Kolab

From openSUSE

Kolab is a free software groupware solution. From version 2.0 on it allows full seamless support of mixed clients environments (Outlook/KDE/Web).

The following functionality is provided by; emailserver, spam and virus filtering, webinterface. Kolab supports secure protocols as; imaps, https, smtps, https, etc.

The web interface can be used to add, modify and remove users, domains, distributions list, shared folders, among other things. The groupware functionality seem to be working.

Warning Work is on going to make kolab available again for recent openSUSE releases (10.3 and later). At the moment all packages are available for installing kolab on openSUSE. The web interface seems to work, other functionality is still to be tested. You are very much encouraged to help testing the kolab functionality! Any changes that are needed can be emailed (for the email address see the changelog in the kolab package: rpm -q --changelog kolab).

Contents 1 Introduction 1.1 Live CD 2 Installation 2.1 Repositories 2.2 Service configuration 2.3 Bootstrap Kolab 2.3.1 Hint 2.4 Groupware testing 2.5 Package upgrading 2.6 Backups 2.7 Client Configuration 2.8 Personal Information synchronization 3 Troubleshooting 3.1 Postfix doesn't start 3.2 ClamAV (clamd) fails to start 3.3 php segfault 4 Webclient 5 Some facts 6 See Also

Introduction

All packages are available via openSUSE's build service, they are retrieved from several repositories, such as php:applications and a kolab specific repository. The packages in the UNSTABLE repository are based on code from kolab cvs. Hopefully, this page helps you to get kolab installed natively on openSUSE.

In case you're an openSUSE community member you can vote to have openSUSE support Kolab. Make sure to vote, if you like kolab on openSUSE!

Live CD

This is probably outdated

A live CD, showing off kolab, and some of it's available clients such KDE's kontact and horde can be downloaded from gwdg.de. The live-cd can be used to easily obtain a sneak preview of the capabilities of the involved applications that make up the kolab groupware server. The live-cd is build with the packages mentioned above.

Installation

The packages can be installed with yast, yum, smart, zypper or with apt.
Kolab on openSUSE-10.3 and later needs the non oss repository, to be able to install the rpm unace. That package is required by amavisd-new.

You also have to add the server:php:applications and server:Kolab:UNSTABLE buildservice projects to your packagemanager in order to fulfill all dependencies. Kolab can be installed with, YaST, Zypper, Smart and apt. Which one to use is up to reader.

Repositories

Make the following repositories known to your software package installer:

Version: Factory

http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_Factory http://download.opensuse.org/repositories/server:/Kolab:/UNSTABLE/openSUSE_Snapshot

Version: 11.2

http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.2 http://download.opensuse.org/repositories/server:/Kolab:/UNSTABLE/openSUSE_11.2

Version: 11.1

http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.1 http://download.opensuse.org/repositories/server:/Kolab:/UNSTABLE/openSUSE_11.1

Version: 11.0

http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.0 http://download.opensuse.org/repositories/server:/Kolab:/UNSTABLE/openSUSE_11.0

Once the repositories have been configured, kolab and all it's dependent packages can be installed:

zypper|smart|apt install kolab

Don't be surprised if this command pulls in 50 - 100 packages, among them are at least 30 php5-pear packages!

Service configuration

The changes that are needed for kolab to the sysconfig files can be performed by running the script:

/usr/share/kolab/scripts/kolab_opensuse_bootstrap

The script will make the following changes to get kolab running:

The instructions given below are not needed to be executed manually, as that is done by the script mentioned above!

Edit the file /etc/sysconfig/apache2 and add the following apache2 modules to the APACHE_MODULES variable:

ldap authnz_ldap dav dav_fs rewrite authn_alias php5

• Also add the flag SSL to the APACHE_SERVER_FLAGS variable in /etc/sysconfig/apache2 file
• Set OPENLDAP_START_LDAPS to yes in the file /etc/sysconfig/openldap or use yast2 to configure it. Yast2 -> System -> Editor for /etc/sysconfig files -> Network -> LDAP, find the right variable and set it to yes.
• Set SASLAUTHD_AUTHMECH to ldap in the file /etc/sysconfig/saslauthd (the default value is "pam")
• Set MAIL_CREATE_CONFIG to no, in the file /etc/sysconfig/mail to prevent SuSEconfig to report md5sum errors

If freshclam is installed as dependency of kolab, the ownership of the freshclam log file is wrong. The file must be owned by vscan. In case the ownership is not correct (please check), it can be corrected with the following command:

touch /var/log/freshclam.log
chown vscan /var/log/freshclam.log

The amavisd log file and the clamav log file must be created with the right user:

touch /var/log/amavisd
chown vscan /var/log/amavisd
touch /var/log/clamav
chown vscan /var/log/clamav

Make sure that you run freshclam before you start the clamd-daemon, otherwise it'll complain during the next step

freshclam

Bootstrap Kolab

Bootstrap kolab, some errors might be seen during the initial run of kolab_bootstrap. Ignorable errors are:

• tar: /etc/saslauthd.conf: can not stat
• mv: can not execute mv on *.pem
• chown: can not get acces to /var/lib/ldap/*

kolab_bootstrap -b

Create the aliases.db and the postfix indexed maps:

# build the /etc/aliases.db file
newaliases
# build the canonical map
postmap /etc/postfix/canonical
# build the relocated map
postmap /etc/postfix/relocated

It is now possible to start kolab:

rckolab start

Go to the kolab admin webpage (url is shown by kolab_bootstrap) and create a user.

• Now you should have the domain in the cyrus directory /var/spool/imap/domain

Note: When no users appear in the directory mentioned above, check the file /var/log/messages for errors from cyrus.

If it does not work (see note), check /var/log/messages if you see a line with:

DBERROR db4: /var/lib/imap/mailboxes.db: unexpected file type or format

Stop cyrus:

rccyrus stop

Remove all the files in /var/lib/imap (only the files, not the directories!)

rm $(find /var/lib/imap/ -type f)

Start cyrus

rccyrus start

Now magically all the created users should appear in /var/spool/imap/domain....

• It should be possible to sent an email to that user, with:

echo $(date) | mailx -s test user@domain.tld

Note: here Clam Antivirus-clamd av-scanner might fail with the error message: Can't connect to UNIX socket /var/lib/clamav/clamd-socket (see /var/log/messages). If this happens stop clamav (rcclamd stop), remove the socket (rm /var/lib/clamav/clamd-socket), restart clamav (rcclamd start). Wait a bit and after some time the socket should appear and clamav will be working fine.

• Interesting logfiles can be found in /var/log, being: mail, messages, apache2/error_logs etc
• For more verbose logs increase the loglevel from 2 to 4 in /etc/kolab/kolab.globals

If kolab seems to work, it is now possible to activate all services during system startup:

After this you can enable the involved using yast:

yast -> system -> runlevel editor:
enable the service kolabd.

This will activate many other services as dependencies as well, like: ldap, saslauthd, cyrus, apache2. But the services: spamd, freshclam, clamd and amavis are not activated automatically as in some cases kolab does not need them (when spam and virus scanning are not required). In case you want those services activated you have to do this manually, either with yast or with chkconfig (e.g.):

chkconfig --set amavis

Hint

Add an alias to one of your users, that will accept email from root@domain.tld. In case e.g. cron sents an email notification, the email will arrive at the user that has the alias set for the root.

An even nicer solution is, to have the emails sent to a distribution list e.g. cron@domain.tld. In your cron scripts you should have your emails sent to cron@domain.tld in that case.

Groupware testing

• Open a browser and point it to:
  • https://servername/freebusy/user@domain.tld.ifb
  • https://servername/freebusy/user@domain.tld.xfb
  • https://servername/freebusy/trigger/user@domain.tld/FOLDER.pfb (replace FOLDER with your Kalendar folder for instance)
    

All of these urls should show you ical formatted data.

In the urls above user@domain.tld is a user you have created with the kolab web admin interface before.

• Curl could be used for testing the freebusy components as well (it's ten times faster than doing everything with the preferred browser):

curl -u user@domain.tld:password -k -X GET \
https://servername/freebusy/trigger/user@domain.tld/FOLDER.pfb

Use this freebusy test script to test the freebusy functionality.

At the end this should result in the following picture:

Package upgrading

• After upgrading kolab packages, it can happen that an ldap error is reported for the freebusy urls mentioned in the Groupware testing section. This can be resolved by running kolabconf -n as root with all kolab related services active. The latter can be checked by running kolabsrv rc all status.

Backups

During kolab_bootstrap many config files are written to disk. Some of these will overwrite your config files. The config files to be created during kolab_bootstrap, can be determined with:

/etc/kolab/templates # sed -n 's/^.*TARGET=//p' *

For example:
/etc/amavisd.conf
/etc/clamd.conf
/etc/cyrus.conf
/etc/freshclam.conf
/etc/imapd.conf
/etc/kolab/kolab_smtpdpolicy.conf
/etc/openldap/ldap.conf
/etc/postfix/ldapdistlist.cf
/etc/postfix/ldaptransport.cf

The original config files are saved (backed up) to /var/adm/backup/kolab/kolab_backup-orig.tar.bz2 during the first execution of kolab_bootstrap.

Please, let us know if things can be improved. This can be done on the talk page of the wiki page, and on the kolab-devel (at) kolab (dot) org emaillist. In case you use the talk page, inform the packagers with an email to the before mentioned emaillist. Include in the email that it concerns kolab on suse.

Client Configuration

The client configuration is described in kolab server 2 and kde client configuration

Personal Information synchronization

this is untested

If you want to synchronize e.g. your mobile phone with your information stored in the kolab server you can do this by installing the kolab-z-push package (zyp in kolab-z-push). This package seems to make this possible... Additional configuration must be performed, which is described in the kolab wiki.

Troubleshooting

Postfix doesn't start

If Postfix doesn't start correctly have a look into the /var/log/mail file.

/var/log/mail
postfix/postfix-script: starting the Postfix mail system
postfix/master[numbers]: fatal: bind: public/post-cleanup: Operation not permitted

For 10.1: stop rcapparmor (or add "flags=(complain) to the postfix-profiles) as it prevents postfix to run succesfully:

rcapparmor stop

Disable apparmor permanently using yast:

yast2 -> System -> System service (runlevel) -> export mode -> disable boot.apparmor

Or from the command line:

chkconfig -d boot.apparmor (to disable the service)
chkconfig -s boot.apparmor (to enable the service)

ClamAV (clamd) fails to start

If the clamAV demon (clamd) fails to start than upgrade to the most recent clamav version (0.90). Then try to restart the clamAV demon:

# rcclamd restart

If this fails with:

ERROR: Problem with internal logger. Please check the permissions 
on the /var/log/clamav file.

Than change the settings of the clamav log file to:

/var/log # ls -l clamav
-rw-r----- 1 vscan root 62441 mrt  6 20:18 clamav

php segfault

In a very special case, a php segfault might be seen in /var/log/messages. The details are described in kolab issue 3629. If anybody can help to debug this, that would be great.

Webclient

Kolab has it's own modified Horde for webclient to use it install package kolab-webclient

zypper|smart|apt install kolab-webclient

After installing webclient you must run kolabconf and add following lines to /etc/crontab file if you want notifications to work

# crontab -u wwwrun -e

and add the following:

#horde alarms
*/5 * * * *     /usr/bin/php5  /srv/www/htdocs/client/scripts/alarms.php
#kronolith reminders
0 2 * * *       /usr/bin/php5  /srv/www/htdocs/client/kronolith/scripts/reminders.php

then you can access it from http://servername/client . Note that servername should be the same as given while running kolab_bootstrap.

Some facts

Normally kolab is installed using packages build with openpkg. The user needs to download just under 200MB of source rpms. These have to be build requiring about 850MB of disk space and quite some time on a not so modern system. On openSUSE one now only needs to download 12 MB of binary rpms, which are installed in just a second even on this not so modern system! Of those 12 MB, about 10 MB is needed for a patched rpm that is normally provided by suse. This rpm is cyrus-imapd that count for roughly 8.5 MB. The patches have been sent upstream but the respective projects are slow to include them. Imagine if those patches would be part of the projects and as such just be part of suse. Only 12 MB (2 in the future?) is needed for kolab on openSUSE, while using openpkg just under 200MB has to be downloaded!

See Also

• Kolab article in the Ubuntu wiki