InstallationandConfigurationGuideforversion2.2.9
InstallationandConfigurationGuideVersion2.2.9-September2014
Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-CoverTexts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense".
ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http://scripts.sil.org/OFL
CopyrightukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato".
CopyrightRaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLhttp://www.latofonts.com/http://levien.com/
iii
TableofContentsAbout thisGuide..............................................................................................................1Introduction.....................................................................................................................2
ArchitectureandCompatibility...................................................................................3SystemRequirements........................................................................................................5
Assumptions.............................................................................................................5MinimumHardwareRequirements..............................................................................5OperatingSystemRequirements................................................................................6
Installation.......................................................................................................................8SoftwareDownloads.................................................................................................8Software Installation.................................................................................................8
Configuration.................................................................................................................10GNUstepEnvironmentOverview.............................................................................10PreferencesHierarchy.............................................................................................10GeneralPreferences................................................................................................11AuthenticationusingLDAP......................................................................................18LDAPAttributes Indexing........................................................................................24LDAPAttributesMapping........................................................................................24AuthenticatingusingC.A.S.......................................................................................26AuthenticatingusingSAML2....................................................................................27DatabaseConfiguration...........................................................................................27AuthenticationusingSQL........................................................................................29SMTPServerConfiguration.....................................................................................31IMAPServerConfiguration......................................................................................32WebInterfaceConfiguration....................................................................................34SOGoConfigurationSummary.................................................................................40Multi-domainsConfiguration....................................................................................41ApacheConfiguration..............................................................................................43StartingServices.....................................................................................................44CronjobEMailreminders......................................................................................44CronjobVacationmessagesexpiration...................................................................45
ManagingUserAccounts.................................................................................................46CreatingtheSOGoAdministrativeAccount...............................................................46CreatingaUserAccount.........................................................................................46
MicrosoftActiveSync......................................................................................................48UsingSOGo...................................................................................................................50
SOGoWebInterface..............................................................................................50MozillaThunderbirdandLightning............................................................................50Apple iCal..............................................................................................................51AppleAddressBook.................................................................................................51MicrosoftActiveSync/MobileDevices.....................................................................52
Upgrading......................................................................................................................53Additional Information.....................................................................................................55CommercialSupportandContactInformation...................................................................56
Chapter1
AboutthisGuide 1
AboutthisGuide
ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution.ItalsocoverstheinstallationandconfigurationofSOGoActiveSyncsupportthesolutionusedtosyn-chronizemobiledeviceswithSOGo.
Theinstructionsarebasedonversion2.2.9ofSOGo.
Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html.
http://www.sogo.nu/downloads/documentation.html
Chapter2
Introduction 2
Introduction
SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,andemailsthroughyourfavouriteWebbrowserandbyusinganativeclientsuchasMozillaThunderbirdandLightning.
SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreusesexistingIMAP,SMTPanddatabaseservers-makingthesolutioneasytodeployandinteroperablewithmanyapplications.
SOGofeatures:
Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers
RichWeb-based interface thatshares the lookandfeel, thefeaturesandthedataofMozillaThunderbirdandLightning
ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorandtheSOGoIntegrator
NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013
Two-way synchronization supportwithanyMicrosoftActiveSync-capable device, orOutlook2013
SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope.Moreinformationcanbefoundathttp://www.sogo.nu/
http://www.sogo.nu/
Chapter2
Introduction 3
ArchitectureandCompatibility
Chapter2
Introduction 4
StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocom-municatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoftActiveSyncprotocolarealsosupported.
ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGoNativeMicrosoftOutlookConfigurationGuide.
Chapter3
SystemRequirements 5
SystemRequirements
Assumptions
SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing:
Databaseserver(MySQL,PostgreSQLorOracle)
LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers)
SMTPserver(Postfix,Sendmailandothers)
IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers)
Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhostor127.0.0.1)thatSOGowillbeinstalledon.
GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo.Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentationandproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwiththisguide.
Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversionnumbers:
Databaseserver PostgreSQL7.4orlater
LDAPserver OpenLDAP2.3.xorlater
SMTPserver Postfix2.x
IMAPserver CyrusIMAPServer2.3.xorlater
Morerecentversionsofthesoftwarementionedabovecanalsobeused.
MinimumHardwareRequirements
Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobilede-vices:
Server Evaluationandtesting
Intel,AMD,orPowerPCCPU1GHz
Chapter3
SystemRequirements 6
512MBofRAM 1GBofdiskspace
Production
Intel,AMDorPowerPCCPU3GHz 2048MBofRAM10GBofdiskspace(excludingthemailstore)
Desktop General
Intel,AMD,orPowerPCCPU1.5GHz 1024x768monitorresolution512MBofRAM 128Kbpsorhighernetworkconnection
MicrosoftWindows
MicrosoftWindowsXPSP2orVista
AppleMacOSX
AppleMacOSX10.2orlater
Linux
YourfavouriteGNU/Linuxdistribution
MobileDeviceAnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftAc-tiveSync.
OperatingSystemRequirements
Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo:
RedHatEnterpriseLinux(RHEL)Server5and6
CommunityENTerpriseOperatingSystem(CentOS)5and6
DebianGNU/Linux5.0(Lenny)to7.0(Wheezy)
Ubuntu10.04(Lucid)to14.04(Trusty)
MakesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunningbeforeproceedingwiththeSOGoconfiguration.Alsomake sure that you can installadditionalpackagesfromyourstandarddistribution.Forexample,ifyouareusingRedHatEnterpriseLinux5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftwareinstallation.
ThisdocumentcoverstheinstallationofSOGounderRHEL6.
ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteathttp://www.sogo.nu/.Underthedownloads section, youwill find links for installation stepsforDebianandUbuntu.
http://www.sogo.nu/
Chapter3
SystemRequirements 7
NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefol-lowedinordertofullyconfigureSOGo.
Chapter4
Installation 8
Installation
ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.ThestepsdescribedhereapplytoanRPM-basedinstallationforaRedHatorCentOSdistribution.
SoftwareDownloads
SOGo can be installed using the+yum+utility. To do so, firstcreate the/etc/yum.repos.d/inverse.repoconfigurationfilewiththefollowingcontent:
[SOGo]name=Inverse SOGoRepositorybaseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearchgpgcheck=0
SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge(previouslyknownasRPMforge).ToaddRepoForgetoyourpackagessources,downloadandinstalltheappropriateRPMpackagefromhttp://packages.sw.be/rpmforge-release/.Alsomakesureyouenabledthe"rpmforge-extras"repository.
FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/.
SoftwareInstallation
Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsde-pendencies.Todoso,proceedwiththefollowingcommand:
yum install sogo
ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached.Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitableforyourenvironment.Youneedtoinstallsope49-gdl1-postgresqlforthePostgreSQLdatabasesystem,sope49-gdl1-mysqlforMySQLorsope49-gdl1-oracleforOracle.Theinstallationcom-mandwillthuslooklikethis:
yum install sope49-gdl1-postgresql
http://packages.sw.be/rpmforge-release/http://repoforge.org/use/
Chapter4
Installation 9
Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit.
Chapter5
Configuration 10
Configuration
Inthissection,youlllearnhowtoconfigureSOGotouseyourexistingLDAP,SMTPanddatabaseservers.Aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveronwhichSOGoisbeinginstalled.Ifthisisnotthecase,pleaseadjusttheconfigurationparameterstoreflectthosechanges.
GNUstepEnvironmentOverview
SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationoftheOpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktopapplications.Amongthosefacilities,thereisaconfigurationAPIsimilartothe"Registry"paradigminMicrosoftWindows.InOpenSTEP,GNUstepandMacOSX,thesearecalledthe"userdefaults".
InSOGo, theusersapplicationssettingsarestoredin/etc/sogo/sogo.conf.Youcanuseyourfavouritetexteditortomodifythefile.
Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes:arrays,dictionaries(orhashes), stringsandnumbers.Numbersare representedas-is, exceptforbooleanswhichcantaketheunquotedvaluesYESandNO.Stringsarenotmandatorilyquoted,butdoingsowillavoidyoumanyproblems.Adictionaryisasequenceofkeyandvaluepairsseparatedintheirmiddlewitha=sign.Itstartswitha\{andendswithacorresponding}.Eachvaluedefinitioninadictionaryendswithasemicolon.Anarrayisachainofvaluesstartingwith(andendingwith),wherethevaluesareseparatedwitha,.Also,thefilegenerallyfollowsaC-styleindentationforclaritybutthisindentationisnotrequired,onlyrecommended.Blockcommentsaredelimitedby/*and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//.
PreferencesHierarchy
SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofuserswithinoneinstallationofSOGo.Auserassociatedtoadomainislimitedtoaccessonlytheusersdatafromthesamedomain.Consequently,theconfigurationparametersofSOGoaredefinedonthreelevels:
Chapter5
Configuration 11
Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethede-faultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldo-mainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf,whiletheuserspreferencesareconfigurablebytheuserandstoredinSOGosdatabase.
Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviationsinthetablesofthisdocument:
S Parameterexclusivetothesystemandnotconfigurableperdomain
D Parameterexclusivetoadomainandnotconfigurableperuser
U Parameterconfigurablebytheuser
Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedataparentlevel.
GeneralPreferences
Thefollowingtabledescribesthegeneralparametersthatcanbeset:
S WOWorkersCountTheamountofinstancesofSOGothatwillbespawnedtohandlemultiplerequestssimulta-neously.Whenstartedfromtheinitscript,thatamountisoverridenbythePREFORKvaluein/etc/sysconfig/sogoor/etc/default/sogo.Avalueof3isareasonabledefaultforlowus-age.ThemaximumvaluedependsontheCPU
Chapter5
Configuration 12
andIOpowerprovidedbyyourmachine:aval-uesettoohighwillactuallydecreaseperfor-mancesunderhighload.
Defaultsto1whenunset.
S WOListenQueueSizeThisparametercontrolsthebacklogsizeofthesocketlistenqueue.Forlarge-scaledeploy-ments,thisvaluemustbeadjustedincaseallworkersarebusyandtheparentprocessesre-ceiveslotsofincomingconnections.
Defaultsto5whenunset.
S WOPortTheTCPlisteningaddressandportusedbytheSOGodaemon.Theformatisipaddress:port.
Defaultsto127.0.0.1:20000whenunset.
S WOLogFileThefilepathwheretologmessages.Specify-tologtotheconsole.
Defaultsto/var/log/sogo/sogo.log.
S WOPidFile Thefilepathwheretheparentprocessidwillbewritten.
Defaultsto/var/run/sogo/sogo.pid.
S WOWatchDogRequestTimeoutThisparameterspecifiesthenumberofminutesafterwhichabusychildprocesswillbekilledbytheparentprocess.
Defaultsto10(minutes).
Donotsetthistoolowaschildprocessesre-plyingtoclientsonaslowinternetconnectioncouldbekilledprematurely.
S SxVMemLimitParameterusedtosetthemaximumamountofmemory(inmegabytes)thatachildcanuse.Reachingthatvaluewillforcechildrenprocess-estorestart,inordertopreservesystemmem-ory.
Defaultsto384.
S SOGoMemcachedHostParameterusedtosetthehostnameandop-tionallytheportofthememcachedserver.
ApathcanalsobeusediftheservermustbereachedviaaUnixsocket.
Defaultstolocalhost.
Seememcached_servers_parse(3)fordetailsonthesyntax.
S SOGoCacheCleanupIntervalParameterusedtosettheexpiration(insec-onds)ofeachobjectinthecache.
Chapter5
Configuration 13
Defaultsto300.
S SOGoAuthenticationTypeParameterusedtodefinethewaybywhichuserswillbeauthenticated.ForC.A.S.,speci-fycas.ForSAML2,specifysaml2.Foranythingelse,leavethatvalueempty.
S SOGoTrustProxyAuthenticationParameterusedtosetwhetherHTTPuser-nameshouldbetrusted.
DefaultstoNOwhenunset.
S SOGoEncryptionKeyParameterusedtodefineakeytoencryptthepasswordsofremoteWebcalendarswhenSO-GoTrustProxyAuthenticationisenabled.
S SOGoCASServiceURLWhenusingC.A.S.authentication,thisspeci-fiesthebaseurlforreachingtheC.A.S.service.ThiswillbeusedbySOGotodeducetheprop-erloginpageaswellastheotherC.A.S.ser-vicesthatSOGowilluse.
S SOGoCASLogoutEnabledBooleanvalueindicatingwhetherthe"Logout"linkisenabledwhenusingC.A.S.asauthentica-tionmechanism.
The"Logout"linkwillendupcallingSOGo-CASServiceURL/logouttoterminatetheclientssinglesign-onC.A.S.session.
S SOGoAddressBookDAVAccessEnabledParametercontrollingWebDAVaccesstotheContactscollections.Thiscanbeusedtode-nyaccesstotheseresourcesfromLightningforexample.
DefaultstoYESwhenunset.
S SOGoCalendarDAVAccessEnabledParametercontrollingWebDAVaccesstotheCalendarcollections.
Thiscanbeusedtodenyaccesstothesere-sourcesfromLightningforexample.
DefaultstoYESwhenunset.
S SOGoSAML2PrivateKeyLocationThelocationoftheSSLprivatekeyfileonthefilesystemthatisusedbySOGotosignanden-cryptcommunicationswiththeSAML2identityprovider.ThisfilemustbegeneratedforeachrunningSOGoservice(ratherthanhost).
S SOGoSAML2CertiticateLocationThelocationoftheSSLcertificatefile.ThisfilemustbegeneratedforeachrunningSOGoser-vice.
S SOGoSAML2IdpMetadataLocationThelocationofthemetadatafilethatdescribestheservicesavailableontheSAML2identifyprovider.
S SOGoSAML2IdpPublicKeyLocationThelocationoftheSSLpublickeyfileonthefilesystemthatisusedbySOGotosignanden-
Chapter5
Configuration 14
cryptcommunicationswiththeSAML2identityprovider.Thisfileshouldbepartofthesetupofyouridentityprovider.
S SOGoSAML2IdpCertificateLocationThelocationoftheSSLcertificatefile.Thisfileshouldbepartofthesetupofyouridentityprovider.
S SOGoSAML2LogoutEnabledBooleanvalueindicatedwhetherthe"Logout"linkisenabledwhenusingSAML2asauthenti-cationmechanism.
D SOGoTimeZoneParameterusedtosetadefaulttimezoneforusers.ThedefaulttimezoneissettoUTC.TheOlsondatabaseisastandarddatabasethattakesallthetimezonesaroundtheworldintoaccountandrepresentsthemalongwiththeirhistory.OnGNU/Linuxsystems,timezonede-finitionfilesareavailableunder/usr/share/zoneinfo.Listingtheavailablefileswillgiveyouthenameoftheavailabletimezones.ThiscouldbeAmerica/New_York,Europe/Berlin,Asia/TokyoorAfrica/Lubumbashi.
Inourexample,wesetthetimezonetoAmeri-ca/Montreal.
D SOGoMailDomainParameterusedtosetthedefaultdomainnameusedbySOGo.SOGousesthisparametertobuildthelistofvalidemailaddressesforusers.
Inourexample,wesetthedefaultdomaintoacme.com.
D SOGoAppointmentSendEMailNotificationsParameterusedtosetwhetherSOGosendsornotemailnotificationstomeetingparticipants.Possiblevaluesare:
YEStosendnotifications NOtonotsendnotifications
DefaultstoNOwhenunset.
D SOGoFoldersSendEMailNotificationsSameasabove,butthenotificationsaretrig-geredonthecreationofacalendaroranad-dressbook.
D SOGoACLsSendEMailNotificationsSameasabove,butthenotificationsaresenttotheinvolvedusersofacalendaroraddressbooksACLs.
D SOGoCalendarDefaultRolesParameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessacalendar.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofuptofivestrings.Eachstringdefiningaroleforaneventcatego-rymustbeginwithoneofthosevalues:
Public
Chapter5
Configuration 15
Confidential Private
Andeachstringmustendwithoneofthosevalues:
Viewer DAndTViewer Modifier Responder
Thearraycanalsocontainoneormanyofthefollowingstrings:
ObjectCreator ObjectEraser
Example:SOGoCalendarDefaultRoles = ("Ob-jectCreator","PublicViewer");
Defaultstonorolewhenunset.Recommend-edvaluesarePublicViewerandConfidential-DAndTViewer.
D SOGoContactsDefaultRolesParameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessanaddressbook.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofoneormanyofthefollowingstrings:
ObjectViewer ObjectEditor ObjectCreator ObjectEraser
Example:SOGoContactsDefaultRoles = ("Ob-jectEditor");
Defaultstonorolewhenunset.
D SOGoSuperUsernamesParameterusedtosetwhichusernamesrequireadministrativeprivilegesoveralltheusersta-bles.Forexample,thiscouldbeusedtoposteventsintheuserscalendarwithoutrequir-ingtheusertoconfigurehis/herACLs.Inthiscaseyouwillneedtospecifythosesuperusersusernameslikethis:SOGoSuperUsernames=([, , ...]);
U SOGoLanguageParameterusedtosetthedefaultlanguageusedintheWebinterfaceforSOGo.Possiblevaluesare:
BrazilianPortuguese Czech Dutch English
Chapter5
Configuration 16
French German Hungarian Italian Russian Spanish SwedishWelsh
D SOGoNotifyOnPersonalModificationsParameterusedtosetwhetherSOGosendsornotemailreceiptswhensomeonechangeshis/herowncalendar.Possiblevaluesare:
YEStosendnotifications NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.
D SOGoNotifyOnExternalModificationsParameterusedtosetwhetherSOGosendsornotemailreceiptswhenamodificationisbeingdonetohis/herowncalendarbysomeoneelse.Possiblevaluesare:
See AlsoPrivacy-friendly alternatives to Gmail - Le AlternativeLogin |SOGO AUCTION|Used construction machinery trading and auction siteAOYAMA SOGO COMPANY SECRETARIAL SERVICES PTE. LTD. hiring Senior Accounts Executive in Singapore, Singapore | LinkedInI forgot my passwordYEStosendnotifications NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.
D SOGoLDAPContactInfoAttributeParameterusedtospecifyanLDAPattributethatshouldbedisplayedwhenauto-completingusersearches.
D SOGoiPhoneForceAllDayTransparencyWhensettoYES,thiswillforceall-dayeventssentoverbyiPhoneOSbaseddevicestobetransparent.Thismeansthattheall-dayeventswillnotbeconsideredduringfreebusylookups.
DefaultstoNOwhenunset.
S SOGoEnablePublicAccessParameterusedtoallowornotyouruserstosharepublicly(ie.,requiringnotauthentication)theircalendarsandaddressbooks.
Possiblevaluesare:
YEStoallowthem NOtopreventthemfromdoingso
DefaultstoNOwhenunset.
S SOGoPasswordChangeEnabledParameterusedtoallowornotuserstochangetheirpasswordsfromSOGo.
Possiblevaluesare:
YEStoallowthem NOtopreventthemfromdoingso
Chapter5
Configuration 17
DefaultstoNOwhenunset.
Forthisfeaturetoworkproperlywhenauthen-ticatingagainstADorSamba4,theLDAPcon-nectionmustuseSSL/TLS.Serversiderestric-tionscanalsocausethepasswordchangetofail,inwhichcaseSOGowillonlylogaCon-straintviolation(0x13)error.Theserestrictionsincludepasswordtooyoung,complexitycon-straintsnotsatisfied,usercannotchangepass-word,etcAlsonotethatSambahasamini-mumpasswordageof1daybydefault.
S SOGoSupportedLanguagesParameterusedtoconfigurewhichlanguagesareavailablefromSOGosWebinterface.Avail-ablelanguagesarespecifiedasanarrayofstring.
Thedefaultvalueis:( "Czech", "Welsh","English", "Spanish","French", "Ger-man", "Italian", "Hungarian","Dutch","BrazilianPortuguese", "Polish", "Russ-ian", Ukrainian","Swedish" )
D SOGoHideSystemEMailParameterusedtocontrolifSOGoshouldhideornotthesystememailaddress(UIDFieldName@SOGoMailDomain).ThisiscurrentlylimitedtoCalDAV(calendar-user-ad-dress-set).
DefaultstoNOwhenunset.
D SOGoSearchMinimumWordLengthParameterusedtocontroltheminimumlengthtobeusedforthesearchstring(attendeecom-pletion,addressbooksearch,etc.)priortrigger-ingtheserver-sidesearchoperation.
Defaultsto2whenunsetwhichmeansasearchoperationwillbetriggeredonthe3rdtypedcharacter.
S SOGoMaximumFailedLoginCountParameterusedtocontrolthenumberoffailedloginattemptsrequiredduringSOGoMaximum-FailedLoginIntervalsecondsormore.Ifcondi-tionsaremet,theaccountwillbeblockedforSOGoFailedLoginBlockIntervalsecondssincethefirstfailedloginattempt.
Defaultvalueis0,ordisabled.
S SOGoMaximumFailedLoginIntervalNumberofseconds,defaultsto10.
S SOGoFailedLoginBlockIntervalNumberofseconds,defaultsto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.
S SOGoMaximumMessageSubmissionCountParameterusedtocontrolthenumberofemailmessagesausercansendfromSOGosweb-
mailto:UIDFieldName@SOGoMailDomain
Chapter5
Configuration 18
mailinterface,toSOGoMaximumRecipientCount,inSOGoMaximumSubmissionIntervalsecondsormore.Ifconditionsaremetorexceeded,theuserwontbeabletosendmailsforSOGoMes-sageSubmissionBlockIntervalseconds.
Defaultvalueis0,ordisabled.
S SOGoMaximumRecipientCountMaximumnumberofrecipients.Defaultvalueis0,ordisabled.
S SOGoMaximumSubmissionIntervalNumberofseconds,defaultsto30.
S SOGoMessageSubmissionBlockIntervalNumberofseconds,defaultto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.
AuthenticationusingLDAP
SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks.SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_laterinthisdocument).Insertthefollowingtextintoyourconfigurationfiletoconfigureanauthen-ticationandglobaladdressbookusinganLDAPdirectoryserver:
SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName= uid; UIDFieldName = uid; IMAPHostFieldName = mailHost; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname ="ldap://127.0.0.1:389"; id = public; isAddressBook = YES; });
Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled.
Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,youcoulddefine,inyour.GNUstepDefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingtotheorganizationInversewithamailaddressandnotinactive:
filter = "(o='Inverse' AND mail='*' AND status 'inactive')";
Chapter5
Configuration 19
SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,youcanspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule:
displayName = "";isAddressBook = YES;
ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisanexample:
SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName= cn; UIDFieldName = sAMAccountName; baseDN ="cn=Users,dc=acme,dc=com"; bindDN ="cn=sogo,cn=Users,dc=acme,dc=com"; bindFields = (sAMAccountName);bindPassword = qwerty; canAuthenticate = YES; displayName = "ActiveDirectory"; hostname = ldap://10.0.0.1:389; id = directory;isAddressBook = YES; });
Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.ThatvalueisfoundbydoingasearchonthefieldsspecifiedinbindFields.Mostofthetime,therewillbeonlyonefieldbutitispossibletospecifymoreintheformofanarray(forexample,bindFields= (sAMAc-countName,cn)).Whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname.Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountNameentryinalltheusercards,andoncethiscardisfound,theuserDNofthiscardwillbeusedforcheckingtheuserspassword.
Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthenticationsources(ie.,canAuthenticatemustbesettoYESandagroupmusthaveavalidemailaddress).InorderforSOGotodetermineifaspecificLDAPentryisagroup,SOGowilllookforoneofthefollowingobjectClassattributes:
group
groupOfNames
groupOfUniqueNames
posixGroup
YoucansetACLsbasedongroupmembershipand inviteagrouptoameeting(andthegroupwillbedecomposedtoitslistofmembersuponsavebySOGo).YoucanalsocontrolthevisibilityofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingtheisAddressBookparametertoYESorNO.ThefollowingLDAPentryshowshowatypicalgroupisdefined:
Chapter5
Configuration 20
dn: cn=inverse,ou=groups,dc=inverse,dc=caobjectClass:groupOfUniqueNamesobjectClass: topobjectClass:extensibleObjectuniqueMember:uid=alice,ou=users,dc=inverse,dc=cauniqueMember:uid=bernard,ou=users,dc=inverse,dc=cauniqueMember:uid=bob,ou=users,dc=inverse,dc=cacn: inversestructuralObjectClass:groupOfUniqueNamesmail: [emailprotected]
ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe:
{ type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName= cn; baseDN = "ou=groups,dc=inverse,dc=ca; bindDN ="cn=sogo,ou=services,dc=inverse,dc=ca"; bindPassword = zot;canAuthenticate = YES; displayName = Inverse Groups; hostname =ldap://127.0.0.1:389; id = inverse_groups; isAddressBook =YES;}
ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource:
SOGoUserSourcesParameterusedtosettheLDAPand/orSQLsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesanLDAPsourcecancontainthefollowingvalues:
type Thetypeofthisusersource,settoldap`foranLDAPsource.
idTheidentificationnameoftheLDAPreposi-tory.Thismustbeuniqueevenwhenusingmultipledomains.
CNFieldName Thefieldthatreturnsthecompletename.
IDFieldNameThefieldthatstartsauserDNifbindFieldsisnotused.ThisfieldmustbeuniqueacrosstheentireSOGodomain.
D
UIDFieldName Thefieldthatreturnstheloginnameofauser.
ThereturnedvaluemustbeuniqueacrossthewholeSOGoinstallationsinceitisusedtoidentifytheuserinthefolder_infodatabasetable.
Chapter5
Configuration 21
MailFieldNamesAnarrayoffieldsthatreturnstheusersemailaddresses(defaultstomailwhenunset).
SearchFieldNamesAnarrayoffieldstotomatchagainstthesearchstringwhenfilteringusers(defaultstosn,displayName,andtelephoneNumberwhenunset).
IMAPHostFieldName(optional)ThefieldthatreturnseitheranURItotheIMAPserverasdescribedforSOGoIMAPServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoIMAPServerpara-meter.
IMAPLoginFieldName(optional)ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstothevalueofUIDFieldNamewhenunset).
SieveHostFieldName(optional)ThefieldthatreturnseitheranURItotheSIEVEserverasdescribedforSOGoSieveServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoSieveServerpara-meter.
baseDN ThebaseDNofyouruserentries.
KindFieldName(optional)Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.
ForLDAP-basedsources,SOGocanalsoauto-maticallydetermineifitsaresourceiftheentryhasthecalendarresourceobjectClassset.
MultipleBookingsFieldName(optional)Thevalueofthisattributeisthemaximumnumberofconcurrenteventstowhichare-sourcecanbepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.
filter(optional)ThefiltertouseforLDAPqueries,itshouldbedefinedasanEOQualifier.Thefollowingopera-torsaresupported:
inequalityoperator =equalityoperator
MultiplequalifierscanbejoinedbyusingORandAND,theycanalsobegroupedtogetherbyusingparenthesis.Attributevaluesshouldbequotedtoavoidunexpectedbehaviour.
Forexample:filter ="(objectClass='mailUser'ORobjectClass='mailGroup') AND
Chapter5
Configuration 22
accountStatus='active' AND uid 'al-ice'";
scope(optional) EitherBASE,ONEorSUB.
bindDN TheDNoftheloginnametouseforbindingtoyourserver.
bindPassword Itspassword.
bindAsCurrentUserIfsettoYES,SOGowillalwayskeepbindingtotheLDAPserverusingtheDNofthecurrentlyauthenticateduser.IfbindFieldsisset,bindDNandbindPasswordwillstillberequiredtofindtheproperDNoftheuser.
bindFields(optional)Anarrayoffieldstousewhendoingindirectbinds.
hostname Aspace-delimitedlistofLDAPURLsorLDAPhostnames.
LDAPURLsarespecifiedinRFC4516andhavethefollowinggeneralformat:
scheme://host:port/DN?attributes?scope?filter?extensions
NotethatSOGodoesntcurrentlysupportDN,attributes,scopeandfilterinsuchURLs.Usingthemmayhaveundefinedsideeffects.
URLsexamples:
ldap://127.0.0.1:3389 ldaps://127.0.0.1ldap://127.0.0.1/????!StartTLS
port(deprecated) PortnumberoftheLDAPserver.
Anon-defaultportshouldbepartoftheldapURLinthehostnameparameter.
encryption(deprecated) EitherSSLorSTARTTLS
SSLshouldbespecifiedasldaps://intheLDAPURL.STARTTLSshouldbespecifiedasaLDAPExtensionintheLDAPURL(e.g.ldap://127.0.0.1/????!StartTLS)
userPasswordAlgorithmThealgorithmusedforpasswordencryptionwhenchangingpasswordswithoutPasswordPoliciesenabled.
Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants(plussettingoftheencodingwith.b64or.hex).
Chapter5
Configuration 23
Foramoredetaileddescriptionseehttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.
Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdatabase.
canAuthenticateIfsettoYES,thisLDAPsourceisusedforau-thentication
passwordPolicyIfsettoYES,SOGowillusetheextendedLDAPPasswordPoliciesattributes.IfyouLDAPserv-erdoesnotsupportthoseandyouactivatethisfeature,everyLDAPrequestswillfail.
isAddressBookIfsettoYES,thisLDAPsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.
displayName(optional)Ifsetasanaddressbook,thehumanidentifica-tionnameoftheLDAPrepository
ModulesConstraints(optional)Limitstheaccessofanymodulethroughacon-straintbasedonanLDAPattribute;mustbeadictionarywithkeysMail,and/orCalendar,forexample:
ModulesConstraints = { Calendar = { ou = employees; };};
mappingAdictionarythatmapscontactattributesusedbySOGototheLDAPattributesusedbytheschemaoftheLDAPsource.Eachentrymusthaveanattributenameaskeyandanarrayofstringsasvalue.Thisenablesactualfieldstobemappedoneafteranotherwhenfetchingcon-tactinformations.
SeetheLDAPAttributeMappingsectionbelowforanexampleandalistofsupportedattribut-es.
objectClassesWhenthemodifierslist(seebelow)isset,orwhenusingLDAP-baseduseraddressbooks(seeabOUbelow),thislistofobjectclasseswillbeappliedtonewrecordsastheyarecreated.
modifiersAlist(array)ofusernamesthatareauthorizedtoperformmodificationstotheaddressbookdefinedbythisLDAPsource.
http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes
Chapter5
Configuration 24
abOUThisfieldenablesLDAP-baseduseraddressbooksbyspecifyingtheval-ueoftheaddressbookcontainerbe-neatheachuserentry,forexample:ou=addressbooks,uid=username,dc=domain.
The following parameters can be defined along the other keys ofeach entry of theSO-GoUserSources,butcanalsodefinedatthedomainand/orsystemlevels:
D SOGoLDAPContactInfoAttributeParameterusedtospecifyanattributethatshouldappearinautocompletionofthewebin-terface.
D SOGoLDAPQueryLimitParameterusedtolimitthenumberofreturnedresultsfromtheLDAPserverwheneverSO-GoperformsaLDAPquery(forexample,dur-ingaddressescompletioninasharedaddressbook).
D SOGoLDAPQueryTimeoutParametertodefinethetimeoutofLDAPqueries.Theactualtimelimitforoperationsisalsoboundedbythemaximumtimethattheserverisconfiguredtoallow.
Defaultsto0(unlimited).
LDAPAttributesIndexing
ToensureproperperformanceoftheSOGoapplication,thefollowingLDAPattributesmustbefullyindexed:
givenName
cn
mail
sn
Pleaserefertothedocumentationofthesoftwareyouuseinordertoindexthoseattributes.
LDAPAttributesMapping
SomeLDAPattributesaremappedtocontactsattributesintheSOGoUI.Thetablebelowlistmostofthem.Itispossibletooverridethesebyusingthemappingconfigurationparameter.
Forexample,iftheLDAPschemausesthefaxattributetostorethefaxnumber,onecouldmapittothefacsimiletelephonenumberattributelikethis:
Chapter5
Configuration 25
mapping = \{facsimiletelephonenumber = ("fax","facsimiletelephonenumber");};
Name
First givenName
Last sn
DisplayName displayNameorcnorgivenName+sn
Nickname mozillanickname
Internet
Email mail
Secondaryemail mozillasecondemail
ScreenName nsaimid
Phones
Work telephoneNumber
Home homephone
Mobile mobile
Fax facsimiletelephonenumber
Pager pager
Home
Address mozillahomestreet+mozillahomestreet2
City mozillahomelocalityname
State/Province mozillahomestate
Zip/PostalCode mozillahomepostalcode
Country mozillahomecountryname
Webpage mozillahomeurl
Work
Title title
Department ou
Organization o
Address street+mozillaworkstreet2
City l
State/Province st
Zip/Postalcode postalCode
Country c
Webpage mozillaworkurl
Other
Birthday birthyear-birthmonth-birthday
Note description
Chapter5
Configuration 26
AuthenticatingusingC.A.S.
SOGonativelysupportsC.A.S.authentication.ForactivatingC.A.S.authenticationyouneedfirsttomakesurethattheSOGoAuthenticationTypesettingissettocasandthattheSOGoCASServiceURLsettingisconfiguredappropriately.
ThetrickypartshowsupwhenusingSOGoasafrontendinterfacetoanIMAPserverasthisimposesconstraintsneededbytheC.A.S.protocoltoensuresecurecommunicationbetweenthedifferentservices.Failingtotakethoseprecautionswillpreventusersfromaccessingtheirmails,whilestillgrantingbasicauthenticationtoSOGoitself.
ThefirstconstraintisthattheamountofworkersthatSOGousesmustbehigherthan1inordertoenabletheC.A.S.servicetoperformsomevalidationrequestsduringIMAPauthentication.Asingleworkeralonewouldnot,bydefinition,beabletorespondtotheC.A.S.requestswhiletreatingtheuserrequestthatrequiredthetriggeringofthoserequests.YoumustthereforeconfiguretheWOWorkersCountsettingappropriately.
ThesecondconstraintisthattheSOGoservicemustbeaccessibleandaccessedviahttps.More-over,thecertificateusedbytheSOGoserverhastoberecognizedandtrustedbytheC.A.S.ser-vice.Inthecaseofacertificateissuedbyathird-partyauthority,thereshouldbenothingtowor-ryabout.Inthecaseofaself-signedcertificate,thecertificatemustberegisteredinthetrustedkeystoreoftheC.A.S.application.Theproceduretoachievethiscanbesummarizedasimportingthecertificateintheproper"keystore"usingthekeytoolutilityandspecifyingthepathforthatkeystoretotheTomcatinstancewhichprovidestheC.A.S.service.Thisisdonebytweakingthejavax.net.ssl.trustStoresetting,eitherinthecatalina.propertiesfileorinthecommand-lineparameters.Ondebian,theSOGocertificatecanalsobeaddedtothetruststoreasfollows:
openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \-out /tmp/sogo-cert.derkeytool -import -keystore/etc/ssl/certs/java/cacerts \ -file /tmp/sogo-cert.der -aliassogo-cert# The keystore password is 'changeit'# tomcat must berestarted after this operation
Thecertificateusedby theCASservermustalsobe trustedbySOGo.Incaseofaself-signedcertificate,thismeansexportingtomcatscertificateusingthe+keytool+utility,convertingittoPEMformatandappendingittotheca-certificates.crtfile(thenameandlocationofthatfilediffersbetweendistributions).Basically:
# export tomcat's cert to openssl formatkeytool -keystore/etc/tomcat7/keystore -exportcert -alias tomcat | \ openssl x509-inform der >tomcat.pem
Enter keystore password: tomcat
# add the pem to the trusted certscp tomcat.pem/etc/ssl/certscat tomcat.pem>>/etc/ssl/certs/ca-certificates
Chapter5
Configuration 27
Ifanyofthoseconstraintsisnotsatisfied,thewebmailinterfaceofSOGowilldisplayanemptyemailaccount.Unfortunately,SOGohasnopossibilitytodetectwhichoneisthecauseoftheproblem.Theonlyindicatorsarelogmessagesthatatleastpinpointthesymptoms:
"failuretoobtainaPGTfromtheC.A.S.service"
SuchanerrorwillshowupduringauthenticationoftheusertoSOGo.Ithappenswhentheauthen-ticationservicehasacceptedtheuserauthenticationticketbuthasnotreturneda"ProxyGrantingTicket".
"aCASfailureoccurredduringoperation."
Thiserrorindicatethatanattemptwasmadetoretrieveanauthenticationticketforathird-partyservicesuchasIMAPorsieve.Mostofthetime,thishappensasaconsequencetotheproblemdescribedabove.Totroubleshoottheseissues,oneshouldbetailingcas.log,pamlogsandsogologs.
Currently,SOGowillaskforaCASticketusingthesameCASservicenameforbothIMAPandSieve.WhenCASifyingsieve,thismeansthatthe-sparameterof`pam_cas`shouldbethesameforbothIMAPandSieve,otherwisetheCASserverwillcomplain:
ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] -ServiceTicket[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service[imap://myimapserverdoes not match supplied service[sieve://mysieveserver:2000]
Finally,whenusing imapproxytospeedupthe imapaccesses,theSOGoIMAPCASServiceNameshouldbesettotheactualimapservicenameexpectedbypam_cas,otherwiseitwillfailtoauthen-ticateincomingconnectionproperly.
AuthenticatingusingSAML2
SOGonativelysupportsSAML2authentication.Pleaserefertothedocumentationofyouridenti-typroviderandtheSAML2configurationkeysthatarelistedaboveforpropersetup.OnceaSO-Goinstanceisconfiguredproperly,themetadataforthatinstancecanberetrievedfromhttp:///SOGo/saml2-metadataforregistrationwiththeidentityprovider.
In order to relay authentication information to your IMAP serverand if youmake use oftheCrudeSAMLSASLplugin,youneedtomakesurethatNGImap4AuthMechanismisconfiguredtousetheSAMLmechanism.IfyoumakeuseoftheCrudeSAMLPAMplugin,thisvaluemaybeleftempty.
DatabaseConfiguration
SOGorequiresa relationaldatabasesystem inorder tostoreappointments,tasksandcontactsinformation.ItalsousesthedatabasesystemtostorepersonalpreferencesofSOGousers.Inthisguide,weassumeyouusePostgreSQLsocommandsprovidedthecreatethedatabasearerelatedtothisapplication.However,otherdatabaseserversaresupported,suchasMySQLandOracle.
Chapter5
Configuration 28
First,makesurethatyourPostgreSQLserverhasTCP/IPconnectionssupportenabled.
Createthedatabaseuserandschemausingthefollowingcommands:
su # postgrescreateuser --no-superuser --no-createdb#-no-createrole \ #-encrypted --pwprompt sogo(specify sogo aspassword)createdb -O sogo sogo
Youshouldthenadjusttheaccessrightstothedatabase.Todoso,modifytheconfigurationfile/var/lib/pgsql/data/pg_hba.confinordertoaddthefollowinglineattheverybeginningofthefile:
host sogo sogo 127.0.0.1/32 md5
Onceadded,restartthePostgreSQLdatabaseservice.Then,modifytheSOGoconfigurationfile(/etc/sogo/sogo.conf)toreflectyourdatabasesettings:
SOGoProfileURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL="postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL="postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
Thefollowingtabledescribestheparametersthatwereset:
D SOGoProfileURLParameterusedtosetthedatabaseURLsothatSOGocanretrieveuserprofiles.
ForMySQL,setthedatabaseURLtosomethinglike:mysql://sogo:sogo@localhost:3306/so-go/sogo_user_profile.
D OCSFolderInfoURLParameterusedtosetthedatabaseURLsothatSOGocanretrievethelocationofuserfolders(addressbooksandcalendars).
ForOracle,setthedatabaseURLtosomethinglike:oracle://sogo:sogo@localhost:1526/so-go/sogo_folder_info.
D OCSSessionsFolderURLParameterusedtosetthedatabaseURLsothatSOGocanstoreandretrievesecuredusersessionsinformation.ForPostgreSQL,thedata-baseURLcouldbesettosomethinglike:post-gresql://sogo:sogo@localhost:5432/so-go/sogo_sessions_folder.
D OCSEMailAlarmsFolderURLParameterusedtosetthedatabaseURLforemail-basedalarms(thatcanbesetoneventsandtasks).Thisparameterisrel-evantonlyifSOGoEnableEMailAlarmsissettoYES.ForPostgreSQL,thedatabaseURLcouldbesettosomethinglike:post-
Chapter5
Configuration 29
gresql://sogo:sogo@localhost:5432/so-go/sogo_alarms_folder
Seethe"EMailreminders"sectioninthisdocu-mentformoreinformation.
IfyoureusingMySQL,makesureinyourmy.cnffileyouhave:
[mysqld]...character_set_server=utf8character_set_client=utf8
[client]default-character-set=utf8
[mysql]default-character-set=utf8
AuthenticationusingSQL
SOGocanuseaSQL-baseddatabaseserverforauthentication.TheconfigurationisverysimilartoLDAP-basedauthentication.
ThefollowingtabledescribesallthepossibleparametersrelatedtoaSQLsource:
SOGoUserSourcesParameterusedtosettheSQLand/orLDAPsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesaSQLsourcecancontainthefollowingvalues:
type Thetypeofthisusersource,settosqlforaSQLsource.
idTheidentificationnameoftheSQLrepository.Thismustbeuniqueevenwhenusingmulti-pledomains.
D
viewURLDatabaseURLoftheviewusedbySOGo.Theviewexpectscolumnstobepresent.Requiredcolumnsare:
c_uid:[emailprotected]
c_name:willbeusedtouniquelyidentifyen-trieswhichcanbeidenticaltoc_uid
c_password:passwordoftheuser,plaintext,crypt,md5orshaencoded
c_cn:theuserscommonname mail:theusersemailaddress
mailto:[emailprotected]
Chapter5
Configuration 30
OthercolumnscanexistandwillactuallybemappedautomaticallyiftheyhavethesamenameaspopularLDAPattributes(suchasgivenName,sn,department,title,telepho-neNumber,etc.).
userPasswordAlgorithmThedefaultalgorithmusedforpassworden-cryptionwhenchangingpasswords.Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5,ldap-md5,andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants.Passwordscanhavetheschemeprepend-edintheform{scheme}encryptedPass.
Ifnoschemeisgiven,userPasswordAlgo-rithmisusedinstead.Theschemeslistedabovefollowthealgorithmsdescribedinhttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.
Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdata-base.
prependPasswordSchemeThedefaultbehaviouristostorenewlysetpasswordswithoutthescheme(default:NO).ThiscanbeoverriddenbysettingtoYESandwillresultinpasswordsstoredas{scheme}encryptedPass.
canAuthenticateIfsettoYES,thisSQLsourceisusedforau-thentication.
isAddressBookIfsettoYES,thisSQLsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.
authenticationFilter(optional)Afilterthatlimitswhichuserscanauthenticatefromthissource.
displayName(optional)Ifsetasanaddressbook,thehumanidentifica-tionnameoftheSQLrepository.
LoginFieldNames(optional)Anarrayoffieldsthatspecifiesthecolumnnamesthatcontainvalidauthenticationuser-names(defaultstoc_uidwhenunset).
MailFieldNames(optional)Aanarrayoffieldsthatspecifiesthecolumnnamesthatholdadditionalemailaddresses(be-sidethemailcolumn)foreachuser.
IMAPHostFieldName(optional)ThefieldthatreturnstheIMAPhostnamefortheuser.
IMAPLoginFieldName(optional)ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstoc_uidwhenunset).
http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes
Chapter5
Configuration 31
SieveHostFieldName(optional)ThefieldthatreturnstheSievehostnamefortheuser.
KindFieldName(optional)Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.
MultipleBookingsFieldName(optional)Thevalueofthisfieldisthemaximumnumberofconcurrenteventstowhicharesourcecanbepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.
DomainFieldName(optional)Ifset,SOGowillusethevalueofthatfieldasthedomainassociatedtotheuser.
SeetheMulti-domainsConfigurationsectioninthisdocumentformoreinformation.
HereisanexampleofanSQL-basedauthenticationandaddressbooksource:
SOGoUserSources =( { type = sql; id = directory; viewURL ="postgresql://sogo:[emailprotected]:5432/sogo/sogo_view";canAuthenticate = YES; isAddressBook = YES; userPasswordAlgorithm =md5; });
Certaindatabasecolumnsmustbepresentintheview/table,suchas:
c_uidwillbeusedforauthenticationitstheusernameorusername@domain.tld
c_namewhichcanbeidenticaltoc_uidwillbeusedtouniquelyidentifyentries
c_passwordpasswordoftheuser,plain-text,md5orshaencodedfornow
c_cntheuserscommonnamesuchas"JohnDoe"
mailtheusersmailaddress
NotethatgroupsarecurrentlynotsupportedforSQL-basedauthenticationsources.
SMTPServerConfiguration
SOGomakesuseofaSMTPservertosendemailsfromtheWebinterface,iMIP/iTIPmessagesandvariousnotifications.
mailto:[emailprotected]
Chapter5
Configuration 32
Thefollowingtabledescribestherelatedparameters.
D SOGoMailingMechanismParameterusedtosethowSOGosendsmailmessages.Possiblevaluesare:
sendmailtousethesendmailbinary smtptousetheSMTPprotocol
D SOGoSMTPServerTheDNSnameorIPaddressoftheSMTPserverusedwhenSOGoMailingMechanismissettosmtp.
D SOGoSMTPAuthenticationTypeActivateSMTPauthenticationandspecifieswhichtypeisinuse.Current,onlyPLAINissup-portedandothervalueswillbeignored.
S WOSendMail Thepathofthesendmailbinary.
Defaultsto/usr/lib/sendmail.
D SOGoForceExternalLoginWithEmailParameterusedtospecifyif,whenloggingintotheSMTPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:
YES NO
DefaultstoNOwhenunset.
IMAPServerConfiguration
SOGorequiresanIMAPserverinordertoletusersconsulttheiremailmessages,managetheirfold-ersandmore.
Thefollowingtabledescribestherelatedparameters.
U SOGoDraftsFolderNameParameterusedtosettheIMAPfoldernameusedtostoredraftsmessages.
DefaultstoDraftswhenunset.
Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Drafts.
U SOGoSentFolderNameParameterusedtosettheIMAPfoldernameusedtostoresentmessages.
DefaultstoSentwhenunset.
Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Sent.
U SOGoTrashFolderNameParameterusedtosettheIMAPfoldernameusedtostoredeletedmessages.
Chapter5
Configuration 33
DefaultstoTrashwhenunset.
Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Trash.
D SOGoIMAPCASServiceNameParameterusedtosettheCASservicename(URL)oftheimapservice.ThisisusefulifSO-GoisconnectingtotheIMAPservicethroughaproxy.Whenusingpam_cas,thisparametershouldbesettothesamevalueasthe-sargu-mentoftheimappamservice.
D SOGoIMAPServerParameterusedtosettheDNSnameorIPad-dressoftheIMAPserverusedbySOGo.YoucanalsouseSSLorTLSbyprovidingavalueusinganURL,suchas:
imaps://localhost:993 imaps://localhost:143/?tls=YES
D SOGoSieveServerParameterusedtosettheDNSnameorIPad-dressoftheSieve(managesieve)serverusedbySOGo.YoumustuseanURLsuchas:
sieve://localhost sieve://localhost:2000sieve://localhost:2000/?tls=YES
NotethatTLSissupportedbutSSLisnot.
D SOGoSieveFolderEncodingParameterusedtospecifywhichencodingisusedforIMAPfoldernamesinSievefilters.De-faultsto"UTF-7".Theotherpossiblevalueis"UTF-8".
U SOGoMailShowSubscribedFoldersOnlyParameterusedtospecifyiftheWebinter-faceshouldonlyshowsubscribedIMAPfold-ers.Possiblevaluesare:
YES NO
DefaultstoNOwhenunset.
D SOGoIMAPAclStyleParameterusedtospecifywhichRFCtheIMAPserverimplementswithrespecttoACLs.Possi-blevaluesare:
rfc2086 rfc4314
Defaultstorfc4314whenunset.
D SOGoIMAPAclConformsToIMAPExtParameterusedtospecifyiftheIMAPserverimplementstheInternetMessageAccessPro-tocolExtension.Possiblevaluesare:
YES NO
Chapter5
Configuration 34
DefaultstoNOwhenunset.
D SOGoForceExternalLoginWithEmailParameterusedtospecifyif,whenloggingintotheIMAPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:
YES NO
DefaultstoNOwhenunset.
D SOGoMailSpoolPathParameterusedtosetthepathwheretempo-raryemaildraftsarewritten.Ifyouchangethisvalue,youmustalsomodifythedailycronjobsogo-tmpwatch.
Defaultsto/var/spool/sogo.
S NGImap4ConnectionStringSeparatorParameterusedtosettheIMAPmailboxseparator.SettingthiswillalsohaveanimpactonthemailboxseparatorusedbySievefilters.
Thedefaultseparatoris/.
S NGImap4AuthMechanismTriggertheuseoftheIMAPAUTHENTICATEcommandwiththespecifiedSASLmechanism.Pleasenotethatfeaturemightbelimitedatthistime.
D NGImap4ConnectionGroupIdPrefixPrefixtoprependtonamesinIMAPACLtrans-actions,toindicatethenameisagroupnamenotausername.
RFC4314givesexampleswheregroupnamesareprefixedwith$.Dovecot,forone,followsthisscheme,andwill,forexample,applyper-missionsfor$adminstoallusersingroupad-minsintheabsenceofspecificpermissionsfortheindividualuser.
Thedefaultprefixis$.
WebInterfaceConfiguration
ThefollowingadditionalparametersonlyaffecttheWebinterfacebehaviourofSOGo.
S SOGoPageTitle ParameterusedtodefinetheWebpagetitle.
DefaultstoSOGowhenunset.
U SOGoLoginModuleParameterusedtospecifywhichmoduletoshowafterlogin.Possiblevaluesare:
Chapter5
Configuration 35
Calendar Mail Contacts
DefaultstoCalendarwhenunset.
S SOGoFaviconRelativeURLParameterusedtospecifytherelativeURLofthesitefavion.
Whenunset,defaultstothefilesogo.icoun-derthedefaultwebresourcesdirectory.
S SOGoZipPathParameterusedtospecifythepathofthezipbinaryusedtoarchivemessages.
Defaultsto/usr/bin/zipwhenunset.
D SOGoSoftQuotaRatioParameterusedtochangethequotareturnedbytheIMAPserverbymultiplyingitbythespecifiedratio.Actsasasoftquota.Example:0.8.
USOGoMailUseOutlookStyleReplies(notcur-rentlyeditableinWebinterface)
ParameterusedtosetifemailrepliesshoulduseOutlooksstyle.
DefaultstoNOwhenunset.
USOGoMailListViewColumnsOrder(notcur-rentlyeditableinWebinterface)
ParameterusedtospecifythedefaultorderofthecolumnsfromtheSOGowebmailinterface.Theparameterisanarray,forexample:
SOGoMailListViewColumnsOrder = (Flagged, Attachment, Priority,From, Subject, Unread, Date, Size);
D SOGoVacationEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowofavacationmessage.
RequiresSievescriptsupportontheIMAPhost.
DefaultstoNOwhenunset.
Whenenablingthisparameter,onemustalsoenabletheassociatedcronjobin/etc/cron.d/sogoinordertoactivateautomaticvacationmessageexpiration.
SeetheCronjobVacationmessagesexpirationsectionbelowfordetails.
D SOGoForwardEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowofaforwardingemailaddress.RequiresSievescriptsupportontheIMAPhost.
DefaultstoNOwhenunset.
Chapter5
Configuration 36
D SOGoSieveScriptsEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowsofserver-sidemailfil-ters.RequiresSievescriptsupportontheIMAPhost.
DefaultstoNOwhenunset.
D SOGoMailPollingIntervalsParameterusedtodefinethemailpollinginter-vals(inminutes)availabletotheuser.Thepara-meterisanarraythatcancontainthefollowingnumbers:
1 2 5 10 20 30 60
Defaultstothelistabovewhenunset.
U SOGoMailMessageCheckParameterusedtodefinethemailpollinginter-valatwhichtheIMAPserverisqueriedfornewmessages.Possiblevaluesare:
manually every_minute every_2_minutes every_5_minutesevery_10_minutes every_20_minutes every_30_minutesonce_per_hour
Defaultstomanuallywhenunset.
D SOGoMailAuxiliaryUserAccountsEnabledParameterusedtoactivatetheauxiliaryIMAPaccountsinSOGo.WhensettoYES,userscanaddotherIMAPaccountsthatwillbevisiblefromtheSOGoWebmailinterface.
DefaultstoNOwhenunset.
U SOGoDefaultCalendarParameterusedtospecifywhichcalendarisusedwhencreatinganeventoratask.Possiblevaluesare:
selected personal first
Defaultstoselectedwhenunset.
U SOGoDayStartTime Thehouratwhichthedaystarts(0through12).
Defaultsto8whenunset.
Chapter5
Configuration 37
U SOGoDayEndTime Thehouratwhichthedayends(12through23).
Defaultsto18whenunset.
U SOGoFirstDayOfWeekThedayatwhichtheweekstartsintheweekandmonthviews(0through6).0indicatesSun-day.
Defaultsto0whenunset.
U SOGoFirstWeekOfYearParameterusedtodefinedhowisidentifiedthefirstweekoftheyear.Possiblevaluesare:
January1 First4DayWeek FirstFullWeek
DefaultstoJanuary1whenunset.
U SOGoTimeFormatTheformatusedtodisplaytimeinthetimelineofthedayandweekviews.PleaserefertothedocumentationforthedatecommandorthestrftimeCfunctionforthelistofavailablefor-matsequence.
Defaultsto%H:%M.
U SOGoCalendarCategoriesParameterusedtodefinethecategoriesthatcanbeassociatedtoevents.Thisparameterisanarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.
U SOGoCalendarDefaultCategoryColorParameterusedtodefinethedefaultcolourofcategories.
Defaultsto#F0F0F0whenunset.
U SOGoCalendarEventsDefaultClassificationParameterusedtodefinedthedefaultclassifi-cationfornewevents.Possiblevaluesare:
PUBLIC CONFIDENTIAL PRIVATE
DefaultstoPUBLICwhenunset.
U SOGoCalendarTasksDefaultClassificationParameterusedtodefinedthedefaultclassifi-cationfornewtasks.Possiblevaluesare:
PUBLIC CONFIDENTIAL PRIVATE
DefaultstoPUBLICwhenunset.
U SOGoCalendarDefaultReminderParameterusedtodefinedadefaultreminderfornewevents.Possiblevaluesare:
Chapter5
Configuration 38
-PT5M -PT10M -PT15M -PT30M -PT45M -PT1H -PT2H -PT5H -PT15H -P1D-P2D -P1W
D SOGoFreeBusyDefaultIntervalThenumberofdaystoincludeinthefreebusyinformation.Theparameterisanarrayoftwonumbers,thefirstbeingthenumberofdayspriortothecurrentdayandthesecondbeingthenumberofdaysfollowingthecurrentday.
Defaultsto(7, 7)whenunset.
U SOGoBusyOffHoursParameterusedtospecifyifoff-hoursshouldbeautomaticallyaddedtothefree-busyinfor-mation.Offhoursincludedweekendsandpe-riodscoveredbetweenSOGoDayEndTimeandSOGoDayStartTime.
DefaultstoNOwhenunset.
U SOGoMailMessageForwardingThemethodthemessageistobeforwarded.Possiblevaluesare:
inline attached
Defaultstoinlinewhenunset.
U SOGoMailCustomFullNameThestringtouseasfullnamewhencomposinganemail,ifSOGoMailCustomFromEnabledissetintheusersdomaindefaults.
Whenunset,thefullnamespecifiedintheusersourcesfortheuserisusedinstead.
U SOGoMailCustomEmailThestringtouseasemailaddresswhencom-posinganemail,ifSOGoMailCustomFrom-Enabledissetintheusersdomaindefaults.Whenunset,theemailspecifiedintheusersourcesfortheuserisusedinstead.
U SOGoMailReplyPlacementThereplyplacementwithrespecttothequotedmessage.Possiblevaluesare:
above below
Defaultstobelow.
Chapter5
Configuration 39
U SOGoMailReplyToTheemailaddresstouseinthereply-tohead-erfieldwhentheusersendsamessage.
Ignoredwhenempty.
U SOGoMailSignaturePlacementTheplacementofthesignaturewithrespecttothequotedmessage.Possiblevaluesare:
above below
Defaultstobelow.
U SOGoMailComposeMessageTypeThemessagecompositionformat.Possibleval-uesare:
text
html
Defaultstotext.
S SOGoEnableEMailAlarmsParameterusedtoenableemail-basedalarmsoneventsandtasks.
DefaultstoNOwhenunset.
Forthisfeaturetoworkcorrectly,onemustalsosettheOCSEMailAlarmsFolderURLpara-meterandenabletheassociatedcronjob.SeetheCronjobEMailreminderssectionfromthisdocumentformoreinformation.
U SOGoContactsCategoriesParameterusedtodefinethecategoriesthatcanbeassociatedtocontacts.Thisparameterisanarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.
D SOGoUIAdditionalJSFilesParameterusedtodefinealistofaddition-alJavaScriptfilesloadedbySOGoforalldis-playedwebpages.ThisparameterisanarrayofstringscorrespondingofpathstothearbitraryJavaScriptfiles.ThepathsarerelativetotheWebServerResourcesdirectory,whichisusuallyfoundunder/usr/lib/GNUstep/SOGo/.
D SOGoMailCustomFromEnabledParameterusedtoallowornotuserstospecifycustom"From"addressesfromSOGosprefer-encespanel.
DefaultstoNOwhenunset.
D SOGoSubscriptionFolderFormatParameterusedtosetthedefaultformattingofasubscriptionfoldername.Availablevariablesare:
%{FolderName}
%{UserName}
Chapter5
Configuration 40
%{Email}
Defaultsto%{FolderName} (%{UserName} )whenunset.
D SOGoUIxAdditionalPreferencesParameterusedtoenableanextrapreferencestabusingthecontentofthetemplatenamedUIxAdditionalPreferences.wox.Thistem-plateshouldbeputunder~sogo/GNUstep/Li-brary/SOGo/Templates/PreferencesUI/.
DefaultstoNOwhenunset.
SOGoConfigurationSummary
ThecompleteSOGoconfigurationfile+/etc/sogo/sogo.conf+shouldlooklikethis:
Chapter5
Configuration 41
{ SOGoProfileURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";SOGoAppointmentSendEMailNotifications = YES;SOGoCalendarDefaultRoles = ( PublicViewer, ConfidentialDAndTViewer); SOGoLanguage = English; SOGoTimeZone = America/Montreal;SOGoMailDomain = acme.com; SOGoIMAPServer = localhost;SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent;SOGoTrashFolderName = Trash; SOGoMailingMechanism = smtp;SOGoSMTPServer = 127.0.0.1; SOGoUserSources = ( { type = ldap;CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public; isAddressBook = YES; port = 389; } );}
Multi-domainsConfiguration
Ifyouwantyourinstallationtoisolatetwogroupsofusers,youmustdefineadistinctauthentica-tionsourceforeachdomain.Followingisthesameconfigurationthatnowincludestwodomains(acme.comandcoyote.com):
Chapter5
Configuration 42
{... domains = { acme = { SOGoMailDomain = acme.com;SOGoDraftsFolderName = Drafts; SOGoUserSources = ( { type = ldap;CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public_acme; isAddressBook = YES; port = 389; } );}; coyote = { SOGoMailDomain = coyote.com; SOGoIMAPServer =imap.coyote.com; SOGoUserSources = ( { type = ldap; CNFieldName =cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=coyote,dc=com"; bindDN ="uid=sogo,ou=users,dc=coyote,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public_coyote; isAddressBook = YES; port = 389; }); }; };}
ThefollowingadditionalparametersonlyaffectSOGowhenusingmultipledomains.
S SOGoEnableDomainBasedUIDParameterusedtoactivateuseridentifi-cationbydomain.Userswillbeable(with-outbeingrequired)tologinusingtheform
Chapter5
Configuration 43
username@domain,meaningthatvaluesofUID-FieldNamenolongerhavetobeuniqueamongalldomainsbutonlywithinthesamedomain.Internally,userswillalwaysbeidentifiedbytheconcatenationoftheirusernameanddomain.
Consequently,activatingthisparameteronanexistingsystemimpliesthatuseridentifierswillchangeandtheirpreviouscalendarsandad-dressbookswillnolongerbeaccessibleunlessaconversionisperformed.
DefaultstoNOwhenunset.
S SOGoLoginDomainsParameterusedtodefinewhichdomainsshouldbeselectablefromtheloginpage.Thisparameterisanarrayofkeysfromthedomainsdictionary.
Defaultstoanemptyarray,whichmeansthatnodomainsappearontheloginpage.Ifyoupreferhavingthedomainnameslisted,justusetheseaskeysforthethedomainsdictionary.
S SOGoDomainsVisibilityParameterusedtosetdomainsvisibleamongthemselves.Thisparameterisanarrayofar-rays.
Example:SOGoDomainsVisibility = ((acme,coyote));
Defaultstoanemptyarray,whichmeansdo-mainsareisolatedfromeachother.
ApacheConfiguration
TheSOGoconfigurationforApacheislocatedin/etc/httpd/conf.d/SOGo.conf.
UponSOGoinstallation,adefaultconfigurationfileiscreatedwhichissuitableformostconfigu-rations.
YoumustalsoconfigurethefollowingparametersintheSOGoconfigurationfileforApacheinordertohaveaworkinginstallation:
RequestHeader set "x-webobjects-server-port" "80"RequestHeaderset "x-webobjects-server-name" "yourhostname"RequestHeader set"x-webobjects-server-url" "http://yourhostname"
YoumayconsiderenablingSSLontopofthiscurrentinstallationtosecureaccesstoyourSOGoinstallation.
Seehttp://httpd.apache.org/docs/2.2/ssl/fordetails.
http://httpd.apache.org/docs/2.2/ssl/
Chapter5
Configuration 44
YoumightalsohavetoadjusttheconfigurationifyouhaveSELinuxenabled.
Thedefaultconfigurationwillusemod_proxyandmod_headerstorelayrequeststothesogodparentprocess.Thisissuitableforsmalltomediumdeployments.
StartingServices
OnceSOGoiffullyinstalledandconfigured,starttheservicesusingthefollowingcommand:
service sogod start
YoumayverifyusingthechkconfigcommandthattheSOGoserviceisautomaticallystartedatboottime.RestarttheApacheservicesincemodulesandconfigurationfileswereadded:
service httpd restart
Finally,youshouldalsomakesurethatthememcachedserviceisstartedandthatitisalsoautomat-icallystartedatboottime.
CronjobEMailreminders
SOGoallowsyoutosetemail-basedremindersforeventsandtasks.Toenablethis,youmustenabletheSOGoEnableEMailAlarmspreferenceandsettheOCSEMailAlarmsFolderURLpreferenceaccord-ingly.
Onceyouvecorrectlysetthosetwopreferences,youmustcreateacronjobthatwillrununderthe"sogo"user.Thiscronjobshouldberuneveryminute.
Acommentedoutexampleshouldhavebeeninstalledin/etc/cron.d/sogo,toenableit,simplyuncommentit.
Asareference,thecronjobshoulddedefinedlikethis:
* * * * * /usr/sbin/sogo-ealarms-notify
If your mail server requires use of SMTP AUTH, specify acredential file using -p /path/to/credFile. This file shouldcontain the username and password, separated by acolon(username:password)
Chapter5
Configuration 45
CronjobVacationmessagesexpiration
Whenvacationmessagesareenabled(seetheparameterSOGoVacationEnabled),userscansetanexpirationdatetomessagesauto-reply.Forthisfeaturetowork,youmustrunacronjobunderthe"sogo"user.
Acommentedoutexample shouldhavebeen installedin/etc/cron.d/sogo.Toworkcorrectlythistoolmustloginasanadministrativeuseronthesieveserver.Therequiredcredentialsmustbespecifiedinafilebyusing-p/path/to/credFile.Thisfileshouldcontaintheusernameandpassword,separatedbyacolon(username:password).
Thecronjobshouldlooklikethis:
0 0 * * *sogo /usr/sbin/sogo-tool expire-autoreply -p/etc/sogo/sieve.creds
Chapter6
ManagingUserAccounts 46
ManagingUserAccounts
CreatingtheSOGoAdministrativeAccount
First, create the SOGo administrative account in your LDAPserver. The following LDIF file(sogo.ldif)canbeusedasanexample:
dn: uid=sogo,ou=users,dc=acme,dc=comobjectClass: topobjectClass:inetOrgPersonobjectClass: personobjectClass:organizationalPersonuid: sogocn: SOGo Administratormail:[emailprotected]: AdministratorgivenName: SOGo
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f sogo.ldif -x -w qwerty -Dcn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:
ldappasswd -h localhost -x -w qwerty -Dcn=Manager,dc=acme,dc=com uid=sogo,ou=users,dc=acme,dc=com -sqwerty
CreatingaUserAccount
SOGousesLDAPdirectoriestoauthenticateusers.UsethefollowingLDIFfile(jdoe.ldif)asanexampletocreateaSOGouseraccount:
Chapter6
ManagingUserAccounts 47
dn: uid=jdoe,ou=users,dc=acme,dc=comobjectClass: topobjectClass:inetOrgPersonobjectClass: personobjectClass:organizationalPersonuid: jdoecn: John Doemail: [emailprotected]:DoegivenName: John
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f jdoe.ldif -x -w qwerty -Dcn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:
ldappasswd -h localhost -x -w qwerty -Dcn=Manager,dc=acme,dc=com uid=jdoe,ou=users,dc=acme,dc=com -sqwerty
Asanalternativetousingcommand-linetools,youcanalsouseLDAPeditorssuchasLumaorApacheDirectoryStudiotomakeyourworkeasier.TheseGUIutilitiescanmakeuseoftemplatestocreateandpre-configuretypicaluseraccountsoranystandardizedLDAPrecord,alongwiththecorrectobjectclasses,fieldsanddefaultvalues.
Chapter7
MicrosoftActiveSync 48
MicrosoftActiveSync
SOGosupportstheMicrosoftActiveSyncprotocol.
ActiveSyncclientscanfullysynchronizecontacts,emails,eventsandtaskswithSOGo.FreebusyandGALlookupsarealsosupported,aswellas"Smartreply"and"Smartforward"operations.
ToenableMicrosoftActiveSyncsupportinSOGo,youmustinstalltherequiredpackages.
yum install sogo-activesync libwbxml
Onceinstalled,simplyuncommentthefollowinglinesfromyourSOGoApacheconfiguration:
ProxyPass /Microsoft-Server-ActiveSync \http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ retry=60connectiontimeout=5 timeout=360
RestartApacheafterwards.
ThefollowingadditionalparametersonlyaffectSOGowhenusingActiveSync:
S SOGoMaximumPingIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaPingcommand.
Ifnotset,itdefaultsto5seconds.
S SOGoMaximumSyncIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaSynccommand.
Ifnotset,itdefaultsto30seconds.
S SOGoInternalSyncIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforedo-inganinternalcheckfordatachanges(add,delete,andupdate).ThisparametermustbelowerthanSOGoMaximumSyncInterval.
Ifnotset,itdefaultsto10seconds.
S SOGoMaximumSyncWindowSizeParameterusedtooverwritethemaximumnumberofitemsreturnedduringaSyncopera-tion.
Defaultsto0,whichmeansnooverwriteisper-formed.
Chapter7
MicrosoftActiveSync 49
Settingthisparametertoavaluegreaterthan512willhaveunexpectedbehaviourwithvari-ousActiveSyncclients.
Pleasebeawareofthefollowinglimitations:
Currently,onlythepersonalcalendarandaddressbookaresynchronized.Addingsupportforallfoldersisplanned.
WhencreatinganOutlook2013profile,youmustactuallykillOutlookbeforetheendofthecreationprocess.Seehttp://www.vionblog.com/connect-zimbra-community-with-outlook-2013foraprocedureexample.
Outlook2013doesnotsearchtheGAL.OnepossiblealternativesolutionistoconfigureOutlooktouseaLDAPserver(overSSL)withauthentication.Alternatively,whensupportingmorethanjustthepersonaladdressbook,wellalsobeabletoexposetheLDAP/SQLbasedaddressbooksinSOGooverActiveSync.
Makesureyoudonotuseaself-signedcertificate.Whilethiswillwork,Outlookwillworkinter-mittentlyasitwillraisepopupsforcertificatevalidation,sometimesinbackground,preventingtheusertoseethewarningandthus,preventinganysynchronizationtohappen.
ActiveSyncclientskeepconnectionsopenforawhile.Eachconnectionwillgrabaholdonasogodprocesssoyouwillneedalotofprocessestohandlemanyclients.ThislimitationwilleventuallybeovercomeinSOGo.
Repetitiveeventswithoccurrencesexceptionsarecurrentlynotsupported.
Outlook2013Autodiscoveryiscurrentlynotsupported.
Outlook2013freebusylookupsaresupportedusingtheInternetFree/BusyfeatureofOutlook2013.Pleaseseehttp://support.microsoft.com/kb/291621forconfigurationinstructions.OntheSOGoside,SOGoEnablePublicAccessmustbesettoYESandtheURLtousemustbeofthefol-lowingformat:http:///SOGo/dav/public/%NAME%/freebusy.ifb
InordertousetheSOGoActiveSyncsupportcodeinproductionenvironments,youneedtogetaproperusagelicensefromMicrosoft.Pleasecontactthemdirectlytonegotiatethefeesassociatedtoyouruserbase.
TocontactMicrosoft,pleasevisit:
http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxand send [emailprotected]
Inverseinc.providesthissoftwareforfree,butisnotresponsibleforanythingrelatedtoitsusage.
http://www.vionblog.com/connect-zimbra-community-with-outlook-2013http://support.microsoft.com/kb/291621http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxmailto:[emailprotected]
Chapter8
UsingSOGo 50
UsingSOGo
SOGoWebInterface
ToaccestheSOGoWebInterface,pointyourWebbrowser,whichisrunningfromthesameserverwhereSOGowasinstalled,tothefollowingURL:http://localhost/SOGo.
Loginusingthe"jdoe"userandthe"qwerty"password.Theunderlyingdatabasetableswillauto-maticallybecreatedbySOGo.
MozillaThunderbirdandLightning
Alternatively,youcanaccessSOGowithaGroupDAVandaCalDAVclient.Atypicalwell-integratedsetupistouseMozillaThunderbirdandMozillaLightningalongwithInversesSOGoConnectorplugintosynchronizeyouraddressbooksandtheInversesSOGoIntegratorplugintoprovideacompleteintegrationofthefeaturesofSOGointoThunderbirdandLightning.RefertothedocumentationofThunderbirdtoconfigureaninitialIMAPaccountpointingtoyourSOGoserverandusingtheusernameandpasswordmentionedabove.
WiththeSOGoIntegratorplugin,yourcalendarsandaddressbookswillbeautomaticallydiscoveredwhenyoulogininThunderbird.Thisplugincanalsopropagatespecificextensionsanddefaultusersettingsamongyoursite.However,beawarethatinordertousetheSOGoIntegratorplugin,youwillneedtorepackageitwithspecificmodifications.Pleaserefertothedocumentationpublishedonline:
http://www.sogo.nu/downloads/documentation.html
IfyouonlyusetheSOGoConnectorplugin,youcanstilleasilyaccessyourdata.
Toaccessyourpersonaladdressbook:
ChooseGo>AddressBook.
ChooseFile>New>RemoteAddressBook.
EnterasignificantnameforyourcalendarintheNamefield.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Contacts/person-al/
http://localhost/SOGohttp://www.sogo.nu/downloads/documentation.html
Chapter8
UsingSOGo 51
ClickonOK.
Toaccessyourpersonalcalendar:
ChooseGo>Calendar.
ChooseCalendar>NewCalendar.
SelectOntheNetworkandclickonContinue.
SelectCalDAV.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Calendar/person-al/
ClickonContinue.
AppleiCal
AppleiCalcanalsobeusedasaclientapplicationforSOGo.
ToconfigureitsoitworkswithSOGo,createanewaccountandspecify,astheAccountURL,anURLsuchas:
http://localhost/SOGo/dav/jdoe/
NotethatthetrailingslashisimportantforAppleiCal3.
AppleAddressBook
SinceMacOSX10.6(SnowLeopard),AppleAddressBookcanbeconfiguredtouseSOGo.
Inordertomakethiswork,youmustaddanewvirtualhostinyourApacheconfigurationfiletolistenonport8800andhandlerequestscomingfromiOSdevices.
Thevirtualhostshouldbedefinedlike:
http://localhost/SOGo/dav/jdoe/
Chapter8
UsingSOGo 52
RewriteEngine Off ProxyRequests Off SetEnv proxy-nokeepalive 1ProxyPreserveHost On ProxyPassInterpolateEnv On ProxyPass/principals http://127.0.0.1:20000/SOGo/dav/ interpolate ProxyPass/SOGo http://127.0.0.1:20000/SOGo interpolate ProxyPass /http://127.0.0.1:20000/SOGo/dav/ interpolate
Order allow,deny Allow from all RequestHeader set"x-webobjects-server-port" "8800" RequestHeader set"x-webobjects-server-name" "acme.com:8800" RequestHeader set"x-webobjects-server-url" "http://acme.com:8800" RequestHeader set"x-webobjects-server-protocol" "HTTP/1.0" RequestHeader set"x-webobjects-remote-host" "127.0.0.1" AddDefaultCharset UTF-8ErrorLog /var/log/apache2/ab-error.log CustomLog/var/log/apache2/ab-access.log combined
ThisconfigurationisalsorequiredifyouwanttoconfigureaCardDAVaccountonanAppleiOSdevice(version4.0andlater).
MicrosoftActiveSync/MobileDevices
Youcansynchronizecontacts,emails,eventsandtasksfromSOGowithanymobiledevicesthatsupportMicrosoftActiveSync.MicrosoftOutlook2013isalsosupported.
The Microsoft ActiveSync server URL is generally something like:http://localhost/Mi-crosoft-Active-Sync.
Chapter9
Upgrading 53
Upgrading
ThissectiondescribeswhatneedstobedonewhenupgradingtothecurrentversionofSOGofromthepreviousrelease.
2.2.8
Theconfigurationconfigurationparameterswererenamed:
SOGoMailMessageCheckwasreplacedwithSOGoRefreshViewCheckSOGoMailPollingIntervalswasreplacedwithSOGoRefreshViewIntervals
Backwardcompatibilityisinplacefortheoldpreferencesvalues.
2.0.5
Theconfigurationisnowstoredin/etc/sogo/sogo.conf.Performthefollowingcommandsasroottomigrateyourprevioususerdefaults:
install -d -m 750 -o sogo -g sogo /etc/sogosudo -u sogosogo-tool dump-defaults > /etc/sogo/sogo.confchown root:sogo/etc/sogo/sogo.confchmod 640 /etc/sogo/sogo.confsudo -u sogo mv~/GNUstep/Defaults/.GNUstepDefaults \~/GNUstep/Defaults/GNUstepDefaults.old
2.0.4
TheparameterSOGoForceIMAPLoginWithEmailisnowdeprecatedandisreplacedbySOGoForce-ExternalLoginWithEmail(whichextendsthefunctionalitytoSMTPauthentication).Updateyourconfigurationifyouusethisparameter.
Thesogouserisnowasystemuser.Fornewinstalls,thismeansthatsu -sogowontworkany-more.Pleaseusesudo -u sogoinstead.Ifusedinscriptsfromcronjobs,requirettymustbedisabledinsudoers.
1.3.17
Runtheshellscriptsql-update-1.3.16_to_1.3.17.shorsql-update-1.3.16_to_1.3.17-mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"cycleinfo"fieldofcalendartablestoalargersize.
1.3.12
OnceyouhaveupdatedandrestartedSOGo,runtheshellscriptsql-update-1.3.11_to_1.3.12.shorsql-update-1.3.11_to_1.3.12-mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"content"fieldofcalendarandaddressbooktablestoalargersizeandfixtheprimarykeyofthesessiontable.
1.3.9
Chapter9
Upgrading 54
ForRedHat-baseddistributions,version1.23ofGNUstepwillbeinstalled.SincethelocationoftheWebresourceschanges,theApacheconfigurationfile(SOGo.conf)hasbeenadapted.VerifyyourApacheconfigurationifyouhavecustomizedthisfile.
Chapter10
AdditionalInformation 55
AdditionalInformation
Formoreinformation,pleaseconsulttheonlineFAQs(FrequentlyAskedQuestions):
http://www.sogo.nu/english/support/faq.html
Youcanalsoreadthemailingarchivesorpostyourquestionstoit.Fordetails,see:
https://lists.inverse.ca/sogo
http://www.sogo.nu/english/support/faq.htmlhttps://lists.inverse.ca/sogo
Chapter11
CommercialSupportandContactInformation 56
CommercialSupportandContactInformation
Foranyquestionsorcomments,donothesitatetocontactusbywritinganemailto:
[emailprotected]
Inverse(http://inverse.ca)offersprofessionalservicesaroundSOGotohelporganizationsdeploythesolutionandmigratefromtheirlegacysystems.
mailto:[emailprotected]://inverse.ca/
FAQs
How to configure SOGo? ›
- Step 1: System Update. Ensure your system packages are up-to-date: ...
- Step 2: Install Dependencies. SOGo requires several dependencies. ...
- Step 3: Add SOGo Repository and Install SOGo. Add the SOGo repository to your system: ...
- Step 4: Configure SOGo. ...
- Step 5: Set Up Reverse Proxy. ...
- Step 6: Access SOGo.
Other parameters that you may need when configuring your account manually: POP3 port: 995. IMAP port: 993. SMTP port: 587.
What is a SOGo server? ›SOGo is a free and modern scalable groupware server. SOGo is standard-compliant. It supports CalDAV, CardDAV, GroupDAV, iMIP and iTIP and reuses existing IMAP, SMTP and database servers - making the solution easy to deploy and interoperable with many applications.
Is SOGo a mail server? ›Ready to use open-source mail server
SOGomail combines the best of two worlds: open-source and proven, ready-to-use software. SOGomail is based on SOGo open source technology embedded in an advanced and easy to use administration environment. SOGomail email server can be deployed and operated in any environment.
- Finding your SOGo URL. SOGo URLs always follow the same template: https://yoururl-tld.netcup-mail.de/ ...
- Open Outlook. Open Outlook. ...
- Setup. Click on "Microsoft Exchange Server".
- Entering SOGo data. Enter your data as follows: ...
- Success. You have successfully connected your SOGo account with Outlook.
To add an identity, go to Preferences -> Mail -> IMAP Accounts -> New identity : By default, user's cannot change their full name inside SOGo.
How do I setup a SMTP server address? ›- Step 1: Add Roles and Features in Server Manager Dashboard.
- Step 2: Select Installation Type.
- Step 3: Select Destination Server.
- Step 4: Select Server Role.
- Step 5: Select Features.
- Step 6: Install Missing Features.
- Step 7: Confirm Installation.
- Open the command prompt or terminal on your computer.
- Enter the command: nslookup -type=mx yourdomain.com (replace “yourdomain.com” with your email domain).
- Press Enter.
- The MX records for your email domain will be displayed, including the SMTP server address.
You can generally find your SMTP email server address in the account or settings section of your mail client. Using a store and forward process, SMTP works with the mail transfer agent to move your email across networks to the right computer and email inbox.
What is SOGo webmail? ›What is SOGo? SOGo is a groupware server that provides a rich AJAX-based Web interface and offers your users a uniform and complete interface to access their information. The SOGo Webmail extension provides the following features: Localization. SOGo is available in over a dozen languages so you'll always feel at home.
Is SOGo open source? ›
SOGo, an Open Source Webmail for businesses and communities.
What is the company name of Hotel SOGo? ›Hotel Sogo (ホテル ソウゴ, Hoteru Sougo) is a hotel chain in the Philippines managed and owned by the Global Comfort Group Corporation, which also owns the Icon Hotel and Eurotel hotel chains. Currently, the hotel group has 34 hotels over Metro Manila and 14 in 11 other provinces.
Who is the owner of SOGo? ›Details. Hotel Sogo is a hotel chain in the Philippines managed and the Global Comfort Group Corporation, which also owns the Icon Hotel and Eurotel hotel chains.
Do you need an ID for SOGo? ›Required Documents
Upon check-in, you are required to bring ID Card.
First established by Japanese retailers, Sogo Co., Ltd. (Japanese: 株式会社そごう), the department store is now owned by Lifestyle International Holdings (SEHK: 1212). In addition to the flagship store in Causeway Bay, Sogo Hong Kong operates a second store in Tsim Sha Tsui, Kowloon.
What is the SMTP port number? ›Originally, the Simple Mail Transfer Protocol (SMTP) used port 25. Today, SMTP should instead use port 587 — this is the port for encrypted email transmissions using SMTP Secure (SMTPS).
What is port 993 for SMTP? ›Port 993 is the secure port for IMAP and it works over TLS/SSL encryption.
What is the port 993 used for? ›Port 995 and port 993 are both related to securely downloading mail messages from email servers using SSL/TLS encryption. Port 995 is for doing so using the POP3 protocol, while port 993 is for using the IMAP protocol.
What service runs on port 143? ›An IMAP server typically listens on port number 143. IMAP over SSL/TLS (IMAPS) is assigned the port number 993. Virtually all modern e-mail clients and servers support IMAP, which along with the earlier POP3 (Post Office Protocol) are the two most prevalent standard protocols for email retrieval.