Debian - Administrators - Kolab Installation
From Kolab Wiki
.png){kind=small}
| Debian |
|---|
| This type of fancy box indicate Debian specific bits of information throughout this Wiki. The color should be familiar. |
Contents |
Requisites
You need to do Apt-Pinning to get minimal versions.
squeeze/wheezy/sid:
- Nothing to do
lenny:
- libnet-ldap-perl (>= 0.39): since squeeze
- php-net-ldap2: since squeeze
- horde3 (>= 3.3.3): since squeeze
Add this in /etc/apt/preferences:
Package: * Pin: release o=Debian,a=testing Pin-Priority: -1 Package: libnet-ldap-perl php-net-ldap2 horde3 dimp1 imp4 ingo1 kronolith2 mnemo2 nag2 passwd3 turba2 Pin: release o=Debian,a=testing Pin-Priority: 900 Package: kolab-webadmin kolabd libkolab-perl php-kolab-filter php-kolab-freebusy Pin: release o=Debian,a=testing Pin-Priority: 900 Package: kolab-webclient Pin: release o=Debian,a=experimental Pin-Priority: 900
And this in /etc/apt/sources.list:
deb http://ftp.us.debian.org/debian squeeze main
Update Repositories with:
apt-get update
Then check your Pinning:
# apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
-1 http://ftp.us.debian.org squeeze/main Packages
release o=Debian,a=testing,l=Debian,c=main
origin ftp.us.debian.org
500 http://security.debian.org lenny/updates/main Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
origin security.debian.org
500 http://ftp.us.debian.org lenny/main Packages
release v=5.0.2,o=Debian,a=stable,l=Debian,c=main
origin ftp.us.debian.org
Pinned packages:
php-kolab-filter -> 0.1.5-2
turba2 -> 2.3.1-1
kronolith2 -> 2.3.1-1
kolab-webclient -> (not found)
kolab-webadmin -> 2.2.2-20090514-1
libkolab-perl -> 1:2.2.1-20090331-1
ingo1 -> 1.2.1-1
libnet-ldap-perl -> 1:0.39-1
horde3 -> 3.3.4+debian0-1
kolabd -> 2.2.2-20090514-1
php-kolab-freebusy -> 0.1.5-2
imp4 -> 4.3.4+debian0-1
mnemo2 -> 2.2.1-1
nag2 -> 2.3.2-1
etch (same, and):
- postfix (>= 2.4), postfix-ldap (>= 2.4): since lenny
- php-net-lmtp: since lenny
- libmime-tools-perl: since lenny, libmime-perl should work
Repositories
See Packages overview for Debian Kolab Maintainers.
/usr/share/doc/koladb/README.Debian
Documentation to install Kolab on Debian
The Kolab groupware server system consists of several interacting parts that need to be configured to work together. They include the LDAP server, the SMTP server, the IMAP server, and the web server, as well as the Kolab server itself. The Kolab configuration scripts want to reconfigure some of these services without much regard to what else they might be doing. So to try this out, it is advisable to use a completely separate test system or a virtual machine at first. Once you have developed an acceptable setup, you can transfer the configuration files to the production system.
Clients
The Kolab packages do not come with end-user client programs. The following programs are the primary available Kolab clients:
- KDE Client: Kontact (Debian package kontact)
- Microsoft Outlook with proprietary connector
The following programs among others provide limited or experimental support for Kolab:
- Horde (Debian package horde3)
- Mozilla Thunderbird a.k.a. Icedove (Debian package icedove)
See <http://kolab.org/about-kolab-clients.html> and <http://wiki.kolab.org/index.php/Clients_for_Kolab2> for more information.
Installation
Install this kolabd package with all dependencies:
apt-get install kolabd postfix slapd
(postfix conflicts with exim4, so it may be necessary to mention it explicitly to convince apt-get to install it. slapd must be installed unless you already have an LDAP server elsewhere and know how to access it. The kolabd package depends on all remaining necessary packages.)
Or you use
aptitude install kolabd
which will figure all this out automatically.
If you want to setup slaves, on the master, set SLAPD_SERVICES in /etc/default/slapd and run /etc/init.d/slapd restart:
SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
If you want to enable imaps, uncomment the following line in /etc/cyrus.conf and run /etc/init.d/kolab-cyrus restart:
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
Bootstrap
Stop all daemons:
/etc/init.d/apache2 stop /etc/init.d/kolabd stop /etc/init.d/kolab-cyrus stop /etc/init.d/postfix stop /etc/init.d/saslauthd stop /etc/init.d/slapd stop /etc/init.d/amavis stop #optionally
Run:
kolab_bootstrap -b
(This will ask you a number of questions and overwrite several configuration files in your system based on the answers. You can check in /etc/kolab/templates/ for which files might be overwritten in what way.)
After kolab_bootstrap has finished, you can start all the daemons again:
/etc/init.d/amavis start #optionally /etc/init.d/slapd start /etc/init.d/saslauthd start /etc/init.d/postfix start /etc/init.d/kolab-cyrus start /etc/init.d/kolabd start /etc/init.d/apache2 start
You can test afterwards whether authentication is working as expected by using the testsaslauthd command, e.g.,
testsaslauthd -u manager -p PASSWORD
(using the password that you configured in kolab_bootstrap.)
Web administration frontend
If you want the Web Administration frontend, install the package kolab-webadmin and follow its README.Debian file for setup instructions.
apt-get install kolab-webadmin
Enabling TLS for IMAP
If you are planning to use the Toltec Groupware Connector, you will also need to enable TLS with Cyrus.
openssl req -new -nodes -out req.pem -keyout key.pem openssl rsa -in key.pem -out new.key.pem openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999
cp new.key.pem /etc/ssl/certs/cyrus.pem rm new.key.pem cat ca-cert >> /etc/ssl/certs/cyrus.pem
chown cyrus:mail /etc/ssl/certs/cyrus.pem chmod 600 /etc/ssl/certs/cyrus.pem # Your key should be protected.
Edit /etc/imapd.conf and change the following lines:
tls_ca_file: /etc/ssl/certs/cyrus.pem tls_cert_file: /etc/ssl/certs/cyrus.pem tls_key_file: /etc/ssl/certs/cyrus.pem
Troubleshooting
If there are strange DB_ERROR entries in the /var/log/mail.log file related to some problems with the ptloader from the kolab-cyrus, it helps to create the directory /var/lib/cyrus/ptclient. But this shouldn't be the case, and we will keep an eye on this bug.
-- The Debian Kolab Maintainers, 31 July 2007
/usr/share/doc/kolad-webadmin/README.Debian
Setup web administration frontend
First, set up /etc/kolab/session_vars.php. On a new installation, with kolabd bootstrapped the following commands should do it:
sed -i -e "s@kolabserver.example.com@`grep '^fqdnhostname : ' \
/etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
sed -i -e "s@dc=example,dc=com@`grep '^base_dn : ' \
/etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
sed -i -e "s@PASSWORD@`grep '^php_pw : ' \
/etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
sed -i -e "s@cn=nobody,cn=internal,dc=example,dc=com@`grep '^php_dn : ' \
/etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
Then, to activate the web site, in order of preference,
(a) If you have kolabd installed, that package's (SSL-enabled)
Apache configuration includes
/etc/kolab/kolab-webadmin-apache.conf by default.
- or -
(b) Set up an SSL virtual host and include
/etc/kolab/kolab-webadmin-apache.conf there.
- or -
(c) Symlink /etc/kolab/kolab-webadmin-apache.conf to
/etc/apache2/conf.d/kolab-webadmin. (This is obviously insecure,
but good enough for testing.)
Reload Apache afterwards in any case.
/etc/init.d/apache2 reload
Configuration
- go to https://example.net/admin/
- create an account
- create the mailing lists
- If you have an internet domain:
- set smarthost/relayhost
- [x] Accept Internet Mail
