Kolab

From openSUSE

Kolab is a free software groupware solution. From version 2.0 on it allows full seamless support of mixed clients environments (Outlook/KDE/Web).

The following functionality is provided by; emailserver, spam and virus filtering, webinterface. Kolab supports secure protocols as; imaps, https, smtps, https, etc.

The web interface can be used to add, modify and remove users, domains, distributions list, shared folders, among other things. The groupware functionality seem to be working.

The procedure in this article was written and tested with version suse_x86-10.3 Whilst there is no guarantee, it should be applicable to later versions. If you find this to be incorrect, please help to update this article.

PPS - As of 2008-04-28, this procedure as been tested successfully on a x86_64 AMD/Athlon64 Architecture inside a virtualized SuSE 10.3 2.6.22.17-0.1 xen minimalist setup (text only - Thanks Nvidia...) Please, take note of the workaround below regarding initial access to the admin web interface.

Introduction

All these packages have been build and provided by Marcus Hüwe and are available from:

• http://download.opensuse.org/repositories/server:/Kolab/openSUSE_Factory/
• http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.3/
• http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.2/

These packages are based on code from cvs. As such the code is stable, but of course as the rpms are based on cvs bugs may sneak in.

Live CD

A live CD, showing off kolab, and some of it's available clients such KDE's kontact and horde can be downloaded from gwdg.de. The live-cd can be used to easily obtain a sneak preview of the capabilities of the involved applications that make up the kolab groupware server. The live-cd is build with the packages mentioned above.

Installation

The packages can be installed with yast, yum, smart, zypper or with apt.
Kolab on openSUSE-10.2 and later needs the non oss repository, to be able to install the rpm unace. That package is required by amavisd-new.

You also have to add the server:php:applications buildservice project to your packagemanager in order to fulfill all dependencies:

• http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_Factory
• http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_10.3
• http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_10.2

YaST

To make the Kolab-repo known to YaST simply add to the YaST-installation-sources:

zypper

Run

for factory:
zypper addrepo -r http://download.opensuse.org/repositories/server:/Kolab/openSUSE_Factory
for 10.3:
zypper addrepo -r http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.3
for 10.2:
zypper addrepo -r http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.2

to make the server:Kolab known to zypper.

Apt

You need to install an apt-version which supports the rpm-md format (it's available from here: http://repos.opensuse.org/home:/rbos/).
Add the following line to your /etc/apt/sources.list

for factory: repmod http://download.opensuse.org/repositories/server:/Kolab/openSUSE_Factory
for 10.3: repomd http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.3
for 10.2: repmod  http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.2

and run:

apt update
apt install kolab

Smart

A simple

for factory:
smart channel --add http://download.opensuse.org/repositories/server:/Kolab/openSUSE_Factory/server:Kolab.repo 
for 10.3:
smart channel --add http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.3/server:Kolab.repo
for 10.2:
smart channel --add

http://download.opensuse.org/repositories/server:/Kolab/openSUSE_10.2/server:Kolab.repo

and a "smart update server:Kolab" is enough to make the Kolab-repo known to smart.

Service configuration

In short the following steps are required to get kolab running:

• Edit the file /etc/sysconfig/apache2 and add the following apache2 modules to the APACHE_MODULES variable:
  
  • for openSUSE-10.2 and beyond:

"ldap authnz_ldap dav dav_fs rewrite authn_alias"

• Also add the flag "SSL" to the APACHE_SERVER_FLAGS variable in /etc/sysconfig/apache2 file
• Set OPENLDAP_START_LDAPS to "yes" in the file /etc/sysconfig/openldap or use yast2 to configure it. Yast2 -> System -> Editor for /etc/sysconfig files -> Network -> LDAP, find the right variable and set it to "yes".
• Set SASLAUTHD_AUTHMECH to ldap in the file /etc/sysconfig/saslauthd (the default value is "pam")
• Set MAIL_CREATE_CONFIG to no, in the file /etc/sysconfig/mail to prevent SuSEconfig to report md5sum errors
• If freshclam is installed as dependency of kolab, the ownership of the freshclam log file is wrong. The file must be owned by vscan. In case the ownership is not correct (please check), it can be corrected with the following command:

touch /var/log/freshclam.log
chown vscan /var/log/freshclam.log

• For openSUSE-10.2 and later the amavisd log file and the clamav log file must be created with the right user:

touch /var/log/amavisd
chown vscan /var/log/amavisd
touch /var/log/clamav
chown vscan /var/log/clamav

• Make sure that you run freshclam before you start the clamd-daemon, otherwise it'll complain during the next step

freshclam

• Run /usr/share/kolab/scripts/kolab_bootstrap -b. Some errors might be seen during the initial run of kolab_bootstrap. Ignorable errors are:
  • tar: /etc/saslauthd.conf: can not stat
  • mv: can not execute mv on *.pem
  • chown: can not get acces to `/var/lib/ldap/*'
• Now create the aliases.db and the postfix indexed maps:

# build the /etc/aliases.db file
newaliases
# build the canonical map
postmap /etc/postfix/canonical
# build the relocated map
postmap /etc/postfix/relocated

• Run kolabsrv rc all start as stated by kolab_bootstrap -b
• SuSE 10.3 Workaround - A problem may be seen when trying to get the web admin page. The login web page doesn't display (blank page in IE with loading taking forever or; under firefox, a error msg like:"Firefox has detected that the server is redirecting the request for this address in a way that will never complete... (try again)

So you need to correct the include_path clause in the file /etc/php5/apache2/php.ini (around line 520) and adds the correct path to two (2) things:

• • Smarty template engine library (usually in /usr/local/lib/Smarty-v.e.r/libs/ Don't forget the extra 's' AND the trailing slash (check the installation documentation)
  • the file session_vars.php who is located in /etc/kolab.
    • something like ":/etc/kolab/"

• Go to the kolab admin webpage (url is shown by kolab_bootstrap) and create a user.
• Now you should have the domain in the cyrus directory /var/spool/imap/domain and it should be possible to sent an email to that user, with:

echo $(date) | mailx -s test user@domain.tld

• Interesting logfiles can be found in /var/log, being: mail, messages, apache2/error_logs etc
• For more verbose logs increase the loglevel from 2 to 4 in /etc/kolab/kolab.globals

If kolab seems to work, it is now possible to activate all services during system startup:

After this you can enable the involved using yast:

yast -> system -> runlevel editor:
enable the service kolabd.

This will activate many other services as dependencies as well.

Hint

Add an alias to one of your users, that will accept email from root@domain.tld. In case e.g. cron sents an email notification, the email will arrive at the user that has the alias set for the root.

An even nicer solution is, to have the emails sent to a distribution list e.g. cron@domain.tld. In your cron scripts you should have your emails sent to cron@domain.tld in that case.

Groupware testing

• Open a browser and point it to:
  • https://servername/freebusy/user@domain.tld.ifb
  • https://servername/freebusy/user@domain.tld.xfb
  • https://servername/freebusy/trigger/user@domain.tld/FOLDER.pfb (replace FOLDER with your Kalendar folder for instance)
    

All of these urls should show you ical formatted data.

In the urls above user@domain.tld is a user you have created with the kolab web admin interface before.

• Curl could be used for testing the freebusy components as well (it's ten times faster than doing everything with the preferred browser):

curl -u user@domain.tld:password -k -X GET \
https://servername/freebusy/trigger/user@domain.tld/FOLDER.pfb

Use this freebusy test script to test the freebusy functionality.

Package upgrading

• After upgrading kolab packages, it can happen that an ldap error is reported for the freebusy urls mentioned in the Groupware testing section. This can be resolved by running kolabconf -n as root with all kolab related services active. The latter can be checked by running kolabsrv rc all status.

Backups

During kolab_bootstrap many config files are written to disk. Some of these will overwrite your config files. The config files to be created during kolab_bootstrap, can be determined with:

/etc/kolab/templates # sed -n 's/^.*TARGET=//p' *

For example:
/etc/amavisd.conf
/etc/clamd.conf
/etc/cyrus.conf
/etc/freshclam.conf
/etc/imapd.conf
/etc/kolab/kolab_smtpdpolicy.conf
/etc/openldap/ldap.conf
/etc/postfix/ldapdistlist.cf
/etc/postfix/ldaptransport.cf

The original config files are saved (backed up) to /var/adm/backup/kolab/kolab_backup-orig.tar.bz2 during the first execution of kolab_bootstrap.

Please, let us know if things can be improved. This can be done on the talk page of the wiki page, and on the kolab-devel (at) kolab (dot) org emaillist. In case you use the talk page, inform the packagers with an email to the before mentioned emaillist. Include in the email that it concerns kolab on suse.

Client Configuration

The client configuration is described in kolab server 2 and kde client configuration

Troubleshooting

Postfix doesn't start

If Postfix doesn't start correctly have a look into the /var/log/mail file.

/var/log/mail
postfix/postfix-script: starting the Postfix mail system
postfix/master[numbers]: fatal: bind: public/post-cleanup: Operation not permitted

For 10.1: stop rcapparmor (or add "flags=(complain) to the postfix-profiles) as it prevents postfix to run succesfully:

rcapparmor stop

Disable apparmor permanently using yast:

yast2 -> System -> System service (runlevel) -> export mode -> disable boot.apparmor

Or from the command line:

chkconfig -d boot.apparmor (to disable the service)
chkconfig -s boot.apparmor (to enable the service)

ClamAV (clamd) fails to start

If the clamAV demon (clamd) fails to start than upgrade to the most recent clamav version (0.90). Then try to restart the clamAV demon:

# rcclamd restart

If this fails with:

ERROR: Problem with internal logger. Please check the permissions 
on the /var/log/clamav file.

Than change the settings of the clamav log file to:

/var/log # ls -l clamav
-rw-r----- 1 vscan root 62441 mrt  6 20:18 clamav

Horde

Horde is a framework to provide web interfaces to all kind of services, like; email, email filtering, agenda, etc. Horde is database driven, but horde does not care which database is being used.

Ldap configuration for horde

Uncomment the following line in /etc/kolab/templates/slapd.conf.template file (just below the other lines with the include statement):

#include /etc/openldap/schema/horde.schema

(remove the '#' character)

Process the slapd.conf template and make it known to openldap:

kolabconf -n

Restart ldap:

rcldap restart

Configuring horde

The following is taken from the kolab wiki about horde. Refer to that page for more information.

Note 1: before you start to configure kolab, make sure that you have a kolab user that can be used by horde as administrator account! See item 4 in the list below.

Note 2: finish all mentioned configurations listed below before you hit the generate horde configuration button!

1. Go the url http://system.domain.tld/horde/, open Administration and select Setup from the menu
2. Click on horde in the main frame, this will result in a configuration page with many tabs
3. In the Database tab, select None (default value) as the database backend.
4. In the Authentication tab, select Kolab authentication as the authentication backend. You will also need to specify a Kolab account in the administrators field. It is recommended that you create a Kolab account such as horde-admin@yourdomain.tld for this purpose. (In kolab: make the horde-admin@yourdomain.tld user an internal user, so it is not visible in kolab's addressbook).
5. As this horde configuration isn't really stable at the moment it is recommended to enable logging. Please go to the Logging tab to enable it. The default logfile should be /var/log/horde/horde.log.
6. In the Preference System tab, select Kolab (LDAP) as the preferences driver.
7. In the Alarm System tab, select None as the alarm storage driver.
8. In the DataTree System tab, select None (default value) as the DataTree backend storage.
9. In the Shares tab, select Kolab as the backend. Here you can also enable Share Caching option box.
10. In the Mailer tab, select Use an SMTP server as the method for sending mail. The default settings should be ok at the moment.
11. In the Virtual File Storage tab select none as VFS driver.
12. In the Portal Block Configuration tab select kolab as account information driver.
13. Finally, in the Kolab Server tab, change the Horde/Kolab integration status field to enabled and set each field in the resulting screen to the values pertaining to your specific kolab installation. The most important of these correspond to those in your /etc/kolab/kolab.conf file (The value for phppw can just be copy and pasted from kolab.conf (php_pw:)). The smtp part can be skipped as it looks like, it is not used in the horde.

• Only now you may hit the generate horde configuration button.

As a horde user set the theme to kolab: from the menu select Options => Global Options => Display Options => Select your color scheme kolab.

Troubleshooting

If horde complains about a wrong cookie domain just open the /srv/www/htdocs/horde/config/conf.php file and search for $conf['cookie']['domain'] and set it to "".

In case of errors restore the previous configuration file:

# cd /srv/www/htdocs/horde/config/
# cp conf.php.bak conf.php

In case of the following error (or similar):

[DBError: extension not found]
** Array [on line 1616 of "/usr/share/horde3/lib/Horde/DataTree/sql.php"

A root cause for that error is not known, but here are some tips that may help:
Perhaps the session needs to time out, there for leave the configuration file untouched for sometime. Stop your browser, be sure there is no other instance of the browser running at all. Even better use a different browser or if possible use the same or a different browser on a different system....

Login url

The url to login directly is:

http://<domain>/horde/scripts/get_login.php?user=<user>@<domain.tld>&pass=<your_password>&new_lang=en_US

As you can see from the url, the password is visible in this case and as such using this url should be considered a security risk.

Ingo

Ingo is a web interface to configure server based (sieve) email filters.

Install the following package: ingo.

Install the ingo configuration file:

cd /srv/www/htdocs/horde/ingo/config
# backup the backends.php file
mv backends.php backends.php.old
cp -p backends.php.kolab backends.php

Now log into the horde-administration interface and choose ingo from the from the applications-list. The default settings are sufficient. Hit the Generate filters configuration button to finish the configuration.

IMP

IMP is the Internet Messaging Program (webmail client).

Install the following package: IMP.

Install the imp configuration file:

cd /srv/www/htdocs/horde/imp/config
# backup the servers.php file
mv servers.php servers.php.old
cp -p servers.php.kolab servers.php

Now log into the horde-administration interface and choose imp from the from the applications-list. The default settings are sufficient. Hit the "Generate Mail configuration" button to finish the configration.

Mimp

Mimp is a project to create a version of IMP suitable for mobile devices such as WAP phones or PDAs.

Install the following package: mimp.

Install the imp configuration file:

cd /srv/www/htdocs/horde/mimp/config
# backup the servers.php file
mv servers.php servers.php.old
cp -p servers.php.kolab servers.php

Now log into the horde-administration interface and choose mimp from the from the applications-list. The default settings are sufficient. Hit the Generate Mobile Mail Configuration button to finish the configration.

After this the mobile email webpages can be accessed at:

http://domain.tld/horde/mimp/

Kronolith

Kronolith is the Horde calendar/organizer application.

Install the following package: kronolith

For configuring kronolith just login as an administrator and choose kronolith from the applications-list.

• What storage driver should we use? <Select Kolab here>
• What free/busy driver should we use? <Select here Kolab as well>
• Server name from which reminder emails should be sent: <Enter your server name, mostly localhost is sufficient>
• Email address from which reminder emails should be sent: <Just enter a valid email address>

Now hit the Generate Calender Configuration button. That's all.

Turba

Turba is the Horde contact management application.

Install the following package: turba.

Install the turba configuration file:

cd /srv/www/htdocs/horde/turba/config
# backup the sources.php file
mv sources.php sources.php.old
cp -p sources.php.kolab sources.php

Now log into the horde-administration interface and choose turba from the from the applications-list. The default settings are sufficient. Hit the Generate Address Book Configuration button to finish the configration.

Nag

Nag is the Horde task list application.

Install the following package: Nag.

For configuring mnemo just login as a administrator and choose mnemo from the applications-list.

* What storage driver should we use? <Select Kolab from the list>

Hit the Generate Tasks Configuration to finish the configuration.

Mnemo

Mnemo is the Horde notes and memos application.

Install the following package: Mnemo.

For configuring mnemo just login as a administrator and choose mnemo from the applications-list.

* What storage driver should we use? <Select Kolab from the list>

Hit the Generate Notes Configuration to finish the configuration.

Things to do

• Make sure that the free/busy is always working. It seems a bit unstable at the moment.

Let us know if something in this area can be improved.

Some facts

Normally kolab is installed using packages build with openpkg. The user needs to download just under 200MB of source rpms. These have to be build requiring about 850MB of disk space and quite some time on a not so modern system. On suse one now only needs to download 12 MB of binary rpms, which are installed in just a second even on this not so modern system! Of those 12 MB, 10 MB is needed for 2 patched rpms that are normally provided by suse. These 2 rpms are cyrus-imapd and postfix that count for respectively 8.5 MB and 1.5 MB. The patches have been sent upstream but the respective projects are slow to include them. Imagine if those patches would be part of the projects and as such just be part of suse. Only 12 MB (2 in the future?) is needed for kolab on suse, while using openpkg just under 200MB has to be downloaded!

See Also

• Kolab article in the Ubuntu wiki