[pkg-kolab] r643 - kolabd/trunk/debian

petere at alioth.debian.org petere at alioth.debian.org
Tue Jul 3 14:40:03 UTC 2007


Author: petere
Date: 2007-07-03 14:40:03 +0000 (Tue, 03 Jul 2007)
New Revision: 643

Modified:
   kolabd/trunk/debian/README.Debian
Log:
Update setup instructions taking kolab_bootstrap into account


Modified: kolabd/trunk/debian/README.Debian
===================================================================
--- kolabd/trunk/debian/README.Debian	2007-07-03 14:39:12 UTC (rev 642)
+++ kolabd/trunk/debian/README.Debian	2007-07-03 14:40:03 UTC (rev 643)
@@ -1,436 +1,103 @@
 Documentation to install Kolab on Debian
 ========================================
 
+The Kolab groupware server system consists of several interacting
+parts that need to be configured to work together.  They include the
+LDAP server, the SMTP server, the IMAP server, and the web server, as
+well as the Kolab server itself.  The Kolab configuration scripts want
+to reconfigure some of these services without much regard to what else
+they might be doing.  So to try this out, it is advisable to use a
+completely separate test system or a virtual machine at first.  Once
+you have developed an acceptable setup, you can transfer the
+configuration files to the production system.
 
-1. Install this kolabd package with all dependencies
-----------------------------------------------------
 
-# apt-get install kolabd postfix slapd
-
-postfix conflicts with exim4, so it may be necessary to mention it
-explicitly to convince apt-get to install it.  slapd must be installed
-unless you already have an LDAP server elsewhere and know how to
-access it.  The kolabd package depends on all remaining necessary
-packages.
-
 -------------------------------------------------------------------------------
 
-2. Configure LDAP
------------------
+0. Clients
+----------
 
-2.1 /etc/ldap/slapd.conf
+The Kolab packages do not come with end-user client programs.  The
+following programs are the primary available Kolab clients:
 
-Replace the file with this content (file mode 600):
+- Kontact (Debian package kontact)
 
---8<--
-# Loading of backend modules
+- Microsoft Outlook
 
-modulepath      /usr/lib/ldap
-moduleload back_bdb
+The following programs among others provide limited or experimental
+support for Kolab:
 
-include /etc/ldap/schema/core.schema
-include /etc/ldap/schema/cosine.schema
-include /etc/ldap/schema/inetorgperson.schema
-#include /usr/share/kolabd/schema/rfc2739.schema
-include /usr/share/kolabd/schema/kolab2.schema
+- Horde (Debian package horde3)
 
-pidfile         /var/run/slapd/slapd.pid
-replica-pidfile /var/run/slapd/slurpd.pid
-argsfile        /var/run/slapd/slapd.args
-replogfile      /var/lib/ldap/replog
-replicationinterval 5
+- Mozilla Thunderbird a.k.a. Icedove (Debian package icedove)
 
-schemacheck            on
+See <http://wiki.kolab.org/index.php/Clients_for_Kolab2> for more
+information.
 
-#TLSCertificateFile     /etc/kolab/cert.pem
-#TLSCertificateKeyFile  /etc/kolab/key.pem
+-------------------------------------------------------------------------------
 
-rootDSE                /etc/kolab/rootDSE.ldif
+1. Installation
+---------------
 
-defaultsearchbase      "dc=example,dc=com"
+Install this kolabd package with all dependencies:
 
-#require         none
-# we need v2 for the php scripts
-allow           bind_v2
+# apt-get install kolabd postfix slapd
 
-loglevel        256
+postfix conflicts with exim4, so it may be necessary to mention it
+explicitly to convince apt-get to install it.  slapd must be installed
+unless you already have an LDAP server elsewhere and know how to
+access it.  The kolabd package depends on all remaining necessary
+packages.
 
-#database        monitor
+Or you use
 
-database        bdb
-cachesize       2000
-idlcachesize    10000
-idletimeout     10 # The value can be increased if some clients develop problems.
-                   # Please report to kolab-devel at kolab.org if you encounter such a client.
+# aptitude install kolabd
 
-suffix          "dc=example,dc=com"
-directory       /var/lib/ldap/
+which will figure all this out automatically.
 
-rootdn          "cn=manager,cn=internal,dc=example,dc=com"
-rootpw          "PASSWORD"
-
-checkpoint      512 10
-
-replica uri=ldap://127.0.0.1:9999
-        binddn="cn=replicator"
-        bindmethod=simple
-        credentials=secret
-
-index   objectClass     pres,eq
-index   uid             approx,sub,pres,eq
-index   mail            approx,sub,pres,eq
-index   alias           approx,sub,pres,eq
-index   cn              approx,sub,pres,eq
-index   sn              approx,sub,pres,eq
-index   givenName       approx,sub,pres,eq
-index   kolabHomeServer pres,eq
-index   member          pres,eq
-
-access to dn.subtree="cn=Monitor"
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by * none stop
-
-access to attrs=userPassword
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" =wx
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" =wx
-        by self =wx
-        by anonymous =x
-        by * none stop
-
-access to attrs=mail
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-access to attrs=alias
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-access to attrs=uid
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-access to attrs=cyrus-userquota
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by self read stop
-
-access to attrs=kolabHomeServer
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-access to attrs=kolabHomeMTA
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-access to dn="cn=nobody,dc=example,dc=com"
-        by anonymous auth stop
-
-access to dn="cn=manager,cn=internal,dc=example,dc=com"
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by self write
-        by anonymous auth stop
-
-access to dn="cn=admin,cn=internal,dc=example,dc=com"
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by self write
-        by anonymous auth stop
-
-access to dn="cn=maintainer,cn=internal,dc=example,dc=com"
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" read
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by self write
-        by anonymous auth stop
-
-access to dn.regex="(.*,)?cn=internal,dc=example,dc=com"
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by self write
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by anonymous auth stop
-
-access to dn.regex="(.*,)?cn=external,dc=example,dc=com"
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-access to dn="cn=external,dc=example,dc=com"
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by * search stop
-
-access to dn="cn=internal,dc=example,dc=com"
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by * search stop
-
-access to dn="k=kolab,dc=example,dc=com"
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" read
-        by dn="cn=nobody,cn=internal,dc=example,dc=com" read
-        by * none stop
-
-access to *
-        by self write
-        by group/kolabGroupOfNames="cn=admin,cn=internal,dc=example,dc=com" write
-        by group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=example,dc=com" write
-        by * read stop
-
-#include /etc/ldap/slapd.replicas
---8<--
-
-2.2
-
-Replace all references in the above file to "dc=example,dc=com" with
-your own.
-
-- Stop the LDAP server: /etc/init.d/slapd stop
-- Back up your LDAP data in /var/lib/ldap/
-- Delete old LDAP data: rm /var/lib/ldap/*
-- Copy the DB_CONFIG file from your backup back into /var/lib/ldap/
-- Import LDAP data: slapadd < yourkolabldapdata
-- Make sure that the files under /var/lib/ldap/ are owned by the
-openldap user (chown -R openldap:openldap /var/lib/ldap/).
-- Start the LDAP server again: /etc/init.d/slapd start
-
-An example for the "yourkolabldapdata" can be found here:
-/usr/share/doc/kolabd/examples/slapcat.example.com.gz
-(zcat /usr/share/doc/kolabd/examples/slapcat.example.com.gz | slapadd)
-
-The passwords for the manager and users are "credativ" and for the
-nobody user "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".
-
 -------------------------------------------------------------------------------
 
-3. Configure SASL
------------------
+2. Bootstrap
+------------
 
-3.1 /etc/default/saslauthd
+Run
 
-Change this file to:
+# kolab_bootstrap -b
 
---8<--
-# This needs to be uncommented before saslauthd will be run automatically
-START=yes
+This will ask you a number of questions and overwrite several
+configuration files in your system based on the answers.  You can
+check in /etc/kolab/templates/ for which files might be overwritten in
+what way.
 
-# You must specify the authentication mechanisms you wish to use.
-# This defaults to "pam" for PAM support, but may also include
-# "shadow" or "sasldb", like this:
-# MECHANISMS="pam shadow"
+After kolab_bootstrap has finished, you can start all the daemons
+again that kolab_bootstrap had asked you to stop, in particular slapd,
+saslauthd, kolab-cyrus, and kolabd, ideally in that order.
 
-MECHANISMS="ldap"
---8<--
+You can test afterwards whether authentication is working as expected
+by using the testsaslauthd command, e.g.,
 
-3.2 /etc/saslauthd.conf
+# testsaslauthd -u manager -p PASSWORD.
 
-Create this file (file mode 600):
+using the password that you configured in kolab_bootstrap.
 
---8<--
-ldap_auth_method: bind
-ldap_bind_dn: cn=manager,cn=internal,dc=example,dc=com
-ldap_bind_pw: PASSWORD
-ldap_deref: always
-ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))
-ldap_restart: yes
-ldap_scope: sub
-ldap_search_base: dc=example,dc=com
-ldap_servers: ldap://127.0.0.1:389
-ldap_time_limit: 15
-ldap_timeout: 15
-ldap_version: 3
---8<--
-
-Make sure that you change "PASSWORD" to your manager password.  (With
-the example .ldif it is "credativ".)
-
-You will also need to change references to "dc=example,dc=com" to your
-own.
-
-3.3 Start the saslauthd: /etc/init.d/saslauthd start
-
-You can test if authentication is working as expected by using the
-testsaslauthd command, e.g.: testsaslauthd -u manager -p PASSWORD
-
 -------------------------------------------------------------------------------
 
-4. Cyrus IMAP Server
+3. Cyrus IMAP Server
 --------------------
 
-4.1 /etc/imapd.conf
+If everything is running and authentication is working, then you can
+start creating mailboxes:
 
-Configure the option "loginrealms:" with your Kolab domain, for
-example:
-
-loginrealms: example.com
-
-Reload the kolab-cyrus daemon afterwards: /etc/init.d/kolab-cyrus reload
-
-4.2 Create mailboxes
-
 # cyradm --user manager localhost
 IMAP Password:
               localhost> cm user/userc at example.com
 localhost>
 
--------------------------------------------------------------------------------
+At this point you are ready to access the Kolab accounts.
 
-5. Postfix
-----------
-
-5.1 /etc/postfix/master.cf
-
-Append the following:
-
---8<--
-kolabfilter     unix  -       n       n       -       -       pipe user=nobody null_sender= argv=/usr/bin/php4
-   -c /etc/php4/cli/php.ini
-   -f /usr/share/kolab-resource-handlers/kolabfilter.php
-   --
-   -h host
-   -s ${sender}
-   -r ${recipient}
-   -c ${client_address}
-
-kolabmailboxfilter     unix  -       n       n       -       -       pipe user=nobody null_sender= argv=/usr/bin/php4
-   -c /etc/php4/cli/php.ini
-   -f /usr/share/kolab-resource-handlers/kolabmailboxfilter.php
-   --
-   -h host
-   -s ${sender}
-   -r ${recipient}
-   -c ${client_address}
---8<--
-
-Note: Using Postfix 2.1 or earlier (e.g., in Debian sarge), you have
-to omit the two "-c ${client_address}" lines because older Postfix
-doesn't support this.  Postfix 2.2 does.
-
-5.2 /etc/postfix/main.cf
-
-Add the following or merge with an existing configuration, as
-appropriate:
-
---8<--
-virtual_maps = ldap:/etc/postfix/kolab-ldapdistlist.cf, ldap:/etc/postfix/kolab-ldapvirtual.cf
-transport_maps = ldap:/etc/postfix/kolab-ldaptransport.cf
-
-mailbox_transport = kolabmailboxfilter
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
-# Support broken clients like Microsoft Outlook Express 4.x which expect AUTH=LOGIN instead of AUTH LOGIN
-broken_sasl_auth_clients = yes
---8<--
-
-The options inet_interfaces and mydestination also have to be
-configured for your enviroment.  Make sure that the mydestination
-variable is set correctly.  Kolab will look at it, and it is not
-enough to enter localhost, so use a valid name (e.g., your real host
-name).
-
-5.3. /etc/postfix/kolab-ldap*.cf
-
-Adjust these files for your local situation, in particular the domains
-and passwords.
-
-Note: PASSWORD is the cleartext password of the nobody user in the
-LDAP.  (With the example .ldif it is
-"kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".)
-
-5.4 /etc/postfix/sasl/smtpd.conf
-
-Put the following in that file (create it if necessary):
-
---8<--
-pwcheck_method: saslauthd
-mech_list: plain login
---8<--
-
-Reload Postfix after finishing the configuration changes:
-/etc/init.d/postfix reload
-
 -------------------------------------------------------------------------------
 
-6. kolabd
----------
-
-Configure /etc/kolab/kolab.conf:
-
---8<--
-fqdnhostname : kolab.example.com
-is_master : true
-base_dn : dc=example,dc=com
-bind_dn : cn=manager,cn=internal,dc=example,dc=com
-bind_pw : PASSWORD
-ldap_uri : ldap://127.0.0.1:389
-ldap_master_uri : ldap://127.0.0.1:389
-php_dn : cn=nobody,cn=internal,dc=example,dc=com
-php_pw : PASSWORD
-calendar_dn : cn=calendar,cn=internal,dc=example,dc=com
-calendar_pw : PASSWORD
---8<--
-
-Remember to change "dc=example,dc=com" to your one and to change the
-manager password and the nobody password.
-
-(With the example .ldif, the manager password is "credativ" and the
-nobody password is "kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".)
-
-TODO: What is the password for calendar meant to be?
-
--------------------------------------------------------------------------------
-
-7. Resource Manager
--------------------
-
-Configure in /etc/kolab/resmgr.conf the options:
-
-$params['server'] = 'kolabserver.example.com';
-$params['email_domain'] = 'example.com';
-$params['ldap_uri'] = 'ldap://localhost';
-$params['base_dn'] = 'dc=example,dc=com';
-$params['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
-$params['bind_pw'] = 'PASSWORD';
-$params['calendar_user'] = 'calendar@'.$params['email_domain'];
-$params['calendar_pass'] = 'PASSWORD';
-$params['freebusy_url'] = 'https://server.example.com/freebusy/${USER}.xfb';
-
-Remember to change PASSWORD to the nobody password.  (With the example
-.ldif the nobody password is
-"kaat3fzKggQoSbURkaQCIDrWvL1MamtMXM309TBR".)
-
--------------------------------------------------------------------------------
-
-8. Free/Busy
-------------
-
-Configure in /etc/kolab/freebusy.conf the options:
-
-$params['server'] = 'kolabserver.example.com';
-$params['ldap_uri'] = 'ldap://127.0.0.1:389';
-$params['base_dn'] = 'dc=example,dc=com';
-$params['bind_dn'] = 'cn=nobody,cn=internal,dc=example,dc=com';
-$params['bind_pw'] = 'PASSWORD';
-
-We need some files from Horde, and the easiest way is to create this
-link:
-
-# ln -sf /usr/share/horde3/lib/Horde /usr/share/php/
-
-Be sure you have the following extensions enabled in PHP for
-free/busy:
-
-/etc/php4/apache2/php.ini
-...
-extension=domxml.so
-extension=ldap.so
-
--------------------------------------------------------------------------------
-
-9. Apache and PHP
+4. Apache and PHP
 -----------------
 
 The free/busy functionality needs an SSL-enabled Apache with
@@ -445,7 +112,7 @@
 
 -------------------------------------------------------------------------------
 
-10. Web Administration Frontend
+5. Web Administration Frontend
 -------------------------------
 
 If you want the Web Administration frontend, install the package
@@ -454,8 +121,8 @@
 
 -------------------------------------------------------------------------------
 
-11. Enabling TLS for IMAP
--------------------------
+6. Enabling TLS for IMAP
+------------------------
 
 If you are planning to use the Toltec Groupware Connector, you will
 also need to enable TLS with Cyrus.
@@ -479,8 +146,8 @@
 
 -------------------------------------------------------------------------------
 
-12. Troubleshooting
--------------------
+7. Troubleshooting
+------------------
 
 If there are strange DB_ERROR entries in the /var/log/mail.log file
 related to some problems with the ptloader from the kolab-cyrus, it
@@ -489,9 +156,4 @@
 
 -------------------------------------------------------------------------------
 
-The bootstrapping program and templates used by upstream can be found at
-/usr/share/doc/kolabd/bootstrap/ for reference, but that code are not
-adjusted for the Debian installation, so it won't actually work.
-
-
- -- The Debian Kolab Maintainers, 18 May 2007
+ -- The Debian Kolab Maintainers, 25 June 2007




More information about the pkg-kolab-devel mailing list