SOGo Installation Guide - [PDF Document] (2024)

  • InstallationandConfigurationGuideforversion2.2.9

  • InstallationandConfigurationGuideVersion2.2.9-September2014

    Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-CoverTexts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense".

    ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http://scripts.sil.org/OFL

    CopyrightukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato".

    CopyrightRaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".

    http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLhttp://www.latofonts.com/http://levien.com/

  • iii

    TableofContentsAbout thisGuide..............................................................................................................1Introduction.....................................................................................................................2

    ArchitectureandCompatibility...................................................................................3SystemRequirements........................................................................................................5

    Assumptions.............................................................................................................5MinimumHardwareRequirements..............................................................................5OperatingSystemRequirements................................................................................6

    Installation.......................................................................................................................8SoftwareDownloads.................................................................................................8Software Installation.................................................................................................8

    Configuration.................................................................................................................10GNUstepEnvironmentOverview.............................................................................10PreferencesHierarchy.............................................................................................10GeneralPreferences................................................................................................11AuthenticationusingLDAP......................................................................................18LDAPAttributes Indexing........................................................................................24LDAPAttributesMapping........................................................................................24AuthenticatingusingC.A.S.......................................................................................26AuthenticatingusingSAML2....................................................................................27DatabaseConfiguration...........................................................................................27AuthenticationusingSQL........................................................................................29SMTPServerConfiguration.....................................................................................31IMAPServerConfiguration......................................................................................32WebInterfaceConfiguration....................................................................................34SOGoConfigurationSummary.................................................................................40Multi-domainsConfiguration....................................................................................41ApacheConfiguration..............................................................................................43StartingServices.....................................................................................................44CronjobEMailreminders......................................................................................44CronjobVacationmessagesexpiration...................................................................45

    ManagingUserAccounts.................................................................................................46CreatingtheSOGoAdministrativeAccount...............................................................46CreatingaUserAccount.........................................................................................46

    MicrosoftActiveSync......................................................................................................48UsingSOGo...................................................................................................................50

    SOGoWebInterface..............................................................................................50MozillaThunderbirdandLightning............................................................................50Apple iCal..............................................................................................................51AppleAddressBook.................................................................................................51MicrosoftActiveSync/MobileDevices.....................................................................52

    Upgrading......................................................................................................................53Additional Information.....................................................................................................55CommercialSupportandContactInformation...................................................................56

  • Chapter1

    AboutthisGuide 1

    AboutthisGuide

    ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution.ItalsocoverstheinstallationandconfigurationofSOGoActiveSyncsupportthesolutionusedtosyn-chronizemobiledeviceswithSOGo.

    Theinstructionsarebasedonversion2.2.9ofSOGo.

    Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html.

    http://www.sogo.nu/downloads/documentation.html

  • Chapter2

    Introduction 2

    Introduction

    SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,andemailsthroughyourfavouriteWebbrowserandbyusinganativeclientsuchasMozillaThunderbirdandLightning.

    SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreusesexistingIMAP,SMTPanddatabaseservers-makingthesolutioneasytodeployandinteroperablewithmanyapplications.

    SOGofeatures:

    Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers

    RichWeb-based interface thatshares the lookandfeel, thefeaturesandthedataofMozillaThunderbirdandLightning

    ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorandtheSOGoIntegrator

    NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013

    Two-way synchronization supportwithanyMicrosoftActiveSync-capable device, orOutlook2013

    SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope.Moreinformationcanbefoundathttp://www.sogo.nu/

    http://www.sogo.nu/

  • Chapter2

    Introduction 3

    ArchitectureandCompatibility

  • Chapter2

    Introduction 4

    StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocom-municatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoftActiveSyncprotocolarealsosupported.

    ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGoNativeMicrosoftOutlookConfigurationGuide.

  • Chapter3

    SystemRequirements 5

    SystemRequirements

    Assumptions

    SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing:

    Databaseserver(MySQL,PostgreSQLorOracle)

    LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers)

    SMTPserver(Postfix,Sendmailandothers)

    IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers)

    Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhostor127.0.0.1)thatSOGowillbeinstalledon.

    GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo.Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentationandproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwiththisguide.

    Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversionnumbers:

    Databaseserver PostgreSQL7.4orlater

    LDAPserver OpenLDAP2.3.xorlater

    SMTPserver Postfix2.x

    IMAPserver CyrusIMAPServer2.3.xorlater

    Morerecentversionsofthesoftwarementionedabovecanalsobeused.

    MinimumHardwareRequirements

    Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobilede-vices:

    Server Evaluationandtesting

    Intel,AMD,orPowerPCCPU1GHz

  • Chapter3

    SystemRequirements 6

    512MBofRAM 1GBofdiskspace

    Production

    Intel,AMDorPowerPCCPU3GHz 2048MBofRAM10GBofdiskspace(excludingthemailstore)

    Desktop General

    Intel,AMD,orPowerPCCPU1.5GHz 1024x768monitorresolution512MBofRAM 128Kbpsorhighernetworkconnection

    MicrosoftWindows

    MicrosoftWindowsXPSP2orVista

    AppleMacOSX

    AppleMacOSX10.2orlater

    Linux

    YourfavouriteGNU/Linuxdistribution

    MobileDeviceAnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftAc-tiveSync.

    OperatingSystemRequirements

    Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo:

    RedHatEnterpriseLinux(RHEL)Server5and6

    CommunityENTerpriseOperatingSystem(CentOS)5and6

    DebianGNU/Linux5.0(Lenny)to7.0(Wheezy)

    Ubuntu10.04(Lucid)to14.04(Trusty)

    MakesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunningbeforeproceedingwiththeSOGoconfiguration.Alsomake sure that you can installadditionalpackagesfromyourstandarddistribution.Forexample,ifyouareusingRedHatEnterpriseLinux5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftwareinstallation.

    ThisdocumentcoverstheinstallationofSOGounderRHEL6.

    ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteathttp://www.sogo.nu/.Underthedownloads section, youwill find links for installation stepsforDebianandUbuntu.

    http://www.sogo.nu/

  • Chapter3

    SystemRequirements 7

    NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefol-lowedinordertofullyconfigureSOGo.

  • Chapter4

    Installation 8

    Installation

    ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.ThestepsdescribedhereapplytoanRPM-basedinstallationforaRedHatorCentOSdistribution.

    SoftwareDownloads

    SOGo can be installed using the+yum+utility. To do so, firstcreate the/etc/yum.repos.d/inverse.repoconfigurationfilewiththefollowingcontent:

    [SOGo]name=Inverse SOGoRepositorybaseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearchgpgcheck=0

    SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge(previouslyknownasRPMforge).ToaddRepoForgetoyourpackagessources,downloadandinstalltheappropriateRPMpackagefromhttp://packages.sw.be/rpmforge-release/.Alsomakesureyouenabledthe"rpmforge-extras"repository.

    FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/.

    SoftwareInstallation

    Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsde-pendencies.Todoso,proceedwiththefollowingcommand:

    yum install sogo

    ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached.Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitableforyourenvironment.Youneedtoinstallsope49-gdl1-postgresqlforthePostgreSQLdatabasesystem,sope49-gdl1-mysqlforMySQLorsope49-gdl1-oracleforOracle.Theinstallationcom-mandwillthuslooklikethis:

    yum install sope49-gdl1-postgresql

    http://packages.sw.be/rpmforge-release/http://repoforge.org/use/

  • Chapter4

    Installation 9

    Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit.

  • Chapter5

    Configuration 10

    Configuration

    Inthissection,youlllearnhowtoconfigureSOGotouseyourexistingLDAP,SMTPanddatabaseservers.Aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveronwhichSOGoisbeinginstalled.Ifthisisnotthecase,pleaseadjusttheconfigurationparameterstoreflectthosechanges.

    GNUstepEnvironmentOverview

    SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationoftheOpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktopapplications.Amongthosefacilities,thereisaconfigurationAPIsimilartothe"Registry"paradigminMicrosoftWindows.InOpenSTEP,GNUstepandMacOSX,thesearecalledthe"userdefaults".

    InSOGo, theusersapplicationssettingsarestoredin/etc/sogo/sogo.conf.Youcanuseyourfavouritetexteditortomodifythefile.

    Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes:arrays,dictionaries(orhashes), stringsandnumbers.Numbersare representedas-is, exceptforbooleanswhichcantaketheunquotedvaluesYESandNO.Stringsarenotmandatorilyquoted,butdoingsowillavoidyoumanyproblems.Adictionaryisasequenceofkeyandvaluepairsseparatedintheirmiddlewitha=sign.Itstartswitha\{andendswithacorresponding}.Eachvaluedefinitioninadictionaryendswithasemicolon.Anarrayisachainofvaluesstartingwith(andendingwith),wherethevaluesareseparatedwitha,.Also,thefilegenerallyfollowsaC-styleindentationforclaritybutthisindentationisnotrequired,onlyrecommended.Blockcommentsaredelimitedby/*and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//.

    PreferencesHierarchy

    SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofuserswithinoneinstallationofSOGo.Auserassociatedtoadomainislimitedtoaccessonlytheusersdatafromthesamedomain.Consequently,theconfigurationparametersofSOGoaredefinedonthreelevels:

  • Chapter5

    Configuration 11

    Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethede-faultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldo-mainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf,whiletheuserspreferencesareconfigurablebytheuserandstoredinSOGosdatabase.

    Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviationsinthetablesofthisdocument:

    S Parameterexclusivetothesystemandnotconfigurableperdomain

    D Parameterexclusivetoadomainandnotconfigurableperuser

    U Parameterconfigurablebytheuser

    Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedataparentlevel.

    GeneralPreferences

    Thefollowingtabledescribesthegeneralparametersthatcanbeset:

    S WOWorkersCountTheamountofinstancesofSOGothatwillbespawnedtohandlemultiplerequestssimulta-neously.Whenstartedfromtheinitscript,thatamountisoverridenbythePREFORKvaluein/etc/sysconfig/sogoor/etc/default/sogo.Avalueof3isareasonabledefaultforlowus-age.ThemaximumvaluedependsontheCPU

  • Chapter5

    Configuration 12

    andIOpowerprovidedbyyourmachine:aval-uesettoohighwillactuallydecreaseperfor-mancesunderhighload.

    Defaultsto1whenunset.

    S WOListenQueueSizeThisparametercontrolsthebacklogsizeofthesocketlistenqueue.Forlarge-scaledeploy-ments,thisvaluemustbeadjustedincaseallworkersarebusyandtheparentprocessesre-ceiveslotsofincomingconnections.

    Defaultsto5whenunset.

    S WOPortTheTCPlisteningaddressandportusedbytheSOGodaemon.Theformatisipaddress:port.

    Defaultsto127.0.0.1:20000whenunset.

    S WOLogFileThefilepathwheretologmessages.Specify-tologtotheconsole.

    Defaultsto/var/log/sogo/sogo.log.

    S WOPidFile Thefilepathwheretheparentprocessidwillbewritten.

    Defaultsto/var/run/sogo/sogo.pid.

    S WOWatchDogRequestTimeoutThisparameterspecifiesthenumberofminutesafterwhichabusychildprocesswillbekilledbytheparentprocess.

    Defaultsto10(minutes).

    Donotsetthistoolowaschildprocessesre-plyingtoclientsonaslowinternetconnectioncouldbekilledprematurely.

    S SxVMemLimitParameterusedtosetthemaximumamountofmemory(inmegabytes)thatachildcanuse.Reachingthatvaluewillforcechildrenprocess-estorestart,inordertopreservesystemmem-ory.

    Defaultsto384.

    S SOGoMemcachedHostParameterusedtosetthehostnameandop-tionallytheportofthememcachedserver.

    ApathcanalsobeusediftheservermustbereachedviaaUnixsocket.

    Defaultstolocalhost.

    Seememcached_servers_parse(3)fordetailsonthesyntax.

    S SOGoCacheCleanupIntervalParameterusedtosettheexpiration(insec-onds)ofeachobjectinthecache.

  • Chapter5

    Configuration 13

    Defaultsto300.

    S SOGoAuthenticationTypeParameterusedtodefinethewaybywhichuserswillbeauthenticated.ForC.A.S.,speci-fycas.ForSAML2,specifysaml2.Foranythingelse,leavethatvalueempty.

    S SOGoTrustProxyAuthenticationParameterusedtosetwhetherHTTPuser-nameshouldbetrusted.

    DefaultstoNOwhenunset.

    S SOGoEncryptionKeyParameterusedtodefineakeytoencryptthepasswordsofremoteWebcalendarswhenSO-GoTrustProxyAuthenticationisenabled.

    S SOGoCASServiceURLWhenusingC.A.S.authentication,thisspeci-fiesthebaseurlforreachingtheC.A.S.service.ThiswillbeusedbySOGotodeducetheprop-erloginpageaswellastheotherC.A.S.ser-vicesthatSOGowilluse.

    S SOGoCASLogoutEnabledBooleanvalueindicatingwhetherthe"Logout"linkisenabledwhenusingC.A.S.asauthentica-tionmechanism.

    The"Logout"linkwillendupcallingSOGo-CASServiceURL/logouttoterminatetheclientssinglesign-onC.A.S.session.

    S SOGoAddressBookDAVAccessEnabledParametercontrollingWebDAVaccesstotheContactscollections.Thiscanbeusedtode-nyaccesstotheseresourcesfromLightningforexample.

    DefaultstoYESwhenunset.

    S SOGoCalendarDAVAccessEnabledParametercontrollingWebDAVaccesstotheCalendarcollections.

    Thiscanbeusedtodenyaccesstothesere-sourcesfromLightningforexample.

    DefaultstoYESwhenunset.

    S SOGoSAML2PrivateKeyLocationThelocationoftheSSLprivatekeyfileonthefilesystemthatisusedbySOGotosignanden-cryptcommunicationswiththeSAML2identityprovider.ThisfilemustbegeneratedforeachrunningSOGoservice(ratherthanhost).

    S SOGoSAML2CertiticateLocationThelocationoftheSSLcertificatefile.ThisfilemustbegeneratedforeachrunningSOGoser-vice.

    S SOGoSAML2IdpMetadataLocationThelocationofthemetadatafilethatdescribestheservicesavailableontheSAML2identifyprovider.

    S SOGoSAML2IdpPublicKeyLocationThelocationoftheSSLpublickeyfileonthefilesystemthatisusedbySOGotosignanden-

  • Chapter5

    Configuration 14

    cryptcommunicationswiththeSAML2identityprovider.Thisfileshouldbepartofthesetupofyouridentityprovider.

    S SOGoSAML2IdpCertificateLocationThelocationoftheSSLcertificatefile.Thisfileshouldbepartofthesetupofyouridentityprovider.

    S SOGoSAML2LogoutEnabledBooleanvalueindicatedwhetherthe"Logout"linkisenabledwhenusingSAML2asauthenti-cationmechanism.

    D SOGoTimeZoneParameterusedtosetadefaulttimezoneforusers.ThedefaulttimezoneissettoUTC.TheOlsondatabaseisastandarddatabasethattakesallthetimezonesaroundtheworldintoaccountandrepresentsthemalongwiththeirhistory.OnGNU/Linuxsystems,timezonede-finitionfilesareavailableunder/usr/share/zoneinfo.Listingtheavailablefileswillgiveyouthenameoftheavailabletimezones.ThiscouldbeAmerica/New_York,Europe/Berlin,Asia/TokyoorAfrica/Lubumbashi.

    Inourexample,wesetthetimezonetoAmeri-ca/Montreal.

    D SOGoMailDomainParameterusedtosetthedefaultdomainnameusedbySOGo.SOGousesthisparametertobuildthelistofvalidemailaddressesforusers.

    Inourexample,wesetthedefaultdomaintoacme.com.

    D SOGoAppointmentSendEMailNotificationsParameterusedtosetwhetherSOGosendsornotemailnotificationstomeetingparticipants.Possiblevaluesare:

    YEStosendnotifications NOtonotsendnotifications

    DefaultstoNOwhenunset.

    D SOGoFoldersSendEMailNotificationsSameasabove,butthenotificationsaretrig-geredonthecreationofacalendaroranad-dressbook.

    D SOGoACLsSendEMailNotificationsSameasabove,butthenotificationsaresenttotheinvolvedusersofacalendaroraddressbooksACLs.

    D SOGoCalendarDefaultRolesParameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessacalendar.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofuptofivestrings.Eachstringdefiningaroleforaneventcatego-rymustbeginwithoneofthosevalues:

    Public

  • Chapter5

    Configuration 15

    Confidential Private

    Andeachstringmustendwithoneofthosevalues:

    Viewer DAndTViewer Modifier Responder

    Thearraycanalsocontainoneormanyofthefollowingstrings:

    ObjectCreator ObjectEraser

    Example:SOGoCalendarDefaultRoles = ("Ob-jectCreator","PublicViewer");

    Defaultstonorolewhenunset.Recommend-edvaluesarePublicViewerandConfidential-DAndTViewer.

    D SOGoContactsDefaultRolesParameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessanaddressbook.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofoneormanyofthefollowingstrings:

    ObjectViewer ObjectEditor ObjectCreator ObjectEraser

    Example:SOGoContactsDefaultRoles = ("Ob-jectEditor");

    Defaultstonorolewhenunset.

    D SOGoSuperUsernamesParameterusedtosetwhichusernamesrequireadministrativeprivilegesoveralltheusersta-bles.Forexample,thiscouldbeusedtoposteventsintheuserscalendarwithoutrequir-ingtheusertoconfigurehis/herACLs.Inthiscaseyouwillneedtospecifythosesuperusersusernameslikethis:SOGoSuperUsernames=([, , ...]);

    U SOGoLanguageParameterusedtosetthedefaultlanguageusedintheWebinterfaceforSOGo.Possiblevaluesare:

    BrazilianPortuguese Czech Dutch English

  • Chapter5

    Configuration 16

    French German Hungarian Italian Russian Spanish SwedishWelsh

    D SOGoNotifyOnPersonalModificationsParameterusedtosetwhetherSOGosendsornotemailreceiptswhensomeonechangeshis/herowncalendar.Possiblevaluesare:

    YEStosendnotifications NOtonotsendnotifications

    DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.

    D SOGoNotifyOnExternalModificationsParameterusedtosetwhetherSOGosendsornotemailreceiptswhenamodificationisbeingdonetohis/herowncalendarbysomeoneelse.Possiblevaluesare:

    YEStosendnotifications NOtonotsendnotifications

    DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.

    D SOGoLDAPContactInfoAttributeParameterusedtospecifyanLDAPattributethatshouldbedisplayedwhenauto-completingusersearches.

    D SOGoiPhoneForceAllDayTransparencyWhensettoYES,thiswillforceall-dayeventssentoverbyiPhoneOSbaseddevicestobetransparent.Thismeansthattheall-dayeventswillnotbeconsideredduringfreebusylookups.

    DefaultstoNOwhenunset.

    S SOGoEnablePublicAccessParameterusedtoallowornotyouruserstosharepublicly(ie.,requiringnotauthentication)theircalendarsandaddressbooks.

    Possiblevaluesare:

    YEStoallowthem NOtopreventthemfromdoingso

    DefaultstoNOwhenunset.

    S SOGoPasswordChangeEnabledParameterusedtoallowornotuserstochangetheirpasswordsfromSOGo.

    Possiblevaluesare:

    YEStoallowthem NOtopreventthemfromdoingso

  • Chapter5

    Configuration 17

    DefaultstoNOwhenunset.

    Forthisfeaturetoworkproperlywhenauthen-ticatingagainstADorSamba4,theLDAPcon-nectionmustuseSSL/TLS.Serversiderestric-tionscanalsocausethepasswordchangetofail,inwhichcaseSOGowillonlylogaCon-straintviolation(0x13)error.Theserestrictionsincludepasswordtooyoung,complexitycon-straintsnotsatisfied,usercannotchangepass-word,etcAlsonotethatSambahasamini-mumpasswordageof1daybydefault.

    S SOGoSupportedLanguagesParameterusedtoconfigurewhichlanguagesareavailablefromSOGosWebinterface.Avail-ablelanguagesarespecifiedasanarrayofstring.

    Thedefaultvalueis:( "Czech", "Welsh","English", "Spanish","French", "Ger-man", "Italian", "Hungarian","Dutch","BrazilianPortuguese", "Polish", "Russ-ian", Ukrainian","Swedish" )

    D SOGoHideSystemEMailParameterusedtocontrolifSOGoshouldhideornotthesystememailaddress(UIDFieldName@SOGoMailDomain).ThisiscurrentlylimitedtoCalDAV(calendar-user-ad-dress-set).

    DefaultstoNOwhenunset.

    D SOGoSearchMinimumWordLengthParameterusedtocontroltheminimumlengthtobeusedforthesearchstring(attendeecom-pletion,addressbooksearch,etc.)priortrigger-ingtheserver-sidesearchoperation.

    Defaultsto2whenunsetwhichmeansasearchoperationwillbetriggeredonthe3rdtypedcharacter.

    S SOGoMaximumFailedLoginCountParameterusedtocontrolthenumberoffailedloginattemptsrequiredduringSOGoMaximum-FailedLoginIntervalsecondsormore.Ifcondi-tionsaremet,theaccountwillbeblockedforSOGoFailedLoginBlockIntervalsecondssincethefirstfailedloginattempt.

    Defaultvalueis0,ordisabled.

    S SOGoMaximumFailedLoginIntervalNumberofseconds,defaultsto10.

    S SOGoFailedLoginBlockIntervalNumberofseconds,defaultsto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.

    S SOGoMaximumMessageSubmissionCountParameterusedtocontrolthenumberofemailmessagesausercansendfromSOGosweb-

    mailto:UIDFieldName@SOGoMailDomain

  • Chapter5

    Configuration 18

    mailinterface,toSOGoMaximumRecipientCount,inSOGoMaximumSubmissionIntervalsecondsormore.Ifconditionsaremetorexceeded,theuserwontbeabletosendmailsforSOGoMes-sageSubmissionBlockIntervalseconds.

    Defaultvalueis0,ordisabled.

    S SOGoMaximumRecipientCountMaximumnumberofrecipients.Defaultvalueis0,ordisabled.

    S SOGoMaximumSubmissionIntervalNumberofseconds,defaultsto30.

    S SOGoMessageSubmissionBlockIntervalNumberofseconds,defaultto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.

    AuthenticationusingLDAP

    SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks.SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_laterinthisdocument).Insertthefollowingtextintoyourconfigurationfiletoconfigureanauthen-ticationandglobaladdressbookusinganLDAPdirectoryserver:

    SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName= uid; UIDFieldName = uid; IMAPHostFieldName = mailHost; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname ="ldap://127.0.0.1:389"; id = public; isAddressBook = YES; });

    Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled.

    Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,youcoulddefine,inyour.GNUstepDefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingtotheorganizationInversewithamailaddressandnotinactive:

    filter = "(o='Inverse' AND mail='*' AND status 'inactive')";

  • Chapter5

    Configuration 19

    SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,youcanspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule:

    displayName = "";isAddressBook = YES;

    ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisanexample:

    SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName= cn; UIDFieldName = sAMAccountName; baseDN ="cn=Users,dc=acme,dc=com"; bindDN ="cn=sogo,cn=Users,dc=acme,dc=com"; bindFields = (sAMAccountName);bindPassword = qwerty; canAuthenticate = YES; displayName = "ActiveDirectory"; hostname = ldap://10.0.0.1:389; id = directory;isAddressBook = YES; });

    Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.ThatvalueisfoundbydoingasearchonthefieldsspecifiedinbindFields.Mostofthetime,therewillbeonlyonefieldbutitispossibletospecifymoreintheformofanarray(forexample,bindFields= (sAMAc-countName,cn)).Whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname.Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountNameentryinalltheusercards,andoncethiscardisfound,theuserDNofthiscardwillbeusedforcheckingtheuserspassword.

    Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthenticationsources(ie.,canAuthenticatemustbesettoYESandagroupmusthaveavalidemailaddress).InorderforSOGotodetermineifaspecificLDAPentryisagroup,SOGowilllookforoneofthefollowingobjectClassattributes:

    group

    groupOfNames

    groupOfUniqueNames

    posixGroup

    YoucansetACLsbasedongroupmembershipand inviteagrouptoameeting(andthegroupwillbedecomposedtoitslistofmembersuponsavebySOGo).YoucanalsocontrolthevisibilityofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingtheisAddressBookparametertoYESorNO.ThefollowingLDAPentryshowshowatypicalgroupisdefined:

  • Chapter5

    Configuration 20

    dn: cn=inverse,ou=groups,dc=inverse,dc=caobjectClass:groupOfUniqueNamesobjectClass: topobjectClass:extensibleObjectuniqueMember:uid=alice,ou=users,dc=inverse,dc=cauniqueMember:uid=bernard,ou=users,dc=inverse,dc=cauniqueMember:uid=bob,ou=users,dc=inverse,dc=cacn: inversestructuralObjectClass:groupOfUniqueNamesmail: [emailprotected]

    ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe:

    { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName= cn; baseDN = "ou=groups,dc=inverse,dc=ca; bindDN ="cn=sogo,ou=services,dc=inverse,dc=ca"; bindPassword = zot;canAuthenticate = YES; displayName = Inverse Groups; hostname =ldap://127.0.0.1:389; id = inverse_groups; isAddressBook =YES;}

    ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource:

    SOGoUserSourcesParameterusedtosettheLDAPand/orSQLsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesanLDAPsourcecancontainthefollowingvalues:

    type Thetypeofthisusersource,settoldap`foranLDAPsource.

    idTheidentificationnameoftheLDAPreposi-tory.Thismustbeuniqueevenwhenusingmultipledomains.

    CNFieldName Thefieldthatreturnsthecompletename.

    IDFieldNameThefieldthatstartsauserDNifbindFieldsisnotused.ThisfieldmustbeuniqueacrosstheentireSOGodomain.

    D

    UIDFieldName Thefieldthatreturnstheloginnameofauser.

    ThereturnedvaluemustbeuniqueacrossthewholeSOGoinstallationsinceitisusedtoidentifytheuserinthefolder_infodatabasetable.

  • Chapter5

    Configuration 21

    MailFieldNamesAnarrayoffieldsthatreturnstheusersemailaddresses(defaultstomailwhenunset).

    SearchFieldNamesAnarrayoffieldstotomatchagainstthesearchstringwhenfilteringusers(defaultstosn,displayName,andtelephoneNumberwhenunset).

    IMAPHostFieldName(optional)ThefieldthatreturnseitheranURItotheIMAPserverasdescribedforSOGoIMAPServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoIMAPServerpara-meter.

    IMAPLoginFieldName(optional)ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstothevalueofUIDFieldNamewhenunset).

    SieveHostFieldName(optional)ThefieldthatreturnseitheranURItotheSIEVEserverasdescribedforSOGoSieveServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoSieveServerpara-meter.

    baseDN ThebaseDNofyouruserentries.

    KindFieldName(optional)Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.

    ForLDAP-basedsources,SOGocanalsoauto-maticallydetermineifitsaresourceiftheentryhasthecalendarresourceobjectClassset.

    MultipleBookingsFieldName(optional)Thevalueofthisattributeisthemaximumnumberofconcurrenteventstowhichare-sourcecanbepartofatanypointintime.

    Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.

    filter(optional)ThefiltertouseforLDAPqueries,itshouldbedefinedasanEOQualifier.Thefollowingopera-torsaresupported:

    inequalityoperator =equalityoperator

    MultiplequalifierscanbejoinedbyusingORandAND,theycanalsobegroupedtogetherbyusingparenthesis.Attributevaluesshouldbequotedtoavoidunexpectedbehaviour.

    Forexample:filter ="(objectClass='mailUser'ORobjectClass='mailGroup') AND

  • Chapter5

    Configuration 22

    accountStatus='active' AND uid 'al-ice'";

    scope(optional) EitherBASE,ONEorSUB.

    bindDN TheDNoftheloginnametouseforbindingtoyourserver.

    bindPassword Itspassword.

    bindAsCurrentUserIfsettoYES,SOGowillalwayskeepbindingtotheLDAPserverusingtheDNofthecurrentlyauthenticateduser.IfbindFieldsisset,bindDNandbindPasswordwillstillberequiredtofindtheproperDNoftheuser.

    bindFields(optional)Anarrayoffieldstousewhendoingindirectbinds.

    hostname Aspace-delimitedlistofLDAPURLsorLDAPhostnames.

    LDAPURLsarespecifiedinRFC4516andhavethefollowinggeneralformat:

    scheme://host:port/DN?attributes?scope?filter?extensions

    NotethatSOGodoesntcurrentlysupportDN,attributes,scopeandfilterinsuchURLs.Usingthemmayhaveundefinedsideeffects.

    URLsexamples:

    ldap://127.0.0.1:3389 ldaps://127.0.0.1ldap://127.0.0.1/????!StartTLS

    port(deprecated) PortnumberoftheLDAPserver.

    Anon-defaultportshouldbepartoftheldapURLinthehostnameparameter.

    encryption(deprecated) EitherSSLorSTARTTLS

    SSLshouldbespecifiedasldaps://intheLDAPURL.STARTTLSshouldbespecifiedasaLDAPExtensionintheLDAPURL(e.g.ldap://127.0.0.1/????!StartTLS)

    userPasswordAlgorithmThealgorithmusedforpasswordencryptionwhenchangingpasswordswithoutPasswordPoliciesenabled.

    Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants(plussettingoftheencodingwith.b64or.hex).

  • Chapter5

    Configuration 23

    Foramoredetaileddescriptionseehttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.

    Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdatabase.

    canAuthenticateIfsettoYES,thisLDAPsourceisusedforau-thentication

    passwordPolicyIfsettoYES,SOGowillusetheextendedLDAPPasswordPoliciesattributes.IfyouLDAPserv-erdoesnotsupportthoseandyouactivatethisfeature,everyLDAPrequestswillfail.

    isAddressBookIfsettoYES,thisLDAPsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.

    displayName(optional)Ifsetasanaddressbook,thehumanidentifica-tionnameoftheLDAPrepository

    ModulesConstraints(optional)Limitstheaccessofanymodulethroughacon-straintbasedonanLDAPattribute;mustbeadictionarywithkeysMail,and/orCalendar,forexample:

    ModulesConstraints = { Calendar = { ou = employees; };};

    mappingAdictionarythatmapscontactattributesusedbySOGototheLDAPattributesusedbytheschemaoftheLDAPsource.Eachentrymusthaveanattributenameaskeyandanarrayofstringsasvalue.Thisenablesactualfieldstobemappedoneafteranotherwhenfetchingcon-tactinformations.

    SeetheLDAPAttributeMappingsectionbelowforanexampleandalistofsupportedattribut-es.

    objectClassesWhenthemodifierslist(seebelow)isset,orwhenusingLDAP-baseduseraddressbooks(seeabOUbelow),thislistofobjectclasseswillbeappliedtonewrecordsastheyarecreated.

    modifiersAlist(array)ofusernamesthatareauthorizedtoperformmodificationstotheaddressbookdefinedbythisLDAPsource.

    http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes

  • Chapter5

    Configuration 24

    abOUThisfieldenablesLDAP-baseduseraddressbooksbyspecifyingtheval-ueoftheaddressbookcontainerbe-neatheachuserentry,forexample:ou=addressbooks,uid=username,dc=domain.

    The following parameters can be defined along the other keys ofeach entry of theSO-GoUserSources,butcanalsodefinedatthedomainand/orsystemlevels:

    D SOGoLDAPContactInfoAttributeParameterusedtospecifyanattributethatshouldappearinautocompletionofthewebin-terface.

    D SOGoLDAPQueryLimitParameterusedtolimitthenumberofreturnedresultsfromtheLDAPserverwheneverSO-GoperformsaLDAPquery(forexample,dur-ingaddressescompletioninasharedaddressbook).

    D SOGoLDAPQueryTimeoutParametertodefinethetimeoutofLDAPqueries.Theactualtimelimitforoperationsisalsoboundedbythemaximumtimethattheserverisconfiguredtoallow.

    Defaultsto0(unlimited).

    LDAPAttributesIndexing

    ToensureproperperformanceoftheSOGoapplication,thefollowingLDAPattributesmustbefullyindexed:

    givenName

    cn

    mail

    sn

    Pleaserefertothedocumentationofthesoftwareyouuseinordertoindexthoseattributes.

    LDAPAttributesMapping

    SomeLDAPattributesaremappedtocontactsattributesintheSOGoUI.Thetablebelowlistmostofthem.Itispossibletooverridethesebyusingthemappingconfigurationparameter.

    Forexample,iftheLDAPschemausesthefaxattributetostorethefaxnumber,onecouldmapittothefacsimiletelephonenumberattributelikethis:

  • Chapter5

    Configuration 25

    mapping = \{facsimiletelephonenumber = ("fax","facsimiletelephonenumber");};

    Name

    First givenName

    Last sn

    DisplayName displayNameorcnorgivenName+sn

    Nickname mozillanickname

    Internet

    Email mail

    Secondaryemail mozillasecondemail

    ScreenName nsaimid

    Phones

    Work telephoneNumber

    Home homephone

    Mobile mobile

    Fax facsimiletelephonenumber

    Pager pager

    Home

    Address mozillahomestreet+mozillahomestreet2

    City mozillahomelocalityname

    State/Province mozillahomestate

    Zip/PostalCode mozillahomepostalcode

    Country mozillahomecountryname

    Webpage mozillahomeurl

    Work

    Title title

    Department ou

    Organization o

    Address street+mozillaworkstreet2

    City l

    State/Province st

    Zip/Postalcode postalCode

    Country c

    Webpage mozillaworkurl

    Other

    Birthday birthyear-birthmonth-birthday

    Note description

  • Chapter5

    Configuration 26

    AuthenticatingusingC.A.S.

    SOGonativelysupportsC.A.S.authentication.ForactivatingC.A.S.authenticationyouneedfirsttomakesurethattheSOGoAuthenticationTypesettingissettocasandthattheSOGoCASServiceURLsettingisconfiguredappropriately.

    ThetrickypartshowsupwhenusingSOGoasafrontendinterfacetoanIMAPserverasthisimposesconstraintsneededbytheC.A.S.protocoltoensuresecurecommunicationbetweenthedifferentservices.Failingtotakethoseprecautionswillpreventusersfromaccessingtheirmails,whilestillgrantingbasicauthenticationtoSOGoitself.

    ThefirstconstraintisthattheamountofworkersthatSOGousesmustbehigherthan1inordertoenabletheC.A.S.servicetoperformsomevalidationrequestsduringIMAPauthentication.Asingleworkeralonewouldnot,bydefinition,beabletorespondtotheC.A.S.requestswhiletreatingtheuserrequestthatrequiredthetriggeringofthoserequests.YoumustthereforeconfiguretheWOWorkersCountsettingappropriately.

    ThesecondconstraintisthattheSOGoservicemustbeaccessibleandaccessedviahttps.More-over,thecertificateusedbytheSOGoserverhastoberecognizedandtrustedbytheC.A.S.ser-vice.Inthecaseofacertificateissuedbyathird-partyauthority,thereshouldbenothingtowor-ryabout.Inthecaseofaself-signedcertificate,thecertificatemustberegisteredinthetrustedkeystoreoftheC.A.S.application.Theproceduretoachievethiscanbesummarizedasimportingthecertificateintheproper"keystore"usingthekeytoolutilityandspecifyingthepathforthatkeystoretotheTomcatinstancewhichprovidestheC.A.S.service.Thisisdonebytweakingthejavax.net.ssl.trustStoresetting,eitherinthecatalina.propertiesfileorinthecommand-lineparameters.Ondebian,theSOGocertificatecanalsobeaddedtothetruststoreasfollows:

    openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \-out /tmp/sogo-cert.derkeytool -import -keystore/etc/ssl/certs/java/cacerts \ -file /tmp/sogo-cert.der -aliassogo-cert# The keystore password is 'changeit'# tomcat must berestarted after this operation

    Thecertificateusedby theCASservermustalsobe trustedbySOGo.Incaseofaself-signedcertificate,thismeansexportingtomcatscertificateusingthe+keytool+utility,convertingittoPEMformatandappendingittotheca-certificates.crtfile(thenameandlocationofthatfilediffersbetweendistributions).Basically:

    # export tomcat's cert to openssl formatkeytool -keystore/etc/tomcat7/keystore -exportcert -alias tomcat | \ openssl x509-inform der >tomcat.pem

    Enter keystore password: tomcat

    # add the pem to the trusted certscp tomcat.pem/etc/ssl/certscat tomcat.pem>>/etc/ssl/certs/ca-certificates

  • Chapter5

    Configuration 27

    Ifanyofthoseconstraintsisnotsatisfied,thewebmailinterfaceofSOGowilldisplayanemptyemailaccount.Unfortunately,SOGohasnopossibilitytodetectwhichoneisthecauseoftheproblem.Theonlyindicatorsarelogmessagesthatatleastpinpointthesymptoms:

    "failuretoobtainaPGTfromtheC.A.S.service"

    SuchanerrorwillshowupduringauthenticationoftheusertoSOGo.Ithappenswhentheauthen-ticationservicehasacceptedtheuserauthenticationticketbuthasnotreturneda"ProxyGrantingTicket".

    "aCASfailureoccurredduringoperation."

    Thiserrorindicatethatanattemptwasmadetoretrieveanauthenticationticketforathird-partyservicesuchasIMAPorsieve.Mostofthetime,thishappensasaconsequencetotheproblemdescribedabove.Totroubleshoottheseissues,oneshouldbetailingcas.log,pamlogsandsogologs.

    Currently,SOGowillaskforaCASticketusingthesameCASservicenameforbothIMAPandSieve.WhenCASifyingsieve,thismeansthatthe-sparameterof`pam_cas`shouldbethesameforbothIMAPandSieve,otherwisetheCASserverwillcomplain:

    ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] -ServiceTicket[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service[imap://myimapserverdoes not match supplied service[sieve://mysieveserver:2000]

    Finally,whenusing imapproxytospeedupthe imapaccesses,theSOGoIMAPCASServiceNameshouldbesettotheactualimapservicenameexpectedbypam_cas,otherwiseitwillfailtoauthen-ticateincomingconnectionproperly.

    AuthenticatingusingSAML2

    SOGonativelysupportsSAML2authentication.Pleaserefertothedocumentationofyouridenti-typroviderandtheSAML2configurationkeysthatarelistedaboveforpropersetup.OnceaSO-Goinstanceisconfiguredproperly,themetadataforthatinstancecanberetrievedfromhttp:///SOGo/saml2-metadataforregistrationwiththeidentityprovider.

    In order to relay authentication information to your IMAP serverand if youmake use oftheCrudeSAMLSASLplugin,youneedtomakesurethatNGImap4AuthMechanismisconfiguredtousetheSAMLmechanism.IfyoumakeuseoftheCrudeSAMLPAMplugin,thisvaluemaybeleftempty.

    DatabaseConfiguration

    SOGorequiresa relationaldatabasesystem inorder tostoreappointments,tasksandcontactsinformation.ItalsousesthedatabasesystemtostorepersonalpreferencesofSOGousers.Inthisguide,weassumeyouusePostgreSQLsocommandsprovidedthecreatethedatabasearerelatedtothisapplication.However,otherdatabaseserversaresupported,suchasMySQLandOracle.

  • Chapter5

    Configuration 28

    First,makesurethatyourPostgreSQLserverhasTCP/IPconnectionssupportenabled.

    Createthedatabaseuserandschemausingthefollowingcommands:

    su # postgrescreateuser --no-superuser --no-createdb#-no-createrole \ #-encrypted --pwprompt sogo(specify sogo aspassword)createdb -O sogo sogo

    Youshouldthenadjusttheaccessrightstothedatabase.Todoso,modifytheconfigurationfile/var/lib/pgsql/data/pg_hba.confinordertoaddthefollowinglineattheverybeginningofthefile:

    host sogo sogo 127.0.0.1/32 md5

    Onceadded,restartthePostgreSQLdatabaseservice.Then,modifytheSOGoconfigurationfile(/etc/sogo/sogo.conf)toreflectyourdatabasesettings:

    SOGoProfileURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL="postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL="postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";

    Thefollowingtabledescribestheparametersthatwereset:

    D SOGoProfileURLParameterusedtosetthedatabaseURLsothatSOGocanretrieveuserprofiles.

    ForMySQL,setthedatabaseURLtosomethinglike:mysql://sogo:sogo@localhost:3306/so-go/sogo_user_profile.

    D OCSFolderInfoURLParameterusedtosetthedatabaseURLsothatSOGocanretrievethelocationofuserfolders(addressbooksandcalendars).

    ForOracle,setthedatabaseURLtosomethinglike:oracle://sogo:sogo@localhost:1526/so-go/sogo_folder_info.

    D OCSSessionsFolderURLParameterusedtosetthedatabaseURLsothatSOGocanstoreandretrievesecuredusersessionsinformation.ForPostgreSQL,thedata-baseURLcouldbesettosomethinglike:post-gresql://sogo:sogo@localhost:5432/so-go/sogo_sessions_folder.

    D OCSEMailAlarmsFolderURLParameterusedtosetthedatabaseURLforemail-basedalarms(thatcanbesetoneventsandtasks).Thisparameterisrel-evantonlyifSOGoEnableEMailAlarmsissettoYES.ForPostgreSQL,thedatabaseURLcouldbesettosomethinglike:post-

  • Chapter5

    Configuration 29

    gresql://sogo:sogo@localhost:5432/so-go/sogo_alarms_folder

    Seethe"EMailreminders"sectioninthisdocu-mentformoreinformation.

    IfyoureusingMySQL,makesureinyourmy.cnffileyouhave:

    [mysqld]...character_set_server=utf8character_set_client=utf8

    [client]default-character-set=utf8

    [mysql]default-character-set=utf8

    AuthenticationusingSQL

    SOGocanuseaSQL-baseddatabaseserverforauthentication.TheconfigurationisverysimilartoLDAP-basedauthentication.

    ThefollowingtabledescribesallthepossibleparametersrelatedtoaSQLsource:

    SOGoUserSourcesParameterusedtosettheSQLand/orLDAPsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesaSQLsourcecancontainthefollowingvalues:

    type Thetypeofthisusersource,settosqlforaSQLsource.

    idTheidentificationnameoftheSQLrepository.Thismustbeuniqueevenwhenusingmulti-pledomains.

    D

    viewURLDatabaseURLoftheviewusedbySOGo.Theviewexpectscolumnstobepresent.Requiredcolumnsare:

    c_uid:[emailprotected]

    c_name:willbeusedtouniquelyidentifyen-trieswhichcanbeidenticaltoc_uid

    c_password:passwordoftheuser,plaintext,crypt,md5orshaencoded

    c_cn:theuserscommonname mail:theusersemailaddress

    mailto:[emailprotected]

  • Chapter5

    Configuration 30

    OthercolumnscanexistandwillactuallybemappedautomaticallyiftheyhavethesamenameaspopularLDAPattributes(suchasgivenName,sn,department,title,telepho-neNumber,etc.).

    userPasswordAlgorithmThedefaultalgorithmusedforpassworden-cryptionwhenchangingpasswords.Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5,ldap-md5,andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants.Passwordscanhavetheschemeprepend-edintheform{scheme}encryptedPass.

    Ifnoschemeisgiven,userPasswordAlgo-rithmisusedinstead.Theschemeslistedabovefollowthealgorithmsdescribedinhttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.

    Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdata-base.

    prependPasswordSchemeThedefaultbehaviouristostorenewlysetpasswordswithoutthescheme(default:NO).ThiscanbeoverriddenbysettingtoYESandwillresultinpasswordsstoredas{scheme}encryptedPass.

    canAuthenticateIfsettoYES,thisSQLsourceisusedforau-thentication.

    isAddressBookIfsettoYES,thisSQLsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.

    authenticationFilter(optional)Afilterthatlimitswhichuserscanauthenticatefromthissource.

    displayName(optional)Ifsetasanaddressbook,thehumanidentifica-tionnameoftheSQLrepository.

    LoginFieldNames(optional)Anarrayoffieldsthatspecifiesthecolumnnamesthatcontainvalidauthenticationuser-names(defaultstoc_uidwhenunset).

    MailFieldNames(optional)Aanarrayoffieldsthatspecifiesthecolumnnamesthatholdadditionalemailaddresses(be-sidethemailcolumn)foreachuser.

    IMAPHostFieldName(optional)ThefieldthatreturnstheIMAPhostnamefortheuser.

    IMAPLoginFieldName(optional)ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstoc_uidwhenunset).

    http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes

  • Chapter5

    Configuration 31

    SieveHostFieldName(optional)ThefieldthatreturnstheSievehostnamefortheuser.

    KindFieldName(optional)Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.

    MultipleBookingsFieldName(optional)Thevalueofthisfieldisthemaximumnumberofconcurrenteventstowhicharesourcecanbepartofatanypointintime.

    Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.

    DomainFieldName(optional)Ifset,SOGowillusethevalueofthatfieldasthedomainassociatedtotheuser.

    SeetheMulti-domainsConfigurationsectioninthisdocumentformoreinformation.

    HereisanexampleofanSQL-basedauthenticationandaddressbooksource:

    SOGoUserSources =( { type = sql; id = directory; viewURL ="postgresql://sogo:[emailprotected]:5432/sogo/sogo_view";canAuthenticate = YES; isAddressBook = YES; userPasswordAlgorithm =md5; });

    Certaindatabasecolumnsmustbepresentintheview/table,suchas:

    c_uidwillbeusedforauthenticationitstheusernameorusername@domain.tld

    c_namewhichcanbeidenticaltoc_uidwillbeusedtouniquelyidentifyentries

    c_passwordpasswordoftheuser,plain-text,md5orshaencodedfornow

    c_cntheuserscommonnamesuchas"JohnDoe"

    mailtheusersmailaddress

    NotethatgroupsarecurrentlynotsupportedforSQL-basedauthenticationsources.

    SMTPServerConfiguration

    SOGomakesuseofaSMTPservertosendemailsfromtheWebinterface,iMIP/iTIPmessagesandvariousnotifications.

    mailto:[emailprotected]

  • Chapter5

    Configuration 32

    Thefollowingtabledescribestherelatedparameters.

    D SOGoMailingMechanismParameterusedtosethowSOGosendsmailmessages.Possiblevaluesare:

    sendmailtousethesendmailbinary smtptousetheSMTPprotocol

    D SOGoSMTPServerTheDNSnameorIPaddressoftheSMTPserverusedwhenSOGoMailingMechanismissettosmtp.

    D SOGoSMTPAuthenticationTypeActivateSMTPauthenticationandspecifieswhichtypeisinuse.Current,onlyPLAINissup-portedandothervalueswillbeignored.

    S WOSendMail Thepathofthesendmailbinary.

    Defaultsto/usr/lib/sendmail.

    D SOGoForceExternalLoginWithEmailParameterusedtospecifyif,whenloggingintotheSMTPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:

    YES NO

    DefaultstoNOwhenunset.

    IMAPServerConfiguration

    SOGorequiresanIMAPserverinordertoletusersconsulttheiremailmessages,managetheirfold-ersandmore.

    Thefollowingtabledescribestherelatedparameters.

    U SOGoDraftsFolderNameParameterusedtosettheIMAPfoldernameusedtostoredraftsmessages.

    DefaultstoDraftswhenunset.

    Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Drafts.

    U SOGoSentFolderNameParameterusedtosettheIMAPfoldernameusedtostoresentmessages.

    DefaultstoSentwhenunset.

    Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Sent.

    U SOGoTrashFolderNameParameterusedtosettheIMAPfoldernameusedtostoredeletedmessages.

  • Chapter5

    Configuration 33

    DefaultstoTrashwhenunset.

    Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Trash.

    D SOGoIMAPCASServiceNameParameterusedtosettheCASservicename(URL)oftheimapservice.ThisisusefulifSO-GoisconnectingtotheIMAPservicethroughaproxy.Whenusingpam_cas,thisparametershouldbesettothesamevalueasthe-sargu-mentoftheimappamservice.

    D SOGoIMAPServerParameterusedtosettheDNSnameorIPad-dressoftheIMAPserverusedbySOGo.YoucanalsouseSSLorTLSbyprovidingavalueusinganURL,suchas:

    imaps://localhost:993 imaps://localhost:143/?tls=YES

    D SOGoSieveServerParameterusedtosettheDNSnameorIPad-dressoftheSieve(managesieve)serverusedbySOGo.YoumustuseanURLsuchas:

    sieve://localhost sieve://localhost:2000sieve://localhost:2000/?tls=YES

    NotethatTLSissupportedbutSSLisnot.

    D SOGoSieveFolderEncodingParameterusedtospecifywhichencodingisusedforIMAPfoldernamesinSievefilters.De-faultsto"UTF-7".Theotherpossiblevalueis"UTF-8".

    U SOGoMailShowSubscribedFoldersOnlyParameterusedtospecifyiftheWebinter-faceshouldonlyshowsubscribedIMAPfold-ers.Possiblevaluesare:

    YES NO

    DefaultstoNOwhenunset.

    D SOGoIMAPAclStyleParameterusedtospecifywhichRFCtheIMAPserverimplementswithrespecttoACLs.Possi-blevaluesare:

    rfc2086 rfc4314

    Defaultstorfc4314whenunset.

    D SOGoIMAPAclConformsToIMAPExtParameterusedtospecifyiftheIMAPserverimplementstheInternetMessageAccessPro-tocolExtension.Possiblevaluesare:

    YES NO

  • Chapter5

    Configuration 34

    DefaultstoNOwhenunset.

    D SOGoForceExternalLoginWithEmailParameterusedtospecifyif,whenloggingintotheIMAPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:

    YES NO

    DefaultstoNOwhenunset.

    D SOGoMailSpoolPathParameterusedtosetthepathwheretempo-raryemaildraftsarewritten.Ifyouchangethisvalue,youmustalsomodifythedailycronjobsogo-tmpwatch.

    Defaultsto/var/spool/sogo.

    S NGImap4ConnectionStringSeparatorParameterusedtosettheIMAPmailboxseparator.SettingthiswillalsohaveanimpactonthemailboxseparatorusedbySievefilters.

    Thedefaultseparatoris/.

    S NGImap4AuthMechanismTriggertheuseoftheIMAPAUTHENTICATEcommandwiththespecifiedSASLmechanism.Pleasenotethatfeaturemightbelimitedatthistime.

    D NGImap4ConnectionGroupIdPrefixPrefixtoprependtonamesinIMAPACLtrans-actions,toindicatethenameisagroupnamenotausername.

    RFC4314givesexampleswheregroupnamesareprefixedwith$.Dovecot,forone,followsthisscheme,andwill,forexample,applyper-missionsfor$adminstoallusersingroupad-minsintheabsenceofspecificpermissionsfortheindividualuser.

    Thedefaultprefixis$.

    WebInterfaceConfiguration

    ThefollowingadditionalparametersonlyaffecttheWebinterfacebehaviourofSOGo.

    S SOGoPageTitle ParameterusedtodefinetheWebpagetitle.

    DefaultstoSOGowhenunset.

    U SOGoLoginModuleParameterusedtospecifywhichmoduletoshowafterlogin.Possiblevaluesare:

  • Chapter5

    Configuration 35

    Calendar Mail Contacts

    DefaultstoCalendarwhenunset.

    S SOGoFaviconRelativeURLParameterusedtospecifytherelativeURLofthesitefavion.

    Whenunset,defaultstothefilesogo.icoun-derthedefaultwebresourcesdirectory.

    S SOGoZipPathParameterusedtospecifythepathofthezipbinaryusedtoarchivemessages.

    Defaultsto/usr/bin/zipwhenunset.

    D SOGoSoftQuotaRatioParameterusedtochangethequotareturnedbytheIMAPserverbymultiplyingitbythespecifiedratio.Actsasasoftquota.Example:0.8.

    USOGoMailUseOutlookStyleReplies(notcur-rentlyeditableinWebinterface)

    ParameterusedtosetifemailrepliesshoulduseOutlooksstyle.

    DefaultstoNOwhenunset.

    USOGoMailListViewColumnsOrder(notcur-rentlyeditableinWebinterface)

    ParameterusedtospecifythedefaultorderofthecolumnsfromtheSOGowebmailinterface.Theparameterisanarray,forexample:

    SOGoMailListViewColumnsOrder = (Flagged, Attachment, Priority,From, Subject, Unread, Date, Size);

    D SOGoVacationEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowofavacationmessage.

    RequiresSievescriptsupportontheIMAPhost.

    DefaultstoNOwhenunset.

    Whenenablingthisparameter,onemustalsoenabletheassociatedcronjobin/etc/cron.d/sogoinordertoactivateautomaticvacationmessageexpiration.

    SeetheCronjobVacationmessagesexpirationsectionbelowfordetails.

    D SOGoForwardEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowofaforwardingemailaddress.RequiresSievescriptsupportontheIMAPhost.

    DefaultstoNOwhenunset.

  • Chapter5

    Configuration 36

    D SOGoSieveScriptsEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowsofserver-sidemailfil-ters.RequiresSievescriptsupportontheIMAPhost.

    DefaultstoNOwhenunset.

    D SOGoMailPollingIntervalsParameterusedtodefinethemailpollinginter-vals(inminutes)availabletotheuser.Thepara-meterisanarraythatcancontainthefollowingnumbers:

    1 2 5 10 20 30 60

    Defaultstothelistabovewhenunset.

    U SOGoMailMessageCheckParameterusedtodefinethemailpollinginter-valatwhichtheIMAPserverisqueriedfornewmessages.Possiblevaluesare:

    manually every_minute every_2_minutes every_5_minutesevery_10_minutes every_20_minutes every_30_minutesonce_per_hour

    Defaultstomanuallywhenunset.

    D SOGoMailAuxiliaryUserAccountsEnabledParameterusedtoactivatetheauxiliaryIMAPaccountsinSOGo.WhensettoYES,userscanaddotherIMAPaccountsthatwillbevisiblefromtheSOGoWebmailinterface.

    DefaultstoNOwhenunset.

    U SOGoDefaultCalendarParameterusedtospecifywhichcalendarisusedwhencreatinganeventoratask.Possiblevaluesare:

    selected personal first

    Defaultstoselectedwhenunset.

    U SOGoDayStartTime Thehouratwhichthedaystarts(0through12).

    Defaultsto8whenunset.

  • Chapter5

    Configuration 37

    U SOGoDayEndTime Thehouratwhichthedayends(12through23).

    Defaultsto18whenunset.

    U SOGoFirstDayOfWeekThedayatwhichtheweekstartsintheweekandmonthviews(0through6).0indicatesSun-day.

    Defaultsto0whenunset.

    U SOGoFirstWeekOfYearParameterusedtodefinedhowisidentifiedthefirstweekoftheyear.Possiblevaluesare:

    January1 First4DayWeek FirstFullWeek

    DefaultstoJanuary1whenunset.

    U SOGoTimeFormatTheformatusedtodisplaytimeinthetimelineofthedayandweekviews.PleaserefertothedocumentationforthedatecommandorthestrftimeCfunctionforthelistofavailablefor-matsequence.

    Defaultsto%H:%M.

    U SOGoCalendarCategoriesParameterusedtodefinethecategoriesthatcanbeassociatedtoevents.Thisparameterisanarrayofarbitrarystrings.

    Defaultstoalistthatdependsonthelanguage.

    U SOGoCalendarDefaultCategoryColorParameterusedtodefinethedefaultcolourofcategories.

    Defaultsto#F0F0F0whenunset.

    U SOGoCalendarEventsDefaultClassificationParameterusedtodefinedthedefaultclassifi-cationfornewevents.Possiblevaluesare:

    PUBLIC CONFIDENTIAL PRIVATE

    DefaultstoPUBLICwhenunset.

    U SOGoCalendarTasksDefaultClassificationParameterusedtodefinedthedefaultclassifi-cationfornewtasks.Possiblevaluesare:

    PUBLIC CONFIDENTIAL PRIVATE

    DefaultstoPUBLICwhenunset.

    U SOGoCalendarDefaultReminderParameterusedtodefinedadefaultreminderfornewevents.Possiblevaluesare:

  • Chapter5

    Configuration 38

    -PT5M -PT10M -PT15M -PT30M -PT45M -PT1H -PT2H -PT5H -PT15H -P1D-P2D -P1W

    D SOGoFreeBusyDefaultIntervalThenumberofdaystoincludeinthefreebusyinformation.Theparameterisanarrayoftwonumbers,thefirstbeingthenumberofdayspriortothecurrentdayandthesecondbeingthenumberofdaysfollowingthecurrentday.

    Defaultsto(7, 7)whenunset.

    U SOGoBusyOffHoursParameterusedtospecifyifoff-hoursshouldbeautomaticallyaddedtothefree-busyinfor-mation.Offhoursincludedweekendsandpe-riodscoveredbetweenSOGoDayEndTimeandSOGoDayStartTime.

    DefaultstoNOwhenunset.

    U SOGoMailMessageForwardingThemethodthemessageistobeforwarded.Possiblevaluesare:

    inline attached

    Defaultstoinlinewhenunset.

    U SOGoMailCustomFullNameThestringtouseasfullnamewhencomposinganemail,ifSOGoMailCustomFromEnabledissetintheusersdomaindefaults.

    Whenunset,thefullnamespecifiedintheusersourcesfortheuserisusedinstead.

    U SOGoMailCustomEmailThestringtouseasemailaddresswhencom-posinganemail,ifSOGoMailCustomFrom-Enabledissetintheusersdomaindefaults.Whenunset,theemailspecifiedintheusersourcesfortheuserisusedinstead.

    U SOGoMailReplyPlacementThereplyplacementwithrespecttothequotedmessage.Possiblevaluesare:

    above below

    Defaultstobelow.

  • Chapter5

    Configuration 39

    U SOGoMailReplyToTheemailaddresstouseinthereply-tohead-erfieldwhentheusersendsamessage.

    Ignoredwhenempty.

    U SOGoMailSignaturePlacementTheplacementofthesignaturewithrespecttothequotedmessage.Possiblevaluesare:

    above below

    Defaultstobelow.

    U SOGoMailComposeMessageTypeThemessagecompositionformat.Possibleval-uesare:

    text

    html

    Defaultstotext.

    S SOGoEnableEMailAlarmsParameterusedtoenableemail-basedalarmsoneventsandtasks.

    DefaultstoNOwhenunset.

    Forthisfeaturetoworkcorrectly,onemustalsosettheOCSEMailAlarmsFolderURLpara-meterandenabletheassociatedcronjob.SeetheCronjobEMailreminderssectionfromthisdocumentformoreinformation.

    U SOGoContactsCategoriesParameterusedtodefinethecategoriesthatcanbeassociatedtocontacts.Thisparameterisanarrayofarbitrarystrings.

    Defaultstoalistthatdependsonthelanguage.

    D SOGoUIAdditionalJSFilesParameterusedtodefinealistofaddition-alJavaScriptfilesloadedbySOGoforalldis-playedwebpages.ThisparameterisanarrayofstringscorrespondingofpathstothearbitraryJavaScriptfiles.ThepathsarerelativetotheWebServerResourcesdirectory,whichisusuallyfoundunder/usr/lib/GNUstep/SOGo/.

    D SOGoMailCustomFromEnabledParameterusedtoallowornotuserstospecifycustom"From"addressesfromSOGosprefer-encespanel.

    DefaultstoNOwhenunset.

    D SOGoSubscriptionFolderFormatParameterusedtosetthedefaultformattingofasubscriptionfoldername.Availablevariablesare:

    %{FolderName}

    %{UserName}

  • Chapter5

    Configuration 40

    %{Email}

    Defaultsto%{FolderName} (%{UserName} )whenunset.

    D SOGoUIxAdditionalPreferencesParameterusedtoenableanextrapreferencestabusingthecontentofthetemplatenamedUIxAdditionalPreferences.wox.Thistem-plateshouldbeputunder~sogo/GNUstep/Li-brary/SOGo/Templates/PreferencesUI/.

    DefaultstoNOwhenunset.

    SOGoConfigurationSummary

    ThecompleteSOGoconfigurationfile+/etc/sogo/sogo.conf+shouldlooklikethis:

  • Chapter5

    Configuration 41

    { SOGoProfileURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";SOGoAppointmentSendEMailNotifications = YES;SOGoCalendarDefaultRoles = ( PublicViewer, ConfidentialDAndTViewer); SOGoLanguage = English; SOGoTimeZone = America/Montreal;SOGoMailDomain = acme.com; SOGoIMAPServer = localhost;SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent;SOGoTrashFolderName = Trash; SOGoMailingMechanism = smtp;SOGoSMTPServer = 127.0.0.1; SOGoUserSources = ( { type = ldap;CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public; isAddressBook = YES; port = 389; } );}

    Multi-domainsConfiguration

    Ifyouwantyourinstallationtoisolatetwogroupsofusers,youmustdefineadistinctauthentica-tionsourceforeachdomain.Followingisthesameconfigurationthatnowincludestwodomains(acme.comandcoyote.com):

  • Chapter5

    Configuration 42

    {... domains = { acme = { SOGoMailDomain = acme.com;SOGoDraftsFolderName = Drafts; SOGoUserSources = ( { type = ldap;CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public_acme; isAddressBook = YES; port = 389; } );}; coyote = { SOGoMailDomain = coyote.com; SOGoIMAPServer =imap.coyote.com; SOGoUserSources = ( { type = ldap; CNFieldName =cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=coyote,dc=com"; bindDN ="uid=sogo,ou=users,dc=coyote,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public_coyote; isAddressBook = YES; port = 389; }); }; };}

    ThefollowingadditionalparametersonlyaffectSOGowhenusingmultipledomains.

    S SOGoEnableDomainBasedUIDParameterusedtoactivateuseridentifi-cationbydomain.Userswillbeable(with-outbeingrequired)tologinusingtheform

  • Chapter5

    Configuration 43

    username@domain,meaningthatvaluesofUID-FieldNamenolongerhavetobeuniqueamongalldomainsbutonlywithinthesamedomain.Internally,userswillalwaysbeidentifiedbytheconcatenationoftheirusernameanddomain.

    Consequently,activatingthisparameteronanexistingsystemimpliesthatuseridentifierswillchangeandtheirpreviouscalendarsandad-dressbookswillnolongerbeaccessibleunlessaconversionisperformed.

    DefaultstoNOwhenunset.

    S SOGoLoginDomainsParameterusedtodefinewhichdomainsshouldbeselectablefromtheloginpage.Thisparameterisanarrayofkeysfromthedomainsdictionary.

    Defaultstoanemptyarray,whichmeansthatnodomainsappearontheloginpage.Ifyoupreferhavingthedomainnameslisted,justusetheseaskeysforthethedomainsdictionary.

    S SOGoDomainsVisibilityParameterusedtosetdomainsvisibleamongthemselves.Thisparameterisanarrayofar-rays.

    Example:SOGoDomainsVisibility = ((acme,coyote));

    Defaultstoanemptyarray,whichmeansdo-mainsareisolatedfromeachother.

    ApacheConfiguration

    TheSOGoconfigurationforApacheislocatedin/etc/httpd/conf.d/SOGo.conf.

    UponSOGoinstallation,adefaultconfigurationfileiscreatedwhichissuitableformostconfigu-rations.

    YoumustalsoconfigurethefollowingparametersintheSOGoconfigurationfileforApacheinordertohaveaworkinginstallation:

    RequestHeader set "x-webobjects-server-port" "80"RequestHeaderset "x-webobjects-server-name" "yourhostname"RequestHeader set"x-webobjects-server-url" "http://yourhostname"

    YoumayconsiderenablingSSLontopofthiscurrentinstallationtosecureaccesstoyourSOGoinstallation.

    Seehttp://httpd.apache.org/docs/2.2/ssl/fordetails.

    http://httpd.apache.org/docs/2.2/ssl/

  • Chapter5

    Configuration 44

    YoumightalsohavetoadjusttheconfigurationifyouhaveSELinuxenabled.

    Thedefaultconfigurationwillusemod_proxyandmod_headerstorelayrequeststothesogodparentprocess.Thisissuitableforsmalltomediumdeployments.

    StartingServices

    OnceSOGoiffullyinstalledandconfigured,starttheservicesusingthefollowingcommand:

    service sogod start

    YoumayverifyusingthechkconfigcommandthattheSOGoserviceisautomaticallystartedatboottime.RestarttheApacheservicesincemodulesandconfigurationfileswereadded:

    service httpd restart

    Finally,youshouldalsomakesurethatthememcachedserviceisstartedandthatitisalsoautomat-icallystartedatboottime.

    CronjobEMailreminders

    SOGoallowsyoutosetemail-basedremindersforeventsandtasks.Toenablethis,youmustenabletheSOGoEnableEMailAlarmspreferenceandsettheOCSEMailAlarmsFolderURLpreferenceaccord-ingly.

    Onceyouvecorrectlysetthosetwopreferences,youmustcreateacronjobthatwillrununderthe"sogo"user.Thiscronjobshouldberuneveryminute.

    Acommentedoutexampleshouldhavebeeninstalledin/etc/cron.d/sogo,toenableit,simplyuncommentit.

    Asareference,thecronjobshoulddedefinedlikethis:

    * * * * * /usr/sbin/sogo-ealarms-notify

    If your mail server requires use of SMTP AUTH, specify acredential file using -p /path/to/credFile. This file shouldcontain the username and password, separated by acolon(username:password)

  • Chapter5

    Configuration 45

    CronjobVacationmessagesexpiration

    Whenvacationmessagesareenabled(seetheparameterSOGoVacationEnabled),userscansetanexpirationdatetomessagesauto-reply.Forthisfeaturetowork,youmustrunacronjobunderthe"sogo"user.

    Acommentedoutexample shouldhavebeen installedin/etc/cron.d/sogo.Toworkcorrectlythistoolmustloginasanadministrativeuseronthesieveserver.Therequiredcredentialsmustbespecifiedinafilebyusing-p/path/to/credFile.Thisfileshouldcontaintheusernameandpassword,separatedbyacolon(username:password).

    Thecronjobshouldlooklikethis:

    0 0 * * *sogo /usr/sbin/sogo-tool expire-autoreply -p/etc/sogo/sieve.creds

  • Chapter6

    ManagingUserAccounts 46

    ManagingUserAccounts

    CreatingtheSOGoAdministrativeAccount

    First, create the SOGo administrative account in your LDAPserver. The following LDIF file(sogo.ldif)canbeusedasanexample:

    dn: uid=sogo,ou=users,dc=acme,dc=comobjectClass: topobjectClass:inetOrgPersonobjectClass: personobjectClass:organizationalPersonuid: sogocn: SOGo Administratormail:[emailprotected]: AdministratorgivenName: SOGo

    LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:

    ldapadd -f sogo.ldif -x -w qwerty -Dcn=Manager,dc=acme,dc=com

    Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:

    ldappasswd -h localhost -x -w qwerty -Dcn=Manager,dc=acme,dc=com uid=sogo,ou=users,dc=acme,dc=com -sqwerty

    CreatingaUserAccount

    SOGousesLDAPdirectoriestoauthenticateusers.UsethefollowingLDIFfile(jdoe.ldif)asanexampletocreateaSOGouseraccount:

  • Chapter6

    ManagingUserAccounts 47

    dn: uid=jdoe,ou=users,dc=acme,dc=comobjectClass: topobjectClass:inetOrgPersonobjectClass: personobjectClass:organizationalPersonuid: jdoecn: John Doemail: [emailprotected]:DoegivenName: John

    LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:

    ldapadd -f jdoe.ldif -x -w qwerty -Dcn=Manager,dc=acme,dc=com

    Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:

    ldappasswd -h localhost -x -w qwerty -Dcn=Manager,dc=acme,dc=com uid=jdoe,ou=users,dc=acme,dc=com -sqwerty

    Asanalternativetousingcommand-linetools,youcanalsouseLDAPeditorssuchasLumaorApacheDirectoryStudiotomakeyourworkeasier.TheseGUIutilitiescanmakeuseoftemplatestocreateandpre-configuretypicaluseraccountsoranystandardizedLDAPrecord,alongwiththecorrectobjectclasses,fieldsanddefaultvalues.

  • Chapter7

    MicrosoftActiveSync 48

    MicrosoftActiveSync

    SOGosupportstheMicrosoftActiveSyncprotocol.

    ActiveSyncclientscanfullysynchronizecontacts,emails,eventsandtaskswithSOGo.FreebusyandGALlookupsarealsosupported,aswellas"Smartreply"and"Smartforward"operations.

    ToenableMicrosoftActiveSyncsupportinSOGo,youmustinstalltherequiredpackages.

    yum install sogo-activesync libwbxml

    Onceinstalled,simplyuncommentthefollowinglinesfromyourSOGoApacheconfiguration:

    ProxyPass /Microsoft-Server-ActiveSync \http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ retry=60connectiontimeout=5 timeout=360

    RestartApacheafterwards.

    ThefollowingadditionalparametersonlyaffectSOGowhenusingActiveSync:

    S SOGoMaximumPingIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaPingcommand.

    Ifnotset,itdefaultsto5seconds.

    S SOGoMaximumSyncIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaSynccommand.

    Ifnotset,itdefaultsto30seconds.

    S SOGoInternalSyncIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforedo-inganinternalcheckfordatachanges(add,delete,andupdate).ThisparametermustbelowerthanSOGoMaximumSyncInterval.

    Ifnotset,itdefaultsto10seconds.

    S SOGoMaximumSyncWindowSizeParameterusedtooverwritethemaximumnumberofitemsreturnedduringaSyncopera-tion.

    Defaultsto0,whichmeansnooverwriteisper-formed.

  • Chapter7

    MicrosoftActiveSync 49

    Settingthisparametertoavaluegreaterthan512willhaveunexpectedbehaviourwithvari-ousActiveSyncclients.

    Pleasebeawareofthefollowinglimitations:

    Currently,onlythepersonalcalendarandaddressbookaresynchronized.Addingsupportforallfoldersisplanned.

    WhencreatinganOutlook2013profile,youmustactuallykillOutlookbeforetheendofthecreationprocess.Seehttp://www.vionblog.com/connect-zimbra-community-with-outlook-2013foraprocedureexample.

    Outlook2013doesnotsearchtheGAL.OnepossiblealternativesolutionistoconfigureOutlooktouseaLDAPserver(overSSL)withauthentication.Alternatively,whensupportingmorethanjustthepersonaladdressbook,wellalsobeabletoexposetheLDAP/SQLbasedaddressbooksinSOGooverActiveSync.

    Makesureyoudonotuseaself-signedcertificate.Whilethiswillwork,Outlookwillworkinter-mittentlyasitwillraisepopupsforcertificatevalidation,sometimesinbackground,preventingtheusertoseethewarningandthus,preventinganysynchronizationtohappen.

    ActiveSyncclientskeepconnectionsopenforawhile.Eachconnectionwillgrabaholdonasogodprocesssoyouwillneedalotofprocessestohandlemanyclients.ThislimitationwilleventuallybeovercomeinSOGo.

    Repetitiveeventswithoccurrencesexceptionsarecurrentlynotsupported.

    Outlook2013Autodiscoveryiscurrentlynotsupported.

    Outlook2013freebusylookupsaresupportedusingtheInternetFree/BusyfeatureofOutlook2013.Pleaseseehttp://support.microsoft.com/kb/291621forconfigurationinstructions.OntheSOGoside,SOGoEnablePublicAccessmustbesettoYESandtheURLtousemustbeofthefol-lowingformat:http:///SOGo/dav/public/%NAME%/freebusy.ifb

    InordertousetheSOGoActiveSyncsupportcodeinproductionenvironments,youneedtogetaproperusagelicensefromMicrosoft.Pleasecontactthemdirectlytonegotiatethefeesassociatedtoyouruserbase.

    TocontactMicrosoft,pleasevisit:

    http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxand send [emailprotected]

    Inverseinc.providesthissoftwareforfree,butisnotresponsibleforanythingrelatedtoitsusage.

    http://www.vionblog.com/connect-zimbra-community-with-outlook-2013http://support.microsoft.com/kb/291621http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxmailto:[emailprotected]

  • Chapter8

    UsingSOGo 50

    UsingSOGo

    SOGoWebInterface

    ToaccestheSOGoWebInterface,pointyourWebbrowser,whichisrunningfromthesameserverwhereSOGowasinstalled,tothefollowingURL:http://localhost/SOGo.

    Loginusingthe"jdoe"userandthe"qwerty"password.Theunderlyingdatabasetableswillauto-maticallybecreatedbySOGo.

    MozillaThunderbirdandLightning

    Alternatively,youcanaccessSOGowithaGroupDAVandaCalDAVclient.Atypicalwell-integratedsetupistouseMozillaThunderbirdandMozillaLightningalongwithInversesSOGoConnectorplugintosynchronizeyouraddressbooksandtheInversesSOGoIntegratorplugintoprovideacompleteintegrationofthefeaturesofSOGointoThunderbirdandLightning.RefertothedocumentationofThunderbirdtoconfigureaninitialIMAPaccountpointingtoyourSOGoserverandusingtheusernameandpasswordmentionedabove.

    WiththeSOGoIntegratorplugin,yourcalendarsandaddressbookswillbeautomaticallydiscoveredwhenyoulogininThunderbird.Thisplugincanalsopropagatespecificextensionsanddefaultusersettingsamongyoursite.However,beawarethatinordertousetheSOGoIntegratorplugin,youwillneedtorepackageitwithspecificmodifications.Pleaserefertothedocumentationpublishedonline:

    http://www.sogo.nu/downloads/documentation.html

    IfyouonlyusetheSOGoConnectorplugin,youcanstilleasilyaccessyourdata.

    Toaccessyourpersonaladdressbook:

    ChooseGo>AddressBook.

    ChooseFile>New>RemoteAddressBook.

    EnterasignificantnameforyourcalendarintheNamefield.

    TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Contacts/person-al/

    http://localhost/SOGohttp://www.sogo.nu/downloads/documentation.html

  • Chapter8

    UsingSOGo 51

    ClickonOK.

    Toaccessyourpersonalcalendar:

    ChooseGo>Calendar.

    ChooseCalendar>NewCalendar.

    SelectOntheNetworkandclickonContinue.

    SelectCalDAV.

    TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Calendar/person-al/

    ClickonContinue.

    AppleiCal

    AppleiCalcanalsobeusedasaclientapplicationforSOGo.

    ToconfigureitsoitworkswithSOGo,createanewaccountandspecify,astheAccountURL,anURLsuchas:

    http://localhost/SOGo/dav/jdoe/

    NotethatthetrailingslashisimportantforAppleiCal3.

    AppleAddressBook

    SinceMacOSX10.6(SnowLeopard),AppleAddressBookcanbeconfiguredtouseSOGo.

    Inordertomakethiswork,youmustaddanewvirtualhostinyourApacheconfigurationfiletolistenonport8800andhandlerequestscomingfromiOSdevices.

    Thevirtualhostshouldbedefinedlike:

    http://localhost/SOGo/dav/jdoe/

  • Chapter8

    UsingSOGo 52

    RewriteEngine Off ProxyRequests Off SetEnv proxy-nokeepalive 1ProxyPreserveHost On ProxyPassInterpolateEnv On ProxyPass/principals http://127.0.0.1:20000/SOGo/dav/ interpolate ProxyPass/SOGo http://127.0.0.1:20000/SOGo interpolate ProxyPass /http://127.0.0.1:20000/SOGo/dav/ interpolate

    Order allow,deny Allow from all RequestHeader set"x-webobjects-server-port" "8800" RequestHeader set"x-webobjects-server-name" "acme.com:8800" RequestHeader set"x-webobjects-server-url" "http://acme.com:8800" RequestHeader set"x-webobjects-server-protocol" "HTTP/1.0" RequestHeader set"x-webobjects-remote-host" "127.0.0.1" AddDefaultCharset UTF-8ErrorLog /var/log/apache2/ab-error.log CustomLog/var/log/apache2/ab-access.log combined

    ThisconfigurationisalsorequiredifyouwanttoconfigureaCardDAVaccountonanAppleiOSdevice(version4.0andlater).

    MicrosoftActiveSync/MobileDevices

    Youcansynchronizecontacts,emails,eventsandtasksfromSOGowithanymobiledevicesthatsupportMicrosoftActiveSync.MicrosoftOutlook2013isalsosupported.

    The Microsoft ActiveSync server URL is generally something like:http://localhost/Mi-crosoft-Active-Sync.

  • Chapter9

    Upgrading 53

    Upgrading

    ThissectiondescribeswhatneedstobedonewhenupgradingtothecurrentversionofSOGofromthepreviousrelease.

    2.2.8

    Theconfigurationconfigurationparameterswererenamed:

    SOGoMailMessageCheckwasreplacedwithSOGoRefreshViewCheckSOGoMailPollingIntervalswasreplacedwithSOGoRefreshViewIntervals

    Backwardcompatibilityisinplacefortheoldpreferencesvalues.

    2.0.5

    Theconfigurationisnowstoredin/etc/sogo/sogo.conf.Performthefollowingcommandsasroottomigrateyourprevioususerdefaults:

    install -d -m 750 -o sogo -g sogo /etc/sogosudo -u sogosogo-tool dump-defaults > /etc/sogo/sogo.confchown root:sogo/etc/sogo/sogo.confchmod 640 /etc/sogo/sogo.confsudo -u sogo mv~/GNUstep/Defaults/.GNUstepDefaults \~/GNUstep/Defaults/GNUstepDefaults.old

    2.0.4

    TheparameterSOGoForceIMAPLoginWithEmailisnowdeprecatedandisreplacedbySOGoForce-ExternalLoginWithEmail(whichextendsthefunctionalitytoSMTPauthentication).Updateyourconfigurationifyouusethisparameter.

    Thesogouserisnowasystemuser.Fornewinstalls,thismeansthatsu -sogowontworkany-more.Pleaseusesudo -u sogoinstead.Ifusedinscriptsfromcronjobs,requirettymustbedisabledinsudoers.

    1.3.17

    Runtheshellscriptsql-update-1.3.16_to_1.3.17.shorsql-update-1.3.16_to_1.3.17-mysql.sh(ifyouuseMySQL).

    Thiswillgrowthe"cycleinfo"fieldofcalendartablestoalargersize.

    1.3.12

    OnceyouhaveupdatedandrestartedSOGo,runtheshellscriptsql-update-1.3.11_to_1.3.12.shorsql-update-1.3.11_to_1.3.12-mysql.sh(ifyouuseMySQL).

    Thiswillgrowthe"content"fieldofcalendarandaddressbooktablestoalargersizeandfixtheprimarykeyofthesessiontable.

    1.3.9

  • Chapter9

    Upgrading 54

    ForRedHat-baseddistributions,version1.23ofGNUstepwillbeinstalled.SincethelocationoftheWebresourceschanges,theApacheconfigurationfile(SOGo.conf)hasbeenadapted.VerifyyourApacheconfigurationifyouhavecustomizedthisfile.

  • Chapter10

    AdditionalInformation 55

    AdditionalInformation

    Formoreinformation,pleaseconsulttheonlineFAQs(FrequentlyAskedQuestions):

    http://www.sogo.nu/english/support/faq.html

    Youcanalsoreadthemailingarchivesorpostyourquestionstoit.Fordetails,see:

    https://lists.inverse.ca/sogo

    http://www.sogo.nu/english/support/faq.htmlhttps://lists.inverse.ca/sogo

  • Chapter11

    CommercialSupportandContactInformation 56

    CommercialSupportandContactInformation

    Foranyquestionsorcomments,donothesitatetocontactusbywritinganemailto:

    [emailprotected]

    Inverse(http://inverse.ca)offersprofessionalservicesaroundSOGotohelporganizationsdeploythesolutionandmigratefromtheirlegacysystems.

    mailto:[emailprotected]://inverse.ca/

SOGo Installation Guide - [PDF Document] (2024)

FAQs

How to configure SOGo? ›

  1. Step 1: System Update. Ensure your system packages are up-to-date: ...
  2. Step 2: Install Dependencies. SOGo requires several dependencies. ...
  3. Step 3: Add SOGo Repository and Install SOGo. Add the SOGo repository to your system: ...
  4. Step 4: Configure SOGo. ...
  5. Step 5: Set Up Reverse Proxy. ...
  6. Step 6: Access SOGo.
Jan 7, 2024

What is the port number for SMTP in SOGo? ›

Other parameters that you may need when configuring your account manually: POP3 port: 995. IMAP port: 993. SMTP port: 587.

What is a SOGo server? ›

SOGo is a free and modern scalable groupware server. SOGo is standard-compliant. It supports CalDAV, CardDAV, GroupDAV, iMIP and iTIP and reuses existing IMAP, SMTP and database servers - making the solution easy to deploy and interoperable with many applications.

Is SOGo a mail server? ›

Ready to use open-source mail server

SOGomail combines the best of two worlds: open-source and proven, ready-to-use software. SOGomail is based on SOGo open source technology embedded in an advanced and easy to use administration environment. SOGomail email server can be deployed and operated in any environment.

How do I add SOGo mail to Outlook? ›

Using SOGo with Outlook
  1. Finding your SOGo URL. SOGo URLs always follow the same template: https://yoururl-tld.netcup-mail.de/ ...
  2. Open Outlook. Open Outlook. ...
  3. Setup. Click on "Microsoft Exchange Server".
  4. Entering SOGo data. Enter your data as follows: ...
  5. Success. You have successfully connected your SOGo account with Outlook.

How do I add an identity to SOGo? ›

To add an identity, go to Preferences -> Mail -> IMAP Accounts -> New identity : By default, user's cannot change their full name inside SOGo.

How do I setup a SMTP server address? ›

How to Install and Configure SMTP Server on Windows
  1. Step 1: Add Roles and Features in Server Manager Dashboard.
  2. Step 2: Select Installation Type.
  3. Step 3: Select Destination Server.
  4. Step 4: Select Server Role.
  5. Step 5: Select Features.
  6. Step 6: Install Missing Features.
  7. Step 7: Confirm Installation.
Mar 1, 2023

How do I find my SMTP server details? ›

Follow these steps:
  1. Open the command prompt or terminal on your computer.
  2. Enter the command: nslookup -type=mx yourdomain.com (replace “yourdomain.com” with your email domain).
  3. Press Enter.
  4. The MX records for your email domain will be displayed, including the SMTP server address.
Jun 15, 2023

Where can I find my SMTP server details? ›

You can generally find your SMTP email server address in the account or settings section of your mail client. Using a store and forward process, SMTP works with the mail transfer agent to move your email across networks to the right computer and email inbox.

What is SOGo webmail? ›

What is SOGo? SOGo is a groupware server that provides a rich AJAX-based Web interface and offers your users a uniform and complete interface to access their information. The SOGo Webmail extension provides the following features: Localization. SOGo is available in over a dozen languages so you'll always feel at home.

Is SOGo open source? ›

SOGo, an Open Source Webmail for businesses and communities.

What is the company name of Hotel SOGo? ›

Hotel Sogo (ホテル ソウゴ, Hoteru Sougo) is a hotel chain in the Philippines managed and owned by the Global Comfort Group Corporation, which also owns the Icon Hotel and Eurotel hotel chains. Currently, the hotel group has 34 hotels over Metro Manila and 14 in 11 other provinces.

Who is the owner of SOGo? ›

Details. Hotel Sogo is a hotel chain in the Philippines managed and the Global Comfort Group Corporation, which also owns the Icon Hotel and Eurotel hotel chains.

Do you need an ID for SOGo? ›

Required Documents

Upon check-in, you are required to bring ID Card.

Is SOGo a Chinese company? ›

First established by Japanese retailers, Sogo Co., Ltd. (Japanese: 株式会社そごう), the department store is now owned by Lifestyle International Holdings (SEHK: 1212). In addition to the flagship store in Causeway Bay, Sogo Hong Kong operates a second store in Tsim Sha Tsui, Kowloon.

What is the SMTP port number? ›

Originally, the Simple Mail Transfer Protocol (SMTP) used port 25. Today, SMTP should instead use port 587 — this is the port for encrypted email transmissions using SMTP Secure (SMTPS).

What is port 993 for SMTP? ›

Port 993 is the secure port for IMAP and it works over TLS/SSL encryption.

What is the port 993 used for? ›

Port 995 and port 993 are both related to securely downloading mail messages from email servers using SSL/TLS encryption. Port 995 is for doing so using the POP3 protocol, while port 993 is for using the IMAP protocol.

What service runs on port 143? ›

An IMAP server typically listens on port number 143. IMAP over SSL/TLS (IMAPS) is assigned the port number 993. Virtually all modern e-mail clients and servers support IMAP, which along with the earlier POP3 (Post Office Protocol) are the two most prevalent standard protocols for email retrieval.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Otha Schamberger

Last Updated:

Views: 5503

Rating: 4.4 / 5 (75 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Otha Schamberger

Birthday: 1999-08-15

Address: Suite 490 606 Hammes Ferry, Carterhaven, IL 62290

Phone: +8557035444877

Job: Forward IT Agent

Hobby: Fishing, Flying, Jewelry making, Digital arts, Sand art, Parkour, tabletop games

Introduction: My name is Otha Schamberger, I am a vast, good, healthy, cheerful, energetic, gorgeous, magnificent person who loves writing and wants to share my knowledge and understanding with you.