879 lines
28 KiB
Plaintext
879 lines
28 KiB
Plaintext
|
Native Microsoft Outlook Configuration Guide
|
|||
|
============================================
|
|||
|
:toc: left
|
|||
|
:icons: font
|
|||
|
|
|||
|
////
|
|||
|
|
|||
|
This file is part of the SOGo project.
|
|||
|
|
|||
|
See SOGo Native Microsoft Outlook Configuration-docinfo.xml for
|
|||
|
authors, copyright and license information.
|
|||
|
|
|||
|
////
|
|||
|
|
|||
|
include::includes/global-attributes.asciidoc[]
|
|||
|
|
|||
|
About this Guide
|
|||
|
----------------
|
|||
|
|
|||
|
This guide will walk you through the installation and configuration of
|
|||
|
the native Microsoft Outlook compatibility layer SOGo offers.
|
|||
|
|
|||
|
Prior going over this guide, you should have a working SOGo
|
|||
|
installation. Please refer to the _SOGo Installation and Configuration
|
|||
|
Guide_ for more information on installing and configuring SOGo.
|
|||
|
|
|||
|
This guide also includes instructions for configuring Microsoft Outlook
|
|||
|
with SOGo.
|
|||
|
|
|||
|
The instructions are based on version {release_version} of SOGo.
|
|||
|
|
|||
|
The latest version of this guide is available
|
|||
|
at http://www.sogo.nu/downloads/documentation.html.
|
|||
|
|
|||
|
Introduction
|
|||
|
------------
|
|||
|
|
|||
|
SOGo is a free and modern scalable groupware server. It offers shared
|
|||
|
calendars, address books, and emails through your favourite Web browser
|
|||
|
and by using a native client such as Mozilla Thunderbird and Lightning.
|
|||
|
|
|||
|
SOGo is standard-compliant. It supports CalDAV, CardDAV, GroupDAV, iMIP
|
|||
|
and iTIP and reuses existing IMAP, SMTP and database servers — making
|
|||
|
the solution easy to deploy and interoperable with many applications.
|
|||
|
|
|||
|
SOGo features:
|
|||
|
|
|||
|
* Scalable architecture suitable for deployments from dozen to many
|
|||
|
thousand users
|
|||
|
* Rich Web-based interface that shares the look and feel, the features
|
|||
|
and the data of Mozilla Thunderbird and Lightning
|
|||
|
* Improved integration with Mozilla Thunderbird and Lightning by using
|
|||
|
the SOGo Connector and the SOGo Integrator
|
|||
|
* Native compatibility for Microsoft Outlook 2003, 2007, 2010, and 2013
|
|||
|
* Two-way synchronization support with any Microsoft ActiveSync-capable
|
|||
|
device, and Outlook 2013
|
|||
|
|
|||
|
SOGo is developed by a community of developers located mainly in North
|
|||
|
America and Europe. More information can be found
|
|||
|
on http://www.sogo.nu/.
|
|||
|
|
|||
|
Architecture
|
|||
|
------------
|
|||
|
|
|||
|
The following diagram demonstrates the architecture of the native
|
|||
|
Outlook compatibility layer of SOGo.
|
|||
|
|
|||
|
image::images/openchange.png[]
|
|||
|
|
|||
|
With Samba 4 and OpenChange, Microsoft Outlook clients can communicate
|
|||
|
natively with SOGo using the Microsoft Exchange protocol, without
|
|||
|
requiring costly and hard-to-maintain third-party MAPI connectors for
|
|||
|
Microsoft Outlook.
|
|||
|
|
|||
|
Requirements
|
|||
|
------------
|
|||
|
|
|||
|
Organizations generally have solutions to authenticate users such as
|
|||
|
LDAP servers or Microsoft Active Directory servers.
|
|||
|
|
|||
|
The solution being used will influence how users are provisioned in
|
|||
|
Samba 4, a key component for native Outlook compatibility in SOGo.
|
|||
|
|
|||
|
LDAP Server
|
|||
|
~~~~~~~~~~~
|
|||
|
|
|||
|
If your organization uses a LDAP server such OpenLDAP, Novell
|
|||
|
eDirectory, Apache Directory or any other solution, you must use
|
|||
|
Samba 4's internal directory server and synchronize the data between
|
|||
|
both.
|
|||
|
|
|||
|
Synchronization scripts are not provided and unless you have clear-text
|
|||
|
passwords of your existing users, they will have to be changed during
|
|||
|
your initial synchronization so that your LDAP's server passwords are
|
|||
|
identical to the ones from Samba 4.
|
|||
|
|
|||
|
Any modifications to your existing LDAP server (password change, user
|
|||
|
addition or deletion, etc.) will have to be replicated to Samba 4's
|
|||
|
internal directory server.
|
|||
|
|
|||
|
Note that if you install Samba 4 on a server that is already running a
|
|||
|
LDAP service, you will have to change to TCP port on which your LDAP
|
|||
|
server listens to. Samba 4 will use the TCP port 389 and it can't be
|
|||
|
changed.
|
|||
|
|
|||
|
For example, with OpenLDAP, you can use the `-h` parameter for `slapd`
|
|||
|
to make it listen on an other TCP port.
|
|||
|
|
|||
|
Microsoft Active Directory
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
If your organization uses Microsoft Active Directory, Samba 4 will need
|
|||
|
to be joined to your Active Directory domain, as a DC.
|
|||
|
|
|||
|
Samba 4 will be able to reuse all the information contained in Microsoft
|
|||
|
Active Directory and no synchronization process needs to be put in place
|
|||
|
as information will get replicated to Samba 4 automatically.
|
|||
|
|
|||
|
For more information on joining Samba 4 to an existing Microsoft Active
|
|||
|
Directory domain, please refer to the Samba 4 documentation available at
|
|||
|
the following URL:
|
|||
|
|
|||
|
http://wiki.samba.org/index.php/Samba4
|
|||
|
|
|||
|
More specifically, have a look at the `samba-tool domain join` command.
|
|||
|
Note that joining Samba 4 to your Active Directory domain as a member
|
|||
|
will currently not work. An authentication bug is present in Samba 4
|
|||
|
which then prevents all Outlook users to successfully authenticate
|
|||
|
through Samba 4. This issue has been reported to the Samba team and is
|
|||
|
being worked on.
|
|||
|
|
|||
|
Other or No Solution
|
|||
|
~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
If your organization neither uses a LDAP server or Microsoft Active
|
|||
|
Directory, you can start using Samba 4 as your directory server.
|
|||
|
|
|||
|
Samba 4's directory can be queried over LDAP just like Microsoft Active
|
|||
|
Directory and can also serve as a domain controller for Windows-based
|
|||
|
environments.
|
|||
|
|
|||
|
For example, SOGo can very well use Samba 4's built-in directory server
|
|||
|
to authenticate users. A SOGoUserSources entry to achieve this wold look
|
|||
|
like this:
|
|||
|
|
|||
|
----
|
|||
|
su - sogo
|
|||
|
defaults write sogod SOGoUserSources '(
|
|||
|
{
|
|||
|
CNFieldName = displayName;
|
|||
|
IDFieldName = cn;
|
|||
|
UIDFieldName = sAMAccountName;
|
|||
|
baseDN = "cn=Users,dc=example,dc=com";
|
|||
|
bindDN = "cn=Administrator,cn=Users,dc=example,dc=com";
|
|||
|
bindFields = (
|
|||
|
sAMAccountName
|
|||
|
);
|
|||
|
bindPassword = "%1OpenChange";
|
|||
|
canAuthenticate = YES;
|
|||
|
displayName = "Shared Addresses";
|
|||
|
hostname = "127.0.0.1";
|
|||
|
id = samba;
|
|||
|
isAddressBook = YES;
|
|||
|
port = 389;
|
|||
|
}
|
|||
|
)'
|
|||
|
----
|
|||
|
|
|||
|
Please refer to the _SOGo Installation and Configuration Guide_ for more
|
|||
|
information regarding `SOGoUserSources`.
|
|||
|
|
|||
|
IMAP Server and Trust
|
|||
|
~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
An IMAP server supporting the ACL, UIDPLUS and QRESYNC IMAP extensions
|
|||
|
is required, such as Cyrus IMAP version 2.4 or later, or Dovecot version
|
|||
|
2.1 or later. If your current IMAP server does not support these
|
|||
|
extensions, you can use Dovecot's proxying capabilities. The follow
|
|||
|
configuration example makes Dovecot proxy all IMAP request to an
|
|||
|
existing server:
|
|||
|
|
|||
|
----
|
|||
|
auth_mechanisms = plain login
|
|||
|
imapc_host = inverse.ca
|
|||
|
imapc_port = 993
|
|||
|
imapc_ssl = imaps
|
|||
|
imapc_ssl_verify = no
|
|||
|
mail_gid = imapproxy
|
|||
|
mail_home = /home/imapproxy/%u
|
|||
|
mail_location = imapc:~/imapc
|
|||
|
mail_uid = imapproxy
|
|||
|
passdb {
|
|||
|
args = host=inverse.ca ssl=imaps port=993 ssl_ca_dir=/etc/pki/tls/certs
|
|||
|
default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
|
|||
|
driver = imap
|
|||
|
}
|
|||
|
protocols = imap
|
|||
|
ssl = no
|
|||
|
userdb {
|
|||
|
driver = prefetch
|
|||
|
}
|
|||
|
----
|
|||
|
|
|||
|
SOGo would then be configured to use Dovecot's proxy as the IMAP server.
|
|||
|
|
|||
|
Moreover, the authentication mode in use by Windows with Samba and
|
|||
|
Exchange servers prevent the backend from knowing the real password
|
|||
|
being used by the user. This implies that the IMAP server must accept
|
|||
|
any passwords from the host on which Samba is running.
|
|||
|
|
|||
|
To accomplish this with Cyrus IMAP Server, set `sasl_pwcheck_method`
|
|||
|
to `alwaystrue` in `/etc/imapd.conf`. You should restrain this to
|
|||
|
an `imapd` instance dedicated to SOGo.
|
|||
|
|
|||
|
For Dovecot, use an authentication source similar to:
|
|||
|
|
|||
|
----
|
|||
|
passdb {
|
|||
|
driver = static
|
|||
|
args = nopassword=y allow_nets=127.0.0.1/32
|
|||
|
}
|
|||
|
----
|
|||
|
|
|||
|
You should also make sure that you restrain this only to the SOGo
|
|||
|
processes.
|
|||
|
|
|||
|
For any other IMAP server, refer to the product's documentation. If such
|
|||
|
capability is not offered, you can alternatively define the cleartext
|
|||
|
password for each user. Please refer to the _Adding Users_ section from
|
|||
|
this document.
|
|||
|
|
|||
|
Installation
|
|||
|
------------
|
|||
|
|
|||
|
This section will guide you through the installation of the native
|
|||
|
Microsoft Outlook compatibility layer SOGo offers.
|
|||
|
|
|||
|
////
|
|||
|
Red Hat Enterprise Linux v6 x86_64
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
If you are using Red Hat Enterprise Linux version 6 x86_64, packages
|
|||
|
for Samba 4, OpenChange and SOGo and the SOGo OpenChange backend are
|
|||
|
available from SOGo's web site. Please follow the instructions from
|
|||
|
http://www.sogo.nu/english/downloads/backend.html.
|
|||
|
|
|||
|
In order to satisfy certain dependencies, you should also add the EPEL
|
|||
|
source corresponding to your distribution and architecture. More
|
|||
|
information on this is available here:
|
|||
|
http://fedoraproject.org/wiki/EPEL - or more specifically,
|
|||
|
http://fedoraproject.org/wiki/EPEL/FAQ#How_can_I_install_the_packages_from_the_EPEL_software_repository.3F.
|
|||
|
|
|||
|
Once ready, install the OpenChange packages on top of an existing SOGo
|
|||
|
installation:
|
|||
|
|
|||
|
----
|
|||
|
yum clean all && yum makecache
|
|||
|
yum install samba \
|
|||
|
openchange \
|
|||
|
sogo-openchange-backend \
|
|||
|
openchange-ocsmanager \
|
|||
|
openchange-rpcproxy \
|
|||
|
mysql-server \
|
|||
|
MySQL-python
|
|||
|
----
|
|||
|
|
|||
|
Once the packages are installed, refer to the _Configuration_ chapter
|
|||
|
from this guide.
|
|||
|
|
|||
|
[NOTE]
|
|||
|
Samba4/OpenChange are not available for now on CentOS 5 i386/x86_64,
|
|||
|
and CentOS 7. On Debian-based systems, packages are available only on
|
|||
|
the x86_64 platform.
|
|||
|
|
|||
|
Debian 7 (Wheezy) and Ubuntu 12.04 (Precise Pangolin)
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
SOGo, OpenChange and the SOGo OpenChange backend are now
|
|||
|
available from SOGo's web site. Please follow the instructions from
|
|||
|
http://www.sogo.nu/english/downloads/backend.html to setup your
|
|||
|
apt sources.
|
|||
|
|
|||
|
On Debian7, for some Samba 4 dependencies, you need to use the
|
|||
|
_wheezy-backports_ repository. To do so, create
|
|||
|
`/etc/apt/sources.list.d/backports.list` with the following
|
|||
|
content:
|
|||
|
|
|||
|
deb http://http.debian.net/debian wheezy-backports main
|
|||
|
|
|||
|
Then install Samba 4 on top of an existing SOGo
|
|||
|
installation:
|
|||
|
|
|||
|
----
|
|||
|
apt-get update
|
|||
|
apt-get install samba samba-dev
|
|||
|
----
|
|||
|
|
|||
|
Once completed, install the packages related to OpenChange and the SOGo
|
|||
|
provider:
|
|||
|
|
|||
|
----
|
|||
|
apt-get install openchangeserver \
|
|||
|
sogo-openchange \
|
|||
|
openchangeproxy \
|
|||
|
python-ocsmanager \
|
|||
|
mysql-server \
|
|||
|
python-mysqldb \
|
|||
|
openchange-ocsmanager \
|
|||
|
openchange-rpcproxy \
|
|||
|
python-sievelib \
|
|||
|
python-spyne \
|
|||
|
python-rpclib
|
|||
|
----
|
|||
|
|
|||
|
Once the packages are installed, refer to the _Configuration_ chapter
|
|||
|
from this guide.
|
|||
|
|
|||
|
[NOTE]
|
|||
|
On Ubuntu 12.04, the Samba init scripts need to be modified to
|
|||
|
disable the upstart check. For more details, refer to:
|
|||
|
https://wiki.samba.org/index.php/Samba4/InitScript
|
|||
|
////
|
|||
|
|
|||
|
Ubuntu 16.04 (Xenial Xerus)
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
Please follow the instructions from
|
|||
|
https://sogo.nu/download.html to setup your
|
|||
|
apt sources.
|
|||
|
|
|||
|
Then install Samba 4 on top of an existing SOGo
|
|||
|
installation:
|
|||
|
|
|||
|
----
|
|||
|
apt-get update
|
|||
|
apt-get install samba samba-dev
|
|||
|
----
|
|||
|
|
|||
|
Once completed, install the packages related to OpenChange and the SOGo
|
|||
|
provider:
|
|||
|
|
|||
|
----
|
|||
|
apt-get install openchangeserver \
|
|||
|
sogo-openchange \
|
|||
|
openchangeproxy \
|
|||
|
python-ocsmanager \
|
|||
|
mysql-server \
|
|||
|
python-mysqldb \
|
|||
|
openchange-ocsmanager \
|
|||
|
openchange-rpcproxy \
|
|||
|
python-sievelib \
|
|||
|
python-spyne \
|
|||
|
python-rpclib
|
|||
|
----
|
|||
|
|
|||
|
Once the packages are installed, refer to the _Configuration_ chapter
|
|||
|
from this guide.
|
|||
|
|
|||
|
[NOTE]
|
|||
|
The `ocsmanager.conf` and `rpcproxy.conf` are currently located in
|
|||
|
`/etc/apache2/conf.d`. These should be moved to `/etc/apache2/conf-available`.
|
|||
|
This is a packaging error that will soon be fixed.
|
|||
|
|
|||
|
[NOTE]
|
|||
|
You might have to adjust the `rpcproxy.conf` configuration file to add the
|
|||
|
`Require all granted` permission if you get Apache errors such as
|
|||
|
`client denied by server configuration`.
|
|||
|
|
|||
|
Configuration
|
|||
|
-------------
|
|||
|
|
|||
|
In this section, you'll learn how to configure the native Microsoft
|
|||
|
Outlook compatibility layer that SOGo offers.
|
|||
|
|
|||
|
SOGo Configuration
|
|||
|
~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
First thing to do is to configure SOGo to use your current services,
|
|||
|
which are your IMAP, SMTP and SQL database servers. The configuration
|
|||
|
instructions for this are available in the SOGo Installation and
|
|||
|
Configuration Guide available from http://www.sogo.nu/.
|
|||
|
|
|||
|
Please refer to that documentation before continuing with the
|
|||
|
instructions included in this guide.
|
|||
|
|
|||
|
Samba 4 Configuration
|
|||
|
~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
Run the following commands as root:
|
|||
|
|
|||
|
----
|
|||
|
samba-tool domain provision --realm=example.com \
|
|||
|
--domain=EXAMPLE \
|
|||
|
--adminpass='%1OpenChange' \
|
|||
|
--server-role='domain controller'
|
|||
|
|
|||
|
samba-tool user setexpiry administrator --noexpiry
|
|||
|
----
|
|||
|
|
|||
|
You might consider changing the realm and domain used, to suit your
|
|||
|
environment.
|
|||
|
|
|||
|
You might also have to
|
|||
|
remove `/etc/samba/smb.conf` prior running this command.
|
|||
|
|
|||
|
Add the following parameters to the `[global]` section of the
|
|||
|
`/etc/samba/smb.conf` configuration file:
|
|||
|
|
|||
|
----
|
|||
|
### Configuration required by OpenChange server ###
|
|||
|
dsdb:schema update allowed = true
|
|||
|
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
|
|||
|
dcerpc_mapiproxy:server = true
|
|||
|
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr
|
|||
|
### Configuration required by OpenChange server ###
|
|||
|
----
|
|||
|
|
|||
|
Your Samba 4 configuration file should look like this:
|
|||
|
|
|||
|
----
|
|||
|
# Global parameters
|
|||
|
[global]
|
|||
|
server role = active directory domain controller
|
|||
|
workgroup = EXAMPLE
|
|||
|
realm = example.com
|
|||
|
netbios name = sogo
|
|||
|
passdb backend = samba4
|
|||
|
### Configuration required by OpenChange server ###
|
|||
|
dsdb:schema update allowed = true
|
|||
|
dcerpc endpoint servers = +epmapper, +mapiproxy
|
|||
|
dcerpc_mapiproxy:server = true
|
|||
|
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr
|
|||
|
### Configuration required by OpenChange server ###
|
|||
|
|
|||
|
[netlogon]
|
|||
|
path = /var/lib/samba/sysvol/example.com/scripts
|
|||
|
read only = No
|
|||
|
|
|||
|
[sysvol]
|
|||
|
path = /var/lib/samba/sysvol
|
|||
|
read only = No
|
|||
|
----
|
|||
|
|
|||
|
OpenChange Configuration
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
Since v2.2, OpenChange stores its metadata in MySQL so you need to have it installed.
|
|||
|
|
|||
|
First, create the OpenChange MySQL user:
|
|||
|
|
|||
|
----
|
|||
|
$ mysql -u root -p
|
|||
|
mysql> CREATE USER 'openchange-user'@'localhost' IDENTIFIED BY 'openchange$123';
|
|||
|
mysql> GRANT ALL PRIVILEGES ON `openchange`.* TO 'openchange-user'@'localhost' WITH GRANT OPTION;
|
|||
|
mysql> FLUSH PRIVILEGES;
|
|||
|
----
|
|||
|
|
|||
|
The Samba AD schema needs to be filled with additional object
|
|||
|
definitions by running the following commands:
|
|||
|
|
|||
|
----
|
|||
|
openchange_provision --standalone
|
|||
|
|
|||
|
NOTE: This operation can take several minutes
|
|||
|
[+] Step 1: Register Exchange OIDs
|
|||
|
[+] Step 2: Add Exchange attributes to Samba schema
|
|||
|
[+] Step 3: Add Exchange auxiliary classes to Samba schema
|
|||
|
[+] Step 4: Add Exchange objectCategory to Samba schema
|
|||
|
[+] Step 5: Add Exchange containers to Samba schema
|
|||
|
[+] Step 6: Add Exchange *sub* containers to Samba schema
|
|||
|
[+] Step 7: Add Exchange CfgProtocol subcontainers to Samba schema
|
|||
|
[+] Step 8: Add Exchange mailGateway subcontainers to Samba schema
|
|||
|
[+] Step 9: Add Exchange classes to Samba schema
|
|||
|
[+] Step 10: Add possSuperior attributes to Exchange classes
|
|||
|
[+] Step 11: Extend existing Samba classes and attributes
|
|||
|
[+] Step 12: Generic Exchange configuration objects
|
|||
|
[+] Step 13: Finalize generic Exchange configuration objects
|
|||
|
[SUCCESS] Done!
|
|||
|
[+] Step 1: Exchange Samba registration
|
|||
|
[SUCCESS] Done!
|
|||
|
[+] Step 1: Register Exchange Samba as the main server
|
|||
|
[SUCCESS] Done!
|
|||
|
----
|
|||
|
|
|||
|
Create the OpenChange database:
|
|||
|
|
|||
|
----
|
|||
|
openchange_provision --openchangedb --openchangedb-uri 'mysql://openchange-user:openchange$123@localhost/openchange'
|
|||
|
|
|||
|
Setting up openchange db
|
|||
|
[+] Public Folders
|
|||
|
===================
|
|||
|
* Public Folder Root : 0x0100000000000001 (72057594037927937)
|
|||
|
* IPM_SUBTREE : 0x0200000000000001 (144115188075855873)
|
|||
|
* NON_IPM_SUBTREE : 0x0300000000000001 (216172782113783809)
|
|||
|
* EFORMS REGISTRY : 0x0400000000000001 (288230376151711745)
|
|||
|
* OFFLINE ADDRESS BOOK : 0x0500000000000001 (360287970189639681)
|
|||
|
* /o=First Organization/cn=addrlists/cn=oabs/cn=Default Offline Address Book: 0x0600000000000001 (432345564227567617)
|
|||
|
* SCHEDULE+ FREE BUSY : 0x0700000000000001 (504403158265495553)
|
|||
|
* EX:/o=first organization/ou=first administrative group: 0x0800000000000001 (576460752303423489)
|
|||
|
* Events Root : 0x0900000000000001 (648518346341351425)
|
|||
|
----
|
|||
|
|
|||
|
Finally, modify `/etc/samba/smb.conf` to specify OpenChange connection information
|
|||
|
for its indexing database. Add the following at the end of the `[global]` section:
|
|||
|
|
|||
|
----
|
|||
|
mapistore:namedproperties = mysql
|
|||
|
namedproperties:mysql_user = openchange-user
|
|||
|
namedproperties:mysql_pass = openchange$123
|
|||
|
namedproperties:mysql_host = localhost
|
|||
|
namedproperties:mysql_db = openchange
|
|||
|
|
|||
|
mapistore:indexing_backend = mysql://openchange-user:openchange$123@localhost/openchange
|
|||
|
mapiproxy:openchangedb = mysql://openchange-user:openchange$123@localhost/openchange
|
|||
|
----
|
|||
|
|
|||
|
////
|
|||
|
On RHEL, make sure SELinux is disabled:
|
|||
|
|
|||
|
setenforce 0
|
|||
|
////
|
|||
|
|
|||
|
Next, you can start Samba using the usual command:
|
|||
|
|
|||
|
/etc/init.d/samba start
|
|||
|
|
|||
|
On upstart-based distributions, use:
|
|||
|
|
|||
|
start samba-ad-dc
|
|||
|
|
|||
|
You can also launch the OpenChange web services:
|
|||
|
|
|||
|
/etc/init.d/openchange-ocsmanager start
|
|||
|
|
|||
|
Apache Configuration for Web Services
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
The OpenChange web services consist of two components:
|
|||
|
|
|||
|
1. *OCS Manager* which is used for autodiscovery and freebusy lookups on
|
|||
|
Outlook 2007 and 2010. This service runs in its own application server
|
|||
|
which listens on `127.0.0.1:5000` by default. Apache needs to be
|
|||
|
configured to forward certain requests to it to make it accessible from
|
|||
|
the outside.
|
|||
|
Note that this service *MUST* be accessible over*HTTPS*, otherwise Outlook
|
|||
|
won't use it.
|
|||
|
2. *RPC Proxy* which is used for RPC over HTTP ("Outlook Anywhere").
|
|||
|
This service runs as a WSGI application under apache (mod_wsgi).
|
|||
|
While HTTPS is not required to access this service, it is strongly
|
|||
|
recommended.
|
|||
|
|
|||
|
////
|
|||
|
On RHEL-based distributions, the apache configuration required by these
|
|||
|
services can be found in `/etc/httpd/conf.d/ocsmanager.conf` and
|
|||
|
`/etc/httpd/conf.d/rpcproxy.conf`.
|
|||
|
////
|
|||
|
|
|||
|
For Debian-based distributions, these files can be found
|
|||
|
in `/etc/apache2/conf.d/` or `/etc/apache2/conf-available`.
|
|||
|
|
|||
|
The configuration requires three Apache modules: _mod_proxy_,
|
|||
|
_mod_proxy_http_ and _mod_wsgi_. These are usually already installed but
|
|||
|
might need to be activated on Debian-based installations:
|
|||
|
|
|||
|
a2enmod proxy proxy_http wsgi
|
|||
|
|
|||
|
The OCS Manager and RPC Proxy configuration module can be enabled using:
|
|||
|
|
|||
|
a2enconf ocsmanager
|
|||
|
a2enconf rpcproxy
|
|||
|
|
|||
|
////
|
|||
|
On RHEL-based distributions, make sure the `LoadModule` directive is
|
|||
|
uncommented in `/etc/httpd/conf.d/wsgi.conf`.
|
|||
|
////
|
|||
|
|
|||
|
The _reqtimeout_ apache module is known to cause problems when using the
|
|||
|
default configuration shipped with Debian-based systems. On such
|
|||
|
distributions, Apache will close (HTTP/1.1 500) any HTTP request for
|
|||
|
which the HTTP body hasn't arrived in 10 seconds.
|
|||
|
|
|||
|
While this is arguably good practice with regular HTTP, it will disrupt
|
|||
|
the RPC over HTTP protocol implemented by RPC Proxy: Outlook will
|
|||
|
continuously disconnect and reconnect leading to suboptimal performance.
|
|||
|
|
|||
|
To avoid this problem, use a much higher timeout or disable the module:
|
|||
|
|
|||
|
a2dismod reqtimeout
|
|||
|
|
|||
|
You should now restart the Apache service and make sure it will start on
|
|||
|
boot.
|
|||
|
////
|
|||
|
On RHEL-based distributions, do:
|
|||
|
|
|||
|
chkconfig httpd on && /etc/init.d/httpd restart
|
|||
|
////
|
|||
|
On Debian-based distributions, do:
|
|||
|
|
|||
|
update-rc.d apache2 defaults && /etc/init.d/apache2 restart
|
|||
|
|
|||
|
Finally, you must adjust the OCS Manager configuration file, which is
|
|||
|
located in `/etc/ocsmanager/ocsmanager.ini`. You should enable LDAP-based
|
|||
|
authentication in the `main` section and configure it accordingly. You should
|
|||
|
also enable rpcproxy. You file should be similar to this one:
|
|||
|
|
|||
|
----
|
|||
|
[DEFAULT]
|
|||
|
debug = true
|
|||
|
email_to = you@yourdomain.com
|
|||
|
smtp_server = localhost
|
|||
|
error_email_from = paste@localhost
|
|||
|
|
|||
|
[main]
|
|||
|
auth = ldap
|
|||
|
mapistore_root = /var/lib/samba/private
|
|||
|
mapistore_data = /var/lib/samba/private/mapistore
|
|||
|
debug = yes
|
|||
|
|
|||
|
[auth:file]
|
|||
|
|
|||
|
[auth:ldap]
|
|||
|
host = ldap://127.0.0.1
|
|||
|
port = 389
|
|||
|
bind_dn = cn=administrator,cn=Users,dc=example,dc=com
|
|||
|
bind_pw = %1OpenChange
|
|||
|
basedn = cn=Users,dc=example,dc=com
|
|||
|
|
|||
|
[auth:single]
|
|||
|
username = openchange
|
|||
|
password = {SSHA}I6Hy5Wv0wuxyXvMBFWFQDVVN12_CLaX9
|
|||
|
|
|||
|
[server:main]
|
|||
|
use = egg:Paste#http
|
|||
|
host = 127.0.0.1
|
|||
|
port = 5000
|
|||
|
protocol_version = HTTP/1.1
|
|||
|
|
|||
|
[app:main]
|
|||
|
use = egg:ocsmanager
|
|||
|
full_stack = true
|
|||
|
static_files = true
|
|||
|
cache_dir = %(here)s/data
|
|||
|
beaker.session.key = ocsmanager
|
|||
|
beaker.session.secret = SDyKK3dKyDgW0mlpqttTMGU1f
|
|||
|
app_instance_uuid = {ee533ebc-f266-49d1-ae10-d017ee6aa98c}
|
|||
|
NTLMAUTHHANDLER_WORKDIR = /var/cache/ntlmauthhandler
|
|||
|
SAMBA_HOST = 127.0.0.1
|
|||
|
|
|||
|
[rpcproxy:ldap]
|
|||
|
host = localhost
|
|||
|
port = 389
|
|||
|
basedn = CN=Users,DC=example,DC=com
|
|||
|
set debug = true
|
|||
|
----
|
|||
|
|
|||
|
----
|
|||
|
[autodiscover]
|
|||
|
|
|||
|
[autodiscover:rpcproxy]
|
|||
|
enabled = true
|
|||
|
|
|||
|
[outofoffice]
|
|||
|
|
|||
|
[outofoffice:file]
|
|||
|
sieve_script_path = /var/vmail/$domain/$user/sieve-script
|
|||
|
sieve_script_path_mkdir = false
|
|||
|
|
|||
|
[outofoffice:managesieve]
|
|||
|
secret = secret
|
|||
|
|
|||
|
[loggers]
|
|||
|
keys = root
|
|||
|
|
|||
|
[handlers]
|
|||
|
keys = console
|
|||
|
|
|||
|
[formatters]
|
|||
|
keys = generic
|
|||
|
|
|||
|
[logger_root]
|
|||
|
level = INFO
|
|||
|
handlers = console
|
|||
|
|
|||
|
[handler_console]
|
|||
|
class = StreamHandler
|
|||
|
args = (sys.stderr,)
|
|||
|
level = NOTSET
|
|||
|
formatter = generic
|
|||
|
|
|||
|
[formatter_generic]
|
|||
|
format = %(asctime)s %(levelname)-5.5s [%(name)s] [%(threadName)s] %(message)s
|
|||
|
----
|
|||
|
|
|||
|
Once completed, start the OCS Manager service:
|
|||
|
|
|||
|
/etc/init.d/openchange-ocsmanager start
|
|||
|
|
|||
|
Name Service Configuration for Web Services
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
The autodiscovery service must be made accessible in order to advertise
|
|||
|
the web services provided by OpenChange. This can be done in two ways.
|
|||
|
|
|||
|
1. The first is to associate the FQDN `autodiscover.example.com.` with
|
|||
|
the machine that hosts Samba 4 / OpenChange, by adding a `CNAME` entry
|
|||
|
in your DNS configuration. Note that, instead or changing your DNS
|
|||
|
server configuration, you can simply add a similar entry to the _hosts_
|
|||
|
file of the Windows machine from where you'll run Outlook, which is
|
|||
|
handy for testing purposes.
|
|||
|
2. The second option is to add a `SRV` entry to your DNS configuration
|
|||
|
where the `_service` value would be `Autodiscover` and the `_protocol`
|
|||
|
would be `_tcp`.
|
|||
|
|
|||
|
For example:
|
|||
|
|
|||
|
_autodiscover._tcp.example.com. IN SRV 0 0 443 sogo.example.com.
|
|||
|
|
|||
|
Again, the autodiscovery service must be accessible over HTTPS.
|
|||
|
|
|||
|
Adding Users
|
|||
|
------------
|
|||
|
|
|||
|
Users that wish to connect natively to SOGo must be provisioned in
|
|||
|
Samba 4 and in OpenChange - even if they already exist in your current
|
|||
|
LDAP or Microsoft Active Directory server.
|
|||
|
|
|||
|
To add a user, execute the following commands:
|
|||
|
|
|||
|
----
|
|||
|
# add user to samba
|
|||
|
samba-tool domain passwordsettings set --complexity=off
|
|||
|
samba-tool domain passwordsettings set --min-pwd-length=1
|
|||
|
samba-tool user add <username>
|
|||
|
samba-tool user setexpiry <username> --noexpiry
|
|||
|
# create user in openchange
|
|||
|
openchange_newuser --create <username>
|
|||
|
----
|
|||
|
|
|||
|
If you don't have a trust between your IMAP server and SOGo, you must at
|
|||
|
this point set the cleartext password of the newly created user in
|
|||
|
`/var/lib/samba/private/mapistore/<username/password`.
|
|||
|
|
|||
|
This per-user file contains the cleartext password of the user as a
|
|||
|
UTF-8 string, on a single line. This password will be used to
|
|||
|
authenticate SOGo/OpenChange storage provider to your IMAP server.
|
|||
|
|
|||
|
Microsoft Outlook Configuration
|
|||
|
-------------------------------
|
|||
|
|
|||
|
To connect Microsoft Outlook, you can either use the IP address of the
|
|||
|
server or its DNS name. If you prefer using the DNS name, add an entry
|
|||
|
like the following to the `c:\windows\system32\drivers\etc\hosts` file
|
|||
|
in order to associate the IP address with the right DNS names:
|
|||
|
|
|||
|
192.168.1.1 sogo.example.com autodiscover.example.com
|
|||
|
|
|||
|
Next, you must configure Microsoft Outlook.
|
|||
|
|
|||
|
* Open the Control Panel => Mail => Email Accounts.
|
|||
|
* Select _Add a new e-mail account_
|
|||
|
* Choose _Microsoft Exchange Server_
|
|||
|
* Fill the required information. Enter the DNS name or the IP address of
|
|||
|
your SOGo server in the _Microsoft Exchange Server_ field
|
|||
|
* Leave the _Use Cached Exchange Mode_ checkbox enabled
|
|||
|
* Enter your username in the _User Name_ field
|
|||
|
* Click on _More Settings_ and ignore the warning, if any, about
|
|||
|
Exchange being offline by clicking on Cancel
|
|||
|
* From the Security tab, enable Always prompt for user name and password
|
|||
|
* From the _Connection_ tab, enable _"Outlook Anywhere"_ if you plan to
|
|||
|
use Outlook outside of your LAN. Moreover, click on the _Exchange Proxy
|
|||
|
Settings..._ button to enable it for slow and fast networks. Specify
|
|||
|
also the host, which should be the same value you specified in the
|
|||
|
Microsoft Exchange Server field.
|
|||
|
* Finally, click on Check Name and confirm your username and password
|
|||
|
|
|||
|
Start Microsoft Outlook and enter your username and password. It will
|
|||
|
start to synchronize your mailbox. This could take a long time if you
|
|||
|
have many emails, events, tasks and contacts. Once this step is
|
|||
|
completed, check the autodiscovery service with Outlook 2007 or 2010 by
|
|||
|
simultaneously holding the CTRL key on your keyboard and right-clicking
|
|||
|
on the Outlook icon in the notification toolbar. A special entry named
|
|||
|
"Test E-mail AutoConfiguration..." will appear and will enable you to
|
|||
|
check the service.
|
|||
|
|
|||
|
Known Issues or Limitations
|
|||
|
---------------------------
|
|||
|
|
|||
|
* Make sure you periodically backup all your data regarding SOGo.
|
|||
|
* Make sure you have no firewalls activated between your Microsoft
|
|||
|
Outlook clients and the SOGo server with Native Outlook Compatibility
|
|||
|
module. If you do, use "Outlook Anywhere" to connect Outlook to
|
|||
|
SOGo/OpenChange.
|
|||
|
|
|||
|
Current Limitations
|
|||
|
~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|||
|
The current version of the Native Microsoft Outlook compatibility layer
|
|||
|
has some limitations.
|
|||
|
|
|||
|
Those limitations will be overcome in the upcoming releases. If you are
|
|||
|
interested in having those limitations fixed more rapidly, please
|
|||
|
contact Inverse by sending an email to support@inverse.ca.
|
|||
|
|
|||
|
General
|
|||
|
^^^^^^^
|
|||
|
|
|||
|
* When you create a new Microsoft Outlook profile, not all folders might
|
|||
|
be synchronized during the first start. Simply select the appropriate
|
|||
|
folder and click "Send and Receive". Synchronizing a folder may take
|
|||
|
some time. For example, a folder with 1000 email messages might take
|
|||
|
around 5 minutes based on the underlying hardware.
|
|||
|
* Errors when synchronizing the "Offline Address Book" are normal and
|
|||
|
can be ignored for now. This feature is currently not supported.
|
|||
|
* If you face strange issues from Microsoft Outlook, you might want to
|
|||
|
remove any data associated with the user from the SOGo server and
|
|||
|
recreate a Microsoft Outlook profile.
|
|||
|
To remove any data associated to a user, use
|
|||
|
the `openchange_user_cleanup` script distributed with OpenChange. The script
|
|||
|
can be found in `/usr/share/openchange/`.
|
|||
|
To reset a user, run the script as root:
|
|||
|
`openchange_user_cleanup username`. See the usage output for additional options.
|
|||
|
* The "Out of Office Assistant" will not currently work. This feature
|
|||
|
has not been implemented.
|
|||
|
* Creating folders below INBOX (when not normally permitted by the IMAP
|
|||
|
server), below the Personal Calendar or Personal Address Book will work
|
|||
|
in Outlook cached mode but the server-side operation will fail and these
|
|||
|
folders will never be created. Potentially data loss can occur if the
|
|||
|
Outlook profile is destroyed. If you wan to create additional top-level
|
|||
|
mail folders, calendars or address books, open Outlook's folder list,
|
|||
|
select the top level node (usually, "email@example.com") and choose "New
|
|||
|
Folder..." from the contextual menu. Choose the relevant item types.
|
|||
|
|
|||
|
Mail
|
|||
|
^^^^
|
|||
|
|
|||
|
* Sharing mail folders is not supported.
|
|||
|
* To avoid possibly lossy conversion from RTF to HTML, Outlook should be
|
|||
|
configured to send all mails as HTML (or plaintext) instead of _Outlook
|
|||
|
Rich Text Format_.
|
|||
|
|
|||
|
Calendar
|
|||
|
^^^^^^^^
|
|||
|
|
|||
|
* Labels will not work.
|
|||
|
* It might be impossible to view event details from a shared calendar.
|
|||
|
This issue is being worked on.
|
|||
|
|
|||
|
Tasks
|
|||
|
^^^^^
|
|||
|
|
|||
|
* Tasks with start/due dates created from Outlook might not appear
|
|||
|
correctly in SOGo due to a timezone issue.
|
|||
|
* Reminders are not yet supported.
|
|||
|
* Assigning tasks will not work.
|
|||
|
|
|||
|
Contacts
|
|||
|
^^^^^^^^
|
|||
|
|
|||
|
* Categories will not work.
|
|||
|
* Distribution lists will not work.
|
|||
|
* Under Microsoft Outlook 2010, the special folder "Suggested Contacts"
|
|||
|
will not work.
|
|||
|
* The "Offline Address Book" will not work. This feature is not yet
|
|||
|
supported.
|
|||
|
|
|||
|
Notes
|
|||
|
^^^^^
|
|||
|
|
|||
|
* Notes are not synchronized in any ways with SOGo. The current version
|
|||
|
of SOGo lacks support for notes.
|
|||
|
|
|||
|
If you notice anything else, please send contact Inverse by sending an
|
|||
|
email to support@inverse.ca.
|
|||
|
|
|||
|
include::includes/additional-info.asciidoc[]
|
|||
|
|
|||
|
include::includes/commercial-support.asciidoc[]
|