[pkg-horde] docs for kolab + horde debs

Mark Pavlichuk pav5088 at internode.on.net
Sun Aug 16 02:36:43 UTC 2009 

  I'm just going through some old documentation I wrote on using the 
Kolab /w Horde debs, and I'm demoralised to find out it's very 
obsolete.  I spent a lot of time trying to find enough information to 
write it, but I ran out of time and never published it because I didn't 
have confidence in its correctness.

  After a quick look I can't find any more up-to-date information.  Is 
there updated documentation somewhere, or would someone be able to point 
out where my documentation is wrong so I can update it and perhaps post 
it to the wiki?

---------------------------

#!/bin/bash
# This shell script documents how to install Kolab + Horde using native 
Debian packages.
# WARNING : this experimental script is incomplete, and could destroy
# configuration and/or data.  It's best to read it, cut and paste small 
sections and
# observe the output.
#
# The Kolab+Horde installation process in summary :
# 1) Kolab, Horde and supporting software packages are installed
# 2) The Kolab bootstrap script is run to produce a Kolab configuration
# 3) Some final options need to be configured through the Kolab web 
interface.
#    This completes the Kolab portion of the configuration.
# 4) Enable Horde in Apache by placing config files in /etc/apache2/...
# 5) Change /etc/horde/... file permissions so configuring Horde via web
#    is possible.
# 6) Create Horde backend database.  This script uses PostgreSQL.
# 7) Edit /etc/horde/horde3/conf.php to open access to the web interface
# 8) Configure the Horde via web interface
#
# Kolab + Horde installation process in detail :
#
# The following command adds a couple of lines to /etc/apt/sources.list .
# This adds kolab experimental package repositories to Debians
# package manager, and also the debian unstable repository so
# the libnet-ldap-perl package can be downloaded.
cat >> /etc/apt/sources.list <<-EOF
    deb http://pkg-kolab.alioth.debian.org/packages/snapshots/kolab 
unstable main
    deb http://ftp.debian.org/debian unstable main
EOF

# Set up apt pinning so the libnet-ldap-perl package is pulled from 
unstable.
cat >> /etc/apt/preferences <<-EOF
    Package: *
    Pin: release a=testing
    Pin-Priority: 500
   
    Package: *
    Pin: release a=unstable
    Pin-Priority: 200
   
    Package: libnet-ldap-perl
    Pin: release a=unstable
    Pin-Priority: 550
EOF

# The list of available packages is updated to include the packages in 
the new repository.
apt-get update

# Kolab is installed, along with the kolab webadmin tool.  Because a 
PostgreSQL backend
# for Horde is what I use this script installs PostgreSQL and the php5 
pgsql plugin.
# When/if I get around to it I'll document which files are required for 
Horde+MySQL.
apt-get install kolabd kolab-webadmin php5-pgsql postgresql-8.3 postfix 
postfix-ldap

# Stop all Kolab related daemons so we can modify configuration.
/etc/init.d/apache2 stop
/etc/init.d/kolabd stop
/etc/init.d/kolab-cyrus stop
/etc/init.d/postfix stop
/etc/init.d/saslauthd stop
/etc/init.d/slapd stop

# Run the Kolab bootstrap/configuration script
# This populates the main Kolab configuration file ( 
/etc/kolab/kolab.conf ).
kolab_bootstrap -b

# Now we configure the Kolab webadmin GUI.
# Three config options need to be tuned to our new Kolab installation -
# fqdnhostname, base_dn and php_pw.  We can use some script magic to read
# these values from /etc/kolab/kolab.conf, and write them to the webadmin
# config file - /etc/kolab-webadmin/session_vars.php .

sed -i -e "s at kolabserver.example.com@`grep '^fqdnhostname : ' 
/etc/kolab/kolab.conf | gawk '{ print $3 }'`@" 
/etc/kolab-webadmin/session_vars.php
sed -i -e "s at dc=example,dc=com@`grep '^base_dn : ' /etc/kolab/kolab.conf 
| gawk '{ print $3 }'`@" /etc/kolab-webadmin/session_vars.php
sed  -i -e "s at PASSWORD@`grep '^php_pw : ' /etc/kolab/kolab.conf | gawk 
'{ print $3 }'`@" /etc/kolab-webadmin/session_vars.php

# Start all Kolab related daemons
/etc/init.d/slapd start
/etc/init.d/saslauthd start
/etc/init.d/postfix start
/etc/init.d/kolab-cyrus start
/etc/init.d/kolabd start
/etc/init.d/apache2 start

echo "Go to https://localhost/admin/ and follow the instructions given"
echo "on this page to set up your Kolab instance."
echo "Username = manager...  password is the one chosen during setup."
echo "When done hit any key to continue..."
read

# Edit /etc/cyrus.conf to enable pop3s and imaps in kolab.  This is 
required for TLS
# support which provides extra security.  Kontact and the Outlook plugin 
expect this
# by default.  NOTE:: Not sure why we need to do this manually because 
there is a web
# dialog in Kolab for this.  The web dialog makes changes to LDAP, so 
perhaps the
# cyrus imap daemon needs to be configured somehow to get its config 
from LDAP?

# HORDE CONFIGURATION :
# We must modify Apaches config to display the horde web pages.  This is 
done as follows :
#
# Apache2 looks for configuration files in the 
/etc/apache2/sites-enabled directory.
# Standard practice is to create a configuration file in 
/etc/apache2/sites-available, and
# then create a link to this file in the sites-enabled directory.
#
# NOTE : the "allow from" line should be modified if necessary to suit 
your network.  It
# controls which machines can connect to horde.  There can be multiple 
"allow from" lines
# eg :
#        allow from 10.0.0.0/24
#        allow from 192.168.1.0/8
#        allow from 187.221.13.14
cat > /etc/apache2/sites-available/horde3 <<-EOF
    Alias /horde3 /usr/share/horde3
    <Directory /usr/share/horde3>
        Options FollowSymLinks
        AllowOverride Limit
        deny from all
        allow from 192.168.0.0/16
    </Directory>
EOF
ln -s /etc/apache2/sites-available/horde3 /etc/apache2/sites-enabled/horde3

# Restart apache so it loads the above changes.
/etc/init.d/apache2 restart

# Horde is able to be configured through its own web interface, but by 
default this won't
# work because of strict file permission settings.  This is done for 
security, but during
# configuration we'll temporarily loosen permissions so the web front 
end can change the
# config.

chmod 770 /etc/horde/horde3/conf.php
chgrp www-data /etc/horde/horde3/conf.php

# NOTE : This should be changed back as soon as possible!!!  Use the 
following commands :
# chmod 700 /etc/horde/horde3/conf.php
# chgrp root /etc/horde/horde3/conf.php

# Horde also makes backups of your configuration to 
/etc/horde/horde3/conf.bak.php
# Create this file if it doesn't yet exist, give it the permissions 
required for it to
# be writable.
touch /etc/horde/horde3/conf.bak.php
chgrp www-data /etc/horde/horde3/conf.bak.php
chmod 770 /etc/horde/horde3/conf.bak.php

# Hordes log file needs similar treatment.  We change its group 
ownership to www-data, and
# modify privs as above
touch /var/log/horde/horde3.log
chgrp www-data /var/log/horde/horde3.log
chmod 770 /var/log/horde/horde3.log

# Modify the Postgres database config in 
/etc/postgresql/8.3/main/pg_hba.conf
# to allow connections from your local machine.  Note:: If you wanted your
# PostgreSQL daemon on a separate box your config would instead allow a 
network
# connection.
sed -i "s at Unix\ domain\ socket\ connections\ only@\
Unix\ domain\ socket\ connections\ only\n\
local\ \ horde\ \ horde\ \ md5\
@" /etc/postgresql/8.3/main/pg_hba.conf

# Restart the postgresql daemon so the above change comes into effect
/etc/init.d/postgresql-8.3 restart

# Now we need to create a database and database user for horde.
# The Debian package contains a zipped script which does all the steps 
required.
# We need to first modify this script so the database owners password 
isn't 'pass'.
# The command below unzips and modifies this script and then runs it.
# NOTE:: Edit out "put-password-here" and replace with a password
# for your horde database user.  The script will then prompt for this 
password
# during the database creation process.
echo "Please enter horde database username:"
read databasepw
gunzip < /usr/share/doc/horde3/examples/scripts/sql/create.pgsql.sql.gz | \
sed "s at --\ ALTER\ USER\ horde\ WITH\ PASSWORD\ 'pass';@\
ALTER\ USER\ horde\ WITH\ PASSWORD\ \'$databasepw\';@" | \
sudo -u postgres psql -f -

# To modify the default logon language edit /etc/horde/horde3/nls.php 
eg. en_GB.
# I couldn't find an en_AU language defined in the source file.  Perhaps 
a php
# hacker could do this?

echo "There are a few lines in hordes config preventing it from running 
on installation."
echo "This is for security reasons, so understand them before enabling 
horde.  To enable"
echo "it remove the exit (0) directive and the echo line above it in 
/etc/horde/horde3/conf.php"
echo "You could also comment these lines out.  (In a php comment a /* 
starts a comment, and */"
echo "ends it)."
echo "After restarting Apache you can access horde through 
http://localhost/horde3"
echo "Before doing anything else you MUST hit the 'generate 
configuration' button which is"
echo "found by entering Administration/Setup in the sidebar and then 
clicking the Horde"
echo "application.  The 'generate configuration' button is at the bottom 
of this page. Then"
echo "configure these tabs in the following order : kolab server, 
database, datatree,"
echo "preference system, authentication, shares.  After each step hit 
'generate"
echo "configuration'.  If at any stage the configuration web interface 
fails you can"
echo "back out by copying /etc/horde/horde3/conf.bak.php over your config."
echo "When configuring Horde Kolab options you can look in 
/etc/kolab/kolab.conf for"
echo "the required values."
echo "NOTE:: If you fail to add any users before logging out, you WILL 
NOT be able to"
echo "log back in."
echo "After !!!CAREFULLY!!! reading and completing the above hit any key 
to continue..."
read
echo "Horde applications can now be added...  eg:"
echo "apt-get install imp4 kronolith2"
echo "These applications have their own configuration files, and these 
will need to be"
echo "modified in the same way as for the original horde application. eg:"
echo "chmod 770 /etc/horde/imp4/conf.php"
echo "chgrp www-data /etc/horde/imp4/conf.php"
echo "touch /etc/horde/imp4/conf.bak.php"
echo "chgrp www-data /etc/horde/imp4/conf.bak.php"
echo "chmod 770 /etc/horde/imp4/conf.bak.php"
echo ""
echo "After completing configuration - tighten permissions on all 
configs eg:"
echo "chmod 640 /etc/horde/horde3/conf.php"
echo "chmod 600 /etc/horde/horde3/conf.bak.php"
echo "Edit /etc/horde/horde3/registry.php to enable each application."
echo "There are known issues with authentication in IMP/DIMP, and also 
potential"
echo "problems with Turba.  See this page : "
echo 
"http://wiki.kolab.org/index.php/Debian_-_Administrators_-_Known_issues"

-------------------------------------------------------

-- 
Mark Pavlichuk
Strategic IT
ph. (07)47242890
m. 0409 124577

More information about the pkg-horde-hackers mailing list