = "cn=sogo,ou=services,dc=inverse,dc=ca";
|
|
|
|
|
bindPassword = zot;
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
displayName = “Inverse Groups”;
|
|
|
|
|
hostname = ldap://127.0.0.1:389;
|
|
|
|
|
id = inverse_groups;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
The following table describes the possible parameters related to a LDAP
|
|
|
|
|
source:
|
|
|
|
|
|
|
|
|
|
[cols="^3,>47,50a"]
|
|
|
|
|
|=======================================================================
|
2015-05-25 19:52:25 +02:00
|
|
|
|
.34+|D <|SOGoUserSources
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|Parameter used to set the LDAP and/or SQL sources used for
|
|
|
|
|
authentication and global address books. Multiple sources can be
|
|
|
|
|
specified as an array of dictionaries. A dictionary that defines an LDAP
|
|
|
|
|
source can contain the following values:
|
|
|
|
|
|
|
|
|
|
|type
|
|
|
|
|
|The type of this user source, set to ldap` for an LDAP source.
|
|
|
|
|
|
|
|
|
|
|id
|
|
|
|
|
|The identification name of the LDAP repository. This must be unique –
|
|
|
|
|
even when using multiple domains.
|
|
|
|
|
|
|
|
|
|
|CNFieldName
|
|
|
|
|
|The field that returns the complete name.
|
|
|
|
|
|
|
|
|
|
|IDFieldName
|
|
|
|
|
|The field that starts a user DN if bindFields is not used. This field
|
|
|
|
|
must be unique across the entire SOGo domain.
|
|
|
|
|
|
|
|
|
|
|UIDFieldName
|
|
|
|
|
|The field that returns the login name of a user.
|
|
|
|
|
|
|
|
|
|
The returned value *must be unique across the whole SOGo installation*
|
|
|
|
|
since it is used to identify the user in the `folder_info` database
|
|
|
|
|
table.
|
|
|
|
|
|
|
|
|
|
|MailFieldNames
|
|
|
|
|
|An array of fields that returns the user's email addresses (defaults to
|
|
|
|
|
`mail` when unset).
|
|
|
|
|
|
|
|
|
|
|SearchFieldNames
|
|
|
|
|
|An array of fields to to match against the search string when filtering
|
|
|
|
|
users (defaults to `sn`, `displayName`, and `telephoneNumber` when
|
|
|
|
|
unset).
|
|
|
|
|
|
|
|
|
|
|IMAPHostFieldName (optional)
|
|
|
|
|
|The field that returns either an URI to the IMAP server as described
|
|
|
|
|
for SOGoIMAPServer, or a simple server hostname that would be used as a
|
|
|
|
|
replacement for the hostname part in the URI provided by the
|
|
|
|
|
_SOGoIMAPServer_ parameter.
|
|
|
|
|
|
|
|
|
|
|IMAPLoginFieldName (optional)
|
|
|
|
|
|The field that returns the IMAP login name for the user (defaults to
|
|
|
|
|
the value of _UIDFieldName_ when unset).
|
|
|
|
|
|
|
|
|
|
|SieveHostFieldName (optional)
|
|
|
|
|
|The field that returns either an URI to the SIEVE server as described
|
|
|
|
|
for _SOGoSieveServer_, or a simple server hostname that would be used as
|
|
|
|
|
a replacement for the hostname part in the URI provided by the
|
|
|
|
|
_SOGoSieveServer_ parameter.
|
|
|
|
|
|
|
|
|
|
|baseDN
|
|
|
|
|
|The base DN of your user entries.
|
|
|
|
|
|
|
|
|
|
|KindFieldName (optional)
|
|
|
|
|
|If set, SOGo will try to determine if the value of the field
|
|
|
|
|
corresponds to either "group", "location" or "thing". If that's the
|
|
|
|
|
case, SOGo will consider the returned entry to be a resource.
|
|
|
|
|
|
|
|
|
|
For LDAP-based sources, SOGo can also automatically determine if it's a
|
|
|
|
|
resource if the entry has the calendarresource objectClass set.
|
|
|
|
|
|
|
|
|
|
|MultipleBookingsFieldName (optional)
|
|
|
|
|
|The value of this attribute is the maximum number of concurrent events
|
|
|
|
|
to which a resource can be part of at any point in time.
|
|
|
|
|
|
|
|
|
|
If this is set to `0`, or if the attribute is missing, it means no
|
2015-01-05 19:49:28 +01:00
|
|
|
|
limit. If set to `-1`, no limit is imposed but the resource will
|
|
|
|
|
be marked as busy the first time it is booked.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|filter (optional)
|
|
|
|
|
|The filter to use for LDAP queries, it should be defined as an
|
|
|
|
|
EOQualifier. The following operators are supported:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `<>` – inequality operator
|
|
|
|
|
* `=` – equality operator
|
|
|
|
|
|
|
|
|
|
Multiple qualifiers can be joined by using `OR` and `AND`, they can also
|
|
|
|
|
be grouped together by using parenthesis. Attribute values should be
|
|
|
|
|
quoted to avoid unexpected behaviour.
|
|
|
|
|
|
|
|
|
|
For example: `filter = "(objectClass='mailUser' OR objectClass='mailGroup') AND accountStatus='active' AND uid <> 'alice'";`
|
|
|
|
|
|
|
|
|
|
|scope (optional)
|
|
|
|
|
|Either `BASE`, `ONE` or `SUB`.
|
|
|
|
|
|
|
|
|
|
|bindDN
|
|
|
|
|
|The DN of the login name to use for binding to your server.
|
|
|
|
|
|
|
|
|
|
|bindPassword
|
|
|
|
|
|Its password.
|
|
|
|
|
|
|
|
|
|
|bindAsCurrentUser
|
|
|
|
|
|If set to `YES`, SOGo will always keep binding to the LDAP server using
|
|
|
|
|
the DN of the currently authenticated user. If _bindFields_ is set,
|
|
|
|
|
_bindDN_ and _bindPassword_ will still be required to find the proper DN
|
|
|
|
|
of the user.
|
|
|
|
|
|
|
|
|
|
|bindFields (optional)
|
|
|
|
|
|An array of fields to use when doing indirect binds.
|
|
|
|
|
|
|
|
|
|
|hostname
|
|
|
|
|
|A space-delimited list of LDAP URLs or LDAP hostnames.
|
|
|
|
|
|
|
|
|
|
LDAP URLs are specified in RFC 4516 and have the following general
|
|
|
|
|
format:
|
|
|
|
|
|
|
|
|
|
`scheme://host:port/DN?attributes?scope?filter?extensions`
|
|
|
|
|
|
|
|
|
|
Note that SOGo doesn't currently support DN, attributes, scope and
|
|
|
|
|
filter in such URLs. Using them may have undefined side effects.
|
|
|
|
|
|
|
|
|
|
URLs examples:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `ldap://127.0.0.1:3389`
|
|
|
|
|
* `ldaps://127.0.0.1`
|
|
|
|
|
* `ldap://127.0.0.1/????!StartTLS`
|
|
|
|
|
|
|
|
|
|
|port(deprecated)
|
|
|
|
|
|Port number of the LDAP server.
|
|
|
|
|
|
|
|
|
|
A non-default port should be part of the ldap URL in the hostname
|
|
|
|
|
parameter.
|
|
|
|
|
|
|
|
|
|
|encryption (deprecated)
|
|
|
|
|
|Either `SSL` or `STARTTLS`
|
|
|
|
|
|
|
|
|
|
SSL should be specified as `ldaps://` in the LDAP URL. STARTTLS should
|
|
|
|
|
be specified as a LDAP Extension in the LDAP URL (e.g.
|
|
|
|
|
`ldap://127.0.0.1/????!StartTLS`)
|
|
|
|
|
|
|
|
|
|
|userPasswordAlgorithm
|
|
|
|
|
|The algorithm used for password encryption when changing passwords
|
|
|
|
|
without Password Policies enabled.
|
|
|
|
|
|
|
|
|
|
Possible values are: `none`, `plain`, `crypt`, `md5`, `md5-crypt`,
|
|
|
|
|
`smd5`, `cram-md5` and `sha`, `sha256`, `sha512` and its ssha (e.g.
|
|
|
|
|
`ssha` or `ssha256`) variants (plus setting of the encoding with `.b64`
|
|
|
|
|
or `.hex`).
|
|
|
|
|
|
|
|
|
|
For a more detailed description see
|
|
|
|
|
http://wiki.dovecot.org/Authentication/PasswordSchemes.
|
|
|
|
|
|
|
|
|
|
Note that `cram-md5` is not actually using cram-md5 (due to the lack of
|
|
|
|
|
challenge-response mechanism), its just saving the intermediate MD5
|
|
|
|
|
context as Dovecot stores in its database.
|
|
|
|
|
|
|
|
|
|
|canAuthenticate
|
|
|
|
|
|If set to `YES`, this LDAP source is used for authentication
|
|
|
|
|
|
|
|
|
|
|passwordPolicy
|
|
|
|
|
|If set to `YES`, SOGo will use the extended LDAP Password Policies
|
|
|
|
|
attributes. If you LDAP server does not support those and you activate
|
2015-01-16 18:55:38 +01:00
|
|
|
|
this feature, every LDAP requests will fail. Note that some LDAP servers
|
|
|
|
|
require LDAP/SSL for password policies to work. This is the case for
|
|
|
|
|
example with 389 Directory Server.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
2015-02-11 17:31:35 +01:00
|
|
|
|
|updateSambaNTLMPasswords
|
|
|
|
|
|If set to `YES`, SOGo will automatically update the sambaNTPassword
|
|
|
|
|
and sambaLMPassword attributes when changing passwords. The attributes
|
|
|
|
|
must be called sambaNTPassword and sambaLMPassword. You must also make
|
|
|
|
|
sure the correct ACL is set in your LDAP server to allow users to change
|
|
|
|
|
their own sambaNTPassword and sambaLMPassword password attributes.
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|isAddressBook
|
|
|
|
|
|If set to `YES`, this LDAP source is used as a shared address book
|
|
|
|
|
(with read-only access). Note that if set to `NO`, autocompletion will
|
|
|
|
|
not work for entries in this source and thus, freebusy lookups.
|
|
|
|
|
|
|
|
|
|
|displayName (optional)
|
|
|
|
|
|If set as an address book, the human identification name of the LDAP
|
|
|
|
|
repository
|
|
|
|
|
|
|
|
|
|
|ModulesConstraints (optional)
|
|
|
|
|
|Limits the access of any module through a constraint based on an LDAP
|
2015-07-22 17:54:50 +02:00
|
|
|
|
attribute; must be a dictionary with keys `Mail`, and/or `Calendar`,
|
|
|
|
|
and/or `ActiveSync` for example:
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
ModulesConstraints = {
|
|
|
|
|
Calendar = {
|
|
|
|
|
ou = employees;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
|mapping
|
|
|
|
|
|A dictionary that maps contact attributes used by SOGo to the LDAP
|
|
|
|
|
attributes used by the schema of the LDAP source. Each entry must have
|
|
|
|
|
an attribute name as key and an array of strings as value. This enables
|
|
|
|
|
actual fields to be mapped one after another when fetching contact
|
|
|
|
|
informations.
|
|
|
|
|
|
|
|
|
|
See the LDAP Attribute Mapping section below for an example and a list
|
|
|
|
|
of supported attributes.
|
|
|
|
|
|
|
|
|
|
|objectClasses
|
|
|
|
|
|When the _modifiers_ list (see below) is set, or when using LDAP-based
|
|
|
|
|
user addressbooks (see _abOU_ below), this list of object classes will
|
|
|
|
|
be applied to new records as they are created.
|
|
|
|
|
|
2015-03-24 13:40:13 +01:00
|
|
|
|
|GroupObjectClasses
|
|
|
|
|
|A list (array) of names identifying groups within the LDAP source. If not
|
|
|
|
|
set, SOGo will use `group`, `groupofnames`, `groupofuniquenames`
|
|
|
|
|
and `posixgroup`.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|modifiers
|
|
|
|
|
|A list (array) of usernames that are authorized to perform
|
|
|
|
|
modifications to the address book defined by this LDAP source.
|
|
|
|
|
|
|
|
|
|
|abOU
|
|
|
|
|
|This field enables LDAP-based user addressbooks by specifying the value
|
|
|
|
|
of the address book container beneath each user entry, for example:
|
|
|
|
|
`ou=addressbooks,uid=username,dc=domain`.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
The following parameters can be defined along the other keys of each
|
|
|
|
|
entry of the SOGoUserSources, but can also defined at the domain and/or
|
|
|
|
|
system levels:
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|D |SOGoLDAPContactInfoAttribute
|
|
|
|
|
|Parameter used to specify an attribute that should appear in
|
|
|
|
|
autocompletion of the web interface.
|
|
|
|
|
|
|
|
|
|
|D |SOGoLDAPQueryLimit
|
|
|
|
|
|Parameter used to limit the number of returned results from the LDAP
|
|
|
|
|
server whenever SOGo performs a LDAP query (for example, during
|
|
|
|
|
addresses completion in a shared address book).
|
|
|
|
|
|
|
|
|
|
|D |SOGoLDAPQueryTimeout
|
|
|
|
|
|Parameter to define the timeout of LDAP queries. The actual time limit
|
|
|
|
|
for operations is also bounded by the maximum time that the server is
|
|
|
|
|
configured to allow.
|
|
|
|
|
|
|
|
|
|
Defaults to `0` (unlimited).
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
LDAP Attributes Indexing
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
To ensure proper performance of the SOGo application, the following LDAP
|
|
|
|
|
attributes must be fully indexed:
|
|
|
|
|
|
|
|
|
|
* givenName
|
|
|
|
|
* cn
|
|
|
|
|
* mail
|
|
|
|
|
* sn
|
|
|
|
|
|
|
|
|
|
Please refer to the documentation of the software you use in order to
|
|
|
|
|
index those attributes.
|
|
|
|
|
|
|
|
|
|
LDAP Attributes Mapping
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Some LDAP attributes are mapped to contacts attributes in the SOGo UI.
|
|
|
|
|
The table below list most of them. It is possible to override these by
|
|
|
|
|
using the _mapping_ configuration parameter.
|
|
|
|
|
|
|
|
|
|
For example, if the LDAP schema uses the _fax_ attribute to store the
|
|
|
|
|
fax number, one could map it to the _facsimiletelephonenumber_ attribute
|
|
|
|
|
like this:
|
|
|
|
|
|
|
|
|
|
----
|
2015-12-15 20:24:12 +01:00
|
|
|
|
mapping = {
|
2014-07-11 19:54:42 +02:00
|
|
|
|
facsimiletelephonenumber = ("fax", "facsimiletelephonenumber");
|
|
|
|
|
};
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
|===
|
|
|
|
|
2+h|Name
|
|
|
|
|
|First |givenName
|
|
|
|
|
|Last |sn
|
|
|
|
|
|DisplayName |displayName _or_ cn _or_ givenName + sn
|
|
|
|
|
|Nickname |mozillanickname
|
|
|
|
|
|
|
|
|
|
2+h|Internet
|
|
|
|
|
|Email |mail
|
|
|
|
|
|Secondary email |mozillasecondemail
|
|
|
|
|
|ScreenName |nsaimid
|
|
|
|
|
|
|
|
|
|
2+h|Phones
|
|
|
|
|
|Work |telephoneNumber
|
|
|
|
|
|Home |homephone
|
|
|
|
|
|Mobile |mobile
|
|
|
|
|
|Fax |facsimiletelephonenumber
|
|
|
|
|
|Pager |pager
|
|
|
|
|
|
|
|
|
|
2+h|Home
|
|
|
|
|
|Address |mozillahomestreet + mozillahomestreet2
|
|
|
|
|
|City |mozillahomelocalityname
|
|
|
|
|
|State/Province |mozillahomestate
|
|
|
|
|
|Zip/Postal Code |mozillahomepostalcode
|
|
|
|
|
|Country |mozillahomecountryname
|
|
|
|
|
|Web page |mozillahomeurl
|
|
|
|
|
|
|
|
|
|
2+h|Work
|
|
|
|
|
|Title |title
|
|
|
|
|
|Department |ou
|
|
|
|
|
|Organization |o
|
|
|
|
|
|Address |street + mozillaworkstreet2
|
|
|
|
|
|City |l
|
|
|
|
|
|State/Province |st
|
|
|
|
|
|Zip/Postal code |postalCode
|
|
|
|
|
|Country |c
|
|
|
|
|
|Web page |mozillaworkurl
|
|
|
|
|
|
|
|
|
|
2+h|Other
|
|
|
|
|
|Birthday |birthyear-birthmonth-birthday
|
|
|
|
|
|Note |description
|
|
|
|
|
|===
|
|
|
|
|
|
|
|
|
|
Authenticating using C.A.S.
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo natively supports C.A.S. authentication. For activating C.A.S.
|
|
|
|
|
authentication you need first to make sure that
|
|
|
|
|
the _SOGoAuthenticationType_ setting is set to `cas` and that
|
|
|
|
|
the _SOGoCASServiceURL_ setting is configured appropriately.
|
|
|
|
|
|
|
|
|
|
The tricky part shows up when using SOGo as a frontend interface to an
|
|
|
|
|
IMAP server as this imposes constraints needed by the C.A.S. protocol to
|
|
|
|
|
ensure secure communication between the different services. Failing to
|
|
|
|
|
take those precautions will prevent users from accessing their mails,
|
|
|
|
|
while still granting basic authentication to SOGo itself.
|
|
|
|
|
|
|
|
|
|
The first constraint is that *the amount of workers that SOGo uses must
|
|
|
|
|
be higher than 1 in order to enable the C.A.S.* service to perform some
|
|
|
|
|
validation requests during IMAP authentication. A single worker alone
|
|
|
|
|
would not, by definition, be able to respond to the C.A.S. requests
|
|
|
|
|
while treating the user request that required the triggering of those
|
|
|
|
|
requests. You must therefore configure the _WOWorkersCount_ setting
|
|
|
|
|
appropriately.
|
|
|
|
|
|
|
|
|
|
The second constraint is that *the SOGo service must be accessible and
|
|
|
|
|
accessed via https*. Moreover, the certificate used by the SOGo server
|
|
|
|
|
has to be recognized and trusted by the C.A.S. service. In the case of a
|
|
|
|
|
certificate issued by a third-party authority, there should be nothing
|
|
|
|
|
to worry about. In the case of a self-signed certificate, the
|
|
|
|
|
certificate must be registered in the trusted keystore of the C.A.S.
|
|
|
|
|
application. The procedure to achieve this can be summarized as
|
|
|
|
|
importing the certificate in the proper "keystore" using
|
|
|
|
|
the `keytool` utility and specifying the path for that keystore to the
|
|
|
|
|
Tomcat instance which provides the C.A.S. service. This is done by
|
|
|
|
|
tweaking the `javax.net.ssl.trustStore` setting, either in the
|
|
|
|
|
`catalina.properties` file or in the command-line parameters. On debian,
|
|
|
|
|
the SOGo certificate can also be added to the truststore as follows:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \
|
|
|
|
|
-out /tmp/sogo-cert.der
|
|
|
|
|
keytool -import -keystore /etc/ssl/certs/java/cacerts \
|
|
|
|
|
-file /tmp/sogo-cert.der -alias sogo-cert
|
|
|
|
|
# The keystore password is 'changeit'
|
|
|
|
|
# tomcat must be restarted after this operation
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
*The certificate used by the CAS server must also be trusted by SOGo.*
|
|
|
|
|
In case of a self-signed certificate, this means exporting tomcat's
|
2014-10-08 10:01:17 +02:00
|
|
|
|
certificate using the `keytool` utility, converting it to PEM format and
|
2014-07-11 19:54:42 +02:00
|
|
|
|
appending it to the `ca-certificates.crt` file (the name and location of
|
|
|
|
|
that file differs between distributions). Basically:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
# export tomcat's cert to openssl format
|
|
|
|
|
keytool -keystore /etc/tomcat7/keystore -exportcert -alias tomcat | \
|
|
|
|
|
openssl x509 -inform der >tomcat.pem
|
|
|
|
|
|
|
|
|
|
Enter keystore password: tomcat
|
|
|
|
|
|
|
|
|
|
# add the pem to the trusted certs
|
|
|
|
|
cp tomcat.pem /etc/ssl/certs
|
|
|
|
|
cat tomcat.pem >>/etc/ssl/certs/ca-certificates
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If any of those constraints is not satisfied, the webmail interface of
|
|
|
|
|
SOGo will display an empty email account. Unfortunately, SOGo has no
|
|
|
|
|
possibility to detect which one is the cause of the problem. The only
|
|
|
|
|
indicators are log messages that at least pinpoint the symptoms:
|
|
|
|
|
|
|
|
|
|
___________________________________________________
|
|
|
|
|
_"failure to obtain a PGT from the C.A.S. service"_
|
|
|
|
|
___________________________________________________
|
|
|
|
|
|
|
|
|
|
Such an error will show up during authentication of the user to SOGo. It
|
|
|
|
|
happens when the authentication service has accepted the user
|
|
|
|
|
authentication ticket but has not returned a "Proxy Granting Ticket".
|
|
|
|
|
|
|
|
|
|
_______________________________________________
|
|
|
|
|
_"a CAS failure occurred during operation...."_
|
|
|
|
|
_______________________________________________
|
|
|
|
|
|
|
|
|
|
This error indicate that an attempt was made to retrieve an
|
|
|
|
|
authentication ticket for a third-party service such as IMAP or sieve.
|
|
|
|
|
Most of the time, this happens as a consequence to the problem described
|
|
|
|
|
above. To troubleshoot these issues, one should be tailing `cas.log`,
|
|
|
|
|
pam logs and sogo logs.
|
|
|
|
|
|
|
|
|
|
Currently, SOGo will ask for a CAS ticket using the same CAS service
|
|
|
|
|
name for both IMAP and Sieve. *When CASifying sieve, this means that the
|
|
|
|
|
`-s` parameter of `pam_cas`should be the same for both IMAP and Sieve*,
|
|
|
|
|
otherwise the CAS server will complain:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket
|
|
|
|
|
[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service [imap://myimapserver
|
|
|
|
|
does not match supplied service [sieve://mysieveserver:2000]
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Finally, when using imapproxy to speed up the imap accesses, the
|
|
|
|
|
SOGoIMAPCASServiceName should be set to the actual imap service name
|
|
|
|
|
expected by pam_cas, otherwise it will fail to authenticate incoming
|
|
|
|
|
connection properly.
|
|
|
|
|
|
|
|
|
|
Authenticating using SAML2
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo natively supports SAML2 authentication. Please refer to the
|
|
|
|
|
documentation of your identity provider and the SAML2 configuration keys
|
|
|
|
|
that are listed above for proper setup. Once a SOGo instance is
|
|
|
|
|
configured properly, the metadata for that instance can be retrieved
|
|
|
|
|
from `http://<hostname>/SOGo/saml2-metadata` for registration with the
|
2014-11-26 21:09:30 +01:00
|
|
|
|
identity provider. SOGo will dynamically generate the metadata based on
|
|
|
|
|
the SOGoSAML2CertificateLocation's content and the SOGo server name.
|
|
|
|
|
|
|
|
|
|
When using SimpleSAMLphp, make sure the convert OID to names by modifying your
|
|
|
|
|
`metadata/saml20-idp-hosted.php` to contain something like this:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
|
|
|
|
'authproc' => array(
|
|
|
|
|
100 => array('class' => 'core:AttributeMap', 'oid2name'),
|
|
|
|
|
),
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If you want to test the IdP-initiated logout using SimpleSAMLphp, you can do so by opening
|
|
|
|
|
the following URL:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php?ReturnTo=www.sogo.nu
|
|
|
|
|
----
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
In order to relay authentication information to your IMAP server and if
|
|
|
|
|
you make use of the CrudeSAML SASL plugin, you need to make sure that
|
|
|
|
|
_NGImap4AuthMechanism_ is configured to use the `SAML` mechanism. If you
|
|
|
|
|
make use of the CrudeSAML PAM plugin, this value may be left empty.
|
|
|
|
|
|
2014-11-26 21:09:30 +01:00
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
Database Configuration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo requires a relational database system in order to store
|
|
|
|
|
appointments, tasks and contacts information. It also uses the database
|
|
|
|
|
system to store personal preferences of SOGo users. In this guide, we
|
|
|
|
|
assume you use PostgreSQL so commands provided the create the database
|
|
|
|
|
are related to this application. However, other database servers are
|
|
|
|
|
supported, such as MySQL and Oracle.
|
|
|
|
|
|
|
|
|
|
First, make sure that your PostgreSQL server has TCP/IP connections
|
|
|
|
|
support enabled.
|
|
|
|
|
|
|
|
|
|
Create the database user and schema using the following commands:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
su – postgres
|
|
|
|
|
createuser --no-superuser --no-createdb –-no-createrole \
|
|
|
|
|
–-encrypted --pwprompt sogo
|
|
|
|
|
(specify “sogo” as password)
|
|
|
|
|
createdb -O sogo sogo
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
You should then adjust the access rights to the database. To do so,
|
|
|
|
|
modify the configuration file `/var/lib/pgsql/data/pg_hba.conf` in order
|
|
|
|
|
to add the following line at the very beginning of the file:
|
|
|
|
|
|
|
|
|
|
host sogo sogo 127.0.0.1/32 md5
|
|
|
|
|
|
|
|
|
|
Once added, restart the PostgreSQL database service. Then, modify the
|
|
|
|
|
SOGo configuration file (`/etc/sogo/sogo.conf`) to reflect your database
|
|
|
|
|
settings:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
SOGoProfileURL =
|
|
|
|
|
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
|
|
|
|
|
OCSFolderInfoURL =
|
|
|
|
|
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
|
|
|
|
|
OCSSessionsFolderURL =
|
|
|
|
|
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
The following table describes the parameters that were set:
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
2015-02-09 15:10:55 +01:00
|
|
|
|
|S |SOGoProfileURL
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|Parameter used to set the database URL so that SOGo can retrieve user
|
|
|
|
|
profiles.
|
|
|
|
|
|
|
|
|
|
For MySQL, set the database URL to something like:
|
|
|
|
|
`mysql://sogo:sogo@localhost:3306/sogo/sogo_user_profile`.
|
|
|
|
|
|
2015-02-09 15:10:55 +01:00
|
|
|
|
|S |OCSFolderInfoURL
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|Parameter used to set the database URL so that SOGo can retrieve the
|
|
|
|
|
location of user folders (address books and calendars).
|
|
|
|
|
|
|
|
|
|
For Oracle, set the database URL to something like:
|
|
|
|
|
`oracle://sogo:sogo@localhost:1526/sogo/sogo_folder_info`.
|
|
|
|
|
|
2015-02-09 15:10:55 +01:00
|
|
|
|
|S |OCSSessionsFolderURL
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|Parameter used to set the database URL so that SOGo can store and
|
|
|
|
|
retrieve secured user sessions information. For PostgreSQL, the database
|
|
|
|
|
URL could be set to something like:
|
|
|
|
|
`postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder`.
|
|
|
|
|
|
2015-02-09 15:10:55 +01:00
|
|
|
|
|S |OCSEMailAlarmsFolderURL
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|Parameter used to set the database URL for email-based alarms (that can
|
|
|
|
|
be set on events and tasks). This parameter is relevant only if
|
|
|
|
|
_SOGoEnableEMailAlarms_ is set to `YES`. For PostgreSQL, the database
|
|
|
|
|
URL could be set to something like:
|
|
|
|
|
`postgresql://sogo:sogo@localhost:5432/sogo/sogo_alarms_folder`
|
|
|
|
|
|
|
|
|
|
See the "EMail reminders" section in this document for more information.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
If you're using MySQL, make sure in your `my.cnf` file you have:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
[mysqld]
|
|
|
|
|
...
|
|
|
|
|
character_set_server=utf8
|
|
|
|
|
character_set_client=utf8
|
|
|
|
|
|
|
|
|
|
[client]
|
|
|
|
|
default-character-set=utf8
|
|
|
|
|
|
|
|
|
|
[mysql]
|
|
|
|
|
default-character-set=utf8
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Authentication using SQL
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo can use a SQL-based database server for authentication. The
|
|
|
|
|
configuration is very similar to LDAP-based authentication.
|
|
|
|
|
|
|
|
|
|
The following table describes all the possible parameters related to a
|
|
|
|
|
SQL source:
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
.18+|D |SOGoUserSources
|
|
|
|
|
|Parameter used to set the SQL and/or LDAP sources used for
|
|
|
|
|
authentication and global address books. Multiple sources can be
|
|
|
|
|
specified as an array of dictionaries. A dictionary that defines a SQL
|
|
|
|
|
source can contain the following values:
|
|
|
|
|
|
|
|
|
|
|type
|
|
|
|
|
|The type of this user source, set to `sql` for a SQL source.
|
|
|
|
|
|
|
|
|
|
|id
|
|
|
|
|
|The identification name of the SQL repository. This must be unique –
|
|
|
|
|
even when using multiple domains.
|
|
|
|
|
|
|
|
|
|
|viewURL
|
|
|
|
|
|Database URL of the view used by SOGo. The view expects columns to be
|
|
|
|
|
present. Required columns are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `c_uid`: will be used for authentication – it's a username or
|
|
|
|
|
username@domain.tld
|
|
|
|
|
* `c_name`: will be used to uniquely identify entries – which can be
|
|
|
|
|
identical to `c_uid`
|
|
|
|
|
* `c_password`: password of the user, plain text, crypt, md5 or sha
|
|
|
|
|
encoded
|
|
|
|
|
* `c_cn`: the user's common name
|
|
|
|
|
* mail : the user's email address
|
|
|
|
|
|
|
|
|
|
Other columns can exist and will actually be mapped automatically if
|
|
|
|
|
they have the same name as popular LDAP attributes (such as `givenName`,
|
|
|
|
|
`sn`, `department`, `title`, `telephoneNumber`, etc.).
|
|
|
|
|
|
|
|
|
|
|userPasswordAlgorithm
|
|
|
|
|
|The default algorithm used for password encryption when changing
|
|
|
|
|
passwords. Possible values are: `none`, `plain`, `crypt`, `md5`,
|
|
|
|
|
`md5-crypt`, `smd5`, `cram-md5`, `ldap-md5`, and `sha`, `sha256`,
|
|
|
|
|
`sha512` and its ssha (e.g. `ssha` or `ssha256`) variants. Passwords can
|
|
|
|
|
have the scheme prepended in the form `{scheme}encryptedPass`.
|
|
|
|
|
|
|
|
|
|
If no scheme is given, _userPasswordAlgorithm_ is used instead. The
|
|
|
|
|
schemes listed above follow the algorithms described in
|
|
|
|
|
http://wiki.dovecot.org/Authentication/PasswordSchemes.
|
|
|
|
|
|
|
|
|
|
Note that `cram-md5` is not actually using cram-md5 (due to the lack of
|
|
|
|
|
challenge-response mechanism), its just saving the intermediate MD5
|
|
|
|
|
context as Dovecot stores in its database.
|
|
|
|
|
|
|
|
|
|
|prependPasswordScheme
|
|
|
|
|
|The default behaviour is to store newly set passwords without the
|
|
|
|
|
scheme (default: `NO`). This can be overridden by setting to `YES` and
|
|
|
|
|
will result in passwords stored as `{scheme}encryptedPass`.
|
|
|
|
|
|
|
|
|
|
|canAuthenticate
|
|
|
|
|
|If set to `YES`, this SQL source is used for authentication.
|
|
|
|
|
|
|
|
|
|
|isAddressBook
|
|
|
|
|
|If set to `YES`, this SQL source is used as a shared address book
|
|
|
|
|
(with read-only access). Note that if set to `NO`, autocompletion will
|
|
|
|
|
not work for entries in this source and thus, freebusy lookups.
|
|
|
|
|
|
|
|
|
|
|authenticationFilter (optional)
|
|
|
|
|
|A filter that limits which users can authenticate from this source.
|
|
|
|
|
|
|
|
|
|
|displayName (optional)
|
|
|
|
|
|If set as an address book, the human identification name of the SQL
|
|
|
|
|
repository.
|
|
|
|
|
|
|
|
|
|
|LoginFieldNames (optional)
|
|
|
|
|
|An array of fields that specifies the column names that contain valid
|
|
|
|
|
authentication usernames (defaults to `c_uid` when unset).
|
|
|
|
|
|
|
|
|
|
|MailFieldNames (optional)
|
|
|
|
|
|Aan array of fields that specifies the column names that hold
|
|
|
|
|
additional email addresses (beside the `mail` column) for each user.
|
|
|
|
|
|
|
|
|
|
|IMAPHostFieldName (optional)
|
|
|
|
|
|The field that returns the IMAP hostname for the user.
|
|
|
|
|
|
|
|
|
|
|IMAPLoginFieldName (optional)
|
|
|
|
|
|The field that returns the IMAP login name for the user (defaults to
|
|
|
|
|
`c_uid` when unset).
|
|
|
|
|
|
|
|
|
|
|SieveHostFieldName (optional)
|
|
|
|
|
|The field that returns the Sieve hostname for the user.
|
|
|
|
|
|
|
|
|
|
|KindFieldName (optional)
|
|
|
|
|
|If set, SOGo will try to determine if the value of the field
|
|
|
|
|
corresponds to either "group", "location" or "thing". If that's the
|
|
|
|
|
case, SOGo will consider the returned entry to be a resource.
|
|
|
|
|
|
|
|
|
|
|MultipleBookingsFieldName (optional)
|
|
|
|
|
|The value of this field is the maximum number of concurrent events to
|
|
|
|
|
which a resource can be part of at any point in time.
|
|
|
|
|
|
|
|
|
|
If this is set to `0`, or if the attribute is missing, it means no
|
2015-01-19 19:54:04 +01:00
|
|
|
|
limit and the resource will always be marked as free. If set to `-1`,
|
|
|
|
|
no limit is imposed but the resource will be marked as busy the first
|
|
|
|
|
time it is booked. If greater than 0, the resource will get marked as
|
|
|
|
|
busy once it reaches the value.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|DomainFieldName (optional)
|
|
|
|
|
|If set, SOGo will use the value of that field as the domain associated
|
|
|
|
|
to the user.
|
|
|
|
|
|
|
|
|
|
See the _Multi-domains Configuration_ section in this document for more
|
|
|
|
|
information.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
Here is an example of an SQL-based authentication and address book
|
|
|
|
|
source:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
SOGoUserSources =
|
|
|
|
|
(
|
|
|
|
|
{
|
|
|
|
|
type = sql;
|
|
|
|
|
id = directory;
|
|
|
|
|
viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
userPasswordAlgorithm = md5;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Certain database columns must be present in the view/table, such as:
|
|
|
|
|
|
|
|
|
|
* `c_uid` – will be used for authentication – it's the username
|
|
|
|
|
or username@domain.tld
|
|
|
|
|
* `c_name` – which can be identical to `c_uid` – will be used to
|
|
|
|
|
uniquely identify entries
|
|
|
|
|
* `c_password` – password of the user, plain-text, md5 or sha encoded
|
|
|
|
|
for now
|
|
|
|
|
* `c_cn` – the user's common name – such as "John Doe"
|
|
|
|
|
* `mail` – the user's mail address
|
|
|
|
|
|
|
|
|
|
Note that groups are currently not supported for SQL-based
|
|
|
|
|
authentication sources.
|
|
|
|
|
|
|
|
|
|
SMTP Server Configuration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo makes use of a SMTP server to send emails from the Web interface,
|
|
|
|
|
iMIP/iTIP messages and various notifications.
|
|
|
|
|
|
|
|
|
|
The following table describes the related parameters.
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|D |SOGoMailingMechanism
|
|
|
|
|
|Parameter used to set how SOGo sends mail messages. Possible values
|
|
|
|
|
are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `sendmail` – to use the sendmail binary
|
|
|
|
|
* `smtp` – to use the SMTP protocol
|
|
|
|
|
|
|
|
|
|
|D |SOGoSMTPServer
|
|
|
|
|
|The DNS name or IP address of the SMTP server used when
|
|
|
|
|
_SOGoMailingMechanism_ is set to `smtp`.
|
|
|
|
|
|
|
|
|
|
|D |SOGoSMTPAuthenticationType
|
|
|
|
|
|Activate SMTP authentication and specifies which type is in use.
|
|
|
|
|
Current, only `PLAIN` is supported and other values will be ignored.
|
|
|
|
|
|
|
|
|
|
|S |WOSendMail
|
|
|
|
|
|The path of the sendmail binary.
|
|
|
|
|
|
|
|
|
|
Defaults to `/usr/lib/sendmail`.
|
|
|
|
|
|
|
|
|
|
|D |SOGoForceExternalLoginWithEmail
|
|
|
|
|
|Parameter used to specify if, when logging in to the SMTP server, the
|
|
|
|
|
primary email address of the user will be used instead of the username.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES`
|
|
|
|
|
* `NO`
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
IMAP Server Configuration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo requires an IMAP server in order to let users consult their email
|
|
|
|
|
messages, manage their folders and more.
|
|
|
|
|
|
|
|
|
|
The following table describes the related parameters.
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|U |SOGoDraftsFolderName
|
|
|
|
|
|Parameter used to set the IMAP folder name used to store drafts
|
|
|
|
|
messages.
|
|
|
|
|
|
|
|
|
|
Defaults to `Drafts` when unset.
|
|
|
|
|
|
|
|
|
|
Use a `/` as a hierarchy separator if referring to an IMAP subfolder.
|
|
|
|
|
For example: `INBOX/Drafts`.
|
|
|
|
|
|
|
|
|
|
|U |SOGoSentFolderName
|
|
|
|
|
|Parameter used to set the IMAP folder name used to store sent messages.
|
|
|
|
|
|
|
|
|
|
Defaults to `Sent` when unset.
|
|
|
|
|
|
|
|
|
|
Use a `/` as a hierarchy separator if referring to an IMAP subfolder.
|
|
|
|
|
For example: `INBOX/Sent`.
|
|
|
|
|
|
|
|
|
|
|U |SOGoTrashFolderName
|
|
|
|
|
|Parameter used to set the IMAP folder name used to store deleted
|
|
|
|
|
messages.
|
|
|
|
|
|
|
|
|
|
Defaults to `Trash` when unset.
|
|
|
|
|
|
|
|
|
|
Use a `/` as a hierarchy separator if referring to an IMAP subfolder.
|
|
|
|
|
For example: `INBOX/Trash`.
|
|
|
|
|
|
|
|
|
|
|D |SOGoIMAPCASServiceName
|
|
|
|
|
|Parameter used to set the CAS service name (URL) of the imap service.
|
|
|
|
|
This is useful if SOGo is connecting to the IMAP service through a
|
|
|
|
|
proxy. When using `pam_cas`, this parameter should be set to the same
|
|
|
|
|
value as the `-s` argument of the imap pam service.
|
|
|
|
|
|
|
|
|
|
|D |SOGoIMAPServer
|
|
|
|
|
|Parameter used to set the DNS name or IP address of the IMAP server
|
|
|
|
|
used by SOGo. You can also use SSL or TLS by providing a value using an
|
|
|
|
|
URL, such as:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `imaps://localhost:993`
|
|
|
|
|
* `imaps://localhost:143/?tls=YES`
|
|
|
|
|
|
|
|
|
|
|D |SOGoSieveServer
|
|
|
|
|
|Parameter used to set the DNS name or IP address of the Sieve
|
|
|
|
|
(managesieve) server used by SOGo. You must use an URL such as:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `sieve://localhost`
|
|
|
|
|
* `sieve://localhost:2000`
|
|
|
|
|
* `sieve://localhost:2000/?tls=YES`
|
|
|
|
|
|
|
|
|
|
Note that TLS is supported but SSL is not.
|
|
|
|
|
|
|
|
|
|
|D |SOGoSieveFolderEncoding
|
|
|
|
|
|Parameter used to specify which encoding is used for IMAP folder names
|
2014-10-08 10:01:17 +02:00
|
|
|
|
in Sieve filters. Defaults to `UTF-7`. The other possible value is
|
|
|
|
|
`UTF-8`.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|U |SOGoMailShowSubscribedFoldersOnly
|
|
|
|
|
|Parameter used to specify if the Web interface should only show
|
|
|
|
|
subscribed IMAP folders. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES`
|
|
|
|
|
* `NO`
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoIMAPAclStyle
|
|
|
|
|
|Parameter used to specify which RFC the IMAP server implements with
|
|
|
|
|
respect to ACLs. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `rfc2086`
|
|
|
|
|
* `rfc4314`
|
|
|
|
|
|
|
|
|
|
Defaults to `rfc4314` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoIMAPAclConformsToIMAPExt
|
|
|
|
|
|Parameter used to specify if the IMAP server implements the Internet
|
|
|
|
|
Message Access Protocol Extension. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES`
|
|
|
|
|
* `NO`
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoForceExternalLoginWithEmail
|
|
|
|
|
|Parameter used to specify if, when logging in to the IMAP server, the
|
|
|
|
|
primary email address of the user will be used instead of the username.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `YES`
|
|
|
|
|
* `NO`
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoMailSpoolPath
|
|
|
|
|
|Parameter used to set the path where temporary email drafts are
|
|
|
|
|
written. If you change this value, you must also modify the daily
|
|
|
|
|
cronjob `sogo-tmpwatch`.
|
|
|
|
|
|
|
|
|
|
Defaults to `/var/spool/sogo`.
|
|
|
|
|
|
2015-03-18 15:15:33 +01:00
|
|
|
|
|S |NGMimeBuildMimeTempDirectory
|
|
|
|
|
|Parameter used to set the path where temporary files will be stored
|
|
|
|
|
by SOPE when dealing with MIME messages.
|
|
|
|
|
|
|
|
|
|
Defaults to `/tmp`.
|
|
|
|
|
|
|
|
|
|
|
2014-10-08 10:07:48 +02:00
|
|
|
|
|S |NGImap4DisableIMAP4Pooling
|
|
|
|
|
|Disables IMAP pooling when set to `YES`. Enable pooling by setting to
|
|
|
|
|
`NO` or using a caching proxy like imapproxy.
|
|
|
|
|
|
|
|
|
|
The default value is `YES`.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|S |NGImap4ConnectionStringSeparator
|
|
|
|
|
|Parameter used to set the IMAP mailbox separator. Setting this will
|
|
|
|
|
also have an impact on the mailbox separator used by Sieve filters.
|
|
|
|
|
|
|
|
|
|
The default separator is `/`.
|
|
|
|
|
|
|
|
|
|
|S |NGImap4AuthMechanism
|
|
|
|
|
|Trigger the use of the IMAP `AUTHENTICATE` command with the specified
|
|
|
|
|
SASL mechanism. Please note that feature might be limited at this time.
|
|
|
|
|
|
|
|
|
|
|D |NGImap4ConnectionGroupIdPrefix
|
|
|
|
|
|Prefix to prepend to names in IMAP ACL transactions, to indicate the
|
2014-10-08 10:01:17 +02:00
|
|
|
|
name is a group name, not a user name.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
RFC4314 gives examples where group names are prefixed with `$`. Dovecot,
|
|
|
|
|
for one, follows this scheme, and will, for example, apply permissions
|
|
|
|
|
for `$admins` to all users in group `admins` in the absence of specific
|
|
|
|
|
permissions for the individual user.
|
|
|
|
|
|
|
|
|
|
The default prefix is `$`.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
Web Interface Configuration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
The following additional parameters only affect the Web interface
|
|
|
|
|
behaviour of SOGo.
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|S |SOGoPageTitle
|
|
|
|
|
|Parameter used to define the Web page title.
|
|
|
|
|
|
|
|
|
|
Defaults to `SOGo` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoLoginModule
|
|
|
|
|
|Parameter used to specify which module to show after login. Possible
|
|
|
|
|
values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `Calendar`
|
|
|
|
|
* `Mail`
|
|
|
|
|
* `Contacts`
|
|
|
|
|
|
|
|
|
|
Defaults to `Calendar` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoFaviconRelativeURL
|
|
|
|
|
|Parameter used to specify the relative URL of the site favion.
|
|
|
|
|
|
|
|
|
|
When unset, defaults to the file `sogo.ico` under the default web
|
|
|
|
|
resources directory.
|
|
|
|
|
|
|
|
|
|
|S |SOGoZipPath
|
|
|
|
|
|Parameter used to specify the path of the zip binary used to archive
|
|
|
|
|
messages.
|
|
|
|
|
|
|
|
|
|
Defaults to `/usr/bin/zip` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoSoftQuotaRatio
|
|
|
|
|
|Parameter used to change the quota returned by the IMAP server by
|
|
|
|
|
multiplying it by the specified ratio. Acts as a soft quota. Example:
|
|
|
|
|
`0.8`.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailUseOutlookStyleReplies (not currently editable in Web interface)
|
|
|
|
|
|Parameter used to set if email replies should use Outlook's style.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailListViewColumnsOrder (not currently editable in Web
|
|
|
|
|
interface)
|
|
|
|
|
|Parameter used to specify the default order of the columns from the
|
|
|
|
|
SOGo webmail interface. The parameter is an array, for example:
|
|
|
|
|
|
|
|
|
|
SOGoMailListViewColumnsOrder = (Flagged, Attachment, Priority, From, Subject, Unread, Date, Size);
|
|
|
|
|
|
|
|
|
|
|D |SOGoVacationEnabled
|
|
|
|
|
|Parameter used to activate the edition from the preferences window of a
|
|
|
|
|
vacation message.
|
|
|
|
|
|
|
|
|
|
Requires Sieve script support on the IMAP host.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
When enabling this parameter, one must also enable the associated
|
|
|
|
|
cronjob in `/etc/cron.d/sogo` in order to activate automatic vacation
|
|
|
|
|
message expiration.
|
|
|
|
|
|
|
|
|
|
See the _Cronjob — Vacation messages expiration_ section below for
|
|
|
|
|
details.
|
|
|
|
|
|
|
|
|
|
|D |SOGoForwardEnabled
|
|
|
|
|
|Parameter used to activate the edition from the preferences window of a
|
|
|
|
|
forwarding email address. Requires Sieve script support on the IMAP
|
|
|
|
|
host.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
2015-02-11 20:30:40 +01:00
|
|
|
|
|D |SOGoForwardConstraints
|
|
|
|
|
|Parameter used to set constraints on possible addresses used when
|
|
|
|
|
automatically forwarding mails. When set to `0` (default), no constraint
|
|
|
|
|
is enforced. When set to `1`, only internal domains can be used. When
|
|
|
|
|
set to `2`, only external domains can be used.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|D |SOGoSieveScriptsEnabled
|
|
|
|
|
|Parameter used to activate the edition from the preferences windows of
|
|
|
|
|
server-side mail filters. Requires Sieve script support on the IMAP
|
|
|
|
|
host.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoMailPollingIntervals
|
|
|
|
|
|Parameter used to define the mail polling intervals (in minutes)
|
|
|
|
|
available to the user. The parameter is an array that can contain the
|
|
|
|
|
following numbers:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `1`
|
|
|
|
|
* `2`
|
|
|
|
|
* `5`
|
|
|
|
|
* `10`
|
|
|
|
|
* `20`
|
|
|
|
|
* `30`
|
|
|
|
|
* `60`
|
|
|
|
|
|
|
|
|
|
Defaults to the list above when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailMessageCheck
|
|
|
|
|
|Parameter used to define the mail polling interval at which the IMAP
|
|
|
|
|
server is queried for new messages. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `manually`
|
|
|
|
|
* `every_minute`
|
|
|
|
|
* `every_2_minutes`
|
|
|
|
|
* `every_5_minutes`
|
|
|
|
|
* `every_10_minutes`
|
|
|
|
|
* `every_20_minutes`
|
|
|
|
|
* `every_30_minutes`
|
|
|
|
|
* `once_per_hour`
|
|
|
|
|
|
|
|
|
|
Defaults to `manually` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoMailAuxiliaryUserAccountsEnabled
|
|
|
|
|
|Parameter used to activate the auxiliary IMAP accounts in SOGo. When
|
|
|
|
|
set to `YES`, users can add other IMAP accounts that will be visible
|
|
|
|
|
from the SOGo Webmail interface.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoDefaultCalendar
|
|
|
|
|
|Parameter used to specify which calendar is used when creating an event
|
|
|
|
|
or a task. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `selected`
|
|
|
|
|
* `personal`
|
|
|
|
|
* `first`
|
|
|
|
|
|
|
|
|
|
Defaults to `selected` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoDayStartTime
|
|
|
|
|
|The hour at which the day starts (`0` through `12`).
|
|
|
|
|
|
|
|
|
|
Defaults to `8` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoDayEndTime
|
|
|
|
|
|The hour at which the day ends (`12` through `23`).
|
|
|
|
|
|
|
|
|
|
Defaults to `18` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoFirstDayOfWeek
|
|
|
|
|
|The day at which the week starts in the week and month views (`0`
|
|
|
|
|
through `6`). `0` indicates Sunday.
|
|
|
|
|
|
|
|
|
|
Defaults to `0` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoFirstWeekOfYear
|
|
|
|
|
|Parameter used to defined how is identified the first week of the year.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `January1`
|
|
|
|
|
* `First4DayWeek`
|
|
|
|
|
* `FirstFullWeek`
|
|
|
|
|
|
|
|
|
|
Defaults to `January1` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoTimeFormat
|
|
|
|
|
|The format used to display time in the timeline of the day and week
|
|
|
|
|
views. Please refer to the documentation for the date command or the
|
|
|
|
|
`strftime` C function for the list of available format sequence.
|
|
|
|
|
|
|
|
|
|
Defaults to `%H:%M`.
|
|
|
|
|
|
|
|
|
|
|U |SOGoCalendarCategories
|
|
|
|
|
|Parameter used to define the categories that can be associated to
|
|
|
|
|
events. This parameter is an array of arbitrary strings.
|
|
|
|
|
|
|
|
|
|
Defaults to a list that depends on the language.
|
|
|
|
|
|
2015-06-10 02:30:22 +02:00
|
|
|
|
|U |SOGoCalendarCategoriesColors
|
|
|
|
|
|Parameter used to define the colour of categories. This parameter
|
|
|
|
|
is a dictionary of category name/color.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
2015-06-10 02:30:22 +02:00
|
|
|
|
Defaults to `#F0F0F0` for all categories when unset.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|U |SOGoCalendarEventsDefaultClassification
|
|
|
|
|
|Parameter used to defined the default classification for new events.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `PUBLIC`
|
|
|
|
|
* `CONFIDENTIAL`
|
|
|
|
|
* `PRIVATE`
|
|
|
|
|
|
|
|
|
|
Defaults to `PUBLIC` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoCalendarTasksDefaultClassification
|
|
|
|
|
|Parameter used to defined the default classification for new tasks.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `PUBLIC`
|
|
|
|
|
* `CONFIDENTIAL`
|
|
|
|
|
* `PRIVATE`
|
|
|
|
|
|
|
|
|
|
Defaults to `PUBLIC` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoCalendarDefaultReminder
|
|
|
|
|
|Parameter used to defined a default reminder for new events. Possible
|
|
|
|
|
values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `-PT5M`
|
|
|
|
|
* `-PT10M`
|
|
|
|
|
* `-PT15M`
|
|
|
|
|
* `-PT30M`
|
|
|
|
|
* `-PT45M`
|
|
|
|
|
* `-PT1H`
|
|
|
|
|
* `-PT2H`
|
|
|
|
|
* `-PT5H`
|
|
|
|
|
* `-PT15H`
|
|
|
|
|
* `-P1D`
|
|
|
|
|
* `-P2D`
|
|
|
|
|
* `-P1W`
|
|
|
|
|
|
|
|
|
|
|D |SOGoFreeBusyDefaultInterval
|
|
|
|
|
|The number of days to include in the free busy information. The
|
|
|
|
|
parameter is an array of two numbers, the first being the number of days
|
|
|
|
|
prior to the current day and the second being the number of days
|
|
|
|
|
following the current day.
|
|
|
|
|
|
|
|
|
|
Defaults to `(7, 7)` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoBusyOffHours
|
|
|
|
|
|Parameter used to specify if off-hours should be automatically added to
|
|
|
|
|
the free-busy information. Off hours included weekends and periods
|
|
|
|
|
covered between _SOGoDayEndTime_ and _SOGoDayStartTime_.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailMessageForwarding
|
|
|
|
|
|The method the message is to be forwarded. Possible values are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `inline`
|
|
|
|
|
* `attached`
|
|
|
|
|
|
|
|
|
|
Defaults to `inline` when unset.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailCustomFullName
|
|
|
|
|
|The string to use as full name when composing an email, if
|
|
|
|
|
_SOGoMailCustomFromEnabled_ is set in the user's domain defaults.
|
|
|
|
|
|
|
|
|
|
When unset, the full name specified in the user sources for the user is
|
|
|
|
|
used instead.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailCustomEmail
|
|
|
|
|
|The string to use as email address when composing an email, if
|
|
|
|
|
_SOGoMailCustomFromEnabled_ is set in the user's
|
|
|
|
|
domain defaults. When unset, the email specified in the user sources for
|
|
|
|
|
the user is used instead.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailReplyPlacement
|
|
|
|
|
|The reply placement with respect to the quoted message. Possible values
|
|
|
|
|
are:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `above`
|
|
|
|
|
* `below`
|
|
|
|
|
|
|
|
|
|
Defaults to `below`.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailReplyTo
|
|
|
|
|
|The email address to use in the `reply-to` header field when the user
|
|
|
|
|
sends a message.
|
|
|
|
|
|
|
|
|
|
Ignored when empty.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailSignaturePlacement
|
|
|
|
|
|The placement of the signature with respect to the quoted message.
|
|
|
|
|
Possible values are:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* `above`
|
|
|
|
|
* `below`
|
|
|
|
|
|
|
|
|
|
Defaults to `below`.
|
|
|
|
|
|
|
|
|
|
|U |SOGoMailComposeMessageType
|
|
|
|
|
|The message composition format. Possible values are:
|
|
|
|
|
|
|
|
|
|
* `text`
|
|
|
|
|
* `html`
|
|
|
|
|
|
|
|
|
|
Defaults to `text`.
|
|
|
|
|
|
|
|
|
|
|S |SOGoEnableEMailAlarms
|
|
|
|
|
|Parameter used to enable email-based alarms on events and tasks.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
For this feature to work correctly, one must also set the
|
|
|
|
|
_OCSEMailAlarmsFolderURL_ parameter and enable the associated cronjob.
|
|
|
|
|
See the _Cronjob — EMail reminders_ section from this document for more
|
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|U |SOGoContactsCategories
|
|
|
|
|
|Parameter used to define the categories that can be associated to
|
|
|
|
|
contacts. This parameter is an array of arbitrary strings.
|
|
|
|
|
|
|
|
|
|
Defaults to a list that depends on the language.
|
|
|
|
|
|
|
|
|
|
|D |SOGoUIAdditionalJSFiles
|
|
|
|
|
|Parameter used to define a list of additional JavaScript files loaded
|
|
|
|
|
by SOGo for all displayed web pages. This parameter is an array of
|
|
|
|
|
strings corresponding of paths to the arbitrary JavaScript files. The
|
|
|
|
|
paths are relative to the `WebServerResources` directory, which is
|
|
|
|
|
usually found under `/usr/lib/GNUstep/SOGo/.`
|
|
|
|
|
|
|
|
|
|
|D |SOGoMailCustomFromEnabled
|
|
|
|
|
|Parameter used to allow or not users to specify custom "From" addresses
|
|
|
|
|
from SOGo's preferences panel.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoSubscriptionFolderFormat
|
|
|
|
|
|Parameter used to set the default formatting of a subscription folder
|
|
|
|
|
name. Available variables are:
|
|
|
|
|
|
|
|
|
|
* `%{FolderName}`
|
|
|
|
|
* `%{UserName}`
|
|
|
|
|
* `%{Email}`
|
|
|
|
|
|
|
|
|
|
Defaults to `%{FolderName} (%{UserName} <%{Email}>)` when unset.
|
|
|
|
|
|
|
|
|
|
|D |SOGoUIxAdditionalPreferences
|
|
|
|
|
|Parameter used to enable an extra preferences tab using the content of
|
|
|
|
|
the template named `UIxAdditionalPreferences.wox`. This template should
|
|
|
|
|
be put under `~sogo/GNUstep/Library/SOGo/Templates/PreferencesUI/`.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
SOGo Configuration Summary
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
2014-10-08 10:01:17 +02:00
|
|
|
|
The complete SOGo configuration file `/etc/sogo/sogo.conf` should look
|
2014-07-11 19:54:42 +02:00
|
|
|
|
like this:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
{
|
|
|
|
|
SOGoProfileURL =
|
|
|
|
|
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
|
|
|
|
|
OCSFolderInfoURL =
|
|
|
|
|
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
|
|
|
|
|
OCSSessionsFolderURL =
|
|
|
|
|
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
|
|
|
|
|
SOGoAppointmentSendEMailNotifications = YES;
|
|
|
|
|
SOGoCalendarDefaultRoles = (
|
|
|
|
|
PublicViewer,
|
|
|
|
|
ConfidentialDAndTViewer
|
|
|
|
|
);
|
|
|
|
|
SOGoLanguage = English;
|
2014-09-26 19:58:28 +02:00
|
|
|
|
SOGoTimeZone = America/Montreal;
|
2014-07-11 19:54:42 +02:00
|
|
|
|
SOGoMailDomain = acme.com;
|
|
|
|
|
SOGoIMAPServer = localhost;
|
2014-09-26 19:58:28 +02:00
|
|
|
|
SOGoDraftsFolderName = Drafts;
|
|
|
|
|
SOGoSentFolderName = Sent;
|
|
|
|
|
SOGoTrashFolderName = Trash;
|
|
|
|
|
SOGoMailingMechanism = smtp;
|
|
|
|
|
SOGoSMTPServer = 127.0.0.1;
|
2014-07-11 19:54:42 +02:00
|
|
|
|
SOGoUserSources = (
|
|
|
|
|
{
|
|
|
|
|
type = ldap;
|
|
|
|
|
CNFieldName = cn;
|
|
|
|
|
IDFieldName = uid;
|
|
|
|
|
UIDFieldName = uid;
|
|
|
|
|
baseDN = "ou=users,dc=acme,dc=com";
|
|
|
|
|
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
|
|
|
|
|
bindPassword = qwerty;
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
displayName = "Shared Addresses";
|
|
|
|
|
hostname = localhost;
|
|
|
|
|
id = public;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
port = 389;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Multi-domains Configuration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
If you want your installation to isolate two groups of users, you must
|
2015-05-25 19:00:08 +02:00
|
|
|
|
define a distinct authentication source for each _domain_. Your domain keys
|
|
|
|
|
must have the same value as your email domain you want to add. Following is
|
2014-07-11 19:54:42 +02:00
|
|
|
|
the same configuration that now includes two domains (acme.com and
|
|
|
|
|
coyote.com):
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
{
|
2014-09-26 19:58:28 +02:00
|
|
|
|
...
|
2014-07-11 19:54:42 +02:00
|
|
|
|
domains = {
|
2015-05-25 19:00:08 +02:00
|
|
|
|
acme.com = {
|
2014-07-11 19:54:42 +02:00
|
|
|
|
SOGoMailDomain = acme.com;
|
|
|
|
|
SOGoDraftsFolderName = Drafts;
|
|
|
|
|
SOGoUserSources = (
|
|
|
|
|
{
|
|
|
|
|
type = ldap;
|
|
|
|
|
CNFieldName = cn;
|
|
|
|
|
IDFieldName = uid;
|
|
|
|
|
UIDFieldName = uid;
|
|
|
|
|
baseDN = "ou=users,dc=acme,dc=com";
|
|
|
|
|
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
|
|
|
|
|
bindPassword = qwerty;
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
displayName = "Shared Addresses";
|
|
|
|
|
hostname = localhost;
|
|
|
|
|
id = public_acme;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
port = 389;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
};
|
2015-05-25 19:00:08 +02:00
|
|
|
|
coyote.com = {
|
2014-07-11 19:54:42 +02:00
|
|
|
|
SOGoMailDomain = coyote.com;
|
|
|
|
|
SOGoIMAPServer = imap.coyote.com;
|
|
|
|
|
SOGoUserSources = (
|
|
|
|
|
{
|
|
|
|
|
type = ldap;
|
|
|
|
|
CNFieldName = cn;
|
|
|
|
|
IDFieldName = uid;
|
|
|
|
|
UIDFieldName = uid;
|
|
|
|
|
baseDN = "ou=users,dc=coyote,dc=com";
|
|
|
|
|
bindDN = "uid=sogo,ou=users,dc=coyote,dc=com";
|
|
|
|
|
bindPassword = qwerty;
|
|
|
|
|
canAuthenticate = YES;
|
|
|
|
|
displayName = "Shared Addresses";
|
|
|
|
|
hostname = localhost;
|
|
|
|
|
id = public_coyote;
|
|
|
|
|
isAddressBook = YES;
|
|
|
|
|
port = 389;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
The following additional parameters only affect SOGo when using multiple
|
|
|
|
|
domains.
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|S |SOGoEnableDomainBasedUID
|
2015-05-25 19:00:08 +02:00
|
|
|
|
|Parameter used to enable user identification by domain. Users will be
|
2014-07-11 19:54:42 +02:00
|
|
|
|
able (without being required) to login using the form `username@domain`,
|
|
|
|
|
meaning that values of _UIDFieldName_ no longer have to be unique among
|
|
|
|
|
all domains but only within the same domain. Internally, users will
|
|
|
|
|
always be identified by the concatenation of their username and domain.
|
|
|
|
|
|
|
|
|
|
Consequently, activating this parameter on an existing system implies
|
|
|
|
|
that user identifiers will change and their previous calendars and
|
|
|
|
|
address books will no longer be accessible unless a conversion is
|
|
|
|
|
performed.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO` when unset.
|
|
|
|
|
|
|
|
|
|
|S |SOGoLoginDomains
|
|
|
|
|
|Parameter used to define which domains should be selectable from the
|
|
|
|
|
login page. This parameter is an array of keys from the `domains`
|
|
|
|
|
dictionary.
|
|
|
|
|
|
|
|
|
|
Defaults to an empty array, which means that no domains appear on the
|
|
|
|
|
login page. If you prefer having the domain names listed, just use these
|
|
|
|
|
as keys for the the `domains` dictionary.
|
|
|
|
|
|
|
|
|
|
|S |SOGoDomainsVisibility
|
|
|
|
|
|Parameter used to set domains visible among themselves. This parameter
|
|
|
|
|
is an array of arrays.
|
|
|
|
|
|
|
|
|
|
Example: `SOGoDomainsVisibility = ((acme, coyote));`
|
|
|
|
|
|
|
|
|
|
Defaults to an empty array, which means domains are isolated from each
|
|
|
|
|
other.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
Apache Configuration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
The SOGo configuration for Apache is located in
|
|
|
|
|
`/etc/httpd/conf.d/SOGo.conf`.
|
|
|
|
|
|
|
|
|
|
Upon SOGo installation, a default configuration file is created which is
|
|
|
|
|
suitable for most configurations.
|
|
|
|
|
|
|
|
|
|
You must also configure the following parameters in the SOGo
|
|
|
|
|
configuration file for Apache in order to have a working installation:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
RequestHeader set "x-webobjects-server-port" "80"
|
|
|
|
|
RequestHeader set "x-webobjects-server-name" "yourhostname"
|
|
|
|
|
RequestHeader set "x-webobjects-server-url" "http://yourhostname"
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
You may consider enabling SSL on top of this current installation to
|
|
|
|
|
secure access to your SOGo installation.
|
|
|
|
|
|
|
|
|
|
See http://httpd.apache.org/docs/2.2/ssl/ for details.
|
|
|
|
|
|
|
|
|
|
You might also have to adjust the configuration if you have SELinux
|
|
|
|
|
enabled.
|
|
|
|
|
|
|
|
|
|
The default configuration will use `mod_proxy` and `mod_headers` to
|
|
|
|
|
relay requests to the `sogod` parent process. This is suitable for small
|
|
|
|
|
to medium deployments.
|
|
|
|
|
|
|
|
|
|
Starting Services
|
|
|
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Once SOGo if fully installed and configured, start the services using
|
|
|
|
|
the following command:
|
|
|
|
|
|
|
|
|
|
service sogod start
|
|
|
|
|
|
|
|
|
|
You may verify using thechkconfigcommand that the SOGo service is
|
|
|
|
|
automatically started at boot time. Restart the Apache service since
|
|
|
|
|
modules and configuration files were added:
|
|
|
|
|
|
|
|
|
|
service httpd restart
|
|
|
|
|
|
|
|
|
|
Finally, you should also make sure that the `memcached` service is
|
|
|
|
|
started and that it is also automatically started at boot time.
|
|
|
|
|
|
|
|
|
|
_Cronjob_ — EMail reminders
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo allows you to set email-based reminders for events and tasks. To
|
|
|
|
|
enable this, you must enable the `SOGoEnableEMailAlarms` preference and
|
|
|
|
|
set the `OCSEMailAlarmsFolderURL` preference accordingly.
|
|
|
|
|
|
|
|
|
|
Once you've correctly set those two preferences, you must create
|
|
|
|
|
a _cronjob_ that will run under the "sogo" user. This _cronjob_ should
|
|
|
|
|
be run every minute.
|
|
|
|
|
|
|
|
|
|
A commented out example should have been installed in
|
|
|
|
|
`/etc/cron.d/sogo`, to enable it, simply uncomment it.
|
|
|
|
|
|
|
|
|
|
As a reference, the _cronjob_ should de defined like this:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
* * * * * /usr/sbin/sogo-ealarms-notify
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If your mail server requires use of SMTP AUTH, specify a credential file
|
|
|
|
|
using `-p /path/to/credFile`. This file should contain the username and
|
|
|
|
|
password, separated by a colon (`username:password`)
|
|
|
|
|
|
|
|
|
|
_Cronjob_ — Vacation messages expiration
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
When vacation messages are enabled (see the parameter
|
|
|
|
|
_SOGoVacationEnabled_), users can set an expiration date to messages
|
|
|
|
|
auto-reply. For this feature to work, you must run a _cronjob_ under the
|
|
|
|
|
"sogo" user.
|
|
|
|
|
|
|
|
|
|
A commented out example should have been installed in
|
|
|
|
|
`/etc/cron.d/sogo`. To work correctly this tool must login as an
|
|
|
|
|
administrative user on the sieve server. The required credentials must
|
|
|
|
|
be specified in a file by using `-p /path/to/credFile`. This file should
|
|
|
|
|
contain the username and password, separated by a colon
|
|
|
|
|
(`username:password`).
|
|
|
|
|
|
|
|
|
|
The _cronjob_ should look like this:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
0 0 * * * sogo /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Managing User Accounts
|
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
|
|
Creating the SOGo Administrative Account
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
First, create the SOGo administrative account in your LDAP server. The
|
|
|
|
|
following LDIF file (`sogo.ldif`) can be used as an example:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
dn: uid=sogo,ou=users,dc=acme,dc=com
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: inetOrgPerson
|
|
|
|
|
objectClass: person
|
|
|
|
|
objectClass: organizationalPerson
|
|
|
|
|
uid: sogo
|
|
|
|
|
cn: SOGo Administrator
|
|
|
|
|
mail: sogo@acme.com
|
|
|
|
|
sn: Administrator
|
|
|
|
|
givenName: SOGo
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Load the LDIF file inside your LDAP server using the following command:
|
|
|
|
|
|
|
|
|
|
ldapadd -f sogo.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
|
|
|
|
|
|
|
|
|
|
Finally, set the password (to the value `qwerty`) of the SOGo
|
|
|
|
|
administrative account using the following command:
|
|
|
|
|
|
|
|
|
|
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com uid=sogo,ou=users,dc=acme,dc=com -s qwerty
|
|
|
|
|
|
|
|
|
|
Creating a User Account
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
SOGo uses LDAP directories to authenticate users. Use the following LDIF
|
|
|
|
|
file (`jdoe.ldif`) as an example to create a SOGo user account:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
dn: uid=jdoe,ou=users,dc=acme,dc=com
|
|
|
|
|
objectClass: top
|
|
|
|
|
objectClass: inetOrgPerson
|
|
|
|
|
objectClass: person
|
|
|
|
|
objectClass: organizationalPerson
|
|
|
|
|
uid: jdoe
|
|
|
|
|
cn: John Doe
|
|
|
|
|
mail: jdoe@acme.com
|
|
|
|
|
sn: Doe
|
|
|
|
|
givenName: John
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Load the LDIF file inside your LDAP server using the following command:
|
|
|
|
|
|
|
|
|
|
ldapadd -f jdoe.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
|
|
|
|
|
|
|
|
|
|
Finally, set the password (to the value `qwerty`) of the SOGo
|
|
|
|
|
administrative account using the following command:
|
|
|
|
|
|
|
|
|
|
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com uid=jdoe,ou=users,dc=acme,dc=com -s qwerty
|
|
|
|
|
|
|
|
|
|
As an alternative to using command-line tools, you can also use LDAP
|
|
|
|
|
editors such as _Luma_ or _Apache Directory Studio_ to make your work
|
|
|
|
|
easier. These GUI utilities can make use of templates to create and
|
|
|
|
|
pre-configure typical user accounts or any standardized LDAP record,
|
|
|
|
|
along with the correct object classes, fields and default values.
|
|
|
|
|
|
2015-02-11 18:59:04 +01:00
|
|
|
|
Microsoft Enterprise ActiveSync
|
|
|
|
|
-------------------------------
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
SOGo supports the Microsoft ActiveSync protocol.
|
|
|
|
|
|
|
|
|
|
ActiveSync clients can fully synchronize contacts, emails, events and
|
|
|
|
|
tasks with SOGo. Freebusy and GAL lookups are also supported, as well as
|
|
|
|
|
"Smart reply" and "Smart forward" operations.
|
|
|
|
|
|
|
|
|
|
To enable Microsoft ActiveSync support in SOGo, you must install the
|
|
|
|
|
required packages.
|
|
|
|
|
|
|
|
|
|
yum install sogo-activesync libwbxml
|
|
|
|
|
|
|
|
|
|
Once installed, simply uncomment the following lines from your SOGo
|
|
|
|
|
Apache configuration:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
ProxyPass /Microsoft-Server-ActiveSync \
|
|
|
|
|
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
|
|
|
|
retry=60 connectiontimeout=5 timeout=360
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Restart Apache afterwards.
|
|
|
|
|
|
|
|
|
|
The following additional parameters only affect SOGo when using
|
|
|
|
|
ActiveSync:
|
|
|
|
|
|
|
|
|
|
[cols="3,47,50a"]
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|S |SOGoMaximumPingInterval
|
|
|
|
|
|Parameter used to set the maximum amount of time, in seconds, SOGo will
|
|
|
|
|
wait before replying to a Ping command.
|
|
|
|
|
|
2014-10-29 19:56:03 +01:00
|
|
|
|
If not set, it defaults to `10` seconds.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
|S |SOGoMaximumSyncInterval
|
|
|
|
|
|Parameter used to set the maximum amount of time, in seconds, SOGo will
|
|
|
|
|
wait before replying to a Sync command.
|
|
|
|
|
|
|
|
|
|
If not set, it defaults to `30` seconds.
|
|
|
|
|
|
|
|
|
|
|S |SOGoInternalSyncInterval
|
|
|
|
|
|Parameter used to set the maximum amount of time, in seconds, SOGo will
|
|
|
|
|
wait before doing an internal check for data changes (add, delete, and
|
2014-10-29 19:56:03 +01:00
|
|
|
|
update). This parameter must be lower than _SOGoMaximumSyncInterval_ and
|
|
|
|
|
_SOGoMaximumPingInterval_.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
If not set, it defaults to `10` seconds.
|
|
|
|
|
|
2014-12-22 17:50:51 +01:00
|
|
|
|
|S |SOGoMaximumSyncResponseSize
|
|
|
|
|
|Parameter used to overwrite the maximum response size during
|
|
|
|
|
a Sync operation. The value is in kilobytes. Setting this to 512
|
|
|
|
|
means the response size will be of 524288 bytes or less. Note that
|
|
|
|
|
if you set the value too low and a mail message (or any other object)
|
|
|
|
|
surpasses it, it will still be synced but only this item will be.
|
|
|
|
|
|
|
|
|
|
Defaults to `0`, which means no overwrite is performed.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|S |SOGoMaximumSyncWindowSize
|
|
|
|
|
|Parameter used to overwrite the maximum number of items returned during
|
|
|
|
|
a Sync operation.
|
|
|
|
|
|
|
|
|
|
Defaults to `0`, which means no overwrite is performed.
|
|
|
|
|
|
|
|
|
|
Setting this parameter to a value greater than `512` will
|
|
|
|
|
have unexpected behaviour with various ActiveSync clients.
|
2015-05-14 21:26:18 +02:00
|
|
|
|
|S |SOGoEASDebugEnabled
|
|
|
|
|
|Parameter used to log the complete request and response of every single
|
|
|
|
|
EAS command.
|
|
|
|
|
|
|
|
|
|
Defaults to `NO`, which means no logging is performed.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
Please be aware of the following limitations:
|
|
|
|
|
|
|
|
|
|
* Outlook 2013 does not search the GAL. One possible alternative
|
|
|
|
|
solution is to configure Outlook to use a LDAP server (over SSL) with
|
2015-01-12 19:39:06 +01:00
|
|
|
|
authentication. Outlook 2013 also does not seem to support multiple
|
|
|
|
|
address books over ActiveSync.
|
2015-02-05 22:21:27 +01:00
|
|
|
|
* To successfully synchronize Outlook email categories, a corresponding
|
|
|
|
|
mail label (Preferences->Mail Options) has to be created manually in SOGo
|
|
|
|
|
for each label defined in Outlook. The name in SOGo and in Outlook must be
|
|
|
|
|
identical.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* Make sure you do not use a self-signed certificate. While this will
|
|
|
|
|
work, Outlook will work intermittently as it will raise popups for
|
|
|
|
|
certificate validation, sometimes in background, preventing the user to
|
|
|
|
|
see the warning and thus, preventing any synchronization to happen.
|
|
|
|
|
* ActiveSync clients keep connections open for a while. Each connection
|
|
|
|
|
will grab a hold on a sogod process so you will need a lot of processes
|
2015-01-12 19:39:06 +01:00
|
|
|
|
to handle many clients. Make sure you tune your SOGo server when having
|
|
|
|
|
lots of ActiveSync clients.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
* Repetitive events with occurrences exceptions are currently not
|
|
|
|
|
supported.
|
|
|
|
|
* Outlook 2013 Autodiscovery is currently not supported.
|
|
|
|
|
* Outlook 2013 freebusy lookups are supported using the Internet
|
|
|
|
|
Free/Busy feature of Outlook 2013. Please
|
|
|
|
|
see http://support.microsoft.com/kb/291621 for configuration
|
|
|
|
|
instructions. On the SOGo side, _SOGoEnablePublicAccess_ must be set to
|
|
|
|
|
`YES` and the URL to use must be of the following format:
|
|
|
|
|
`http://<hostname>/SOGo/dav/public/%NAME%/freebusy.ifb`
|
2014-10-16 17:49:07 +02:00
|
|
|
|
* If you have very large mail folders (thousands of messages), you will
|
|
|
|
|
need to adjust the word size of your IMAP server. In Dovecot, the parameter
|
|
|
|
|
to increase is "imap_max_line_length" while under Cyrus IMAP Server, the
|
|
|
|
|
parameter is "maxword". We suggest a buffer of 2MB.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
In order to use the SOGo ActiveSync support code in production
|
|
|
|
|
environments, you need to get a proper usage license from Microsoft.
|
|
|
|
|
Please contact them directly to negotiate the fees associated to your
|
|
|
|
|
user base.
|
|
|
|
|
|
|
|
|
|
To contact Microsoft, please visit:
|
|
|
|
|
|
2015-01-12 19:39:06 +01:00
|
|
|
|
http://www.microsoft.com/en-us/legal/intellectualproperty/
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
and send an email to iplicreq@microsoft.com
|
|
|
|
|
|
|
|
|
|
Inverse inc. provides this software for free, but is not responsible for
|
|
|
|
|
anything related to its usage.
|
|
|
|
|
|
2015-02-11 18:59:04 +01:00
|
|
|
|
Microsoft Enterprise ActiveSync Tuning
|
|
|
|
|
--------------------------------------
|
|
|
|
|
|
|
|
|
|
First of all, it is important to know that most EAS devices will keep
|
|
|
|
|
HTTP connections open to SOGo (and thus, Apache) for a long time. This
|
|
|
|
|
is required for "push" to work properly. Connections can stay open for
|
|
|
|
|
up to one hour, or 3600 seconds.
|
|
|
|
|
|
|
|
|
|
The first parameter to check is related to Apache's proxying to
|
|
|
|
|
SOGo:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
ProxyPass /Microsoft-Server-ActiveSync \
|
|
|
|
|
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
|
|
|
|
retry=60 connectiontimeout=5 timeout=360
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
The above line sets a timeout for up to 360 seconds, or 6 minutes. If
|
|
|
|
|
you want to let EAS clients keep their HTTP connections open for up
|
|
|
|
|
to an hour, you must change the timeout parameter and set it to 3600.
|
|
|
|
|
|
|
|
|
|
If you change this value, the WOWatchDogRequestTimeout parameter must be changed
|
|
|
|
|
accordingly in SOGo's configuration file (/etc/sogo/sogo.conf). By default,
|
|
|
|
|
a SOGo child process is allowed to handle a request that can take up
|
|
|
|
|
to 10 minutes before it gets killed by its parent process. When using
|
|
|
|
|
EAS "push", the client expects to keep its connection open for up to one
|
|
|
|
|
hour - so the WOWatchDogRequestTimeout, which is set in minutes,
|
|
|
|
|
must be adjusted accordingly.
|
|
|
|
|
|
|
|
|
|
EAS clients will keep HTTP connections open for a long time
|
|
|
|
|
during these two EAS commands: Ping and Sync. By default, SOGo will prevent
|
|
|
|
|
EAS clients from keeping connections for a long time. This is to avoid the
|
|
|
|
|
situation where all SOGo child processes would be monopolized by EAS clients -
|
|
|
|
|
rendering the SOGo web interface or DAV interface unavailable. The
|
|
|
|
|
default SOGo behavior is thus similar to disable EAS push entirely.
|
|
|
|
|
|
|
|
|
|
Two SOGo configuration parameters are available to modify this behavior:
|
|
|
|
|
SOGoMaximumPingInterval (set by default to 10 seconds) and
|
|
|
|
|
SOGoMaximumSyncInterval (set by default to 30 seconds). If you want
|
|
|
|
|
connection to stay open for up to one hour, you should set these
|
|
|
|
|
slightly under 3600 seconds (say 3540 - or 59 minutes). During a
|
|
|
|
|
long-lived HTTP connection, the SOGo child process will perform
|
|
|
|
|
internal polling to detect changes and return them to the EAS client
|
|
|
|
|
if any changes are found. The parameter used to control this
|
|
|
|
|
is SOGoInternalSyncInterval. By default, polling is done every 10
|
|
|
|
|
seconds. This might generate too much load on large-scale system.
|
|
|
|
|
|
|
|
|
|
The last configuration parameter to adjust is WOWorkersCount - which sets the
|
|
|
|
|
number of SOGo child process that will be used to handle requests.
|
|
|
|
|
You should have at least one child per EAS device configured to use
|
|
|
|
|
"push". You must also have more children than you have EAS devices
|
|
|
|
|
configured to use "push" - in order to handle normal SOGo requests to
|
|
|
|
|
its Web or DAV interfaces.
|
|
|
|
|
|
|
|
|
|
Here are some usage examples for EAS devices using "push". In all
|
|
|
|
|
cases, the Apache timeout is set to 3600 and the
|
|
|
|
|
WOWatchDogRequestTimeout parameter is set to 60.
|
|
|
|
|
|
|
|
|
|
Example 1 - 100 users, 10 EAS devices:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
WOWorkersCount = 15;
|
|
|
|
|
SOGoMaximumPingInterval = 3540;
|
|
|
|
|
SOGoMaximumSyncInterval = 3540;
|
|
|
|
|
SOGoInternalSyncInterval = 30;
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Example 2 - 1000 users, 100 EAS devices:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
WOWorkersCount = 120;
|
|
|
|
|
SOGoMaximumPingInterval = 3540;
|
|
|
|
|
SOGoMaximumSyncInterval = 3540;
|
|
|
|
|
SOGoInternalSyncInterval = 60;
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
Using SOGo
|
|
|
|
|
----------
|
|
|
|
|
|
|
|
|
|
SOGo Web Interface
|
|
|
|
|
~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
To acces the SOGo Web Interface, point your Web browser, which is
|
|
|
|
|
running from the same server where SOGo was installed, to the following
|
|
|
|
|
URL: http://localhost/SOGo.
|
|
|
|
|
|
|
|
|
|
Log in using the "jdoe" user and the "qwerty" password. The underlying
|
|
|
|
|
database tables will automatically be created by SOGo.
|
|
|
|
|
|
|
|
|
|
Mozilla Thunderbird and Lightning
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Alternatively, you can access SOGo with a GroupDAV and a CalDAV client.
|
|
|
|
|
A typical well-integrated setup is to use Mozilla Thunderbird and
|
|
|
|
|
Mozilla Lightning along with Inverse's _SOGo Connector_ plug in to
|
|
|
|
|
synchronize your address books and the Inverse's _SOGo Integrator_ plug
|
|
|
|
|
in to provide a complete integration of the features of SOGo into
|
|
|
|
|
Thunderbird and Lightning. Refer to the documentation of Thunderbird to
|
|
|
|
|
configure an initial IMAP account pointing to your SOGo server and using
|
|
|
|
|
the user name and password mentioned above.
|
|
|
|
|
|
|
|
|
|
With the SOGo Integrator plug in, your calendars and address books will
|
|
|
|
|
be automatically discovered when you login in Thunderbird. This plug in
|
|
|
|
|
can also propagate specific extensions and default user settings among
|
|
|
|
|
your site. However, be aware that in order to use the SOGo Integrator
|
|
|
|
|
plug in, you will need to repackage it with specific modifications.
|
|
|
|
|
Please refer to the documentation published online:
|
|
|
|
|
|
|
|
|
|
http://www.sogo.nu/downloads/documentation.html
|
|
|
|
|
|
|
|
|
|
If you only use the SOGo Connector plug in, you can still easily access
|
|
|
|
|
your data.
|
|
|
|
|
|
|
|
|
|
To access your personal address book:
|
|
|
|
|
|
|
|
|
|
* Choose Go > Address Book.
|
|
|
|
|
* Choose File > New > Remote Address Book.
|
|
|
|
|
* Enter a significant name for your calendar in the Name field.
|
|
|
|
|
* Type the following URL in the URL field:
|
|
|
|
|
`http://localhost/SOGo/dav/jdoe/Contacts/personal/`
|
|
|
|
|
* Click on OK.
|
|
|
|
|
|
|
|
|
|
To access your personal calendar:
|
|
|
|
|
|
|
|
|
|
* Choose Go > Calendar.
|
|
|
|
|
* Choose Calendar > New Calendar.
|
|
|
|
|
* Select On the Network and click on Continue.
|
|
|
|
|
* Select CalDAV.
|
|
|
|
|
* Type the following URL in the URL field:
|
|
|
|
|
`http://localhost/SOGo/dav/jdoe/Calendar/personal/`
|
|
|
|
|
* Click on Continue.
|
|
|
|
|
|
|
|
|
|
Apple iCal
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Apple iCal can also be used as a client application for SOGo.
|
|
|
|
|
|
|
|
|
|
To configure it so it works with SOGo, create a new account and specify,
|
|
|
|
|
as the Account URL, an URL such as:
|
|
|
|
|
|
|
|
|
|
http://localhost/SOGo/dav/jdoe/
|
|
|
|
|
|
|
|
|
|
Note that the trailing slash is important for Apple iCal 3.
|
|
|
|
|
|
|
|
|
|
Apple AddressBook
|
|
|
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
Since Mac OS X 10.6 (Snow Leopard), Apple AddressBook can be configured
|
|
|
|
|
to use SOGo.
|
|
|
|
|
|
|
|
|
|
In order to make this work, you must add a new virtual host in your
|
|
|
|
|
Apache configuration file to listen on port 8800 and handle requests
|
|
|
|
|
coming from iOS devices.
|
|
|
|
|
|
|
|
|
|
The virtual host should be defined like:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
<VirtualHost *:8800>
|
|
|
|
|
RewriteEngine Off
|
|
|
|
|
ProxyRequests Off
|
|
|
|
|
SetEnv proxy-nokeepalive 1
|
|
|
|
|
ProxyPreserveHost On
|
|
|
|
|
ProxyPassInterpolateEnv On
|
|
|
|
|
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
|
|
|
|
|
ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
|
|
|
|
|
ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
|
|
|
|
|
|
|
|
|
|
<Location />
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow from all
|
|
|
|
|
</Location>
|
|
|
|
|
<Proxy http://127.0.0.1:20000>
|
|
|
|
|
RequestHeader set "x-webobjects-server-port" "8800"
|
|
|
|
|
RequestHeader set "x-webobjects-server-name" "acme.com:8800"
|
|
|
|
|
RequestHeader set "x-webobjects-server-url" "http://acme.com:8800"
|
|
|
|
|
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
|
|
|
|
|
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
|
|
|
|
|
AddDefaultCharset UTF-8
|
|
|
|
|
</Proxy>
|
|
|
|
|
ErrorLog /var/log/apache2/ab-error.log
|
|
|
|
|
CustomLog /var/log/apache2/ab-access.log combined
|
|
|
|
|
</VirtualHost>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
This configuration is also required if you want to configure a CardDAV
|
|
|
|
|
account on an Apple iOS device (version 4.0 and later).
|
|
|
|
|
|
|
|
|
|
Microsoft ActiveSync / Mobile Devices
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
You can synchronize contacts, emails, events and tasks from SOGo with
|
|
|
|
|
any mobile devices that support Microsoft ActiveSync. Microsoft Outlook
|
|
|
|
|
2013 is also supported.
|
|
|
|
|
|
|
|
|
|
The Microsoft ActiveSync server URL is generally something
|
2014-12-09 13:11:03 +01:00
|
|
|
|
like: `http://localhost/Microsoft-Server-ActiveSync`.
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|
|
|
|
|
Upgrading
|
|
|
|
|
---------
|
|
|
|
|
|
|
|
|
|
This section describes what needs to be done when upgrading to the
|
|
|
|
|
current version of SOGo from the previous release.
|
|
|
|
|
|
2014-09-14 14:36:30 +02:00
|
|
|
|
[cols="100a"]
|
2014-07-11 19:54:42 +02:00
|
|
|
|
|=======================================================================
|
2015-06-10 02:30:22 +02:00
|
|
|
|
h|2.3.1
|
|
|
|
|
|The SOGoCalendarDefaultCategoryColor default has been removed. If you
|
|
|
|
|
want to customize the color of calendar categories, use the
|
|
|
|
|
SOGoCalendarCategories and SOGoCalendarCategoriesColors defaults.
|
|
|
|
|
|
2015-05-25 14:27:46 +02:00
|
|
|
|
h|2.3.0
|
|
|
|
|
|Run the shell script `sql-update-2.2.17_to_2.3.0.sh` or
|
|
|
|
|
`sql-update-2.2.17_to_2.3.0-mysql.sh` (if you use MySQL).
|
|
|
|
|
|
|
|
|
|
This will grow the "participant states" field of calendar quick tables to a larger
|
|
|
|
|
size and add the the "c_description" column to calendar quick tables.
|
|
|
|
|
|
2015-05-25 19:00:08 +02:00
|
|
|
|
Moreover, if you are using a multi-domain configuration, make sure the keys for
|
|
|
|
|
your domains match the email domains you have defined.
|
|
|
|
|
|
2014-09-14 14:36:30 +02:00
|
|
|
|
h|2.2.8
|
|
|
|
|
|The configuration configuration parameters were renamed:
|
|
|
|
|
|
|
|
|
|
[options="compact"]
|
|
|
|
|
* _SOGoMailMessageCheck_ was replaced with _SOGoRefreshViewCheck_
|
|
|
|
|
* _SOGoMailPollingIntervals_ was replaced with _SOGoRefreshViewIntervals_
|
|
|
|
|
|
|
|
|
|
Backward compatibility is in place for the old preferences values.
|
|
|
|
|
|
2014-07-11 19:54:42 +02:00
|
|
|
|
h|2.0.5
|
|
|
|
|
|The configuration is now stored in /etc/sogo/sogo.conf. Perform the following commands as root to migrate your previous user defaults:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
install -d -m 750 -o sogo -g sogo /etc/sogo
|
|
|
|
|
sudo -u sogo sogo-tool dump-defaults > /etc/sogo/sogo.conf
|
|
|
|
|
chown root:sogo /etc/sogo/sogo.conf
|
|
|
|
|
chmod 640 /etc/sogo/sogo.conf
|
|
|
|
|
sudo -u sogo mv ~/GNUstep/Defaults/.GNUstepDefaults \
|
|
|
|
|
~/GNUstep/Defaults/GNUstepDefaults.old
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
h|2.0.4
|
|
|
|
|
|The parameter _SOGoForceIMAPLoginWithEmail_ is now deprecated and is
|
|
|
|
|
replaced by _SOGoForceExternalLoginWithEmail_ (which extends the
|
|
|
|
|
functionality to SMTP authentication). Update your configuration if you
|
|
|
|
|
use this parameter.
|
|
|
|
|
|
|
|
|
|
The sogo user is now a system user. For new installs, this means that
|
|
|
|
|
`su - sogo` won't work anymore. Please use `sudo -u sogo <cmd>` instead.
|
|
|
|
|
If used in scripts from cronjobs, `requiretty` must be disabled in
|
|
|
|
|
sudoers.
|
|
|
|
|
|
|
|
|
|
h|1.3.17
|
|
|
|
|
|Run the shell script `sql-update-1.3.16_to_1.3.17.sh` or
|
|
|
|
|
`sql-update-1.3.16_to_1.3.17-mysql.sh` (if you use MySQL).
|
|
|
|
|
|
|
|
|
|
This will grow the "cycle info" field of calendar tables to a larger
|
|
|
|
|
size.
|
|
|
|
|
|
|
|
|
|
h|1.3.12
|
|
|
|
|
|Once you have updated and restarted SOGo, run the shell script
|
|
|
|
|
`sql-update-1.3.11_to_1.3.12.sh` or
|
|
|
|
|
`sql-update-1.3.11_to_1.3.12-mysql.sh` (if you use MySQL).
|
|
|
|
|
|
|
|
|
|
This will grow the "content" field of calendar and addressbook tables to
|
|
|
|
|
a larger size and fix the primary key of the session table.
|
|
|
|
|
|
|
|
|
|
h|1.3.9
|
|
|
|
|
|For Red Hat-based distributions, version 1.23 of GNUstep will be
|
|
|
|
|
installed. Since the location of the Web resources changes, the Apache
|
|
|
|
|
configuration file (`SOGo.conf`) has been adapted. Verify your Apache
|
|
|
|
|
configuration if you have customized this file.
|
|
|
|
|
|=======================================================================
|
|
|
|
|
|
|
|
|
|
include::includes/additional-info.asciidoc[]
|
|
|
|
|
|
|
|
|
|
include::includes/commercial-support.asciidoc[]
|