[pkg-kolab] r643 - kolabd/trunk/debian
petere at alioth.debian.org
petere at alioth.debian.org
Tue Jul 3 14:40:03 UTC 2007
Author: petere
Date: 2007-07-03 14:40:03 +0000 (Tue, 03 Jul 2007)
New Revision: 643
Modified:
kolabd/trunk/debian/README.Debian
Log:
Update setup instructions taking kolab_bootstrap into account
Modified: kolabd/trunk/debian/README.Debian
===================================================================
--- kolabd/trunk/debian/README.Debian 2007-07-03 14:39:12 UTC (rev 642)
+++ kolabd/trunk/debian/README.Debian 2007-07-03 14:40:03 UTC (rev 643)
@@ -1,436 +1,103 @@
Documentation to install Kolab on Debian
========================================
+The Kolab groupware server system consists of several interacting
+parts that need to be configured to work together. They include the
+LDAP server, the SMTP server, the IMAP server, and the web server, as
+well as the Kolab server itself. The Kolab configuration scripts want
+to reconfigure some of these services without much regard to what else
+they might be doing. So to try this out, it is advisable to use a
+completely separate test system or a virtual machine at first. Once
+you have developed an acceptable setup, you can transfer the
+configuration files to the production system.
-1. Install this kolabd package with all dependencies
-----------------------------------------------------
-# apt-get install kolabd postfix slapd
-
-postfix conflicts with exim4, so it may be necessary to mention it
-explicitly to convince apt-get to install it. slapd must be installed
-unless you already have an LDAP server elsewhere and know how to
-access it. The kolabd package depends on all remaining necessary
-packages.
-
-------------------------------------------------------------------------------
-2. Configure LDAP
------------------
+0. Clients
+----------
-2.1 /etc/ldap/slapd.conf
+The Kolab packages do not come with end-user client programs. The
+following programs are the primary available Kolab clients:
-Replace the file with this content (file mode 600):
+- Kontact (Debian package kontact)
---8<--
-# Loading of backend modules
+- Microsoft Outlook
-modulepath /usr/lib/ldap
-moduleload back_bdb
+The following programs among others provide limited or experimental
+support for Kolab:
-include /etc/ldap/schema/core.schema
-include /etc/ldap/schema/cosine.schema
-include /etc/ldap/schema/inetorgperson.schema
-#include /usr/share/kolabd/schema/rfc2739.schema
-include /usr/share/kolabd/schema/kolab2.schema
+- Horde (Debian package horde3)
-pidfile /var/run/slapd/slapd.pid
-replica-pidfile /var/run/slapd/slurpd.pid
-argsfile /var/run/slapd/slapd.args
-replogfile /var/lib/ldap/replog
-replicationinterval 5
+- Mozilla Thunderbird a.k.a. Icedove (Debian package icedove)
-schemacheck on
+See <http://wiki.kolab.org/index.php/Clients_for_Kolab2> for more
+information.
-#TLSCertificateFile /etc/kolab/cert.pem
-#TLSCertificateKeyFile /etc/kolab/key.pem
+-------------------------------------------------------------------------------
-rootDSE /etc/kolab/rootDSE.ldif
+1. Installation
+---------------
-defaultsearchbase "dc=example,dc=com"
+Install this kolabd package with all dependencies:
-#require none
-# we need v2 for the php scripts
-allow bind_v2
+# apt-get install kolabd postfix slapd
-loglevel 256
+postfix conflicts with exim4, so it may be necessary to mention it
+explicitly to convince apt-get to install it. slapd must be installed
+unless you already have an LDAP server elsewhere and know how to
+access it. The kolabd package depends on all remaining necessary
+packages.
-#database monitor
+Or you use
-database bdb
-cachesize 2000
-idlcachesize 10000
-idletimeout 10 # The value can be increased if some clients develop problems.
- # Please report to kolab-devel at kolab.org if you encounter such a client.
+# aptitude install kolabd
-suffix "dc=example,dc=com"
-directory /var/lib/ldap/
+which will figure all this out automatically.
-rootdn "cn=manager,cn=internal,dc=example,dc=com"
-rootpw "PASSWORD"
-
-checkpoint 512 10
-
-replica uri=ldap://127.0.0.1:9999
- binddn="cn=replicator"
- bindmethod=simple
- credentials=secret
-
-index objectClass pres,eq
-index uid approx,sub,pres,eq
-index mail approx,sub,pres,eq
-index alias approx,sub,pres,eq
-index cn approx,sub,pres,eq
-index sn approx,sub,pres,eq
-index givenName approx,sub,pres,eq
-index kolabHomeServer pres,eq
-index member pres,eq
-
-access to dn.subtree="cn=Monitor"
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by * none stop
-
-access to attrs=userPassword
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" =wx
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" =wx
- by self =wx
- by anonymous =x
- by * none stop
-
-access to attrs=mail
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-access to attrs=alias
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-access to attrs=uid
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-access to attrs=cyrus-userquota
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by self read stop
-
-access to attrs=kolabHomeServer
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-access to attrs=kolabHomeMTA
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-access to dn="cn=nobody,dc=example,dc=com"
- by anonymous auth stop
-
-access to dn="cn=manager,cn=internal,dc=example,dc=com"
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by self write
- by anonymous auth stop
-
-access to dn="cn=admin,cn=internal,dc=example,dc=com"
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by self write
- by anonymous auth stop
-
-access to dn="cn=maintainer,cn=internal,dc=example,dc=com"
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" read
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by self write
- by anonymous auth stop
-
-access to dn.regex="(.*,)?cn=internal,dc=example,dc=com"
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by self write
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by anonymous auth stop
-
-access to dn.regex="(.*,)?cn=external,dc=example,dc=com"
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-access to dn="cn=external,dc=example,dc=com"
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by * search stop
-
-access to dn="cn=internal,dc=example,dc=com"
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by * search stop
-
-access to dn="k=kolab,dc=example,dc=com"
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" read
- by dn="cn=nobody,cn=internal,dc=example,dc=com" read
- by * none stop
-
-access to *
- by self write
- by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
- by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
- by * read stop
-
-#include /etc/ldap/slapd.replicas
---8<--
-
-2.2
-
-Replace all references in the above file to "dc=example,dc=com" with
-your own.
-
-- Stop the LDAP server: /etc/init.d/slapd stop
-- Back up your LDAP data in /var/lib/ldap/
-- Delete old LDAP data: rm /var/lib/ldap/*
-- Copy the DB_CONFIG file from your backup back into /var/lib/ldap/
-- Import LDAP data: slapadd < yourkolabldapdata
-- Make sure that the files under /var/lib/ldap/ are owned by the
-openldap user (chown -R openldap:openldap /var/lib/ldap/).
-- Start the LDAP server again: /etc/init.d/slapd start
-
-An example for the "yourkolabldapdata" can be found here:
-/usr/share/doc/kolabd/examples/slapcat.example.com.gz
-(zcat /usr/share/doc/kolabd/examples/slapcat.example.com.gz | slapadd)
-
-The passwords for the manager and users are "credativ" and for the
-nobody user "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".
-
-------------------------------------------------------------------------------
-3. Configure SASL
------------------
+2. Bootstrap
+------------
-3.1 /etc/default/saslauthd
+Run
-Change this file to:
+# kolab_bootstrap -b
---8<--
-# This needs to be uncommented before saslauthd will be run automatically
-START=yes
+This will ask you a number of questions and overwrite several
+configuration files in your system based on the answers. You can
+check in /etc/kolab/templates/ for which files might be overwritten in
+what way.
-# You must specify the authentication mechanisms you wish to use.
-# This defaults to "pam" for PAM support, but may also include
-# "shadow" or "sasldb", like this:
-# MECHANISMS="pam shadow"
+After kolab_bootstrap has finished, you can start all the daemons
+again that kolab_bootstrap had asked you to stop, in particular slapd,
+saslauthd, kolab-cyrus, and kolabd, ideally in that order.
-MECHANISMS="ldap"
---8<--
+You can test afterwards whether authentication is working as expected
+by using the testsaslauthd command, e.g.,
-3.2 /etc/saslauthd.conf
+# testsaslauthd -u manager -p PASSWORD.
-Create this file (file mode 600):
+using the password that you configured in kolab_bootstrap.
---8<--
-ldap_auth_method: bind
-ldap_bind_dn: cn=manager,cn=internal,dc=example,dc=com
-ldap_bind_pw: PASSWORD
-ldap_deref: always
-ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))
-ldap_restart: yes
-ldap_scope: sub
-ldap_search_base: dc=example,dc=com
-ldap_servers: ldap://127.0.0.1:389
-ldap_time_limit: 15
-ldap_timeout: 15
-ldap_version: 3
---8<--
-
-Make sure that you change "PASSWORD" to your manager password. (With
-the example .ldif it is "credativ".)
-
-You will also need to change references to "dc=example,dc=com" to your
-own.
-
-3.3 Start the saslauthd: /etc/init.d/saslauthd start
-
-You can test if authentication is working as expected by using the
-testsaslauthd command, e.g.: testsaslauthd -u manager -p PASSWORD
-
-------------------------------------------------------------------------------
-4. Cyrus IMAP Server
+3. Cyrus IMAP Server
--------------------
-4.1 /etc/imapd.conf
+If everything is running and authentication is working, then you can
+start creating mailboxes:
-Configure the option "loginrealms:" with your Kolab domain, for
-example:
-
-loginrealms: example.com
-
-Reload the kolab-cyrus daemon afterwards: /etc/init.d/kolab-cyrus reload
-
-4.2 Create mailboxes
-
# cyradm --user manager localhost
IMAP Password:
localhost> cm user/userc at example.com
localhost>
--------------------------------------------------------------------------------
+At this point you are ready to access the Kolab accounts.
-5. Postfix
-----------
-
-5.1 /etc/postfix/master.cf
-
-Append the following:
-
---8<--
-kolabfilter unix - n n - - pipe user=nobody null_sender= argv=/usr/bin/php4
- -c /etc/php4/cli/php.ini
- -f /usr/share/kolab-resource-handlers/kolabfilter.php
- --
- -h host
- -s ${sender}
- -r ${recipient}
- -c ${client_address}
-
-kolabmailboxfilter unix - n n - - pipe user=nobody null_sender= argv=/usr/bin/php4
- -c /etc/php4/cli/php.ini
- -f /usr/share/kolab-resource-handlers/kolabmailboxfilter.php
- --
- -h host
- -s ${sender}
- -r ${recipient}
- -c ${client_address}
---8<--
-
-Note: Using Postfix 2.1 or earlier (e.g., in Debian sarge), you have
-to omit the two "-c ${client_address}" lines because older Postfix
-doesn't support this. Postfix 2.2 does.
-
-5.2 /etc/postfix/main.cf
-
-Add the following or merge with an existing configuration, as
-appropriate:
-
---8<--
-virtual_maps = ldap:/etc/postfix/kolab-ldapdistlist.cf, ldap:/etc/postfix/kolab-ldapvirtual.cf
-transport_maps = ldap:/etc/postfix/kolab-ldaptransport.cf
-
-mailbox_transport = kolabmailboxfilter
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
-# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
-broken_sasl_auth_clients = yes
---8<--
-
-The options inet_interfaces and mydestination also have to be
-configured for your enviroment. Make sure that the mydestination
-variable is set correctly. Kolab will look at it, and it is not
-enough to enter localhost, so use a valid name (e.g., your real host
-name).
-
-5.3. /etc/postfix/kolab-ldap*.cf
-
-Adjust these files for your local situation, in particular the domains
-and passwords.
-
-Note: PASSWORD is the cleartext password of the nobody user in the
-LDAP. (With the example .ldif it is
-"kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".)
-
-5.4 /etc/postfix/sasl/smtpd.conf
-
-Put the following in that file (create it if necessary):
-
---8<--
-pwcheck_method: saslauthd
-mech_list: plain login
---8<--
-
-Reload Postfix after finishing the configuration changes:
-/etc/init.d/postfix reload
-
-------------------------------------------------------------------------------
-6. kolabd
----------
-
-Configure /etc/kolab/kolab.conf:
-
---8<--
-fqdnhostname : kolab.example.com
-is_master : true
-base_dn : dc=example,dc=com
-bind_dn : cn=manager,cn=internal,dc=example,dc=com
-bind_pw : PASSWORD
-ldap_uri : ldap://127.0.0.1:389
-ldap_master_uri : ldap://127.0.0.1:389
-php_dn : cn=nobody,cn=internal,dc=example,dc=com
-php_pw : PASSWORD
-calendar_dn : cn=calendar,cn=internal,dc=example,dc=com
-calendar_pw : PASSWORD
---8<--
-
-Remember to change "dc=example,dc=com" to your one and to change the
-manager password and the nobody password.
-
-(With the example .ldif, the manager password is "credativ" and the
-nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".)
-
-TODO: What is the password for calendar meant to be?
-
--------------------------------------------------------------------------------
-
-7. Resource Manager
--------------------
-
-Configure in /etc/kolab/resmgr.conf the options:
-
-$params['server'] = 'kolabserver.example.com';
-$params['email_domain'] = 'example.com';
-$params['ldap_uri'] = 'ldap://localhost';
-$params['base_dn'] = 'dc=example,dc=com';
-$params['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
-$params['bind_pw'] = 'PASSWORD';
-$params['calendar_user'] = 'calendar@'.$params['email_domain'];
-$params['calendar_pass'] = 'PASSWORD';
-$params['freebusy_url'] = 'https://server.example.com/freebusy/${USER}.xfb';
-
-Remember to change PASSWORD to the nobody password. (With the example
-.ldif the nobody password is
-"kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".)
-
--------------------------------------------------------------------------------
-
-8. Free/Busy
-------------
-
-Configure in /etc/kolab/freebusy.conf the options:
-
-$params['server'] = 'kolabserver.example.com';
-$params['ldap_uri'] = 'ldap://127.0.0.1:389';
-$params['base_dn'] = 'dc=example,dc=com';
-$params['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
-$params['bind_pw'] = 'PASSWORD';
-
-We need some files from Horde, and the easiest way is to create this
-link:
-
-# ln -sf /usr/share/horde3/lib/Horde /usr/share/php/
-
-Be sure you have the following extensions enabled in PHP for
-free/busy:
-
-/etc/php4/apache2/php.ini
-...
-extension=domxml.so
-extension=ldap.so
-
--------------------------------------------------------------------------------
-
-9. Apache and PHP
+4. Apache and PHP
-----------------
The free/busy functionality needs an SSL-enabled Apache with
@@ -445,7 +112,7 @@
-------------------------------------------------------------------------------
-10. Web Administration Frontend
+5. Web Administration Frontend
-------------------------------
If you want the Web Administration frontend, install the package
@@ -454,8 +121,8 @@
-------------------------------------------------------------------------------
-11. Enabling TLS for IMAP
--------------------------
+6. Enabling TLS for IMAP
+------------------------
If you are planning to use the Toltec Groupware Connector, you will
also need to enable TLS with Cyrus.
@@ -479,8 +146,8 @@
-------------------------------------------------------------------------------
-12. Troubleshooting
--------------------
+7. Troubleshooting
+------------------
If there are strange DB_ERROR entries in the /var/log/mail.log file
related to some problems with the ptloader from the kolab-cyrus, it
@@ -489,9 +156,4 @@
-------------------------------------------------------------------------------
-The bootstrapping program and templates used by upstream can be found at
-/usr/share/doc/kolabd/bootstrap/ for reference, but that code are not
-adjusted for the Debian installation, so it won't actually work.
-
-
- -- The Debian Kolab Maintainers, 18 May 2007
+ -- The Debian Kolab Maintainers, 25 June 2007
More information about the pkg-kolab-devel
mailing list