Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
forversion2.2.9
InstallationandConfigurationGuide
Version2.2.9-September2014
Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version
1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-Cover
Texts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense".
ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http://
scripts.sil.org/OFL
CopyrightukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato".
CopyrightRaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".
TableofContents
About this Guide .............................................................................................................. 1
Introduction ..................................................................................................................... 2
ArchitectureandCompatibility................................................................................... 3
System Requirements ........................................................................................................ 5
Assumptions ............................................................................................................. 5
MinimumHardwareRequirements.............................................................................. 5
OperatingSystemRequirements................................................................................ 6
Installation ....................................................................................................................... 8
Software Downloads ................................................................................................. 8
Software Installation ................................................................................................. 8
Configuration ................................................................................................................. 10
GNUstepEnvironmentOverview............................................................................. 10
Preferences Hierarchy ............................................................................................. 10
General Preferences ................................................................................................ 11
AuthenticationusingLDAP...................................................................................... 18
LDAPAttributesIndexing........................................................................................ 24
LDAPAttributesMapping........................................................................................ 24
AuthenticatingusingC.A.S....................................................................................... 26
AuthenticatingusingSAML2.................................................................................... 27
DatabaseConfiguration........................................................................................... 27
AuthenticationusingSQL........................................................................................ 29
SMTPServerConfiguration..................................................................................... 31
IMAPServerConfiguration...................................................................................... 32
WebInterfaceConfiguration.................................................................................... 34
SOGoConfigurationSummary................................................................................. 40
Multi-domainsConfiguration.................................................................................... 41
Apache Configuration .............................................................................................. 43
Starting Services ..................................................................................................... 44
CronjobEMailreminders...................................................................................... 44
CronjobVacationmessagesexpiration................................................................... 45
ManagingUserAccounts................................................................................................. 46
CreatingtheSOGoAdministrativeAccount............................................................... 46
CreatingaUserAccount......................................................................................... 46
Microsoft ActiveSync ...................................................................................................... 48
Using SOGo ................................................................................................................... 50
SOGo Web Interface .............................................................................................. 50
MozillaThunderbirdandLightning............................................................................50
Apple iCal .............................................................................................................. 51
Apple AddressBook ................................................................................................. 51
MicrosoftActiveSync/MobileDevices..................................................................... 52
Upgrading ...................................................................................................................... 53
Additional Information ..................................................................................................... 55
CommercialSupportandContactInformation................................................................... 56
iii
Chapter1
AboutthisGuide
ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution.Italso
coverstheinstallationandconfigurationofSOGoActiveSyncsupportthesolutionusedtosynchronizemobiledeviceswithSOGo.
Theinstructionsarebasedonversion2.2.9ofSOGo.
Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html.
AboutthisGuide
Chapter2
Introduction
SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,and
emailsthroughyourfavouriteWebbrowserandbyusinganativeclientsuchasMozillaThunderbird
andLightning.
SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreuses
existingIMAP,SMTPanddatabaseservers-makingthesolutioneasytodeployandinteroperable
withmanyapplications.
SOGofeatures:
Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers
Rich Web-based interface that shares the look and feel, the features and the data of Mozilla
ThunderbirdandLightning
ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorand
theSOGoIntegrator
NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013
Two-way synchronization support with any Microsoft ActiveSync-capable device, or Outlook
2013
SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope.
Moreinformationcanbefoundathttp://www.sogo.nu/
Introduction
Chapter2
ArchitectureandCompatibility
Introduction
Chapter2
StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocommunicatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoft
ActiveSyncprotocolarealsosupported.
ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGo
NativeMicrosoftOutlookConfigurationGuide.
Introduction
Chapter3
SystemRequirements
Assumptions
SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing:
Databaseserver(MySQL,PostgreSQLorOracle)
LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers)
SMTPserver(Postfix,Sendmailandothers)
IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers)
Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhost
or127.0.0.1)thatSOGowillbeinstalledon.
GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo.
Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentation
andproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwith
thisguide.
Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversion
numbers:
Databaseserver
PostgreSQL7.4orlater
LDAPserver
OpenLDAP2.3.xorlater
SMTPserver
Postfix2.x
IMAPserver
CyrusIMAPServer2.3.xorlater
Morerecentversionsofthesoftwarementionedabovecanalsobeused.
MinimumHardwareRequirements
Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobiledevices:
Server
Evaluationandtesting
Intel,AMD,orPowerPCCPU1GHz
SystemRequirements
Chapter3
512MBofRAM
1GBofdiskspace
Production
Intel,AMDorPowerPCCPU3GHz
2048MBofRAM
10GBofdiskspace(excludingthemailstore)
Desktop
General
Intel,AMD,orPowerPCCPU1.5GHz
1024x768monitorresolution
512MBofRAM
128Kbpsorhighernetworkconnection
MicrosoftWindows
MicrosoftWindowsXPSP2orVista
AppleMacOSX
AppleMacOSX10.2orlater
Linux
YourfavouriteGNU/Linuxdistribution
MobileDevice
AnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftActiveSync.
OperatingSystemRequirements
Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo:
RedHatEnterpriseLinux(RHEL)Server5and6
CommunityENTerpriseOperatingSystem(CentOS)5and6
DebianGNU/Linux5.0(Lenny)to7.0(Wheezy)
Ubuntu10.04(Lucid)to14.04(Trusty)
Makesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunning
before proceeding with the SOGo configuration. Also make sure that you can install additional
packagesfromyourstandarddistribution.Forexample,ifyouareusingRedHatEnterpriseLinux
5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftware
installation.
ThisdocumentcoverstheinstallationofSOGounderRHEL6.
ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteat
http://www.sogo.nu/. Under the downloads section, you will find links for installation steps for
DebianandUbuntu.
SystemRequirements
Chapter3
NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefollowedinordertofullyconfigureSOGo.
SystemRequirements
Chapter4
Installation
ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.The
stepsdescribedhereapplytoanRPM-basedinstallationforaRedHatorCentOSdistribution.
SoftwareDownloads
SOGo can be installed using the+yum+utility. To do so, first create the /etc/yum.repos.d/
inverse.repoconfigurationfilewiththefollowingcontent:
[SOGo]
name=Inverse SOGo Repository
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
gpgcheck=0
SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge
(previouslyknownasRPMforge).ToaddRepoForgetoyourpackagessources,downloadandinstall
theappropriateRPMpackagefromhttp://packages.sw.be/rpmforge-release/.Alsomakesureyou
enabledthe"rpmforge-extras"repository.
FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/.
SoftwareInstallation
Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsdependencies.Todoso,proceedwiththefollowingcommand:
yum install sogo
ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached.
Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitable
foryourenvironment.Youneedtoinstallsope49-gdl1-postgresqlforthePostgreSQLdatabase
system,sope49-gdl1-mysqlforMySQLorsope49-gdl1-oracleforOracle.Theinstallationcommandwillthuslooklikethis:
yum install sope49-gdl1-postgresql
Installation
Chapter4
Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit.
Installation
Chapter5
Configuration
Inthissection,youlllearnhowtoconfigureSOGotouseyourexistingLDAP,SMTPanddatabase
servers.Aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveron
whichSOGoisbeinginstalled.Ifthisisnotthecase,pleaseadjusttheconfigurationparameters
toreflectthosechanges.
GNUstepEnvironmentOverview
SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationofthe
OpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktop
applications.Amongthosefacilities,thereisaconfigurationAPIsimilartothe"Registry"paradigm
inMicrosoftWindows.InOpenSTEP,GNUstepandMacOSX,thesearecalledthe"userdefaults".
In SOGo, the users applications settings are stored in /etc/sogo/sogo.conf. You can use your
favouritetexteditortomodifythefile.
Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes:
arrays, dictionaries (or hashes), strings and numbers. Numbers are represented as-is, except for
booleanswhichcantaketheunquotedvaluesYESandNO.Stringsarenotmandatorilyquoted,but
doingsowillavoidyoumanyproblems.Adictionaryisasequenceofkeyandvaluepairsseparated
intheirmiddlewitha=sign.Itstartswitha\{andendswithacorresponding}.Eachvaluedefinition
inadictionaryendswithasemicolon.Anarrayisachainofvaluesstartingwith(andendingwith
),wherethevaluesareseparatedwitha,.Also,thefilegenerallyfollowsaC-styleindentationfor
claritybutthisindentationisnotrequired,onlyrecommended.Blockcommentsaredelimitedby/
*and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//.
PreferencesHierarchy
SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofusers
withinoneinstallationofSOGo.Auserassociatedtoadomainislimitedtoaccessonlytheusers
datafromthesamedomain.Consequently,theconfigurationparametersofSOGoaredefinedon
threelevels:
Configuration
10
Chapter5
Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethedefaultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldomainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf,
whiletheuserspreferencesareconfigurablebytheuserandstoredinSOGosdatabase.
Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviations
inthetablesofthisdocument:
S Parameterexclusivetothesystemandnotconfigurableperdomain
D Parameterexclusivetoadomainandnotconfigurableperuser
U Parameterconfigurablebytheuser
Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedata
parentlevel.
GeneralPreferences
Thefollowingtabledescribesthegeneralparametersthatcanbeset:
S WOWorkersCount
TheamountofinstancesofSOGothatwillbe
spawnedtohandlemultiplerequestssimultaneously.Whenstartedfromtheinitscript,that
amountisoverridenbythePREFORKvaluein/
etc/sysconfig/sogoor/etc/default/sogo.
Avalueof3isareasonabledefaultforlowusage.ThemaximumvaluedependsontheCPU
Configuration
11
Chapter5
andIOpowerprovidedbyyourmachine:avaluesettoohighwillactuallydecreaseperformancesunderhighload.
Defaultsto1whenunset.
S WOListenQueueSize
Thisparametercontrolsthebacklogsizeofthe
socketlistenqueue.Forlarge-scaledeployments,thisvaluemustbeadjustedincaseall
workersarebusyandtheparentprocessesreceiveslotsofincomingconnections.
Defaultsto5whenunset.
S WOPort
TheTCPlisteningaddressandportusedbythe
SOGodaemon.Theformatisipaddress:port.
Defaultsto127.0.0.1:20000whenunset.
S WOLogFile
Thefilepathwheretologmessages.Specifytologtotheconsole.
Defaultsto/var/log/sogo/sogo.log.
S WOPidFile
Thefilepathwheretheparentprocessidwill
bewritten.
Defaultsto/var/run/sogo/sogo.pid.
S WOWatchDogRequestTimeout
Thisparameterspecifiesthenumberofminutes
afterwhichabusychildprocesswillbekilled
bytheparentprocess.
Defaultsto10(minutes).
Donotsetthistoolowaschildprocessesreplyingtoclientsonaslowinternetconnection
couldbekilledprematurely.
S SxVMemLimit
Parameterusedtosetthemaximumamount
ofmemory(inmegabytes)thatachildcanuse.
Reachingthatvaluewillforcechildrenprocessestorestart,inordertopreservesystemmemory.
Defaultsto384.
S SOGoMemcachedHost
Parameterusedtosetthehostnameandoptionallytheportofthememcachedserver.
Apathcanalsobeusediftheservermustbe
reachedviaaUnixsocket.
Defaultstolocalhost.
Seememcached_servers_parse(3)fordetails
onthesyntax.
S SOGoCacheCleanupInterval
Parameterusedtosettheexpiration(inseconds)ofeachobjectinthecache.
Configuration
12
Chapter5
Defaultsto300.
S SOGoAuthenticationType
Parameterusedtodefinethewaybywhich
userswillbeauthenticated.ForC.A.S.,specifycas.ForSAML2,specifysaml2.Foranything
else,leavethatvalueempty.
S SOGoTrustProxyAuthentication
ParameterusedtosetwhetherHTTPusernameshouldbetrusted.
DefaultstoNOwhenunset.
S SOGoEncryptionKey
Parameterusedtodefineakeytoencryptthe
passwordsofremoteWebcalendarswhenSOGoTrustProxyAuthenticationisenabled.
S SOGoCASServiceURL
WhenusingC.A.S.authentication,thisspecifiesthebaseurlforreachingtheC.A.S.service.
ThiswillbeusedbySOGotodeducetheproperloginpageaswellastheotherC.A.S.servicesthatSOGowilluse.
S SOGoCASLogoutEnabled
Booleanvalueindicatingwhetherthe"Logout"
linkisenabledwhenusingC.A.S.asauthenticationmechanism.
The"Logout"linkwillendupcallingSOGoCASServiceURL/logouttoterminatetheclients
singlesign-onC.A.S.session.
S SOGoAddressBookDAVAccessEnabled
ParametercontrollingWebDAVaccesstothe
Contactscollections.ThiscanbeusedtodenyaccesstotheseresourcesfromLightningfor
example.
DefaultstoYESwhenunset.
S SOGoCalendarDAVAccessEnabled
ParametercontrollingWebDAVaccesstothe
Calendarcollections.
ThiscanbeusedtodenyaccesstotheseresourcesfromLightningforexample.
DefaultstoYESwhenunset.
S SOGoSAML2PrivateKeyLocation
ThelocationoftheSSLprivatekeyfileonthe
filesystemthatisusedbySOGotosignandencryptcommunicationswiththeSAML2identity
provider.Thisfilemustbegeneratedforeach
runningSOGoservice(ratherthanhost).
S SOGoSAML2CertiticateLocation
ThelocationoftheSSLcertificatefile.Thisfile
mustbegeneratedforeachrunningSOGoservice.
S SOGoSAML2IdpMetadataLocation
Thelocationofthemetadatafilethatdescribes
theservicesavailableontheSAML2identify
provider.
S SOGoSAML2IdpPublicKeyLocation
ThelocationoftheSSLpublickeyfileonthe
filesystemthatisusedbySOGotosignanden-
Configuration
13
Chapter5
cryptcommunicationswiththeSAML2identity
provider.Thisfileshouldbepartofthesetupof
youridentityprovider.
S SOGoSAML2IdpCertificateLocation
ThelocationoftheSSLcertificatefile.Thisfile
shouldbepartofthesetupofyouridentity
provider.
S SOGoSAML2LogoutEnabled
Booleanvalueindicatedwhetherthe"Logout"
linkisenabledwhenusingSAML2asauthenticationmechanism.
D SOGoTimeZone
Parameterusedtosetadefaulttimezonefor
users.ThedefaulttimezoneissettoUTC.The
Olsondatabaseisastandarddatabasethat
takesallthetimezonesaroundtheworldinto
accountandrepresentsthemalongwiththeir
history.OnGNU/Linuxsystems,timezonedefinitionfilesareavailableunder/usr/share/
zoneinfo.Listingtheavailablefileswillgive
youthenameoftheavailabletimezones.This
couldbeAmerica/New_York,Europe/Berlin,
Asia/TokyoorAfrica/Lubumbashi.
Inourexample,wesetthetimezonetoAmerica/Montreal.
D SOGoMailDomain
Parameterusedtosetthedefaultdomainname
usedbySOGo.SOGousesthisparameterto
buildthelistofvalidemailaddressesforusers.
Inourexample,wesetthedefaultdomainto
acme.com.
D SOGoAppointmentSendEMailNotifications
ParameterusedtosetwhetherSOGosendsor
notemailnotificationstomeetingparticipants.
Possiblevaluesare:
YEStosendnotifications
NOtonotsendnotifications
DefaultstoNOwhenunset.
D SOGoFoldersSendEMailNotifications
Sameasabove,butthenotificationsaretriggeredonthecreationofacalendaroranaddressbook.
D SOGoACLsSendEMailNotifications
Sameasabove,butthenotificationsaresent
totheinvolvedusersofacalendaroraddress
booksACLs.
D SOGoCalendarDefaultRoles
Parameterusedtodefinethedefaultroles
whengivingpermissionstoausertoaccessa
calendar.Defaultsrolesareignoredforpublic
accesses.Mustbeanarrayofuptofivestrings.
Eachstringdefiningaroleforaneventcategorymustbeginwithoneofthosevalues:
Public
Configuration
14
Chapter5
Confidential
Private
Andeachstringmustendwithoneofthose
values:
Viewer
DAndTViewer
Modifier
Responder
Thearraycanalsocontainoneormanyofthe
followingstrings:
ObjectCreator
ObjectEraser
Example:SOGoCalendarDefaultRoles = ("ObjectCreator", "PublicViewer");
Defaultstonorolewhenunset.RecommendedvaluesarePublicViewerandConfidentialDAndTViewer.
D SOGoContactsDefaultRoles
Parameterusedtodefinethedefaultroles
whengivingpermissionstoausertoaccess
anaddressbook.Defaultsrolesareignoredfor
publicaccesses.Mustbeanarrayofoneor
manyofthefollowingstrings:
ObjectViewer
ObjectEditor
ObjectCreator
ObjectEraser
Example:SOGoContactsDefaultRoles = ("ObjectEditor");
Defaultstonorolewhenunset.
D SOGoSuperUsernames
Parameterusedtosetwhichusernamesrequire
administrativeprivilegesoveralltheuserstables.Forexample,thiscouldbeusedtopost
eventsintheuserscalendarwithoutrequiringtheusertoconfigurehis/herACLs.Inthis
caseyouwillneedtospecifythosesuperusers
usernameslikethis:SOGoSuperUsernames =
(<username1>[, <username2>, ...]);
U SOGoLanguage
Parameterusedtosetthedefaultlanguage
usedintheWebinterfaceforSOGo.Possible
valuesare:
Configuration
BrazilianPortuguese
Czech
Dutch
English
15
Chapter5
D SOGoNotifyOnPersonalModifications
French
German
Hungarian
Italian
Russian
Spanish
Swedish
Welsh
ParameterusedtosetwhetherSOGosendsor
notemailreceiptswhensomeonechangeshis/
herowncalendar.Possiblevaluesare:
YEStosendnotifications
NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwrite
thisfromthecalendarpropertieswindow.
D SOGoNotifyOnExternalModifications
ParameterusedtosetwhetherSOGosendsor
notemailreceiptswhenamodificationisbeing
donetohis/herowncalendarbysomeoneelse.
Possiblevaluesare:
YEStosendnotifications
NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwrite
thisfromthecalendarpropertieswindow.
D SOGoLDAPContactInfoAttribute
ParameterusedtospecifyanLDAPattribute
thatshouldbedisplayedwhenauto-completing
usersearches.
D SOGoiPhoneForceAllDayTransparency
WhensettoYES,thiswillforceall-dayevents
sentoverbyiPhoneOSbaseddevicestobe
transparent.Thismeansthattheall-dayevents
willnotbeconsideredduringfreebusylookups.
DefaultstoNOwhenunset.
S SOGoEnablePublicAccess
Parameterusedtoallowornotyourusersto
sharepublicly(ie.,requiringnotauthentication)
theircalendarsandaddressbooks.
Possiblevaluesare:
YEStoallowthem
NOtopreventthemfromdoingso
DefaultstoNOwhenunset.
S SOGoPasswordChangeEnabled
Parameterusedtoallowornotuserstochange
theirpasswordsfromSOGo.
Possiblevaluesare:
YEStoallowthem
NOtopreventthemfromdoingso
Configuration
16
Chapter5
DefaultstoNOwhenunset.
ForthisfeaturetoworkproperlywhenauthenticatingagainstADorSamba4,theLDAPconnectionmustuseSSL/TLS.Serversiderestrictionscanalsocausethepasswordchangeto
fail,inwhichcaseSOGowillonlylogaConstraintviolation(0x13)error.Theserestrictions
includepasswordtooyoung,complexityconstraintsnotsatisfied,usercannotchangepassword,etcAlsonotethatSambahasaminimumpasswordageof1daybydefault.
S SOGoSupportedLanguages
Parameterusedtoconfigurewhichlanguages
areavailablefromSOGosWebinterface.Availablelanguagesarespecifiedasanarrayof
string.
Thedefaultvalueis:( "Czech", "Welsh",
"English", "Spanish", "French", "German", "Italian", "Hungarian", "Dutch",
"BrazilianPortuguese", "Polish", "Russian", Ukrainian", "Swedish" )
D SOGoHideSystemEMail
ParameterusedtocontrolifSOGoshould
hideornotthesystememailaddress
(UIDFieldName@SOGoMailDomain).Thisis
currentlylimitedtoCalDAV(calendar-user-address-set).
DefaultstoNOwhenunset.
D SOGoSearchMinimumWordLength
Parameterusedtocontroltheminimumlength
tobeusedforthesearchstring(attendeecompletion,addressbooksearch,etc.)priortriggeringtheserver-sidesearchoperation.
Defaultsto2whenunsetwhichmeansa
searchoperationwillbetriggeredonthe3rd
typedcharacter.
S SOGoMaximumFailedLoginCount
Parameterusedtocontrolthenumberoffailed
loginattemptsrequiredduringSOGoMaximumFailedLoginIntervalsecondsormore.Ifconditionsaremet,theaccountwillbeblockedfor
SOGoFailedLoginBlockIntervalsecondssincethe
firstfailedloginattempt.
Defaultvalueis0,ordisabled.
S SOGoMaximumFailedLoginInterval
Numberofseconds,defaultsto10.
S SOGoFailedLoginBlockInterval
Numberofseconds,defaultsto300(or5minutes).NotethatSOGoCacheCleanupInterval
mustbesettoavalueequalorhigherthanSOGoFailedLoginBlockInterval.
S SOGoMaximumMessageSubmissionCount
Parameterusedtocontrolthenumberofemail
messagesausercansendfromSOGosweb-
Configuration
17
Chapter5
mailinterface,toSOGoMaximumRecipientCount,
inSOGoMaximumSubmissionIntervalsecondsor
more.Ifconditionsaremetorexceeded,the
userwontbeabletosendmailsforSOGoMessageSubmissionBlockIntervalseconds.
Defaultvalueis0,ordisabled.
S SOGoMaximumRecipientCount
Maximumnumberofrecipients.Defaultvalue
is0,ordisabled.
S SOGoMaximumSubmissionInterval
Numberofseconds,defaultsto30.
S SOGoMessageSubmissionBlockInterval
Numberofseconds,defaultto300(or5minutes).NotethatSOGoCacheCleanupInterval
mustbesettoavalueequalorhigherthanSOGoFailedLoginBlockInterval.
AuthenticationusingLDAP
SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks.
SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_
laterinthisdocument).InsertthefollowingtextintoyourconfigurationfiletoconfigureanauthenticationandglobaladdressbookusinganLDAPdirectoryserver:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
IMAPHostFieldName = mailHost;
baseDN = "ou=users,dc=acme,dc=com";
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = "ldap://127.0.0.1:389";
id = public;
isAddressBook = YES;
}
);
Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled.
Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,you
coulddefine,inyour.GNUstepDefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingto
theorganizationInversewithamailaddressandnotinactive:
filter = "(o='Inverse' AND mail='*' AND status <> 'inactive')";
Configuration
18
Chapter5
SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,you
canspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule:
displayName = "<human identification name of the addressbook>";
isAddressBook = YES;
ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisan
example:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = sAMAccountName;
baseDN = "cn=Users,dc=acme,dc=com";
bindDN = "cn=sogo,cn=Users,dc=acme,dc=com";
bindFields = (sAMAccountName);
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Active Directory";
hostname = ldap://10.0.0.1:389;
id = directory;
isAddressBook = YES;
}
);
Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.Thatvalueisfound
bydoingasearchonthefieldsspecifiedinbindFields.Mostofthetime,therewillbeonlyone
fieldbutitispossibletospecifymoreintheformofanarray(forexample,bindFields = (sAMAccountName, cn)).Whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname.
Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountName
entryinalltheusercards,andoncethiscardisfound,theuserDNofthiscardwillbeusedfor
checkingtheuserspassword.
Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthentication
sources(ie.,canAuthenticatemustbesettoYESandagroupmusthaveavalidemailaddress).In
orderforSOGotodetermineifaspecificLDAPentryisagroup,SOGowilllookforoneofthe
followingobjectClassattributes:
group
groupOfNames
groupOfUniqueNames
posixGroup
You can set ACLs based on group membership and invite a group to a meeting (and the group
willbedecomposedtoitslistofmembersuponsavebySOGo).Youcanalsocontrolthevisibility
ofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingthe
isAddressBookparametertoYESorNO.ThefollowingLDAPentryshowshowatypicalgroupis
defined:
Configuration
19
Chapter5
dn: cn=inverse,ou=groups,dc=inverse,dc=ca
objectClass: groupOfUniqueNames
objectClass: top
objectClass: extensibleObject
uniqueMember: uid=alice,ou=users,dc=inverse,dc=ca
uniqueMember: uid=bernard,ou=users,dc=inverse,dc=ca
uniqueMember: uid=bob,ou=users,dc=inverse,dc=ca
cn: inverse
structuralObjectClass: groupOfUniqueNames
mail: inverse@inverse.ca
ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe:
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = cn;
baseDN = "ou=groups,dc=inverse,dc=ca;
bindDN = "cn=sogo,ou=services,dc=inverse,dc=ca";
bindPassword = zot;
canAuthenticate = YES;
displayName = Inverse Groups;
hostname = ldap://127.0.0.1:389;
id = inverse_groups;
isAddressBook = YES;
}
ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource:
D SOGoUserSources
ParameterusedtosettheLDAPand/orSQL
sourcesusedforauthenticationandglobaladdressbooks.Multiplesourcescanbespecified
asanarrayofdictionaries.AdictionarythatdefinesanLDAPsourcecancontainthefollowing
values:
type Thetypeofthisusersource,settoldap`foran
LDAPsource.
id TheidentificationnameoftheLDAPrepository.Thismustbeuniqueevenwhenusing
multipledomains.
CNFieldName Thefieldthatreturnsthecompletename.
IDFieldName ThefieldthatstartsauserDNifbindFieldsis
notused.Thisfieldmustbeuniqueacrossthe
entireSOGodomain.
UIDFieldName Thefieldthatreturnstheloginnameofauser.
Thereturnedvaluemustbeuniqueacrossthe
wholeSOGoinstallationsinceitisusedto
identifytheuserinthefolder_infodatabase
table.
Configuration
20
Chapter5
MailFieldNames Anarrayoffieldsthatreturnstheusersemail
addresses(defaultstomailwhenunset).
SearchFieldNames Anarrayoffieldstotomatchagainstthe
searchstringwhenfilteringusers(defaultsto
sn,displayName,andtelephoneNumberwhen
unset).
IMAPHostFieldName(optional) ThefieldthatreturnseitheranURItothe
IMAPserverasdescribedforSOGoIMAPServer,orasimpleserverhostnamethatwouldbe
usedasareplacementforthehostnamepartin
theURIprovidedbytheSOGoIMAPServerparameter.
IMAPLoginFieldName(optional) ThefieldthatreturnstheIMAPloginnamefor
theuser(defaultstothevalueofUIDFieldName
whenunset).
SieveHostFieldName(optional) ThefieldthatreturnseitheranURItothe
SIEVEserverasdescribedforSOGoSieveServer,orasimpleserverhostnamethatwouldbe
usedasareplacementforthehostnamepartin
theURIprovidedbytheSOGoSieveServerparameter.
baseDN ThebaseDNofyouruserentries.
KindFieldName(optional) Ifset,SOGowilltrytodetermineifthevalue
ofthefieldcorrespondstoeither"group","location"or"thing".Ifthatsthecase,SOGowill
considerthereturnedentrytobearesource.
ForLDAP-basedsources,SOGocanalsoautomaticallydetermineifitsaresourceiftheentry
hasthecalendarresourceobjectClassset.
MultipleBookingsFieldName(optional) Thevalueofthisattributeisthemaximum
numberofconcurrenteventstowhicharesourcecanbepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,it
meansnolimit.
filter(optional) ThefiltertouseforLDAPqueries,itshouldbe
definedasanEOQualifier.Thefollowingoperatorsaresupported:
<>inequalityoperator
=equalityoperator
MultiplequalifierscanbejoinedbyusingOR
andAND,theycanalsobegroupedtogetherby
usingparenthesis.Attributevaluesshouldbe
quotedtoavoidunexpectedbehaviour.
Forexample:filter =
"(objectClass='mailUser' OR
objectClass='mailGroup') AND
Configuration
21
Chapter5
Configuration
22
Chapter5
Foramoredetaileddescriptionseehttp://
wiki.dovecot.org/Authentication/PasswordSchemes.
Notethatcram-md5isnotactuallyusingcrammd5(duetothelackofchallenge-response
mechanism),itsjustsavingtheintermediate
MD5contextasDovecotstoresinitsdatabase.
canAuthenticate IfsettoYES,thisLDAPsourceisusedforauthentication
passwordPolicy IfsettoYES,SOGowillusetheextendedLDAP
PasswordPoliciesattributes.IfyouLDAPserverdoesnotsupportthoseandyouactivatethis
feature,everyLDAPrequestswillfail.
isAddressBook IfsettoYES,thisLDAPsourceisusedasa
sharedaddressbook(withread-onlyaccess).
NotethatifsettoNO,autocompletionwillnot
workforentriesinthissourceandthus,freebusylookups.
displayName(optional) Ifsetasanaddressbook,thehumanidentificationnameoftheLDAPrepository
ModulesConstraints(optional) LimitstheaccessofanymodulethroughaconstraintbasedonanLDAPattribute;mustbea
dictionarywithkeysMail,and/orCalendar,for
example:
ModulesConstraints = {
Calendar = {
ou = employees;
};
};
mapping Adictionarythatmapscontactattributesused
bySOGototheLDAPattributesusedbythe
schemaoftheLDAPsource.Eachentrymust
haveanattributenameaskeyandanarrayof
stringsasvalue.Thisenablesactualfieldstobe
mappedoneafteranotherwhenfetchingcontactinformations.
SeetheLDAPAttributeMappingsectionbelow
foranexampleandalistofsupportedattributes.
objectClasses Whenthemodifierslist(seebelow)isset,or
whenusingLDAP-baseduseraddressbooks
(seeabOUbelow),thislistofobjectclasseswill
beappliedtonewrecordsastheyarecreated.
modifiers Alist(array)ofusernamesthatareauthorized
toperformmodificationstotheaddressbook
definedbythisLDAPsource.
Configuration
23
Chapter5
abOU ThisfieldenablesLDAP-baseduser
addressbooksbyspecifyingthevalueoftheaddressbookcontainerbeneatheachuserentry,forexample:
ou=addressbooks,uid=username,dc=domain.
The following parameters can be defined along the other keys of each entry of the SOGoUserSources,butcanalsodefinedatthedomainand/orsystemlevels:
D SOGoLDAPContactInfoAttribute
Parameterusedtospecifyanattributethat
shouldappearinautocompletionofthewebinterface.
D SOGoLDAPQueryLimit
Parameterusedtolimitthenumberofreturned
resultsfromtheLDAPserverwheneverSOGoperformsaLDAPquery(forexample,duringaddressescompletioninasharedaddress
book).
D SOGoLDAPQueryTimeout
ParametertodefinethetimeoutofLDAP
queries.Theactualtimelimitforoperationsis
alsoboundedbythemaximumtimethatthe
serverisconfiguredtoallow.
Defaultsto0(unlimited).
LDAPAttributesIndexing
To ensure proper performance of the SOGo application, the following LDAP attributes must be
fullyindexed:
givenName
cn
mail
sn
Pleaserefertothedocumentationofthesoftwareyouuseinordertoindexthoseattributes.
LDAPAttributesMapping
SomeLDAPattributesaremappedtocontactsattributesintheSOGoUI.Thetablebelowlistmost
ofthem.Itispossibletooverridethesebyusingthemappingconfigurationparameter.
Forexample,iftheLDAPschemausesthefaxattributetostorethefaxnumber,onecouldmapit
tothefacsimiletelephonenumberattributelikethis:
Configuration
24
Chapter5
mapping = \{
facsimiletelephonenumber = ("fax", "facsimiletelephonenumber");
};
Name
First
givenName
Last
sn
DisplayName
displayNameorcnorgivenName+sn
Nickname
mozillanickname
Internet
Email
Secondaryemail
mozillasecondemail
ScreenName
nsaimid
Phones
Work
telephoneNumber
Home
homephone
Mobile
mobile
Fax
facsimiletelephonenumber
Pager
pager
Home
Address
mozillahomestreet+mozillahomestreet2
City
mozillahomelocalityname
State/Province
mozillahomestate
Zip/PostalCode
mozillahomepostalcode
Country
mozillahomecountryname
Webpage
mozillahomeurl
Work
Title
title
Department
ou
Organization
Address
street+mozillaworkstreet2
City
State/Province
st
Zip/Postalcode
postalCode
Country
Webpage
mozillaworkurl
Other
Birthday
birthyear-birthmonth-birthday
Note
description
Configuration
25
Chapter5
AuthenticatingusingC.A.S.
SOGonativelysupportsC.A.S.authentication.ForactivatingC.A.S.authenticationyouneedfirstto
makesurethattheSOGoAuthenticationType settingissettocasandthattheSOGoCASServiceURL
settingisconfiguredappropriately.
ThetrickypartshowsupwhenusingSOGoasafrontendinterfacetoanIMAPserverasthisimposes
constraintsneededbytheC.A.S.protocoltoensuresecurecommunicationbetweenthedifferent
services.Failingtotakethoseprecautionswillpreventusersfromaccessingtheirmails,whilestill
grantingbasicauthenticationtoSOGoitself.
ThefirstconstraintisthattheamountofworkersthatSOGousesmustbehigherthan1inorder
toenabletheC.A.S.servicetoperformsomevalidationrequestsduringIMAPauthentication.A
singleworkeralonewouldnot,bydefinition,beabletorespondtotheC.A.S.requestswhiletreating
theuserrequestthatrequiredthetriggeringofthoserequests.Youmustthereforeconfigurethe
WOWorkersCountsettingappropriately.
ThesecondconstraintisthattheSOGoservicemustbeaccessibleandaccessedviahttps.Moreover,thecertificateusedbytheSOGoserverhastoberecognizedandtrustedbytheC.A.S.service.Inthecaseofacertificateissuedbyathird-partyauthority,thereshouldbenothingtoworryabout.Inthecaseofaself-signedcertificate,thecertificatemustberegisteredinthetrusted
keystoreoftheC.A.S.application.Theproceduretoachievethiscanbesummarizedasimporting
thecertificateintheproper"keystore"usingthekeytoolutilityandspecifyingthepathforthat
keystoretotheTomcatinstancewhichprovidestheC.A.S.service.Thisisdonebytweakingthe
javax.net.ssl.trustStoresetting,eitherinthecatalina.propertiesfileorinthecommand-line
parameters.Ondebian,theSOGocertificatecanalsobeaddedtothetruststoreasfollows:
openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \
-out /tmp/sogo-cert.der
keytool -import -keystore /etc/ssl/certs/java/cacerts \
-file /tmp/sogo-cert.der -alias sogo-cert
# The keystore password is 'changeit'
# tomcat must be restarted after this operation
The certificate used by the CAS server must also be trusted by SOGo. In case of a self-signed
certificate,thismeansexportingtomcatscertificateusingthe+keytool+utility,convertingittoPEM
formatandappendingittotheca-certificates.crtfile(thenameandlocationofthatfilediffers
betweendistributions).Basically:
# export tomcat's cert to openssl format
keytool -keystore /etc/tomcat7/keystore -exportcert -alias tomcat | \
openssl x509 -inform der >tomcat.pem
Enter keystore password:
tomcat
Configuration
26
Chapter5
Ifanyofthoseconstraintsisnotsatisfied,thewebmailinterfaceofSOGowilldisplayanemptyemail
account.Unfortunately,SOGohasnopossibilitytodetectwhichoneisthecauseoftheproblem.
Theonlyindicatorsarelogmessagesthatatleastpinpointthesymptoms:
"failuretoobtainaPGTfromtheC.A.S.service"
SuchanerrorwillshowupduringauthenticationoftheusertoSOGo.Ithappenswhentheauthenticationservicehasacceptedtheuserauthenticationticketbuthasnotreturneda"ProxyGranting
Ticket".
"aCASfailureoccurredduringoperation."
Thiserrorindicatethatanattemptwasmadetoretrieveanauthenticationticketforathird-party
servicesuchasIMAPorsieve.Mostofthetime,thishappensasaconsequencetotheproblem
describedabove.Totroubleshoottheseissues,oneshouldbetailingcas.log,pamlogsandsogo
logs.
Currently,SOGowillaskforaCASticketusingthesameCASservicenameforbothIMAPand
Sieve.WhenCASifyingsieve,thismeansthatthe-sparameterof`pam_cas`shouldbethesame
forbothIMAPandSieve,otherwisetheCASserverwillcomplain:
ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket
[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service [imap://myimapserver
does not match supplied service [sieve://mysieveserver:2000]
Finally,whenusingimapproxytospeeduptheimapaccesses,theSOGoIMAPCASServiceName
shouldbesettotheactualimapservicenameexpectedbypam_cas,otherwiseitwillfailtoauthenticateincomingconnectionproperly.
AuthenticatingusingSAML2
SOGonativelysupportsSAML2authentication.PleaserefertothedocumentationofyouridentityproviderandtheSAML2configurationkeysthatarelistedaboveforpropersetup.OnceaSOGoinstanceisconfiguredproperly,themetadataforthatinstancecanberetrievedfromhttp://
<hostname>/SOGo/saml2-metadataforregistrationwiththeidentityprovider.
In order to relay authentication information to your IMAP server and if you make use of the
CrudeSAMLSASLplugin,youneedtomakesurethatNGImap4AuthMechanismisconfiguredtouse
theSAMLmechanism.IfyoumakeuseoftheCrudeSAMLPAMplugin,thisvaluemaybeleftempty.
DatabaseConfiguration
SOGo requires a relational database system in order to store appointments, tasks and contacts
information.ItalsousesthedatabasesystemtostorepersonalpreferencesofSOGousers.Inthis
guide,weassumeyouusePostgreSQLsocommandsprovidedthecreatethedatabasearerelated
tothisapplication.However,otherdatabaseserversaresupported,suchasMySQLandOracle.
Configuration
27
Chapter5
First,makesurethatyourPostgreSQLserverhasTCP/IPconnectionssupportenabled.
Createthedatabaseuserandschemausingthefollowingcommands:
su # postgres
createuser --no-superuser --no-createdb #-no-createrole \
#-encrypted --pwprompt sogo
(specify sogo as password)
createdb -O sogo sogo
Youshouldthenadjusttheaccessrightstothedatabase.Todoso,modifytheconfigurationfile/
var/lib/pgsql/data/pg_hba.confinordertoaddthefollowinglineattheverybeginningofthe
file:
host sogo sogo 127.0.0.1/32 md5
Onceadded,restartthePostgreSQLdatabaseservice.Then,modifytheSOGoconfigurationfile(/
etc/sogo/sogo.conf)toreflectyourdatabasesettings:
SOGoProfileURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
OCSFolderInfoURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
Thefollowingtabledescribestheparametersthatwereset:
D SOGoProfileURL
ParameterusedtosetthedatabaseURLso
thatSOGocanretrieveuserprofiles.
ForMySQL,setthedatabaseURLtosomething
like:mysql://sogo:sogo@localhost:3306/sogo/sogo_user_profile.
D OCSFolderInfoURL
ParameterusedtosetthedatabaseURLso
thatSOGocanretrievethelocationofuser
folders(addressbooksandcalendars).
ForOracle,setthedatabaseURLtosomething
like:oracle://sogo:sogo@localhost:1526/sogo/sogo_folder_info.
D OCSSessionsFolderURL
ParameterusedtosetthedatabaseURLso
thatSOGocanstoreandretrievesecureduser
sessionsinformation.ForPostgreSQL,thedatabaseURLcouldbesettosomethinglike:postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder.
D OCSEMailAlarmsFolderURL
ParameterusedtosetthedatabaseURL
foremail-basedalarms(thatcanbeseton
eventsandtasks).ThisparameterisrelevantonlyifSOGoEnableEMailAlarmsis
settoYES.ForPostgreSQL,thedatabase
URLcouldbesettosomethinglike:postConfiguration
28
Chapter5
gresql://sogo:sogo@localhost:5432/sogo/sogo_alarms_folder
Seethe"EMailreminders"sectioninthisdocumentformoreinformation.
IfyoureusingMySQL,makesureinyourmy.cnffileyouhave:
[mysqld]
...
character_set_server=utf8
character_set_client=utf8
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
AuthenticationusingSQL
SOGocanuseaSQL-baseddatabaseserverforauthentication.Theconfigurationisverysimilar
toLDAP-basedauthentication.
ThefollowingtabledescribesallthepossibleparametersrelatedtoaSQLsource:
D SOGoUserSources
ParameterusedtosettheSQLand/orLDAP
sourcesusedforauthenticationandglobaladdressbooks.Multiplesourcescanbespecified
asanarrayofdictionaries.AdictionarythatdefinesaSQLsourcecancontainthefollowing
values:
type
Thetypeofthisusersource,settosqlfora
SQLsource.
id
TheidentificationnameoftheSQLrepository.
Thismustbeuniqueevenwhenusingmultipledomains.
viewURL
DatabaseURLoftheviewusedbySOGo.The
viewexpectscolumnstobepresent.Required
columnsare:
c_uid:willbeusedforauthenticationitsa
usernameorusername@domain.tld
c_name:willbeusedtouniquelyidentifyentrieswhichcanbeidenticaltoc_uid
c_password:passwordoftheuser,plaintext,
crypt,md5orshaencoded
c_cn:theuserscommonname
mail:theusersemailaddress
Configuration
29
Chapter5
Othercolumnscanexistandwillactuallybe
mappedautomaticallyiftheyhavethesame
nameaspopularLDAPattributes(suchas
givenName,sn,department,title,telephoneNumber,etc.).
userPasswordAlgorithm
Thedefaultalgorithmusedforpasswordencryptionwhenchangingpasswords.Possible
valuesare:none,plain,crypt,md5,md5-crypt,
smd5,cram-md5,ldap-md5,andsha,sha256,
sha512anditsssha(e.g.sshaorssha256)variants.Passwordscanhavetheschemeprependedintheform{scheme}encryptedPass.
Ifnoschemeisgiven,userPasswordAlgorithmisusedinstead.Theschemeslisted
abovefollowthealgorithmsdescribedin
http://wiki.dovecot.org/Authentication/PasswordSchemes.
Notethatcram-md5isnotactuallyusingcrammd5(duetothelackofchallenge-response
mechanism),itsjustsavingtheintermediate
MD5contextasDovecotstoresinitsdatabase.
prependPasswordScheme
Thedefaultbehaviouristostorenewlyset
passwordswithoutthescheme(default:
NO).Thiscanbeoverriddenbysettingto
YESandwillresultinpasswordsstoredas
{scheme}encryptedPass.
canAuthenticate
IfsettoYES,thisSQLsourceisusedforauthentication.
isAddressBook
IfsettoYES,thisSQLsourceisusedasa
sharedaddressbook(withread-onlyaccess).
NotethatifsettoNO,autocompletionwillnot
workforentriesinthissourceandthus,freebusylookups.
authenticationFilter(optional)
Afilterthatlimitswhichuserscanauthenticate
fromthissource.
displayName(optional)
Ifsetasanaddressbook,thehumanidentificationnameoftheSQLrepository.
LoginFieldNames(optional)
Anarrayoffieldsthatspecifiesthecolumn
namesthatcontainvalidauthenticationusernames(defaultstoc_uidwhenunset).
MailFieldNames(optional)
Aanarrayoffieldsthatspecifiesthecolumn
namesthatholdadditionalemailaddresses(besidethemailcolumn)foreachuser.
IMAPHostFieldName(optional)
ThefieldthatreturnstheIMAPhostnamefor
theuser.
IMAPLoginFieldName(optional)
ThefieldthatreturnstheIMAPloginnamefor
theuser(defaultstoc_uidwhenunset).
Configuration
30
Chapter5
SieveHostFieldName(optional)
ThefieldthatreturnstheSievehostnamefor
theuser.
KindFieldName(optional)
Ifset,SOGowilltrytodetermineifthevalue
ofthefieldcorrespondstoeither"group","location"or"thing".Ifthatsthecase,SOGowill
considerthereturnedentrytobearesource.
MultipleBookingsFieldName(optional)
Thevalueofthisfieldisthemaximumnumber
ofconcurrenteventstowhicharesourcecan
bepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,it
meansnolimit.
DomainFieldName(optional)
Ifset,SOGowillusethevalueofthatfieldas
thedomainassociatedtotheuser.
SeetheMulti-domainsConfigurationsectionin
thisdocumentformoreinformation.
HereisanexampleofanSQL-basedauthenticationandaddressbooksource:
SOGoUserSources =
(
{
type = sql;
id = directory;
viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
canAuthenticate = YES;
isAddressBook = YES;
userPasswordAlgorithm = md5;
}
);
Certaindatabasecolumnsmustbepresentintheview/table,suchas:
c_uidwillbeusedforauthenticationitstheusernameorusername@domain.tld
c_namewhichcanbeidenticaltoc_uidwillbeusedtouniquelyidentifyentries
c_passwordpasswordoftheuser,plain-text,md5orshaencodedfornow
c_cntheuserscommonnamesuchas"JohnDoe"
mailtheusersmailaddress
NotethatgroupsarecurrentlynotsupportedforSQL-basedauthenticationsources.
SMTPServerConfiguration
SOGomakesuseofaSMTPservertosendemailsfromtheWebinterface,iMIP/iTIPmessages
andvariousnotifications.
Configuration
31
Chapter5
Thefollowingtabledescribestherelatedparameters.
D SOGoMailingMechanism
ParameterusedtosethowSOGosendsmail
messages.Possiblevaluesare:
sendmailtousethesendmailbinary
smtptousetheSMTPprotocol
D SOGoSMTPServer
TheDNSnameorIPaddressoftheSMTP
serverusedwhenSOGoMailingMechanismisset
tosmtp.
D SOGoSMTPAuthenticationType
ActivateSMTPauthenticationandspecifies
whichtypeisinuse.Current,onlyPLAINissupportedandothervalueswillbeignored.
S WOSendMail
Thepathofthesendmailbinary.
Defaultsto/usr/lib/sendmail.
D SOGoForceExternalLoginWithEmail
Parameterusedtospecifyif,whenlogginginto
theSMTPserver,theprimaryemailaddressof
theuserwillbeusedinsteadoftheusername.
Possiblevaluesare:
YES
NO
DefaultstoNOwhenunset.
IMAPServerConfiguration
SOGorequiresanIMAPserverinordertoletusersconsulttheiremailmessages,managetheirfoldersandmore.
Thefollowingtabledescribestherelatedparameters.
U SOGoDraftsFolderName
ParameterusedtosettheIMAPfoldername
usedtostoredraftsmessages.
DefaultstoDraftswhenunset.
Usea/asahierarchyseparatorifreferringto
anIMAPsubfolder.Forexample:INBOX/Drafts.
U SOGoSentFolderName
ParameterusedtosettheIMAPfoldername
usedtostoresentmessages.
DefaultstoSentwhenunset.
Usea/asahierarchyseparatorifreferringto
anIMAPsubfolder.Forexample:INBOX/Sent.
U SOGoTrashFolderName
ParameterusedtosettheIMAPfoldername
usedtostoredeletedmessages.
Configuration
32
Chapter5
DefaultstoTrashwhenunset.
Usea/asahierarchyseparatorifreferringto
anIMAPsubfolder.Forexample:INBOX/Trash.
D SOGoIMAPCASServiceName
ParameterusedtosettheCASservicename
(URL)oftheimapservice.ThisisusefulifSOGoisconnectingtotheIMAPservicethrough
aproxy.Whenusingpam_cas,thisparameter
shouldbesettothesamevalueasthe-sargumentoftheimappamservice.
D SOGoIMAPServer
ParameterusedtosettheDNSnameorIPaddressoftheIMAPserverusedbySOGo.You
canalsouseSSLorTLSbyprovidingavalue
usinganURL,suchas:
imaps://localhost:993
imaps://localhost:143/?tls=YES
D SOGoSieveServer
ParameterusedtosettheDNSnameorIPaddressoftheSieve(managesieve)serverusedby
SOGo.YoumustuseanURLsuchas:
sieve://localhost
sieve://localhost:2000
sieve://localhost:2000/?tls=YES
NotethatTLSissupportedbutSSLisnot.
D SOGoSieveFolderEncoding
Parameterusedtospecifywhichencodingis
usedforIMAPfoldernamesinSievefilters.Defaultsto"UTF-7".Theotherpossiblevalueis
"UTF-8".
U SOGoMailShowSubscribedFoldersOnly
ParameterusedtospecifyiftheWebinterfaceshouldonlyshowsubscribedIMAPfolders.Possiblevaluesare:
YES
NO
DefaultstoNOwhenunset.
D SOGoIMAPAclStyle
ParameterusedtospecifywhichRFCtheIMAP
serverimplementswithrespecttoACLs.Possiblevaluesare:
rfc2086
rfc4314
Defaultstorfc4314whenunset.
D SOGoIMAPAclConformsToIMAPExt
ParameterusedtospecifyiftheIMAPserver
implementstheInternetMessageAccessProtocolExtension.Possiblevaluesare:
YES
NO
Configuration
33
Chapter5
DefaultstoNOwhenunset.
D SOGoForceExternalLoginWithEmail
Parameterusedtospecifyif,whenlogginginto
theIMAPserver,theprimaryemailaddressof
theuserwillbeusedinsteadoftheusername.
Possiblevaluesare:
YES
NO
DefaultstoNOwhenunset.
D SOGoMailSpoolPath
Parameterusedtosetthepathwheretemporaryemaildraftsarewritten.Ifyouchangethis
value,youmustalsomodifythedailycronjob
sogo-tmpwatch.
Defaultsto/var/spool/sogo.
S NGImap4ConnectionStringSeparator
ParameterusedtosettheIMAPmailbox
separator.Settingthiswillalsohaveanimpact
onthemailboxseparatorusedbySievefilters.
Thedefaultseparatoris/.
S NGImap4AuthMechanism
TriggertheuseoftheIMAPAUTHENTICATE
commandwiththespecifiedSASLmechanism.
Pleasenotethatfeaturemightbelimitedatthis
time.
D NGImap4ConnectionGroupIdPrefix
PrefixtoprependtonamesinIMAPACLtransactions,toindicatethenameisagroupname
notausername.
RFC4314givesexampleswheregroupnames
areprefixedwith$.Dovecot,forone,follows
thisscheme,andwill,forexample,applypermissionsfor$adminstoallusersingroupadminsintheabsenceofspecificpermissionsfor
theindividualuser.
Thedefaultprefixis$.
WebInterfaceConfiguration
ThefollowingadditionalparametersonlyaffecttheWebinterfacebehaviourofSOGo.
S SOGoPageTitle
ParameterusedtodefinetheWebpagetitle.
DefaultstoSOGowhenunset.
U SOGoLoginModule
Parameterusedtospecifywhichmoduleto
showafterlogin.Possiblevaluesare:
Configuration
34
Chapter5
Calendar
Mail
Contacts
DefaultstoCalendarwhenunset.
S SOGoFaviconRelativeURL
ParameterusedtospecifytherelativeURLof
thesitefavion.
Whenunset,defaultstothefilesogo.icounderthedefaultwebresourcesdirectory.
S SOGoZipPath
Parameterusedtospecifythepathofthezip
binaryusedtoarchivemessages.
Defaultsto/usr/bin/zipwhenunset.
D SOGoSoftQuotaRatio
Parameterusedtochangethequotareturned
bytheIMAPserverbymultiplyingitbythe
specifiedratio.Actsasasoftquota.Example:
0.8.
U SOGoMailUseOutlookStyleReplies(notcurrentlyeditableinWebinterface)
Parameterusedtosetifemailrepliesshould
useOutlooksstyle.
DefaultstoNOwhenunset.
U SOGoMailListViewColumnsOrder(notcurrentlyeditableinWebinterface)
Parameterusedtospecifythedefaultorderof
thecolumnsfromtheSOGowebmailinterface.
Theparameterisanarray,forexample:
SOGoMailListViewColumnsOrder =
(Flagged, Attachment, Priority, From,
Subject, Unread, Date, Size);
D SOGoVacationEnabled
Parameterusedtoactivatetheeditionfromthe
preferenceswindowofavacationmessage.
RequiresSievescriptsupportontheIMAP
host.
DefaultstoNOwhenunset.
Whenenablingthisparameter,onemustalso
enabletheassociatedcronjobin/etc/cron.d/
sogoinordertoactivateautomaticvacation
messageexpiration.
SeetheCronjobVacationmessagesexpiration
sectionbelowfordetails.
D SOGoForwardEnabled
Parameterusedtoactivatetheeditionfrom
thepreferenceswindowofaforwardingemail
address.RequiresSievescriptsupportonthe
IMAPhost.
DefaultstoNOwhenunset.
Configuration
35
Chapter5
D SOGoSieveScriptsEnabled
Parameterusedtoactivatetheeditionfrom
thepreferenceswindowsofserver-sidemailfilters.RequiresSievescriptsupportontheIMAP
host.
DefaultstoNOwhenunset.
D SOGoMailPollingIntervals
Parameterusedtodefinethemailpollingintervals(inminutes)availabletotheuser.Theparameterisanarraythatcancontainthefollowing
numbers:
1
2
5
10
20
30
60
Defaultstothelistabovewhenunset.
U SOGoMailMessageCheck
ParameterusedtodefinethemailpollingintervalatwhichtheIMAPserverisqueriedfornew
messages.Possiblevaluesare:
manually
every_minute
every_2_minutes
every_5_minutes
every_10_minutes
every_20_minutes
every_30_minutes
once_per_hour
Defaultstomanuallywhenunset.
D SOGoMailAuxiliaryUserAccountsEnabled
ParameterusedtoactivatetheauxiliaryIMAP
accountsinSOGo.WhensettoYES,userscan
addotherIMAPaccountsthatwillbevisible
fromtheSOGoWebmailinterface.
DefaultstoNOwhenunset.
U SOGoDefaultCalendar
Parameterusedtospecifywhichcalendaris
usedwhencreatinganeventoratask.Possible
valuesare:
selected
personal
first
Defaultstoselectedwhenunset.
U SOGoDayStartTime
Thehouratwhichthedaystarts(0through12).
Defaultsto8whenunset.
Configuration
36
Chapter5
U SOGoDayEndTime
Thehouratwhichthedayends(12through
23).
Defaultsto18whenunset.
U SOGoFirstDayOfWeek
Thedayatwhichtheweekstartsintheweek
andmonthviews(0through6).0indicatesSunday.
Defaultsto0whenunset.
U SOGoFirstWeekOfYear
Parameterusedtodefinedhowisidentifiedthe
firstweekoftheyear.Possiblevaluesare:
January1
First4DayWeek
FirstFullWeek
DefaultstoJanuary1whenunset.
U SOGoTimeFormat
Theformatusedtodisplaytimeinthetimeline
ofthedayandweekviews.Pleaserefertothe
documentationforthedatecommandorthe
strftimeCfunctionforthelistofavailableformatsequence.
Defaultsto%H:%M.
U SOGoCalendarCategories
Parameterusedtodefinethecategoriesthat
canbeassociatedtoevents.Thisparameteris
anarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.
U SOGoCalendarDefaultCategoryColor
Parameterusedtodefinethedefaultcolourof
categories.
Defaultsto#F0F0F0whenunset.
U SOGoCalendarEventsDefaultClassification
Parameterusedtodefinedthedefaultclassificationfornewevents.Possiblevaluesare:
PUBLIC
CONFIDENTIAL
PRIVATE
DefaultstoPUBLICwhenunset.
U SOGoCalendarTasksDefaultClassification
Parameterusedtodefinedthedefaultclassificationfornewtasks.Possiblevaluesare:
PUBLIC
CONFIDENTIAL
PRIVATE
DefaultstoPUBLICwhenunset.
U SOGoCalendarDefaultReminder
Parameterusedtodefinedadefaultreminder
fornewevents.Possiblevaluesare:
Configuration
37
Chapter5
D SOGoFreeBusyDefaultInterval
-PT5M
-PT10M
-PT15M
-PT30M
-PT45M
-PT1H
-PT2H
-PT5H
-PT15H
-P1D
-P2D
-P1W
Thenumberofdaystoincludeinthefreebusy
information.Theparameterisanarrayoftwo
numbers,thefirstbeingthenumberofdays
priortothecurrentdayandthesecondbeing
thenumberofdaysfollowingthecurrentday.
Defaultsto(7, 7)whenunset.
U SOGoBusyOffHours
Parameterusedtospecifyifoff-hoursshould
beautomaticallyaddedtothefree-busyinformation.OffhoursincludedweekendsandperiodscoveredbetweenSOGoDayEndTimeand
SOGoDayStartTime .
DefaultstoNOwhenunset.
U SOGoMailMessageForwarding
Themethodthemessageistobeforwarded.
Possiblevaluesare:
inline
attached
Defaultstoinlinewhenunset.
U SOGoMailCustomFullName
Thestringtouseasfullnamewhencomposing
anemail,ifSOGoMailCustomFromEnabledisset
intheusersdomaindefaults.
Whenunset,thefullnamespecifiedintheuser
sourcesfortheuserisusedinstead.
U SOGoMailCustomEmail
Thestringtouseasemailaddresswhencomposinganemail,ifSOGoMailCustomFromEnabledissetintheusersdomaindefaults.
Whenunset,theemailspecifiedintheuser
sourcesfortheuserisusedinstead.
U SOGoMailReplyPlacement
Thereplyplacementwithrespecttothequoted
message.Possiblevaluesare:
above
below
Defaultstobelow.
Configuration
38
Chapter5
U SOGoMailReplyTo
Theemailaddresstouseinthereply-toheaderfieldwhentheusersendsamessage.
Ignoredwhenempty.
U SOGoMailSignaturePlacement
Theplacementofthesignaturewithrespectto
thequotedmessage.Possiblevaluesare:
above
below
Defaultstobelow.
U SOGoMailComposeMessageType
Themessagecompositionformat.Possiblevaluesare:
text
html
Defaultstotext.
S SOGoEnableEMailAlarms
Parameterusedtoenableemail-basedalarms
oneventsandtasks.
DefaultstoNOwhenunset.
Forthisfeaturetoworkcorrectly,onemust
alsosettheOCSEMailAlarmsFolderURLparameterandenabletheassociatedcronjob.See
theCronjobEMailreminderssectionfromthis
documentformoreinformation.
U SOGoContactsCategories
Parameterusedtodefinethecategoriesthat
canbeassociatedtocontacts.Thisparameteris
anarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.
D SOGoUIAdditionalJSFiles
ParameterusedtodefinealistofadditionalJavaScriptfilesloadedbySOGoforalldisplayedwebpages.Thisparameterisanarrayof
stringscorrespondingofpathstothearbitrary
JavaScriptfiles.Thepathsarerelativetothe
WebServerResourcesdirectory,whichisusually
foundunder/usr/lib/GNUstep/SOGo/.
D SOGoMailCustomFromEnabled
Parameterusedtoallowornotuserstospecify
custom"From"addressesfromSOGospreferencespanel.
DefaultstoNOwhenunset.
D SOGoSubscriptionFolderFormat
Parameterusedtosetthedefaultformattingof
asubscriptionfoldername.Availablevariables
are:
%{FolderName}
%{UserName}
Configuration
39
Chapter5
%{Email}
Defaultsto%{FolderName} (%{UserName} <
%{Email}>)whenunset.
D SOGoUIxAdditionalPreferences
Parameterusedtoenableanextrapreferences
tabusingthecontentofthetemplatenamed
UIxAdditionalPreferences.wox.Thistemplateshouldbeputunder~sogo/GNUstep/Library/SOGo/Templates/PreferencesUI/.
DefaultstoNOwhenunset.
SOGoConfigurationSummary
ThecompleteSOGoconfigurationfile+/etc/sogo/sogo.conf+shouldlooklikethis:
Configuration
40
Chapter5
{
SOGoProfileURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
OCSFolderInfoURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
SOGoAppointmentSendEMailNotifications = YES;
SOGoCalendarDefaultRoles = (
PublicViewer,
ConfidentialDAndTViewer
);
SOGoLanguage = English;
SOGoTimeZone = America/Montreal;
SOGoMailDomain = acme.com;
SOGoIMAPServer = localhost;
SOGoDraftsFolderName = Drafts;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=acme,dc=com";
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = public;
isAddressBook = YES;
port = 389;
}
);
}
Multi-domainsConfiguration
Ifyouwantyourinstallationtoisolatetwogroupsofusers,youmustdefineadistinctauthenticationsourceforeachdomain.Followingisthesameconfigurationthatnowincludestwodomains
(acme.comandcoyote.com):
Configuration
41
Chapter5
{
...
domains = {
acme = {
SOGoMailDomain = acme.com;
SOGoDraftsFolderName = Drafts;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=acme,dc=com";
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = public_acme;
isAddressBook = YES;
port = 389;
}
);
};
coyote = {
SOGoMailDomain = coyote.com;
SOGoIMAPServer = imap.coyote.com;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=coyote,dc=com";
bindDN = "uid=sogo,ou=users,dc=coyote,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = public_coyote;
isAddressBook = YES;
port = 389;
}
);
};
};
}
ThefollowingadditionalparametersonlyaffectSOGowhenusingmultipledomains.
S SOGoEnableDomainBasedUID
Parameterusedtoactivateuseridentificationbydomain.Userswillbeable(withoutbeingrequired)tologinusingtheform
Configuration
42
Chapter5
username@domain,meaningthatvaluesofUIDFieldNamenolongerhavetobeuniqueamong
alldomainsbutonlywithinthesamedomain.
Internally,userswillalwaysbeidentifiedbythe
concatenationoftheirusernameanddomain.
Consequently,activatingthisparameteronan
existingsystemimpliesthatuseridentifierswill
changeandtheirpreviouscalendarsandaddressbookswillnolongerbeaccessibleunless
aconversionisperformed.
DefaultstoNOwhenunset.
S SOGoLoginDomains
Parameterusedtodefinewhichdomains
shouldbeselectablefromtheloginpage.This
parameterisanarrayofkeysfromthedomains
dictionary.
Defaultstoanemptyarray,whichmeansthat
nodomainsappearontheloginpage.Ifyou
preferhavingthedomainnameslisted,justuse
theseaskeysforthethedomainsdictionary.
S SOGoDomainsVisibility
Parameterusedtosetdomainsvisibleamong
themselves.Thisparameterisanarrayofarrays.
Example:SOGoDomainsVisibility = ((acme,
coyote));
Defaultstoanemptyarray,whichmeansdomainsareisolatedfromeachother.
ApacheConfiguration
TheSOGoconfigurationforApacheislocatedin/etc/httpd/conf.d/SOGo.conf.
UponSOGoinstallation,adefaultconfigurationfileiscreatedwhichissuitableformostconfigurations.
YoumustalsoconfigurethefollowingparametersintheSOGoconfigurationfileforApacheinorder
tohaveaworkinginstallation:
RequestHeader set "x-webobjects-server-port" "80"
RequestHeader set "x-webobjects-server-name" "yourhostname"
RequestHeader set "x-webobjects-server-url" "http://yourhostname"
YoumayconsiderenablingSSLontopofthiscurrentinstallationtosecureaccesstoyourSOGo
installation.
Seehttp://httpd.apache.org/docs/2.2/ssl/fordetails.
Configuration
43
Chapter5
YoumightalsohavetoadjusttheconfigurationifyouhaveSELinuxenabled.
Thedefaultconfigurationwillusemod_proxyandmod_headerstorelayrequeststothesogodparent
process.Thisissuitableforsmalltomediumdeployments.
StartingServices
OnceSOGoiffullyinstalledandconfigured,starttheservicesusingthefollowingcommand:
service sogod start
YoumayverifyusingthechkconfigcommandthattheSOGoserviceisautomaticallystartedatboot
time.RestarttheApacheservicesincemodulesandconfigurationfileswereadded:
service httpd restart
Finally,youshouldalsomakesurethatthememcachedserviceisstartedandthatitisalsoautomaticallystartedatboottime.
CronjobEMailreminders
SOGoallowsyoutosetemail-basedremindersforeventsandtasks.Toenablethis,youmustenable
theSOGoEnableEMailAlarmspreferenceandsettheOCSEMailAlarmsFolderURLpreferenceaccordingly.
Onceyouvecorrectlysetthosetwopreferences,youmustcreateacronjobthatwillrununderthe
"sogo"user.Thiscronjobshouldberuneveryminute.
Acommentedoutexampleshouldhavebeeninstalledin/etc/cron.d/sogo,toenableit,simply
uncommentit.
Asareference,thecronjobshoulddedefinedlikethis:
* * * * * /usr/sbin/sogo-ealarms-notify
If your mail server requires use of SMTP AUTH, specify a credential file using -p /path/
to/credFile. This file should contain the username and password, separated by a colon
(username:password)
Configuration
44
Chapter5
CronjobVacationmessagesexpiration
Whenvacationmessagesareenabled(seetheparameterSOGoVacationEnabled ),userscansetan
expirationdatetomessagesauto-reply.Forthisfeaturetowork,youmustrunacronjobunderthe
"sogo"user.
A commented out example should have been installed in /etc/cron.d/sogo. To work correctly
thistoolmustloginasanadministrativeuseronthesieveserver.Therequiredcredentialsmust
bespecifiedinafilebyusing-p /path/to/credFile.Thisfileshouldcontaintheusernameand
password,separatedbyacolon(username:password).
Thecronjobshouldlooklikethis:
0 0 * * *sogo /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds
Configuration
45
Chapter6
ManagingUserAccounts
CreatingtheSOGoAdministrativeAccount
First, create the SOGo administrative account in your LDAP server. The following LDIF file
(sogo.ldif)canbeusedasanexample:
dn: uid=sogo,ou=users,dc=acme,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
uid: sogo
cn: SOGo Administrator
mail: sogo@acme.com
sn: Administrator
givenName: SOGo
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f sogo.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefollowingcommand:
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com
uid=sogo,ou=users,dc=acme,dc=com -s qwerty
CreatingaUserAccount
SOGousesLDAPdirectoriestoauthenticateusers.UsethefollowingLDIFfile(jdoe.ldif)asan
exampletocreateaSOGouseraccount:
ManagingUserAccounts
46
Chapter6
dn: uid=jdoe,ou=users,dc=acme,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
uid: jdoe
cn: John Doe
mail: jdoe@acme.com
sn: Doe
givenName: John
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f jdoe.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefollowingcommand:
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com
uid=jdoe,ou=users,dc=acme,dc=com -s qwerty
As an alternative to using command-line tools, you can also use LDAP editors such as Luma or
ApacheDirectoryStudiotomakeyourworkeasier.TheseGUIutilitiescanmakeuseoftemplates
tocreateandpre-configuretypicaluseraccountsoranystandardizedLDAPrecord,alongwiththe
correctobjectclasses,fieldsanddefaultvalues.
ManagingUserAccounts
47
Chapter7
MicrosoftActiveSync
SOGosupportstheMicrosoftActiveSyncprotocol.
ActiveSyncclientscanfullysynchronizecontacts,emails,eventsandtaskswithSOGo.Freebusy
andGALlookupsarealsosupported,aswellas"Smartreply"and"Smartforward"operations.
ToenableMicrosoftActiveSyncsupportinSOGo,youmustinstalltherequiredpackages.
yum install sogo-activesync libwbxml
Onceinstalled,simplyuncommentthefollowinglinesfromyourSOGoApacheconfiguration:
ProxyPass /Microsoft-Server-ActiveSync \
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
retry=60 connectiontimeout=5 timeout=360
RestartApacheafterwards.
ThefollowingadditionalparametersonlyaffectSOGowhenusingActiveSync:
S SOGoMaximumPingInterval
Parameterusedtosetthemaximumamountof
time,inseconds,SOGowillwaitbeforereplying
toaPingcommand.
Ifnotset,itdefaultsto5seconds.
S SOGoMaximumSyncInterval
Parameterusedtosetthemaximumamountof
time,inseconds,SOGowillwaitbeforereplying
toaSynccommand.
Ifnotset,itdefaultsto30seconds.
S SOGoInternalSyncInterval
Parameterusedtosetthemaximumamount
oftime,inseconds,SOGowillwaitbeforedoinganinternalcheckfordatachanges(add,
delete,andupdate).Thisparametermustbe
lowerthanSOGoMaximumSyncInterval.
Ifnotset,itdefaultsto10seconds.
S SOGoMaximumSyncWindowSize
Parameterusedtooverwritethemaximum
numberofitemsreturnedduringaSyncoperation.
Defaultsto0,whichmeansnooverwriteisperformed.
MicrosoftActiveSync
48
Chapter7
Settingthisparametertoavaluegreaterthan
512willhaveunexpectedbehaviourwithvariousActiveSyncclients.
Pleasebeawareofthefollowinglimitations:
Currently,onlythepersonalcalendarandaddressbookaresynchronized.Addingsupportforall
foldersisplanned.
WhencreatinganOutlook2013profile,youmustactuallykillOutlookbeforetheendofthe
creationprocess.Seehttp://www.vionblog.com/connect-zimbra-community-with-outlook-2013
foraprocedureexample.
Outlook2013doesnotsearchtheGAL.OnepossiblealternativesolutionistoconfigureOutlook
touseaLDAPserver(overSSL)withauthentication.Alternatively,whensupportingmorethan
justthepersonaladdressbook,wellalsobeabletoexposetheLDAP/SQLbasedaddressbooks
inSOGooverActiveSync.
Makesureyoudonotuseaself-signedcertificate.Whilethiswillwork,Outlookwillworkintermittentlyasitwillraisepopupsforcertificatevalidation,sometimesinbackground,preventing
theusertoseethewarningandthus,preventinganysynchronizationtohappen.
ActiveSyncclientskeepconnectionsopenforawhile.Eachconnectionwillgrabaholdonasogod
processsoyouwillneedalotofprocessestohandlemanyclients.Thislimitationwilleventually
beovercomeinSOGo.
Repetitiveeventswithoccurrencesexceptionsarecurrentlynotsupported.
Outlook2013Autodiscoveryiscurrentlynotsupported.
Outlook2013freebusylookupsaresupportedusingtheInternetFree/BusyfeatureofOutlook
2013.Pleaseseehttp://support.microsoft.com/kb/291621forconfigurationinstructions.Onthe
SOGoside,SOGoEnablePublicAccessmustbesettoYESandtheURLtousemustbeofthefollowingformat:http://<hostname>/SOGo/dav/public/%NAME%/freebusy.ifb
InordertousetheSOGoActiveSyncsupportcodeinproductionenvironments,youneedtogeta
properusagelicensefromMicrosoft.Pleasecontactthemdirectlytonegotiatethefeesassociated
toyouruserbase.
TocontactMicrosoft,pleasevisit:
http://www.microsoft.com/en-us/
legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspx and send an
emailtoiplicreq@microsoft.com
Inverseinc.providesthissoftwareforfree,butisnotresponsibleforanythingrelatedtoitsusage.
MicrosoftActiveSync
49
Chapter8
UsingSOGo
SOGoWebInterface
ToaccestheSOGoWebInterface,pointyourWebbrowser,whichisrunningfromthesameserver
whereSOGowasinstalled,tothefollowingURL:http://localhost/SOGo.
Loginusingthe"jdoe"userandthe"qwerty"password.TheunderlyingdatabasetableswillautomaticallybecreatedbySOGo.
MozillaThunderbirdandLightning
Alternatively,youcanaccessSOGowithaGroupDAVandaCalDAVclient.Atypicalwell-integrated
setupistouseMozillaThunderbirdandMozillaLightningalongwithInversesSOGoConnectorplug
intosynchronizeyouraddressbooksandtheInversesSOGoIntegratorplugintoprovideacomplete
integrationofthefeaturesofSOGointoThunderbirdandLightning.Refertothedocumentation
ofThunderbirdtoconfigureaninitialIMAPaccountpointingtoyourSOGoserverandusingthe
usernameandpasswordmentionedabove.
WiththeSOGoIntegratorplugin,yourcalendarsandaddressbookswillbeautomaticallydiscovered
whenyoulogininThunderbird.Thisplugincanalsopropagatespecificextensionsanddefaultuser
settingsamongyoursite.However,beawarethatinordertousetheSOGoIntegratorplugin,you
willneedtorepackageitwithspecificmodifications.Pleaserefertothedocumentationpublished
online:
http://www.sogo.nu/downloads/documentation.html
IfyouonlyusetheSOGoConnectorplugin,youcanstilleasilyaccessyourdata.
Toaccessyourpersonaladdressbook:
ChooseGo>AddressBook.
ChooseFile>New>RemoteAddressBook.
EnterasignificantnameforyourcalendarintheNamefield.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Contacts/personal/
UsingSOGo
50
Chapter8
ClickonOK.
Toaccessyourpersonalcalendar:
ChooseGo>Calendar.
ChooseCalendar>NewCalendar.
SelectOntheNetworkandclickonContinue.
SelectCalDAV.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Calendar/personal/
ClickonContinue.
AppleiCal
AppleiCalcanalsobeusedasaclientapplicationforSOGo.
ToconfigureitsoitworkswithSOGo,createanewaccountandspecify,astheAccountURL,an
URLsuchas:
http://localhost/SOGo/dav/jdoe/
NotethatthetrailingslashisimportantforAppleiCal3.
AppleAddressBook
SinceMacOSX10.6(SnowLeopard),AppleAddressBookcanbeconfiguredtouseSOGo.
Inordertomakethiswork,youmustaddanewvirtualhostinyourApacheconfigurationfileto
listenonport8800andhandlerequestscomingfromiOSdevices.
Thevirtualhostshouldbedefinedlike:
UsingSOGo
51
Chapter8
<VirtualHost *:8800>
RewriteEngine Off
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPassInterpolateEnv On
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
<Location />
Order allow,deny
Allow from all
</Location>
<Proxy http://127.0.0.1:20000>
RequestHeader set "x-webobjects-server-port" "8800"
RequestHeader set "x-webobjects-server-name" "acme.com:8800"
RequestHeader set "x-webobjects-server-url" "http://acme.com:8800"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
</Proxy>
ErrorLog /var/log/apache2/ab-error.log
CustomLog /var/log/apache2/ab-access.log combined
</VirtualHost>
ThisconfigurationisalsorequiredifyouwanttoconfigureaCardDAVaccountonanAppleiOS
device(version4.0andlater).
MicrosoftActiveSync/MobileDevices
Youcansynchronizecontacts,emails,eventsandtasksfromSOGowithanymobiledevicesthat
supportMicrosoftActiveSync.MicrosoftOutlook2013isalsosupported.
The Microsoft ActiveSync server URL is generally something like: http://localhost/Microsoft-Active-Sync.
UsingSOGo
52
Chapter9
Upgrading
ThissectiondescribeswhatneedstobedonewhenupgradingtothecurrentversionofSOGofrom
thepreviousrelease.
2.2.8
Theconfigurationconfigurationparameterswererenamed:
SOGoMailMessageCheckwasreplacedwithSOGoRefreshViewCheck
SOGoMailPollingIntervalswasreplacedwithSOGoRefreshViewIntervals
Backwardcompatibilityisinplacefortheoldpreferencesvalues.
2.0.5
Theconfigurationisnowstoredin/etc/sogo/sogo.conf.Performthefollowingcommandsas
roottomigrateyourprevioususerdefaults:
install -d -m 750 -o sogo -g sogo /etc/sogo
sudo -u sogo sogo-tool dump-defaults > /etc/sogo/sogo.conf
chown root:sogo /etc/sogo/sogo.conf
chmod 640 /etc/sogo/sogo.conf
sudo -u sogo mv ~/GNUstep/Defaults/.GNUstepDefaults \
~/GNUstep/Defaults/GNUstepDefaults.old
2.0.4
TheparameterSOGoForceIMAPLoginWithEmailisnowdeprecatedandisreplacedbySOGoForceExternalLoginWithEmail(whichextendsthefunctionalitytoSMTPauthentication).Updateyour
configurationifyouusethisparameter.
Thesogouserisnowasystemuser.Fornewinstalls,thismeansthatsu - sogowontworkanymore.Pleaseusesudo -u sogo <cmd>instead.Ifusedinscriptsfromcronjobs,requirettymust
bedisabledinsudoers.
1.3.17
Runtheshellscriptsql-update-1.3.16_to_1.3.17.shorsql-update-1.3.16_to_1.3.17mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"cycleinfo"fieldofcalendartablestoalargersize.
1.3.12
OnceyouhaveupdatedandrestartedSOGo,runtheshellscriptsqlupdate-1.3.11_to_1.3.12.shorsql-update-1.3.11_to_1.3.12-mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"content"fieldofcalendarandaddressbooktablestoalargersizeandfixthe
primarykeyofthesessiontable.
1.3.9
Upgrading
53
Chapter9
ForRedHat-baseddistributions,version1.23ofGNUstepwillbeinstalled.Sincethelocationof
theWebresourceschanges,theApacheconfigurationfile(SOGo.conf)hasbeenadapted.Verify
yourApacheconfigurationifyouhavecustomizedthisfile.
Upgrading
54
Chapter10
AdditionalInformation
Formoreinformation,pleaseconsulttheonlineFAQs(FrequentlyAskedQuestions):
http://www.sogo.nu/english/support/faq.html
Youcanalsoreadthemailingarchivesorpostyourquestionstoit.Fordetails,see:
https://lists.inverse.ca/sogo
AdditionalInformation
55
Chapter11
CommercialSupportandContact
Information
Foranyquestionsorcomments,donothesitatetocontactusbywritinganemailto:
support@inverse.ca
Inverse(http://inverse.ca)offersprofessionalservicesaroundSOGotohelporganizationsdeploy
thesolutionandmigratefromtheirlegacysystems.
CommercialSupport
andContactInformation
56