SOGo Installation Guide - [PDF Document] (2024)

InstallationandConfigurationGuideforversion2.2.9

InstallationandConfigurationGuideVersion2.2.9-September2014

Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-CoverTexts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense".

ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http://scripts.sil.org/OFL

CopyrightukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato".

CopyrightRaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLhttp://www.latofonts.com/http://levien.com/

iii

TableofContentsAbout thisGuide..............................................................................................................1Introduction.....................................................................................................................2

ArchitectureandCompatibility...................................................................................3SystemRequirements........................................................................................................5

Assumptions.............................................................................................................5MinimumHardwareRequirements..............................................................................5OperatingSystemRequirements................................................................................6

Installation.......................................................................................................................8SoftwareDownloads.................................................................................................8Software Installation.................................................................................................8

Configuration.................................................................................................................10GNUstepEnvironmentOverview.............................................................................10PreferencesHierarchy.............................................................................................10GeneralPreferences................................................................................................11AuthenticationusingLDAP......................................................................................18LDAPAttributes Indexing........................................................................................24LDAPAttributesMapping........................................................................................24AuthenticatingusingC.A.S.......................................................................................26AuthenticatingusingSAML2....................................................................................27DatabaseConfiguration...........................................................................................27AuthenticationusingSQL........................................................................................29SMTPServerConfiguration.....................................................................................31IMAPServerConfiguration......................................................................................32WebInterfaceConfiguration....................................................................................34SOGoConfigurationSummary.................................................................................40Multi-domainsConfiguration....................................................................................41ApacheConfiguration..............................................................................................43StartingServices.....................................................................................................44CronjobEMailreminders......................................................................................44CronjobVacationmessagesexpiration...................................................................45

ManagingUserAccounts.................................................................................................46CreatingtheSOGoAdministrativeAccount...............................................................46CreatingaUserAccount.........................................................................................46

MicrosoftActiveSync......................................................................................................48UsingSOGo...................................................................................................................50

SOGoWebInterface..............................................................................................50MozillaThunderbirdandLightning............................................................................50Apple iCal..............................................................................................................51AppleAddressBook.................................................................................................51MicrosoftActiveSync/MobileDevices.....................................................................52

Upgrading......................................................................................................................53Additional Information.....................................................................................................55CommercialSupportandContactInformation...................................................................56

Chapter1

AboutthisGuide 1

AboutthisGuide

ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution.ItalsocoverstheinstallationandconfigurationofSOGoActiveSyncsupportthesolutionusedtosyn-chronizemobiledeviceswithSOGo.

Theinstructionsarebasedonversion2.2.9ofSOGo.

Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html.

http://www.sogo.nu/downloads/documentation.html

Chapter2

Introduction 2

Introduction

SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,andemailsthroughyourfavouriteWebbrowserandbyusinganativeclientsuchasMozillaThunderbirdandLightning.

SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreusesexistingIMAP,SMTPanddatabaseservers-makingthesolutioneasytodeployandinteroperablewithmanyapplications.

SOGofeatures:

Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers

RichWeb-based interface thatshares the lookandfeel, thefeaturesandthedataofMozillaThunderbirdandLightning

ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorandtheSOGoIntegrator

NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013

Two-way synchronization supportwithanyMicrosoftActiveSync-capable device, orOutlook2013

SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope.Moreinformationcanbefoundathttp://www.sogo.nu/

http://www.sogo.nu/

Chapter2

Introduction 3

ArchitectureandCompatibility

Chapter2

Introduction 4

StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocom-municatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoftActiveSyncprotocolarealsosupported.

ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGoNativeMicrosoftOutlookConfigurationGuide.

Chapter3

SystemRequirements 5

SystemRequirements

Assumptions

SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing:

Databaseserver(MySQL,PostgreSQLorOracle)

LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers)

SMTPserver(Postfix,Sendmailandothers)

IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers)

Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhostor127.0.0.1)thatSOGowillbeinstalledon.

GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo.Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentationandproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwiththisguide.

Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversionnumbers:

Databaseserver PostgreSQL7.4orlater

LDAPserver OpenLDAP2.3.xorlater

SMTPserver Postfix2.x

IMAPserver CyrusIMAPServer2.3.xorlater

Morerecentversionsofthesoftwarementionedabovecanalsobeused.

MinimumHardwareRequirements

Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobilede-vices:

Server Evaluationandtesting

Intel,AMD,orPowerPCCPU1GHz

Chapter3

SystemRequirements 6

512MBofRAM 1GBofdiskspace

Production

Intel,AMDorPowerPCCPU3GHz 2048MBofRAM10GBofdiskspace(excludingthemailstore)

Desktop General

Intel,AMD,orPowerPCCPU1.5GHz 1024x768monitorresolution512MBofRAM 128Kbpsorhighernetworkconnection

MicrosoftWindows

MicrosoftWindowsXPSP2orVista

AppleMacOSX

AppleMacOSX10.2orlater

Linux

YourfavouriteGNU/Linuxdistribution

MobileDeviceAnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftAc-tiveSync.

OperatingSystemRequirements

Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo:

RedHatEnterpriseLinux(RHEL)Server5and6

CommunityENTerpriseOperatingSystem(CentOS)5and6

DebianGNU/Linux5.0(Lenny)to7.0(Wheezy)

Ubuntu10.04(Lucid)to14.04(Trusty)

MakesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunningbeforeproceedingwiththeSOGoconfiguration.Alsomake sure that you can installadditionalpackagesfromyourstandarddistribution.Forexample,ifyouareusingRedHatEnterpriseLinux5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftwareinstallation.

ThisdocumentcoverstheinstallationofSOGounderRHEL6.

ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteathttp://www.sogo.nu/.Underthedownloads section, youwill find links for installation stepsforDebianandUbuntu.

http://www.sogo.nu/

Chapter3

SystemRequirements 7

NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefol-lowedinordertofullyconfigureSOGo.

Chapter4

Installation 8

Installation

ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.ThestepsdescribedhereapplytoanRPM-basedinstallationforaRedHatorCentOSdistribution.

SoftwareDownloads

SOGo can be installed using the+yum+utility. To do so, firstcreate the/etc/yum.repos.d/inverse.repoconfigurationfilewiththefollowingcontent:

[SOGo]name=Inverse SOGoRepositorybaseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearchgpgcheck=0

SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge(previouslyknownasRPMforge).ToaddRepoForgetoyourpackagessources,downloadandinstalltheappropriateRPMpackagefromhttp://packages.sw.be/rpmforge-release/.Alsomakesureyouenabledthe"rpmforge-extras"repository.

FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/.

SoftwareInstallation

Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsde-pendencies.Todoso,proceedwiththefollowingcommand:

yum install sogo

ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached.Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitableforyourenvironment.Youneedtoinstallsope49-gdl1-postgresqlforthePostgreSQLdatabasesystem,sope49-gdl1-mysqlforMySQLorsope49-gdl1-oracleforOracle.Theinstallationcom-mandwillthuslooklikethis:

yum install sope49-gdl1-postgresql

http://packages.sw.be/rpmforge-release/http://repoforge.org/use/

Chapter4

Installation 9

Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit.

Chapter5

Configuration 10

Configuration

Inthissection,youlllearnhowtoconfigureSOGotouseyourexistingLDAP,SMTPanddatabaseservers.Aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveronwhichSOGoisbeinginstalled.Ifthisisnotthecase,pleaseadjusttheconfigurationparameterstoreflectthosechanges.

GNUstepEnvironmentOverview

SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationoftheOpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktopapplications.Amongthosefacilities,thereisaconfigurationAPIsimilartothe"Registry"paradigminMicrosoftWindows.InOpenSTEP,GNUstepandMacOSX,thesearecalledthe"userdefaults".

InSOGo, theusersapplicationssettingsarestoredin/etc/sogo/sogo.conf.Youcanuseyourfavouritetexteditortomodifythefile.

Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes:arrays,dictionaries(orhashes), stringsandnumbers.Numbersare representedas-is, exceptforbooleanswhichcantaketheunquotedvaluesYESandNO.Stringsarenotmandatorilyquoted,butdoingsowillavoidyoumanyproblems.Adictionaryisasequenceofkeyandvaluepairsseparatedintheirmiddlewitha=sign.Itstartswitha\{andendswithacorresponding}.Eachvaluedefinitioninadictionaryendswithasemicolon.Anarrayisachainofvaluesstartingwith(andendingwith),wherethevaluesareseparatedwitha,.Also,thefilegenerallyfollowsaC-styleindentationforclaritybutthisindentationisnotrequired,onlyrecommended.Blockcommentsaredelimitedby/*and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//.

PreferencesHierarchy

SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofuserswithinoneinstallationofSOGo.Auserassociatedtoadomainislimitedtoaccessonlytheusersdatafromthesamedomain.Consequently,theconfigurationparametersofSOGoaredefinedonthreelevels:

Chapter5

Configuration 11

Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethede-faultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldo-mainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf,whiletheuserspreferencesareconfigurablebytheuserandstoredinSOGosdatabase.

Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviationsinthetablesofthisdocument:

S Parameterexclusivetothesystemandnotconfigurableperdomain

D Parameterexclusivetoadomainandnotconfigurableperuser

U Parameterconfigurablebytheuser

Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedataparentlevel.

GeneralPreferences

Thefollowingtabledescribesthegeneralparametersthatcanbeset:

S WOWorkersCountTheamountofinstancesofSOGothatwillbespawnedtohandlemultiplerequestssimulta-neously.Whenstartedfromtheinitscript,thatamountisoverridenbythePREFORKvaluein/etc/sysconfig/sogoor/etc/default/sogo.Avalueof3isareasonabledefaultforlowus-age.ThemaximumvaluedependsontheCPU

Chapter5

Configuration 12

andIOpowerprovidedbyyourmachine:aval-uesettoohighwillactuallydecreaseperfor-mancesunderhighload.

Defaultsto1whenunset.

S WOListenQueueSizeThisparametercontrolsthebacklogsizeofthesocketlistenqueue.Forlarge-scaledeploy-ments,thisvaluemustbeadjustedincaseallworkersarebusyandtheparentprocessesre-ceiveslotsofincomingconnections.

Defaultsto5whenunset.

S WOPortTheTCPlisteningaddressandportusedbytheSOGodaemon.Theformatisipaddress:port.

Defaultsto127.0.0.1:20000whenunset.

S WOLogFileThefilepathwheretologmessages.Specify-tologtotheconsole.

Defaultsto/var/log/sogo/sogo.log.

S WOPidFile Thefilepathwheretheparentprocessidwillbewritten.

Defaultsto/var/run/sogo/sogo.pid.

S WOWatchDogRequestTimeoutThisparameterspecifiesthenumberofminutesafterwhichabusychildprocesswillbekilledbytheparentprocess.

Defaultsto10(minutes).

Donotsetthistoolowaschildprocessesre-plyingtoclientsonaslowinternetconnectioncouldbekilledprematurely.

S SxVMemLimitParameterusedtosetthemaximumamountofmemory(inmegabytes)thatachildcanuse.Reachingthatvaluewillforcechildrenprocess-estorestart,inordertopreservesystemmem-ory.

Defaultsto384.

S SOGoMemcachedHostParameterusedtosetthehostnameandop-tionallytheportofthememcachedserver.

ApathcanalsobeusediftheservermustbereachedviaaUnixsocket.

Defaultstolocalhost.

Seememcached_servers_parse(3)fordetailsonthesyntax.

S SOGoCacheCleanupIntervalParameterusedtosettheexpiration(insec-onds)ofeachobjectinthecache.

Chapter5

Configuration 13

Defaultsto300.

S SOGoAuthenticationTypeParameterusedtodefinethewaybywhichuserswillbeauthenticated.ForC.A.S.,speci-fycas.ForSAML2,specifysaml2.Foranythingelse,leavethatvalueempty.

S SOGoTrustProxyAuthenticationParameterusedtosetwhetherHTTPuser-nameshouldbetrusted.

DefaultstoNOwhenunset.

S SOGoEncryptionKeyParameterusedtodefineakeytoencryptthepasswordsofremoteWebcalendarswhenSO-GoTrustProxyAuthenticationisenabled.

S SOGoCASServiceURLWhenusingC.A.S.authentication,thisspeci-fiesthebaseurlforreachingtheC.A.S.service.ThiswillbeusedbySOGotodeducetheprop-erloginpageaswellastheotherC.A.S.ser-vicesthatSOGowilluse.

S SOGoCASLogoutEnabledBooleanvalueindicatingwhetherthe"Logout"linkisenabledwhenusingC.A.S.asauthentica-tionmechanism.

The"Logout"linkwillendupcallingSOGo-CASServiceURL/logouttoterminatetheclientssinglesign-onC.A.S.session.

S SOGoAddressBookDAVAccessEnabledParametercontrollingWebDAVaccesstotheContactscollections.Thiscanbeusedtode-nyaccesstotheseresourcesfromLightningforexample.

DefaultstoYESwhenunset.

S SOGoCalendarDAVAccessEnabledParametercontrollingWebDAVaccesstotheCalendarcollections.

Thiscanbeusedtodenyaccesstothesere-sourcesfromLightningforexample.

DefaultstoYESwhenunset.

S SOGoSAML2PrivateKeyLocationThelocationoftheSSLprivatekeyfileonthefilesystemthatisusedbySOGotosignanden-cryptcommunicationswiththeSAML2identityprovider.ThisfilemustbegeneratedforeachrunningSOGoservice(ratherthanhost).

S SOGoSAML2CertiticateLocationThelocationoftheSSLcertificatefile.ThisfilemustbegeneratedforeachrunningSOGoser-vice.

S SOGoSAML2IdpMetadataLocationThelocationofthemetadatafilethatdescribestheservicesavailableontheSAML2identifyprovider.

S SOGoSAML2IdpPublicKeyLocationThelocationoftheSSLpublickeyfileonthefilesystemthatisusedbySOGotosignanden-

Chapter5

Configuration 14

cryptcommunicationswiththeSAML2identityprovider.Thisfileshouldbepartofthesetupofyouridentityprovider.

S SOGoSAML2IdpCertificateLocationThelocationoftheSSLcertificatefile.Thisfileshouldbepartofthesetupofyouridentityprovider.

S SOGoSAML2LogoutEnabledBooleanvalueindicatedwhetherthe"Logout"linkisenabledwhenusingSAML2asauthenti-cationmechanism.

D SOGoTimeZoneParameterusedtosetadefaulttimezoneforusers.ThedefaulttimezoneissettoUTC.TheOlsondatabaseisastandarddatabasethattakesallthetimezonesaroundtheworldintoaccountandrepresentsthemalongwiththeirhistory.OnGNU/Linuxsystems,timezonede-finitionfilesareavailableunder/usr/share/zoneinfo.Listingtheavailablefileswillgiveyouthenameoftheavailabletimezones.ThiscouldbeAmerica/New_York,Europe/Berlin,Asia/TokyoorAfrica/Lubumbashi.

Inourexample,wesetthetimezonetoAmeri-ca/Montreal.

D SOGoMailDomainParameterusedtosetthedefaultdomainnameusedbySOGo.SOGousesthisparametertobuildthelistofvalidemailaddressesforusers.

Inourexample,wesetthedefaultdomaintoacme.com.

D SOGoAppointmentSendEMailNotificationsParameterusedtosetwhetherSOGosendsornotemailnotificationstomeetingparticipants.Possiblevaluesare:

YEStosendnotifications NOtonotsendnotifications

DefaultstoNOwhenunset.

D SOGoFoldersSendEMailNotificationsSameasabove,butthenotificationsaretrig-geredonthecreationofacalendaroranad-dressbook.

D SOGoACLsSendEMailNotificationsSameasabove,butthenotificationsaresenttotheinvolvedusersofacalendaroraddressbooksACLs.

D SOGoCalendarDefaultRolesParameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessacalendar.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofuptofivestrings.Eachstringdefiningaroleforaneventcatego-rymustbeginwithoneofthosevalues:

Public

Chapter5

Configuration 15

Confidential Private

Andeachstringmustendwithoneofthosevalues:

Viewer DAndTViewer Modifier Responder

Thearraycanalsocontainoneormanyofthefollowingstrings:

ObjectCreator ObjectEraser

Example:SOGoCalendarDefaultRoles = ("Ob-jectCreator","PublicViewer");

Defaultstonorolewhenunset.Recommend-edvaluesarePublicViewerandConfidential-DAndTViewer.

D SOGoContactsDefaultRolesParameterusedtodefinethedefaultroleswhengivingpermissionstoausertoaccessanaddressbook.Defaultsrolesareignoredforpublicaccesses.Mustbeanarrayofoneormanyofthefollowingstrings:

ObjectViewer ObjectEditor ObjectCreator ObjectEraser

Example:SOGoContactsDefaultRoles = ("Ob-jectEditor");

Defaultstonorolewhenunset.

D SOGoSuperUsernamesParameterusedtosetwhichusernamesrequireadministrativeprivilegesoveralltheusersta-bles.Forexample,thiscouldbeusedtoposteventsintheuserscalendarwithoutrequir-ingtheusertoconfigurehis/herACLs.Inthiscaseyouwillneedtospecifythosesuperusersusernameslikethis:SOGoSuperUsernames=([, , ...]);

U SOGoLanguageParameterusedtosetthedefaultlanguageusedintheWebinterfaceforSOGo.Possiblevaluesare:

BrazilianPortuguese Czech Dutch English

Chapter5

Configuration 16

French German Hungarian Italian Russian Spanish SwedishWelsh

D SOGoNotifyOnPersonalModificationsParameterusedtosetwhetherSOGosendsornotemailreceiptswhensomeonechangeshis/herowncalendar.Possiblevaluesare:

YEStosendnotifications NOtonotsendnotifications

DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.

D SOGoNotifyOnExternalModificationsParameterusedtosetwhetherSOGosendsornotemailreceiptswhenamodificationisbeingdonetohis/herowncalendarbysomeoneelse.Possiblevaluesare:

YEStosendnotifications NOtonotsendnotifications

DefaultstoNOwhenunset.Usercanoverwritethisfromthecalendarpropertieswindow.

D SOGoLDAPContactInfoAttributeParameterusedtospecifyanLDAPattributethatshouldbedisplayedwhenauto-completingusersearches.

D SOGoiPhoneForceAllDayTransparencyWhensettoYES,thiswillforceall-dayeventssentoverbyiPhoneOSbaseddevicestobetransparent.Thismeansthattheall-dayeventswillnotbeconsideredduringfreebusylookups.

DefaultstoNOwhenunset.

S SOGoEnablePublicAccessParameterusedtoallowornotyouruserstosharepublicly(ie.,requiringnotauthentication)theircalendarsandaddressbooks.

Possiblevaluesare:

YEStoallowthem NOtopreventthemfromdoingso

DefaultstoNOwhenunset.

S SOGoPasswordChangeEnabledParameterusedtoallowornotuserstochangetheirpasswordsfromSOGo.

Possiblevaluesare:

YEStoallowthem NOtopreventthemfromdoingso

Chapter5

Configuration 17

DefaultstoNOwhenunset.

Forthisfeaturetoworkproperlywhenauthen-ticatingagainstADorSamba4,theLDAPcon-nectionmustuseSSL/TLS.Serversiderestric-tionscanalsocausethepasswordchangetofail,inwhichcaseSOGowillonlylogaCon-straintviolation(0x13)error.Theserestrictionsincludepasswordtooyoung,complexitycon-straintsnotsatisfied,usercannotchangepass-word,etcAlsonotethatSambahasamini-mumpasswordageof1daybydefault.

S SOGoSupportedLanguagesParameterusedtoconfigurewhichlanguagesareavailablefromSOGosWebinterface.Avail-ablelanguagesarespecifiedasanarrayofstring.

Thedefaultvalueis:( "Czech", "Welsh","English", "Spanish","French", "Ger-man", "Italian", "Hungarian","Dutch","BrazilianPortuguese", "Polish", "Russ-ian", Ukrainian","Swedish" )

D SOGoHideSystemEMailParameterusedtocontrolifSOGoshouldhideornotthesystememailaddress(UIDFieldName@SOGoMailDomain).ThisiscurrentlylimitedtoCalDAV(calendar-user-ad-dress-set).

DefaultstoNOwhenunset.

D SOGoSearchMinimumWordLengthParameterusedtocontroltheminimumlengthtobeusedforthesearchstring(attendeecom-pletion,addressbooksearch,etc.)priortrigger-ingtheserver-sidesearchoperation.

Defaultsto2whenunsetwhichmeansasearchoperationwillbetriggeredonthe3rdtypedcharacter.

S SOGoMaximumFailedLoginCountParameterusedtocontrolthenumberoffailedloginattemptsrequiredduringSOGoMaximum-FailedLoginIntervalsecondsormore.Ifcondi-tionsaremet,theaccountwillbeblockedforSOGoFailedLoginBlockIntervalsecondssincethefirstfailedloginattempt.

Defaultvalueis0,ordisabled.

S SOGoMaximumFailedLoginIntervalNumberofseconds,defaultsto10.

S SOGoFailedLoginBlockIntervalNumberofseconds,defaultsto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.

S SOGoMaximumMessageSubmissionCountParameterusedtocontrolthenumberofemailmessagesausercansendfromSOGosweb-

mailto:UIDFieldName@SOGoMailDomain

Chapter5

Configuration 18

mailinterface,toSOGoMaximumRecipientCount,inSOGoMaximumSubmissionIntervalsecondsormore.Ifconditionsaremetorexceeded,theuserwontbeabletosendmailsforSOGoMes-sageSubmissionBlockIntervalseconds.

Defaultvalueis0,ordisabled.

S SOGoMaximumRecipientCountMaximumnumberofrecipients.Defaultvalueis0,ordisabled.

S SOGoMaximumSubmissionIntervalNumberofseconds,defaultsto30.

S SOGoMessageSubmissionBlockIntervalNumberofseconds,defaultto300(or5min-utes).NotethatSOGoCacheCleanupIntervalmustbesettoavalueequalorhigherthanSO-GoFailedLoginBlockInterval.

AuthenticationusingLDAP

SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks.SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_laterinthisdocument).Insertthefollowingtextintoyourconfigurationfiletoconfigureanauthen-ticationandglobaladdressbookusinganLDAPdirectoryserver:

SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName= uid; UIDFieldName = uid; IMAPHostFieldName = mailHost; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname ="ldap://127.0.0.1:389"; id = public; isAddressBook = YES; });

Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled.

Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,youcoulddefine,inyour.GNUstepDefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingtotheorganizationInversewithamailaddressandnotinactive:

filter = "(o='Inverse' AND mail='*' AND status 'inactive')";

Chapter5

Configuration 19

SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,youcanspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule:

displayName = "";isAddressBook = YES;

ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisanexample:

SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName= cn; UIDFieldName = sAMAccountName; baseDN ="cn=Users,dc=acme,dc=com"; bindDN ="cn=sogo,cn=Users,dc=acme,dc=com"; bindFields = (sAMAccountName);bindPassword = qwerty; canAuthenticate = YES; displayName = "ActiveDirectory"; hostname = ldap://10.0.0.1:389; id = directory;isAddressBook = YES; });

Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.ThatvalueisfoundbydoingasearchonthefieldsspecifiedinbindFields.Mostofthetime,therewillbeonlyonefieldbutitispossibletospecifymoreintheformofanarray(forexample,bindFields= (sAMAc-countName,cn)).Whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname.Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountNameentryinalltheusercards,andoncethiscardisfound,theuserDNofthiscardwillbeusedforcheckingtheuserspassword.

Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthenticationsources(ie.,canAuthenticatemustbesettoYESandagroupmusthaveavalidemailaddress).InorderforSOGotodetermineifaspecificLDAPentryisagroup,SOGowilllookforoneofthefollowingobjectClassattributes:

group

groupOfNames

groupOfUniqueNames

posixGroup

YoucansetACLsbasedongroupmembershipand inviteagrouptoameeting(andthegroupwillbedecomposedtoitslistofmembersuponsavebySOGo).YoucanalsocontrolthevisibilityofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingtheisAddressBookparametertoYESorNO.ThefollowingLDAPentryshowshowatypicalgroupisdefined:

Chapter5

Configuration 20

dn: cn=inverse,ou=groups,dc=inverse,dc=caobjectClass:groupOfUniqueNamesobjectClass: topobjectClass:extensibleObjectuniqueMember:uid=alice,ou=users,dc=inverse,dc=cauniqueMember:uid=bernard,ou=users,dc=inverse,dc=cauniqueMember:uid=bob,ou=users,dc=inverse,dc=cacn: inversestructuralObjectClass:groupOfUniqueNamesmail: [emailprotected]

ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe:

{ type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName= cn; baseDN = "ou=groups,dc=inverse,dc=ca; bindDN ="cn=sogo,ou=services,dc=inverse,dc=ca"; bindPassword = zot;canAuthenticate = YES; displayName = Inverse Groups; hostname =ldap://127.0.0.1:389; id = inverse_groups; isAddressBook =YES;}

ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource:

SOGoUserSourcesParameterusedtosettheLDAPand/orSQLsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesanLDAPsourcecancontainthefollowingvalues:

type Thetypeofthisusersource,settoldap`foranLDAPsource.

idTheidentificationnameoftheLDAPreposi-tory.Thismustbeuniqueevenwhenusingmultipledomains.

CNFieldName Thefieldthatreturnsthecompletename.

IDFieldNameThefieldthatstartsauserDNifbindFieldsisnotused.ThisfieldmustbeuniqueacrosstheentireSOGodomain.

D

UIDFieldName Thefieldthatreturnstheloginnameofauser.

ThereturnedvaluemustbeuniqueacrossthewholeSOGoinstallationsinceitisusedtoidentifytheuserinthefolder_infodatabasetable.

Chapter5

Configuration 21

MailFieldNamesAnarrayoffieldsthatreturnstheusersemailaddresses(defaultstomailwhenunset).

SearchFieldNamesAnarrayoffieldstotomatchagainstthesearchstringwhenfilteringusers(defaultstosn,displayName,andtelephoneNumberwhenunset).

IMAPHostFieldName(optional)ThefieldthatreturnseitheranURItotheIMAPserverasdescribedforSOGoIMAPServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoIMAPServerpara-meter.

IMAPLoginFieldName(optional)ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstothevalueofUIDFieldNamewhenunset).

SieveHostFieldName(optional)ThefieldthatreturnseitheranURItotheSIEVEserverasdescribedforSOGoSieveServ-er,orasimpleserverhostnamethatwouldbeusedasareplacementforthehostnamepartintheURIprovidedbytheSOGoSieveServerpara-meter.

baseDN ThebaseDNofyouruserentries.

KindFieldName(optional)Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.

ForLDAP-basedsources,SOGocanalsoauto-maticallydetermineifitsaresourceiftheentryhasthecalendarresourceobjectClassset.

MultipleBookingsFieldName(optional)Thevalueofthisattributeisthemaximumnumberofconcurrenteventstowhichare-sourcecanbepartofatanypointintime.

Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.

filter(optional)ThefiltertouseforLDAPqueries,itshouldbedefinedasanEOQualifier.Thefollowingopera-torsaresupported:

inequalityoperator =equalityoperator

MultiplequalifierscanbejoinedbyusingORandAND,theycanalsobegroupedtogetherbyusingparenthesis.Attributevaluesshouldbequotedtoavoidunexpectedbehaviour.

Forexample:filter ="(objectClass='mailUser'ORobjectClass='mailGroup') AND

Chapter5

Configuration 22

accountStatus='active' AND uid 'al-ice'";

scope(optional) EitherBASE,ONEorSUB.

bindDN TheDNoftheloginnametouseforbindingtoyourserver.

bindPassword Itspassword.

bindAsCurrentUserIfsettoYES,SOGowillalwayskeepbindingtotheLDAPserverusingtheDNofthecurrentlyauthenticateduser.IfbindFieldsisset,bindDNandbindPasswordwillstillberequiredtofindtheproperDNoftheuser.

bindFields(optional)Anarrayoffieldstousewhendoingindirectbinds.

hostname Aspace-delimitedlistofLDAPURLsorLDAPhostnames.

LDAPURLsarespecifiedinRFC4516andhavethefollowinggeneralformat:

scheme://host:port/DN?attributes?scope?filter?extensions

NotethatSOGodoesntcurrentlysupportDN,attributes,scopeandfilterinsuchURLs.Usingthemmayhaveundefinedsideeffects.

URLsexamples:

ldap://127.0.0.1:3389 ldaps://127.0.0.1ldap://127.0.0.1/????!StartTLS

port(deprecated) PortnumberoftheLDAPserver.

Anon-defaultportshouldbepartoftheldapURLinthehostnameparameter.

encryption(deprecated) EitherSSLorSTARTTLS

SSLshouldbespecifiedasldaps://intheLDAPURL.STARTTLSshouldbespecifiedasaLDAPExtensionintheLDAPURL(e.g.ldap://127.0.0.1/????!StartTLS)

userPasswordAlgorithmThealgorithmusedforpasswordencryptionwhenchangingpasswordswithoutPasswordPoliciesenabled.

Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants(plussettingoftheencodingwith.b64or.hex).

Chapter5

Configuration 23

Foramoredetaileddescriptionseehttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.

Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdatabase.

canAuthenticateIfsettoYES,thisLDAPsourceisusedforau-thentication

passwordPolicyIfsettoYES,SOGowillusetheextendedLDAPPasswordPoliciesattributes.IfyouLDAPserv-erdoesnotsupportthoseandyouactivatethisfeature,everyLDAPrequestswillfail.

isAddressBookIfsettoYES,thisLDAPsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.

displayName(optional)Ifsetasanaddressbook,thehumanidentifica-tionnameoftheLDAPrepository

ModulesConstraints(optional)Limitstheaccessofanymodulethroughacon-straintbasedonanLDAPattribute;mustbeadictionarywithkeysMail,and/orCalendar,forexample:

ModulesConstraints = { Calendar = { ou = employees; };};

mappingAdictionarythatmapscontactattributesusedbySOGototheLDAPattributesusedbytheschemaoftheLDAPsource.Eachentrymusthaveanattributenameaskeyandanarrayofstringsasvalue.Thisenablesactualfieldstobemappedoneafteranotherwhenfetchingcon-tactinformations.

SeetheLDAPAttributeMappingsectionbelowforanexampleandalistofsupportedattribut-es.

objectClassesWhenthemodifierslist(seebelow)isset,orwhenusingLDAP-baseduseraddressbooks(seeabOUbelow),thislistofobjectclasseswillbeappliedtonewrecordsastheyarecreated.

modifiersAlist(array)ofusernamesthatareauthorizedtoperformmodificationstotheaddressbookdefinedbythisLDAPsource.

http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes

Chapter5

Configuration 24

abOUThisfieldenablesLDAP-baseduseraddressbooksbyspecifyingtheval-ueoftheaddressbookcontainerbe-neatheachuserentry,forexample:ou=addressbooks,uid=username,dc=domain.

The following parameters can be defined along the other keys ofeach entry of theSO-GoUserSources,butcanalsodefinedatthedomainand/orsystemlevels:

D SOGoLDAPContactInfoAttributeParameterusedtospecifyanattributethatshouldappearinautocompletionofthewebin-terface.

D SOGoLDAPQueryLimitParameterusedtolimitthenumberofreturnedresultsfromtheLDAPserverwheneverSO-GoperformsaLDAPquery(forexample,dur-ingaddressescompletioninasharedaddressbook).

D SOGoLDAPQueryTimeoutParametertodefinethetimeoutofLDAPqueries.Theactualtimelimitforoperationsisalsoboundedbythemaximumtimethattheserverisconfiguredtoallow.

Defaultsto0(unlimited).

LDAPAttributesIndexing

ToensureproperperformanceoftheSOGoapplication,thefollowingLDAPattributesmustbefullyindexed:

givenName

cn

mail

sn

Pleaserefertothedocumentationofthesoftwareyouuseinordertoindexthoseattributes.

LDAPAttributesMapping

SomeLDAPattributesaremappedtocontactsattributesintheSOGoUI.Thetablebelowlistmostofthem.Itispossibletooverridethesebyusingthemappingconfigurationparameter.

Forexample,iftheLDAPschemausesthefaxattributetostorethefaxnumber,onecouldmapittothefacsimiletelephonenumberattributelikethis:

Chapter5

Configuration 25

mapping = \{facsimiletelephonenumber = ("fax","facsimiletelephonenumber");};

Name

First givenName

Last sn

DisplayName displayNameorcnorgivenName+sn

Nickname mozillanickname

Internet

Email mail

Secondaryemail mozillasecondemail

ScreenName nsaimid

Phones

Work telephoneNumber

Home homephone

Mobile mobile

Fax facsimiletelephonenumber

Pager pager

Home

Address mozillahomestreet+mozillahomestreet2

City mozillahomelocalityname

State/Province mozillahomestate

Zip/PostalCode mozillahomepostalcode

Country mozillahomecountryname

Webpage mozillahomeurl

Work

Title title

Department ou

Organization o

Address street+mozillaworkstreet2

City l

State/Province st

Zip/Postalcode postalCode

Country c

Webpage mozillaworkurl

Other

Birthday birthyear-birthmonth-birthday

Note description

Chapter5

Configuration 26

AuthenticatingusingC.A.S.

SOGonativelysupportsC.A.S.authentication.ForactivatingC.A.S.authenticationyouneedfirsttomakesurethattheSOGoAuthenticationTypesettingissettocasandthattheSOGoCASServiceURLsettingisconfiguredappropriately.

ThetrickypartshowsupwhenusingSOGoasafrontendinterfacetoanIMAPserverasthisimposesconstraintsneededbytheC.A.S.protocoltoensuresecurecommunicationbetweenthedifferentservices.Failingtotakethoseprecautionswillpreventusersfromaccessingtheirmails,whilestillgrantingbasicauthenticationtoSOGoitself.

ThefirstconstraintisthattheamountofworkersthatSOGousesmustbehigherthan1inordertoenabletheC.A.S.servicetoperformsomevalidationrequestsduringIMAPauthentication.Asingleworkeralonewouldnot,bydefinition,beabletorespondtotheC.A.S.requestswhiletreatingtheuserrequestthatrequiredthetriggeringofthoserequests.YoumustthereforeconfiguretheWOWorkersCountsettingappropriately.

ThesecondconstraintisthattheSOGoservicemustbeaccessibleandaccessedviahttps.More-over,thecertificateusedbytheSOGoserverhastoberecognizedandtrustedbytheC.A.S.ser-vice.Inthecaseofacertificateissuedbyathird-partyauthority,thereshouldbenothingtowor-ryabout.Inthecaseofaself-signedcertificate,thecertificatemustberegisteredinthetrustedkeystoreoftheC.A.S.application.Theproceduretoachievethiscanbesummarizedasimportingthecertificateintheproper"keystore"usingthekeytoolutilityandspecifyingthepathforthatkeystoretotheTomcatinstancewhichprovidestheC.A.S.service.Thisisdonebytweakingthejavax.net.ssl.trustStoresetting,eitherinthecatalina.propertiesfileorinthecommand-lineparameters.Ondebian,theSOGocertificatecanalsobeaddedtothetruststoreasfollows:

openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \-out /tmp/sogo-cert.derkeytool -import -keystore/etc/ssl/certs/java/cacerts \ -file /tmp/sogo-cert.der -aliassogo-cert# The keystore password is 'changeit'# tomcat must berestarted after this operation

Thecertificateusedby theCASservermustalsobe trustedbySOGo.Incaseofaself-signedcertificate,thismeansexportingtomcatscertificateusingthe+keytool+utility,convertingittoPEMformatandappendingittotheca-certificates.crtfile(thenameandlocationofthatfilediffersbetweendistributions).Basically:

# export tomcat's cert to openssl formatkeytool -keystore/etc/tomcat7/keystore -exportcert -alias tomcat | \ openssl x509-inform der >tomcat.pem

Enter keystore password: tomcat

# add the pem to the trusted certscp tomcat.pem/etc/ssl/certscat tomcat.pem>>/etc/ssl/certs/ca-certificates

Chapter5

Configuration 27

Ifanyofthoseconstraintsisnotsatisfied,thewebmailinterfaceofSOGowilldisplayanemptyemailaccount.Unfortunately,SOGohasnopossibilitytodetectwhichoneisthecauseoftheproblem.Theonlyindicatorsarelogmessagesthatatleastpinpointthesymptoms:

"failuretoobtainaPGTfromtheC.A.S.service"

SuchanerrorwillshowupduringauthenticationoftheusertoSOGo.Ithappenswhentheauthen-ticationservicehasacceptedtheuserauthenticationticketbuthasnotreturneda"ProxyGrantingTicket".

"aCASfailureoccurredduringoperation."

Thiserrorindicatethatanattemptwasmadetoretrieveanauthenticationticketforathird-partyservicesuchasIMAPorsieve.Mostofthetime,thishappensasaconsequencetotheproblemdescribedabove.Totroubleshoottheseissues,oneshouldbetailingcas.log,pamlogsandsogologs.

Currently,SOGowillaskforaCASticketusingthesameCASservicenameforbothIMAPandSieve.WhenCASifyingsieve,thismeansthatthe-sparameterof`pam_cas`shouldbethesameforbothIMAPandSieve,otherwisetheCASserverwillcomplain:

ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] -ServiceTicket[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service[imap://myimapserverdoes not match supplied service[sieve://mysieveserver:2000]

Finally,whenusing imapproxytospeedupthe imapaccesses,theSOGoIMAPCASServiceNameshouldbesettotheactualimapservicenameexpectedbypam_cas,otherwiseitwillfailtoauthen-ticateincomingconnectionproperly.

AuthenticatingusingSAML2

SOGonativelysupportsSAML2authentication.Pleaserefertothedocumentationofyouridenti-typroviderandtheSAML2configurationkeysthatarelistedaboveforpropersetup.OnceaSO-Goinstanceisconfiguredproperly,themetadataforthatinstancecanberetrievedfromhttp:///SOGo/saml2-metadataforregistrationwiththeidentityprovider.

In order to relay authentication information to your IMAP serverand if youmake use oftheCrudeSAMLSASLplugin,youneedtomakesurethatNGImap4AuthMechanismisconfiguredtousetheSAMLmechanism.IfyoumakeuseoftheCrudeSAMLPAMplugin,thisvaluemaybeleftempty.

DatabaseConfiguration

SOGorequiresa relationaldatabasesystem inorder tostoreappointments,tasksandcontactsinformation.ItalsousesthedatabasesystemtostorepersonalpreferencesofSOGousers.Inthisguide,weassumeyouusePostgreSQLsocommandsprovidedthecreatethedatabasearerelatedtothisapplication.However,otherdatabaseserversaresupported,suchasMySQLandOracle.

Chapter5

Configuration 28

First,makesurethatyourPostgreSQLserverhasTCP/IPconnectionssupportenabled.

Createthedatabaseuserandschemausingthefollowingcommands:

su # postgrescreateuser --no-superuser --no-createdb#-no-createrole \ #-encrypted --pwprompt sogo(specify sogo aspassword)createdb -O sogo sogo

Youshouldthenadjusttheaccessrightstothedatabase.Todoso,modifytheconfigurationfile/var/lib/pgsql/data/pg_hba.confinordertoaddthefollowinglineattheverybeginningofthefile:

host sogo sogo 127.0.0.1/32 md5

Onceadded,restartthePostgreSQLdatabaseservice.Then,modifytheSOGoconfigurationfile(/etc/sogo/sogo.conf)toreflectyourdatabasesettings:

SOGoProfileURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL="postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL="postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";

Thefollowingtabledescribestheparametersthatwereset:

D SOGoProfileURLParameterusedtosetthedatabaseURLsothatSOGocanretrieveuserprofiles.

ForMySQL,setthedatabaseURLtosomethinglike:mysql://sogo:sogo@localhost:3306/so-go/sogo_user_profile.

D OCSFolderInfoURLParameterusedtosetthedatabaseURLsothatSOGocanretrievethelocationofuserfolders(addressbooksandcalendars).

ForOracle,setthedatabaseURLtosomethinglike:oracle://sogo:sogo@localhost:1526/so-go/sogo_folder_info.

D OCSSessionsFolderURLParameterusedtosetthedatabaseURLsothatSOGocanstoreandretrievesecuredusersessionsinformation.ForPostgreSQL,thedata-baseURLcouldbesettosomethinglike:post-gresql://sogo:sogo@localhost:5432/so-go/sogo_sessions_folder.

D OCSEMailAlarmsFolderURLParameterusedtosetthedatabaseURLforemail-basedalarms(thatcanbesetoneventsandtasks).Thisparameterisrel-evantonlyifSOGoEnableEMailAlarmsissettoYES.ForPostgreSQL,thedatabaseURLcouldbesettosomethinglike:post-

Chapter5

Configuration 29

gresql://sogo:sogo@localhost:5432/so-go/sogo_alarms_folder

Seethe"EMailreminders"sectioninthisdocu-mentformoreinformation.

IfyoureusingMySQL,makesureinyourmy.cnffileyouhave:

[mysqld]...character_set_server=utf8character_set_client=utf8

[client]default-character-set=utf8

[mysql]default-character-set=utf8

AuthenticationusingSQL

SOGocanuseaSQL-baseddatabaseserverforauthentication.TheconfigurationisverysimilartoLDAP-basedauthentication.

ThefollowingtabledescribesallthepossibleparametersrelatedtoaSQLsource:

SOGoUserSourcesParameterusedtosettheSQLand/orLDAPsourcesusedforauthenticationandglobalad-dressbooks.Multiplesourcescanbespecifiedasanarrayofdictionaries.Adictionarythatde-finesaSQLsourcecancontainthefollowingvalues:

type Thetypeofthisusersource,settosqlforaSQLsource.

idTheidentificationnameoftheSQLrepository.Thismustbeuniqueevenwhenusingmulti-pledomains.

D

viewURLDatabaseURLoftheviewusedbySOGo.Theviewexpectscolumnstobepresent.Requiredcolumnsare:

c_uid:[emailprotected]

c_name:willbeusedtouniquelyidentifyen-trieswhichcanbeidenticaltoc_uid

c_password:passwordoftheuser,plaintext,crypt,md5orshaencoded

c_cn:theuserscommonname mail:theusersemailaddress

mailto:[emailprotected]

Chapter5

Configuration 30

OthercolumnscanexistandwillactuallybemappedautomaticallyiftheyhavethesamenameaspopularLDAPattributes(suchasgivenName,sn,department,title,telepho-neNumber,etc.).

userPasswordAlgorithmThedefaultalgorithmusedforpassworden-cryptionwhenchangingpasswords.Possiblevaluesare:none,plain,crypt,md5,md5-crypt,smd5,cram-md5,ldap-md5,andsha,sha256,sha512anditsssha(e.g.sshaorssha256)vari-ants.Passwordscanhavetheschemeprepend-edintheform{scheme}encryptedPass.

Ifnoschemeisgiven,userPasswordAlgo-rithmisusedinstead.Theschemeslistedabovefollowthealgorithmsdescribedinhttp://wiki.dovecot.org/Authentication/Pass-wordSchemes.

Notethatcram-md5isnotactuallyusingcram-md5(duetothelackofchallenge-responsemechanism),itsjustsavingtheintermediateMD5contextasDovecotstoresinitsdata-base.

prependPasswordSchemeThedefaultbehaviouristostorenewlysetpasswordswithoutthescheme(default:NO).ThiscanbeoverriddenbysettingtoYESandwillresultinpasswordsstoredas{scheme}encryptedPass.

canAuthenticateIfsettoYES,thisSQLsourceisusedforau-thentication.

isAddressBookIfsettoYES,thisSQLsourceisusedasasharedaddressbook(withread-onlyaccess).NotethatifsettoNO,autocompletionwillnotworkforentriesinthissourceandthus,free-busylookups.

authenticationFilter(optional)Afilterthatlimitswhichuserscanauthenticatefromthissource.

displayName(optional)Ifsetasanaddressbook,thehumanidentifica-tionnameoftheSQLrepository.

LoginFieldNames(optional)Anarrayoffieldsthatspecifiesthecolumnnamesthatcontainvalidauthenticationuser-names(defaultstoc_uidwhenunset).

MailFieldNames(optional)Aanarrayoffieldsthatspecifiesthecolumnnamesthatholdadditionalemailaddresses(be-sidethemailcolumn)foreachuser.

IMAPHostFieldName(optional)ThefieldthatreturnstheIMAPhostnamefortheuser.

IMAPLoginFieldName(optional)ThefieldthatreturnstheIMAPloginnamefortheuser(defaultstoc_uidwhenunset).

http://wiki.dovecot.org/Authentication/PasswordSchemeshttp://wiki.dovecot.org/Authentication/PasswordSchemes

Chapter5

Configuration 31

SieveHostFieldName(optional)ThefieldthatreturnstheSievehostnamefortheuser.

KindFieldName(optional)Ifset,SOGowilltrytodetermineifthevalueofthefieldcorrespondstoeither"group","lo-cation"or"thing".Ifthatsthecase,SOGowillconsiderthereturnedentrytobearesource.

MultipleBookingsFieldName(optional)Thevalueofthisfieldisthemaximumnumberofconcurrenteventstowhicharesourcecanbepartofatanypointintime.

Ifthisissetto0,oriftheattributeismissing,itmeansnolimit.

DomainFieldName(optional)Ifset,SOGowillusethevalueofthatfieldasthedomainassociatedtotheuser.

SeetheMulti-domainsConfigurationsectioninthisdocumentformoreinformation.

HereisanexampleofanSQL-basedauthenticationandaddressbooksource:

SOGoUserSources =( { type = sql; id = directory; viewURL ="postgresql://sogo:[emailprotected]:5432/sogo/sogo_view";canAuthenticate = YES; isAddressBook = YES; userPasswordAlgorithm =md5; });

Certaindatabasecolumnsmustbepresentintheview/table,suchas:

c_uidwillbeusedforauthenticationitstheusernameorusername@domain.tld

c_namewhichcanbeidenticaltoc_uidwillbeusedtouniquelyidentifyentries

c_passwordpasswordoftheuser,plain-text,md5orshaencodedfornow

c_cntheuserscommonnamesuchas"JohnDoe"

mailtheusersmailaddress

NotethatgroupsarecurrentlynotsupportedforSQL-basedauthenticationsources.

SMTPServerConfiguration

SOGomakesuseofaSMTPservertosendemailsfromtheWebinterface,iMIP/iTIPmessagesandvariousnotifications.

mailto:[emailprotected]

Chapter5

Configuration 32

Thefollowingtabledescribestherelatedparameters.

D SOGoMailingMechanismParameterusedtosethowSOGosendsmailmessages.Possiblevaluesare:

sendmailtousethesendmailbinary smtptousetheSMTPprotocol

D SOGoSMTPServerTheDNSnameorIPaddressoftheSMTPserverusedwhenSOGoMailingMechanismissettosmtp.

D SOGoSMTPAuthenticationTypeActivateSMTPauthenticationandspecifieswhichtypeisinuse.Current,onlyPLAINissup-portedandothervalueswillbeignored.

S WOSendMail Thepathofthesendmailbinary.

Defaultsto/usr/lib/sendmail.

D SOGoForceExternalLoginWithEmailParameterusedtospecifyif,whenloggingintotheSMTPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:

YES NO

DefaultstoNOwhenunset.

IMAPServerConfiguration

SOGorequiresanIMAPserverinordertoletusersconsulttheiremailmessages,managetheirfold-ersandmore.

Thefollowingtabledescribestherelatedparameters.

U SOGoDraftsFolderNameParameterusedtosettheIMAPfoldernameusedtostoredraftsmessages.

DefaultstoDraftswhenunset.

Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Drafts.

U SOGoSentFolderNameParameterusedtosettheIMAPfoldernameusedtostoresentmessages.

DefaultstoSentwhenunset.

Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Sent.

U SOGoTrashFolderNameParameterusedtosettheIMAPfoldernameusedtostoredeletedmessages.

Chapter5

Configuration 33

DefaultstoTrashwhenunset.

Usea/asahierarchyseparatorifreferringtoanIMAPsubfolder.Forexample:INBOX/Trash.

D SOGoIMAPCASServiceNameParameterusedtosettheCASservicename(URL)oftheimapservice.ThisisusefulifSO-GoisconnectingtotheIMAPservicethroughaproxy.Whenusingpam_cas,thisparametershouldbesettothesamevalueasthe-sargu-mentoftheimappamservice.

D SOGoIMAPServerParameterusedtosettheDNSnameorIPad-dressoftheIMAPserverusedbySOGo.YoucanalsouseSSLorTLSbyprovidingavalueusinganURL,suchas:

imaps://localhost:993 imaps://localhost:143/?tls=YES

D SOGoSieveServerParameterusedtosettheDNSnameorIPad-dressoftheSieve(managesieve)serverusedbySOGo.YoumustuseanURLsuchas:

sieve://localhost sieve://localhost:2000sieve://localhost:2000/?tls=YES

NotethatTLSissupportedbutSSLisnot.

D SOGoSieveFolderEncodingParameterusedtospecifywhichencodingisusedforIMAPfoldernamesinSievefilters.De-faultsto"UTF-7".Theotherpossiblevalueis"UTF-8".

U SOGoMailShowSubscribedFoldersOnlyParameterusedtospecifyiftheWebinter-faceshouldonlyshowsubscribedIMAPfold-ers.Possiblevaluesare:

YES NO

DefaultstoNOwhenunset.

D SOGoIMAPAclStyleParameterusedtospecifywhichRFCtheIMAPserverimplementswithrespecttoACLs.Possi-blevaluesare:

rfc2086 rfc4314

Defaultstorfc4314whenunset.

D SOGoIMAPAclConformsToIMAPExtParameterusedtospecifyiftheIMAPserverimplementstheInternetMessageAccessPro-tocolExtension.Possiblevaluesare:

YES NO

Chapter5

Configuration 34

DefaultstoNOwhenunset.

D SOGoForceExternalLoginWithEmailParameterusedtospecifyif,whenloggingintotheIMAPserver,theprimaryemailaddressoftheuserwillbeusedinsteadoftheusername.Possiblevaluesare:

YES NO

DefaultstoNOwhenunset.

D SOGoMailSpoolPathParameterusedtosetthepathwheretempo-raryemaildraftsarewritten.Ifyouchangethisvalue,youmustalsomodifythedailycronjobsogo-tmpwatch.

Defaultsto/var/spool/sogo.

S NGImap4ConnectionStringSeparatorParameterusedtosettheIMAPmailboxseparator.SettingthiswillalsohaveanimpactonthemailboxseparatorusedbySievefilters.

Thedefaultseparatoris/.

S NGImap4AuthMechanismTriggertheuseoftheIMAPAUTHENTICATEcommandwiththespecifiedSASLmechanism.Pleasenotethatfeaturemightbelimitedatthistime.

D NGImap4ConnectionGroupIdPrefixPrefixtoprependtonamesinIMAPACLtrans-actions,toindicatethenameisagroupnamenotausername.

RFC4314givesexampleswheregroupnamesareprefixedwith$.Dovecot,forone,followsthisscheme,andwill,forexample,applyper-missionsfor$adminstoallusersingroupad-minsintheabsenceofspecificpermissionsfortheindividualuser.

Thedefaultprefixis$.

WebInterfaceConfiguration

ThefollowingadditionalparametersonlyaffecttheWebinterfacebehaviourofSOGo.

S SOGoPageTitle ParameterusedtodefinetheWebpagetitle.

DefaultstoSOGowhenunset.

U SOGoLoginModuleParameterusedtospecifywhichmoduletoshowafterlogin.Possiblevaluesare:

Chapter5

Configuration 35

Calendar Mail Contacts

DefaultstoCalendarwhenunset.

S SOGoFaviconRelativeURLParameterusedtospecifytherelativeURLofthesitefavion.

Whenunset,defaultstothefilesogo.icoun-derthedefaultwebresourcesdirectory.

S SOGoZipPathParameterusedtospecifythepathofthezipbinaryusedtoarchivemessages.

Defaultsto/usr/bin/zipwhenunset.

D SOGoSoftQuotaRatioParameterusedtochangethequotareturnedbytheIMAPserverbymultiplyingitbythespecifiedratio.Actsasasoftquota.Example:0.8.

USOGoMailUseOutlookStyleReplies(notcur-rentlyeditableinWebinterface)

ParameterusedtosetifemailrepliesshoulduseOutlooksstyle.

DefaultstoNOwhenunset.

USOGoMailListViewColumnsOrder(notcur-rentlyeditableinWebinterface)

ParameterusedtospecifythedefaultorderofthecolumnsfromtheSOGowebmailinterface.Theparameterisanarray,forexample:

SOGoMailListViewColumnsOrder = (Flagged, Attachment, Priority,From, Subject, Unread, Date, Size);

D SOGoVacationEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowofavacationmessage.

RequiresSievescriptsupportontheIMAPhost.

DefaultstoNOwhenunset.

Whenenablingthisparameter,onemustalsoenabletheassociatedcronjobin/etc/cron.d/sogoinordertoactivateautomaticvacationmessageexpiration.

SeetheCronjobVacationmessagesexpirationsectionbelowfordetails.

D SOGoForwardEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowofaforwardingemailaddress.RequiresSievescriptsupportontheIMAPhost.

DefaultstoNOwhenunset.

Chapter5

Configuration 36

D SOGoSieveScriptsEnabledParameterusedtoactivatetheeditionfromthepreferenceswindowsofserver-sidemailfil-ters.RequiresSievescriptsupportontheIMAPhost.

DefaultstoNOwhenunset.

D SOGoMailPollingIntervalsParameterusedtodefinethemailpollinginter-vals(inminutes)availabletotheuser.Thepara-meterisanarraythatcancontainthefollowingnumbers:

1 2 5 10 20 30 60

Defaultstothelistabovewhenunset.

U SOGoMailMessageCheckParameterusedtodefinethemailpollinginter-valatwhichtheIMAPserverisqueriedfornewmessages.Possiblevaluesare:

manually every_minute every_2_minutes every_5_minutesevery_10_minutes every_20_minutes every_30_minutesonce_per_hour

Defaultstomanuallywhenunset.

D SOGoMailAuxiliaryUserAccountsEnabledParameterusedtoactivatetheauxiliaryIMAPaccountsinSOGo.WhensettoYES,userscanaddotherIMAPaccountsthatwillbevisiblefromtheSOGoWebmailinterface.

DefaultstoNOwhenunset.

U SOGoDefaultCalendarParameterusedtospecifywhichcalendarisusedwhencreatinganeventoratask.Possiblevaluesare:

selected personal first

Defaultstoselectedwhenunset.

U SOGoDayStartTime Thehouratwhichthedaystarts(0through12).

Defaultsto8whenunset.

Chapter5

Configuration 37

U SOGoDayEndTime Thehouratwhichthedayends(12through23).

Defaultsto18whenunset.

U SOGoFirstDayOfWeekThedayatwhichtheweekstartsintheweekandmonthviews(0through6).0indicatesSun-day.

Defaultsto0whenunset.

U SOGoFirstWeekOfYearParameterusedtodefinedhowisidentifiedthefirstweekoftheyear.Possiblevaluesare:

January1 First4DayWeek FirstFullWeek

DefaultstoJanuary1whenunset.

U SOGoTimeFormatTheformatusedtodisplaytimeinthetimelineofthedayandweekviews.PleaserefertothedocumentationforthedatecommandorthestrftimeCfunctionforthelistofavailablefor-matsequence.

Defaultsto%H:%M.

U SOGoCalendarCategoriesParameterusedtodefinethecategoriesthatcanbeassociatedtoevents.Thisparameterisanarrayofarbitrarystrings.

Defaultstoalistthatdependsonthelanguage.

U SOGoCalendarDefaultCategoryColorParameterusedtodefinethedefaultcolourofcategories.

Defaultsto#F0F0F0whenunset.

U SOGoCalendarEventsDefaultClassificationParameterusedtodefinedthedefaultclassifi-cationfornewevents.Possiblevaluesare:

PUBLIC CONFIDENTIAL PRIVATE

DefaultstoPUBLICwhenunset.

U SOGoCalendarTasksDefaultClassificationParameterusedtodefinedthedefaultclassifi-cationfornewtasks.Possiblevaluesare:

PUBLIC CONFIDENTIAL PRIVATE

DefaultstoPUBLICwhenunset.

U SOGoCalendarDefaultReminderParameterusedtodefinedadefaultreminderfornewevents.Possiblevaluesare:

Chapter5

Configuration 38

-PT5M -PT10M -PT15M -PT30M -PT45M -PT1H -PT2H -PT5H -PT15H -P1D-P2D -P1W

D SOGoFreeBusyDefaultIntervalThenumberofdaystoincludeinthefreebusyinformation.Theparameterisanarrayoftwonumbers,thefirstbeingthenumberofdayspriortothecurrentdayandthesecondbeingthenumberofdaysfollowingthecurrentday.

Defaultsto(7, 7)whenunset.

U SOGoBusyOffHoursParameterusedtospecifyifoff-hoursshouldbeautomaticallyaddedtothefree-busyinfor-mation.Offhoursincludedweekendsandpe-riodscoveredbetweenSOGoDayEndTimeandSOGoDayStartTime.

DefaultstoNOwhenunset.

U SOGoMailMessageForwardingThemethodthemessageistobeforwarded.Possiblevaluesare:

inline attached

Defaultstoinlinewhenunset.

U SOGoMailCustomFullNameThestringtouseasfullnamewhencomposinganemail,ifSOGoMailCustomFromEnabledissetintheusersdomaindefaults.

Whenunset,thefullnamespecifiedintheusersourcesfortheuserisusedinstead.

U SOGoMailCustomEmailThestringtouseasemailaddresswhencom-posinganemail,ifSOGoMailCustomFrom-Enabledissetintheusersdomaindefaults.Whenunset,theemailspecifiedintheusersourcesfortheuserisusedinstead.

U SOGoMailReplyPlacementThereplyplacementwithrespecttothequotedmessage.Possiblevaluesare:

above below

Defaultstobelow.

Chapter5

Configuration 39

U SOGoMailReplyToTheemailaddresstouseinthereply-tohead-erfieldwhentheusersendsamessage.

Ignoredwhenempty.

U SOGoMailSignaturePlacementTheplacementofthesignaturewithrespecttothequotedmessage.Possiblevaluesare:

above below

Defaultstobelow.

U SOGoMailComposeMessageTypeThemessagecompositionformat.Possibleval-uesare:

text

html

Defaultstotext.

S SOGoEnableEMailAlarmsParameterusedtoenableemail-basedalarmsoneventsandtasks.

DefaultstoNOwhenunset.

Forthisfeaturetoworkcorrectly,onemustalsosettheOCSEMailAlarmsFolderURLpara-meterandenabletheassociatedcronjob.SeetheCronjobEMailreminderssectionfromthisdocumentformoreinformation.

U SOGoContactsCategoriesParameterusedtodefinethecategoriesthatcanbeassociatedtocontacts.Thisparameterisanarrayofarbitrarystrings.

Defaultstoalistthatdependsonthelanguage.

D SOGoUIAdditionalJSFilesParameterusedtodefinealistofaddition-alJavaScriptfilesloadedbySOGoforalldis-playedwebpages.ThisparameterisanarrayofstringscorrespondingofpathstothearbitraryJavaScriptfiles.ThepathsarerelativetotheWebServerResourcesdirectory,whichisusuallyfoundunder/usr/lib/GNUstep/SOGo/.

D SOGoMailCustomFromEnabledParameterusedtoallowornotuserstospecifycustom"From"addressesfromSOGosprefer-encespanel.

DefaultstoNOwhenunset.

D SOGoSubscriptionFolderFormatParameterusedtosetthedefaultformattingofasubscriptionfoldername.Availablevariablesare:

%{FolderName}

%{UserName}

Chapter5

Configuration 40

%{Email}

Defaultsto%{FolderName} (%{UserName} )whenunset.

D SOGoUIxAdditionalPreferencesParameterusedtoenableanextrapreferencestabusingthecontentofthetemplatenamedUIxAdditionalPreferences.wox.Thistem-plateshouldbeputunder~sogo/GNUstep/Li-brary/SOGo/Templates/PreferencesUI/.

DefaultstoNOwhenunset.

SOGoConfigurationSummary

ThecompleteSOGoconfigurationfile+/etc/sogo/sogo.conf+shouldlooklikethis:

Chapter5

Configuration 41

{ SOGoProfileURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";OCSFolderInfoURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";OCSSessionsFolderURL ="postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";SOGoAppointmentSendEMailNotifications = YES;SOGoCalendarDefaultRoles = ( PublicViewer, ConfidentialDAndTViewer); SOGoLanguage = English; SOGoTimeZone = America/Montreal;SOGoMailDomain = acme.com; SOGoIMAPServer = localhost;SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent;SOGoTrashFolderName = Trash; SOGoMailingMechanism = smtp;SOGoSMTPServer = 127.0.0.1; SOGoUserSources = ( { type = ldap;CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public; isAddressBook = YES; port = 389; } );}

Multi-domainsConfiguration

Ifyouwantyourinstallationtoisolatetwogroupsofusers,youmustdefineadistinctauthentica-tionsourceforeachdomain.Followingisthesameconfigurationthatnowincludestwodomains(acme.comandcoyote.com):

Chapter5

Configuration 42

{... domains = { acme = { SOGoMailDomain = acme.com;SOGoDraftsFolderName = Drafts; SOGoUserSources = ( { type = ldap;CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=acme,dc=com"; bindDN ="uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public_acme; isAddressBook = YES; port = 389; } );}; coyote = { SOGoMailDomain = coyote.com; SOGoIMAPServer =imap.coyote.com; SOGoUserSources = ( { type = ldap; CNFieldName =cn; IDFieldName = uid; UIDFieldName = uid; baseDN ="ou=users,dc=coyote,dc=com"; bindDN ="uid=sogo,ou=users,dc=coyote,dc=com"; bindPassword = qwerty;canAuthenticate = YES; displayName = "Shared Addresses"; hostname =localhost; id = public_coyote; isAddressBook = YES; port = 389; }); }; };}

ThefollowingadditionalparametersonlyaffectSOGowhenusingmultipledomains.

S SOGoEnableDomainBasedUIDParameterusedtoactivateuseridentifi-cationbydomain.Userswillbeable(with-outbeingrequired)tologinusingtheform

Chapter5

Configuration 43

username@domain,meaningthatvaluesofUID-FieldNamenolongerhavetobeuniqueamongalldomainsbutonlywithinthesamedomain.Internally,userswillalwaysbeidentifiedbytheconcatenationoftheirusernameanddomain.

Consequently,activatingthisparameteronanexistingsystemimpliesthatuseridentifierswillchangeandtheirpreviouscalendarsandad-dressbookswillnolongerbeaccessibleunlessaconversionisperformed.

DefaultstoNOwhenunset.

S SOGoLoginDomainsParameterusedtodefinewhichdomainsshouldbeselectablefromtheloginpage.Thisparameterisanarrayofkeysfromthedomainsdictionary.

Defaultstoanemptyarray,whichmeansthatnodomainsappearontheloginpage.Ifyoupreferhavingthedomainnameslisted,justusetheseaskeysforthethedomainsdictionary.

S SOGoDomainsVisibilityParameterusedtosetdomainsvisibleamongthemselves.Thisparameterisanarrayofar-rays.

Example:SOGoDomainsVisibility = ((acme,coyote));

Defaultstoanemptyarray,whichmeansdo-mainsareisolatedfromeachother.

ApacheConfiguration

TheSOGoconfigurationforApacheislocatedin/etc/httpd/conf.d/SOGo.conf.

UponSOGoinstallation,adefaultconfigurationfileiscreatedwhichissuitableformostconfigu-rations.

YoumustalsoconfigurethefollowingparametersintheSOGoconfigurationfileforApacheinordertohaveaworkinginstallation:

RequestHeader set "x-webobjects-server-port" "80"RequestHeaderset "x-webobjects-server-name" "yourhostname"RequestHeader set"x-webobjects-server-url" "http://yourhostname"

YoumayconsiderenablingSSLontopofthiscurrentinstallationtosecureaccesstoyourSOGoinstallation.

Seehttp://httpd.apache.org/docs/2.2/ssl/fordetails.

http://httpd.apache.org/docs/2.2/ssl/

Chapter5

Configuration 44

YoumightalsohavetoadjusttheconfigurationifyouhaveSELinuxenabled.

Thedefaultconfigurationwillusemod_proxyandmod_headerstorelayrequeststothesogodparentprocess.Thisissuitableforsmalltomediumdeployments.

StartingServices

OnceSOGoiffullyinstalledandconfigured,starttheservicesusingthefollowingcommand:

service sogod start

YoumayverifyusingthechkconfigcommandthattheSOGoserviceisautomaticallystartedatboottime.RestarttheApacheservicesincemodulesandconfigurationfileswereadded:

service httpd restart

Finally,youshouldalsomakesurethatthememcachedserviceisstartedandthatitisalsoautomat-icallystartedatboottime.

CronjobEMailreminders

SOGoallowsyoutosetemail-basedremindersforeventsandtasks.Toenablethis,youmustenabletheSOGoEnableEMailAlarmspreferenceandsettheOCSEMailAlarmsFolderURLpreferenceaccord-ingly.

Onceyouvecorrectlysetthosetwopreferences,youmustcreateacronjobthatwillrununderthe"sogo"user.Thiscronjobshouldberuneveryminute.

Acommentedoutexampleshouldhavebeeninstalledin/etc/cron.d/sogo,toenableit,simplyuncommentit.

Asareference,thecronjobshoulddedefinedlikethis:

* * * * * /usr/sbin/sogo-ealarms-notify

If your mail server requires use of SMTP AUTH, specify acredential file using -p /path/to/credFile. This file shouldcontain the username and password, separated by acolon(username:password)

Chapter5

Configuration 45

CronjobVacationmessagesexpiration

Whenvacationmessagesareenabled(seetheparameterSOGoVacationEnabled),userscansetanexpirationdatetomessagesauto-reply.Forthisfeaturetowork,youmustrunacronjobunderthe"sogo"user.

Acommentedoutexample shouldhavebeen installedin/etc/cron.d/sogo.Toworkcorrectlythistoolmustloginasanadministrativeuseronthesieveserver.Therequiredcredentialsmustbespecifiedinafilebyusing-p/path/to/credFile.Thisfileshouldcontaintheusernameandpassword,separatedbyacolon(username:password).

Thecronjobshouldlooklikethis:

0 0 * * *sogo /usr/sbin/sogo-tool expire-autoreply -p/etc/sogo/sieve.creds

Chapter6

ManagingUserAccounts 46

ManagingUserAccounts

CreatingtheSOGoAdministrativeAccount

First, create the SOGo administrative account in your LDAPserver. The following LDIF file(sogo.ldif)canbeusedasanexample:

dn: uid=sogo,ou=users,dc=acme,dc=comobjectClass: topobjectClass:inetOrgPersonobjectClass: personobjectClass:organizationalPersonuid: sogocn: SOGo Administratormail:[emailprotected]: AdministratorgivenName: SOGo

LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:

ldapadd -f sogo.ldif -x -w qwerty -Dcn=Manager,dc=acme,dc=com

Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:

ldappasswd -h localhost -x -w qwerty -Dcn=Manager,dc=acme,dc=com uid=sogo,ou=users,dc=acme,dc=com -sqwerty

CreatingaUserAccount

SOGousesLDAPdirectoriestoauthenticateusers.UsethefollowingLDIFfile(jdoe.ldif)asanexampletocreateaSOGouseraccount:

Chapter6

ManagingUserAccounts 47

dn: uid=jdoe,ou=users,dc=acme,dc=comobjectClass: topobjectClass:inetOrgPersonobjectClass: personobjectClass:organizationalPersonuid: jdoecn: John Doemail: [emailprotected]:DoegivenName: John

LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:

ldapadd -f jdoe.ldif -x -w qwerty -Dcn=Manager,dc=acme,dc=com

Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefol-lowingcommand:

ldappasswd -h localhost -x -w qwerty -Dcn=Manager,dc=acme,dc=com uid=jdoe,ou=users,dc=acme,dc=com -sqwerty

Asanalternativetousingcommand-linetools,youcanalsouseLDAPeditorssuchasLumaorApacheDirectoryStudiotomakeyourworkeasier.TheseGUIutilitiescanmakeuseoftemplatestocreateandpre-configuretypicaluseraccountsoranystandardizedLDAPrecord,alongwiththecorrectobjectclasses,fieldsanddefaultvalues.

Chapter7

MicrosoftActiveSync 48

MicrosoftActiveSync

SOGosupportstheMicrosoftActiveSyncprotocol.

ActiveSyncclientscanfullysynchronizecontacts,emails,eventsandtaskswithSOGo.FreebusyandGALlookupsarealsosupported,aswellas"Smartreply"and"Smartforward"operations.

ToenableMicrosoftActiveSyncsupportinSOGo,youmustinstalltherequiredpackages.

yum install sogo-activesync libwbxml

Onceinstalled,simplyuncommentthefollowinglinesfromyourSOGoApacheconfiguration:

ProxyPass /Microsoft-Server-ActiveSync \http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \ retry=60connectiontimeout=5 timeout=360

RestartApacheafterwards.

ThefollowingadditionalparametersonlyaffectSOGowhenusingActiveSync:

S SOGoMaximumPingIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaPingcommand.

Ifnotset,itdefaultsto5seconds.

S SOGoMaximumSyncIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforereplyingtoaSynccommand.

Ifnotset,itdefaultsto30seconds.

S SOGoInternalSyncIntervalParameterusedtosetthemaximumamountoftime,inseconds,SOGowillwaitbeforedo-inganinternalcheckfordatachanges(add,delete,andupdate).ThisparametermustbelowerthanSOGoMaximumSyncInterval.

Ifnotset,itdefaultsto10seconds.

S SOGoMaximumSyncWindowSizeParameterusedtooverwritethemaximumnumberofitemsreturnedduringaSyncopera-tion.

Defaultsto0,whichmeansnooverwriteisper-formed.

Chapter7

MicrosoftActiveSync 49

Settingthisparametertoavaluegreaterthan512willhaveunexpectedbehaviourwithvari-ousActiveSyncclients.

Pleasebeawareofthefollowinglimitations:

Currently,onlythepersonalcalendarandaddressbookaresynchronized.Addingsupportforallfoldersisplanned.

WhencreatinganOutlook2013profile,youmustactuallykillOutlookbeforetheendofthecreationprocess.Seehttp://www.vionblog.com/connect-zimbra-community-with-outlook-2013foraprocedureexample.

Outlook2013doesnotsearchtheGAL.OnepossiblealternativesolutionistoconfigureOutlooktouseaLDAPserver(overSSL)withauthentication.Alternatively,whensupportingmorethanjustthepersonaladdressbook,wellalsobeabletoexposetheLDAP/SQLbasedaddressbooksinSOGooverActiveSync.

Makesureyoudonotuseaself-signedcertificate.Whilethiswillwork,Outlookwillworkinter-mittentlyasitwillraisepopupsforcertificatevalidation,sometimesinbackground,preventingtheusertoseethewarningandthus,preventinganysynchronizationtohappen.

ActiveSyncclientskeepconnectionsopenforawhile.Eachconnectionwillgrabaholdonasogodprocesssoyouwillneedalotofprocessestohandlemanyclients.ThislimitationwilleventuallybeovercomeinSOGo.

Repetitiveeventswithoccurrencesexceptionsarecurrentlynotsupported.

Outlook2013Autodiscoveryiscurrentlynotsupported.

Outlook2013freebusylookupsaresupportedusingtheInternetFree/BusyfeatureofOutlook2013.Pleaseseehttp://support.microsoft.com/kb/291621forconfigurationinstructions.OntheSOGoside,SOGoEnablePublicAccessmustbesettoYESandtheURLtousemustbeofthefol-lowingformat:http:///SOGo/dav/public/%NAME%/freebusy.ifb

InordertousetheSOGoActiveSyncsupportcodeinproductionenvironments,youneedtogetaproperusagelicensefromMicrosoft.Pleasecontactthemdirectlytonegotiatethefeesassociatedtoyouruserbase.

TocontactMicrosoft,pleasevisit:

http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxand send [emailprotected]

Inverseinc.providesthissoftwareforfree,butisnotresponsibleforanythingrelatedtoitsusage.

http://www.vionblog.com/connect-zimbra-community-with-outlook-2013http://support.microsoft.com/kb/291621http://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxhttp://www.microsoft.com/en-us/legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspxmailto:[emailprotected]

Chapter8

UsingSOGo 50

UsingSOGo

SOGoWebInterface

ToaccestheSOGoWebInterface,pointyourWebbrowser,whichisrunningfromthesameserverwhereSOGowasinstalled,tothefollowingURL:http://localhost/SOGo.

Loginusingthe"jdoe"userandthe"qwerty"password.Theunderlyingdatabasetableswillauto-maticallybecreatedbySOGo.

MozillaThunderbirdandLightning

Alternatively,youcanaccessSOGowithaGroupDAVandaCalDAVclient.Atypicalwell-integratedsetupistouseMozillaThunderbirdandMozillaLightningalongwithInversesSOGoConnectorplugintosynchronizeyouraddressbooksandtheInversesSOGoIntegratorplugintoprovideacompleteintegrationofthefeaturesofSOGointoThunderbirdandLightning.RefertothedocumentationofThunderbirdtoconfigureaninitialIMAPaccountpointingtoyourSOGoserverandusingtheusernameandpasswordmentionedabove.

WiththeSOGoIntegratorplugin,yourcalendarsandaddressbookswillbeautomaticallydiscoveredwhenyoulogininThunderbird.Thisplugincanalsopropagatespecificextensionsanddefaultusersettingsamongyoursite.However,beawarethatinordertousetheSOGoIntegratorplugin,youwillneedtorepackageitwithspecificmodifications.Pleaserefertothedocumentationpublishedonline:

http://www.sogo.nu/downloads/documentation.html

IfyouonlyusetheSOGoConnectorplugin,youcanstilleasilyaccessyourdata.

Toaccessyourpersonaladdressbook:

ChooseGo>AddressBook.

ChooseFile>New>RemoteAddressBook.

EnterasignificantnameforyourcalendarintheNamefield.

TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Contacts/person-al/

http://localhost/SOGohttp://www.sogo.nu/downloads/documentation.html

Chapter8

UsingSOGo 51

ClickonOK.

Toaccessyourpersonalcalendar:

ChooseGo>Calendar.

ChooseCalendar>NewCalendar.

SelectOntheNetworkandclickonContinue.

SelectCalDAV.

TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Calendar/person-al/

ClickonContinue.

AppleiCal

AppleiCalcanalsobeusedasaclientapplicationforSOGo.

ToconfigureitsoitworkswithSOGo,createanewaccountandspecify,astheAccountURL,anURLsuchas:

http://localhost/SOGo/dav/jdoe/

NotethatthetrailingslashisimportantforAppleiCal3.

AppleAddressBook

SinceMacOSX10.6(SnowLeopard),AppleAddressBookcanbeconfiguredtouseSOGo.

Inordertomakethiswork,youmustaddanewvirtualhostinyourApacheconfigurationfiletolistenonport8800andhandlerequestscomingfromiOSdevices.

Thevirtualhostshouldbedefinedlike:

http://localhost/SOGo/dav/jdoe/

Chapter8

UsingSOGo 52

RewriteEngine Off ProxyRequests Off SetEnv proxy-nokeepalive 1ProxyPreserveHost On ProxyPassInterpolateEnv On ProxyPass/principals http://127.0.0.1:20000/SOGo/dav/ interpolate ProxyPass/SOGo http://127.0.0.1:20000/SOGo interpolate ProxyPass /http://127.0.0.1:20000/SOGo/dav/ interpolate

Order allow,deny Allow from all RequestHeader set"x-webobjects-server-port" "8800" RequestHeader set"x-webobjects-server-name" "acme.com:8800" RequestHeader set"x-webobjects-server-url" "http://acme.com:8800" RequestHeader set"x-webobjects-server-protocol" "HTTP/1.0" RequestHeader set"x-webobjects-remote-host" "127.0.0.1" AddDefaultCharset UTF-8ErrorLog /var/log/apache2/ab-error.log CustomLog/var/log/apache2/ab-access.log combined

ThisconfigurationisalsorequiredifyouwanttoconfigureaCardDAVaccountonanAppleiOSdevice(version4.0andlater).

MicrosoftActiveSync/MobileDevices

Youcansynchronizecontacts,emails,eventsandtasksfromSOGowithanymobiledevicesthatsupportMicrosoftActiveSync.MicrosoftOutlook2013isalsosupported.

The Microsoft ActiveSync server URL is generally something like:http://localhost/Mi-crosoft-Active-Sync.

Chapter9

Upgrading 53

Upgrading

ThissectiondescribeswhatneedstobedonewhenupgradingtothecurrentversionofSOGofromthepreviousrelease.

2.2.8

Theconfigurationconfigurationparameterswererenamed:

SOGoMailMessageCheckwasreplacedwithSOGoRefreshViewCheckSOGoMailPollingIntervalswasreplacedwithSOGoRefreshViewIntervals

Backwardcompatibilityisinplacefortheoldpreferencesvalues.

2.0.5

Theconfigurationisnowstoredin/etc/sogo/sogo.conf.Performthefollowingcommandsasroottomigrateyourprevioususerdefaults:

install -d -m 750 -o sogo -g sogo /etc/sogosudo -u sogosogo-tool dump-defaults > /etc/sogo/sogo.confchown root:sogo/etc/sogo/sogo.confchmod 640 /etc/sogo/sogo.confsudo -u sogo mv~/GNUstep/Defaults/.GNUstepDefaults \~/GNUstep/Defaults/GNUstepDefaults.old

2.0.4

TheparameterSOGoForceIMAPLoginWithEmailisnowdeprecatedandisreplacedbySOGoForce-ExternalLoginWithEmail(whichextendsthefunctionalitytoSMTPauthentication).Updateyourconfigurationifyouusethisparameter.

Thesogouserisnowasystemuser.Fornewinstalls,thismeansthatsu -sogowontworkany-more.Pleaseusesudo -u sogoinstead.Ifusedinscriptsfromcronjobs,requirettymustbedisabledinsudoers.

1.3.17

Runtheshellscriptsql-update-1.3.16_to_1.3.17.shorsql-update-1.3.16_to_1.3.17-mysql.sh(ifyouuseMySQL).

Thiswillgrowthe"cycleinfo"fieldofcalendartablestoalargersize.

1.3.12

OnceyouhaveupdatedandrestartedSOGo,runtheshellscriptsql-update-1.3.11_to_1.3.12.shorsql-update-1.3.11_to_1.3.12-mysql.sh(ifyouuseMySQL).

Thiswillgrowthe"content"fieldofcalendarandaddressbooktablestoalargersizeandfixtheprimarykeyofthesessiontable.

1.3.9

Chapter9

Upgrading 54

ForRedHat-baseddistributions,version1.23ofGNUstepwillbeinstalled.SincethelocationoftheWebresourceschanges,theApacheconfigurationfile(SOGo.conf)hasbeenadapted.VerifyyourApacheconfigurationifyouhavecustomizedthisfile.

Chapter10

AdditionalInformation 55

AdditionalInformation

Formoreinformation,pleaseconsulttheonlineFAQs(FrequentlyAskedQuestions):

http://www.sogo.nu/english/support/faq.html

Youcanalsoreadthemailingarchivesorpostyourquestionstoit.Fordetails,see:

https://lists.inverse.ca/sogo

http://www.sogo.nu/english/support/faq.htmlhttps://lists.inverse.ca/sogo

Chapter11

CommercialSupportandContactInformation 56

CommercialSupportandContactInformation

Foranyquestionsorcomments,donothesitatetocontactusbywritinganemailto:

[emailprotected]

Inverse(http://inverse.ca)offersprofessionalservicesaroundSOGotohelporganizationsdeploythesolutionandmigratefromtheirlegacysystems.

mailto:[emailprotected]://inverse.ca/