InstallationandConfigurationGuide

forversion2.2.9

InstallationandConfigurationGuide
Version2.2.9-September2014
Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version
1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-Cover
Texts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense".
ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http://
scripts.sil.org/OFL
CopyrightukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato".
CopyrightRaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".

TableofContents
About this Guide .............................................................................................................. 1
Introduction ..................................................................................................................... 2
ArchitectureandCompatibility................................................................................... 3
System Requirements ........................................................................................................ 5
Assumptions ............................................................................................................. 5
MinimumHardwareRequirements.............................................................................. 5
OperatingSystemRequirements................................................................................ 6
Installation ....................................................................................................................... 8
Software Downloads ................................................................................................. 8
Software Installation ................................................................................................. 8
Configuration ................................................................................................................. 10
GNUstepEnvironmentOverview............................................................................. 10
Preferences Hierarchy ............................................................................................. 10
General Preferences ................................................................................................ 11
AuthenticationusingLDAP...................................................................................... 18
LDAPAttributesIndexing........................................................................................ 24
LDAPAttributesMapping........................................................................................ 24
AuthenticatingusingC.A.S....................................................................................... 26
AuthenticatingusingSAML2.................................................................................... 27
DatabaseConfiguration........................................................................................... 27
AuthenticationusingSQL........................................................................................ 29
SMTPServerConfiguration..................................................................................... 31
IMAPServerConfiguration...................................................................................... 32
WebInterfaceConfiguration.................................................................................... 34
SOGoConfigurationSummary................................................................................. 40
Multi-domainsConfiguration.................................................................................... 41
Apache Configuration .............................................................................................. 43
Starting Services ..................................................................................................... 44
CronjobEMailreminders...................................................................................... 44
CronjobVacationmessagesexpiration................................................................... 45
ManagingUserAccounts................................................................................................. 46
CreatingtheSOGoAdministrativeAccount............................................................... 46
CreatingaUserAccount......................................................................................... 46
Microsoft ActiveSync ...................................................................................................... 48
Using SOGo ................................................................................................................... 50
SOGo Web Interface .............................................................................................. 50
MozillaThunderbirdandLightning............................................................................50
Apple iCal .............................................................................................................. 51
Apple AddressBook ................................................................................................. 51
MicrosoftActiveSync/MobileDevices..................................................................... 52
Upgrading ...................................................................................................................... 53
Additional Information ..................................................................................................... 55
CommercialSupportandContactInformation................................................................... 56

iii

Chapter1

AboutthisGuide

ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution.Italso
coverstheinstallationandconfigurationofSOGoActiveSyncsupportthesolutionusedtosynchronizemobiledeviceswithSOGo.
Theinstructionsarebasedonversion2.2.9ofSOGo.
Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html.

AboutthisGuide

Chapter2

Introduction

SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,and
emailsthroughyourfavouriteWebbrowserandbyusinganativeclientsuchasMozillaThunderbird
andLightning.
SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreuses
existingIMAP,SMTPanddatabaseservers-makingthesolutioneasytodeployandinteroperable
withmanyapplications.
SOGofeatures:
Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers
Rich Web-based interface that shares the look and feel, the features and the data of Mozilla
ThunderbirdandLightning
ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorand
theSOGoIntegrator
NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013
Two-way synchronization support with any Microsoft ActiveSync-capable device, or Outlook
2013
SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope.
Moreinformationcanbefoundathttp://www.sogo.nu/

Introduction

Chapter2

ArchitectureandCompatibility

Introduction

Chapter2
StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocommunicatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoft
ActiveSyncprotocolarealsosupported.
ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGo
NativeMicrosoftOutlookConfigurationGuide.

Introduction

Chapter3

SystemRequirements

Assumptions
SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing:
Databaseserver(MySQL,PostgreSQLorOracle)
LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers)
SMTPserver(Postfix,Sendmailandothers)
IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers)
Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhost
or127.0.0.1)thatSOGowillbeinstalledon.
GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo.
Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentation
andproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwith
thisguide.
Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversion
numbers:
Databaseserver

PostgreSQL7.4orlater

LDAPserver

OpenLDAP2.3.xorlater

SMTPserver

Postfix2.x

IMAPserver

CyrusIMAPServer2.3.xorlater

Morerecentversionsofthesoftwarementionedabovecanalsobeused.

MinimumHardwareRequirements
Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobiledevices:
Server

Evaluationandtesting
Intel,AMD,orPowerPCCPU1GHz
SystemRequirements

Chapter3
512MBofRAM
1GBofdiskspace
Production
Intel,AMDorPowerPCCPU3GHz
2048MBofRAM
10GBofdiskspace(excludingthemailstore)
Desktop

General

Intel,AMD,orPowerPCCPU1.5GHz
1024x768monitorresolution
512MBofRAM
128Kbpsorhighernetworkconnection

MicrosoftWindows
MicrosoftWindowsXPSP2orVista
AppleMacOSX
AppleMacOSX10.2orlater
Linux
YourfavouriteGNU/Linuxdistribution
MobileDevice

AnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftActiveSync.

OperatingSystemRequirements
Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo:
RedHatEnterpriseLinux(RHEL)Server5and6
CommunityENTerpriseOperatingSystem(CentOS)5and6
DebianGNU/Linux5.0(Lenny)to7.0(Wheezy)
Ubuntu10.04(Lucid)to14.04(Trusty)
Makesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunning
before proceeding with the SOGo configuration. Also make sure that you can install additional
packagesfromyourstandarddistribution.Forexample,ifyouareusingRedHatEnterpriseLinux
5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftware
installation.
ThisdocumentcoverstheinstallationofSOGounderRHEL6.
ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteat
http://www.sogo.nu/. Under the downloads section, you will find links for installation steps for
DebianandUbuntu.
SystemRequirements

Chapter3
NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefollowedinordertofullyconfigureSOGo.

SystemRequirements

Chapter4

Installation

ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.The
stepsdescribedhereapplytoanRPM-basedinstallationforaRedHatorCentOSdistribution.

SoftwareDownloads
SOGo can be installed using the+yum+utility. To do so, first create the /etc/yum.repos.d/
inverse.repoconfigurationfilewiththefollowingcontent:
[SOGo]
name=Inverse SOGo Repository
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
gpgcheck=0
SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge
(previouslyknownasRPMforge).ToaddRepoForgetoyourpackagessources,downloadandinstall
theappropriateRPMpackagefromhttp://packages.sw.be/rpmforge-release/.Alsomakesureyou
enabledthe"rpmforge-extras"repository.
FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/.

SoftwareInstallation
Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsdependencies.Todoso,proceedwiththefollowingcommand:
yum install sogo
ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached.
Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitable
foryourenvironment.Youneedtoinstallsope49-gdl1-postgresqlforthePostgreSQLdatabase
system,sope49-gdl1-mysqlforMySQLorsope49-gdl1-oracleforOracle.Theinstallationcommandwillthuslooklikethis:
yum install sope49-gdl1-postgresql

Installation

Chapter4
Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit.

Installation

Chapter5

Configuration

Inthissection,youlllearnhowtoconfigureSOGotouseyourexistingLDAP,SMTPanddatabase
servers.Aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveron
whichSOGoisbeinginstalled.Ifthisisnotthecase,pleaseadjusttheconfigurationparameters
toreflectthosechanges.

GNUstepEnvironmentOverview
SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationofthe
OpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktop
applications.Amongthosefacilities,thereisaconfigurationAPIsimilartothe"Registry"paradigm
inMicrosoftWindows.InOpenSTEP,GNUstepandMacOSX,thesearecalledthe"userdefaults".
In SOGo, the users applications settings are stored in /etc/sogo/sogo.conf. You can use your
favouritetexteditortomodifythefile.
Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes:
arrays, dictionaries (or hashes), strings and numbers. Numbers are represented as-is, except for
booleanswhichcantaketheunquotedvaluesYESandNO.Stringsarenotmandatorilyquoted,but
doingsowillavoidyoumanyproblems.Adictionaryisasequenceofkeyandvaluepairsseparated
intheirmiddlewitha=sign.Itstartswitha\{andendswithacorresponding}.Eachvaluedefinition
inadictionaryendswithasemicolon.Anarrayisachainofvaluesstartingwith(andendingwith
),wherethevaluesareseparatedwitha,.Also,thefilegenerallyfollowsaC-styleindentationfor
claritybutthisindentationisnotrequired,onlyrecommended.Blockcommentsaredelimitedby/
*and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//.

PreferencesHierarchy
SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofusers
withinoneinstallationofSOGo.Auserassociatedtoadomainislimitedtoaccessonlytheusers
datafromthesamedomain.Consequently,theconfigurationparametersofSOGoaredefinedon
threelevels:

Configuration

10

Chapter5

Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethedefaultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldomainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf,
whiletheuserspreferencesareconfigurablebytheuserandstoredinSOGosdatabase.
Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviations
inthetablesofthisdocument:
S Parameterexclusivetothesystemandnotconfigurableperdomain
D Parameterexclusivetoadomainandnotconfigurableperuser
U Parameterconfigurablebytheuser
Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedata
parentlevel.

GeneralPreferences
Thefollowingtabledescribesthegeneralparametersthatcanbeset:
S WOWorkersCount

TheamountofinstancesofSOGothatwillbe
spawnedtohandlemultiplerequestssimultaneously.Whenstartedfromtheinitscript,that
amountisoverridenbythePREFORKvaluein/
etc/sysconfig/sogoor/etc/default/sogo.
Avalueof3isareasonabledefaultforlowusage.ThemaximumvaluedependsontheCPU
Configuration

11

Chapter5
andIOpowerprovidedbyyourmachine:avaluesettoohighwillactuallydecreaseperformancesunderhighload.
Defaultsto1whenunset.
S WOListenQueueSize

Thisparametercontrolsthebacklogsizeofthe
socketlistenqueue.Forlarge-scaledeployments,thisvaluemustbeadjustedincaseall
workersarebusyandtheparentprocessesreceiveslotsofincomingconnections.
Defaultsto5whenunset.

S WOPort

TheTCPlisteningaddressandportusedbythe
SOGodaemon.Theformatisipaddress:port.
Defaultsto127.0.0.1:20000whenunset.

S WOLogFile

Thefilepathwheretologmessages.Specifytologtotheconsole.
Defaultsto/var/log/sogo/sogo.log.

S WOPidFile

Thefilepathwheretheparentprocessidwill
bewritten.
Defaultsto/var/run/sogo/sogo.pid.

S WOWatchDogRequestTimeout

Thisparameterspecifiesthenumberofminutes
afterwhichabusychildprocesswillbekilled
bytheparentprocess.
Defaultsto10(minutes).
Donotsetthistoolowaschildprocessesreplyingtoclientsonaslowinternetconnection
couldbekilledprematurely.

S SxVMemLimit

Parameterusedtosetthemaximumamount
ofmemory(inmegabytes)thatachildcanuse.
Reachingthatvaluewillforcechildrenprocessestorestart,inordertopreservesystemmemory.
Defaultsto384.

S SOGoMemcachedHost

Parameterusedtosetthehostnameandoptionallytheportofthememcachedserver.
Apathcanalsobeusediftheservermustbe
reachedviaaUnixsocket.
Defaultstolocalhost.
Seememcached_servers_parse(3)fordetails
onthesyntax.

S SOGoCacheCleanupInterval

Parameterusedtosettheexpiration(inseconds)ofeachobjectinthecache.

Configuration

12

Chapter5
Defaultsto300.
S SOGoAuthenticationType

Parameterusedtodefinethewaybywhich
userswillbeauthenticated.ForC.A.S.,specifycas.ForSAML2,specifysaml2.Foranything
else,leavethatvalueempty.

S SOGoTrustProxyAuthentication

ParameterusedtosetwhetherHTTPusernameshouldbetrusted.
DefaultstoNOwhenunset.

S SOGoEncryptionKey

Parameterusedtodefineakeytoencryptthe
passwordsofremoteWebcalendarswhenSOGoTrustProxyAuthenticationisenabled.

S SOGoCASServiceURL

WhenusingC.A.S.authentication,thisspecifiesthebaseurlforreachingtheC.A.S.service.
ThiswillbeusedbySOGotodeducetheproperloginpageaswellastheotherC.A.S.servicesthatSOGowilluse.

S SOGoCASLogoutEnabled

Booleanvalueindicatingwhetherthe"Logout"
linkisenabledwhenusingC.A.S.asauthenticationmechanism.
The"Logout"linkwillendupcallingSOGoCASServiceURL/logouttoterminatetheclients
singlesign-onC.A.S.session.

S SOGoAddressBookDAVAccessEnabled

ParametercontrollingWebDAVaccesstothe
Contactscollections.ThiscanbeusedtodenyaccesstotheseresourcesfromLightningfor
example.
DefaultstoYESwhenunset.

S SOGoCalendarDAVAccessEnabled

ParametercontrollingWebDAVaccesstothe
Calendarcollections.
ThiscanbeusedtodenyaccesstotheseresourcesfromLightningforexample.
DefaultstoYESwhenunset.

S SOGoSAML2PrivateKeyLocation

ThelocationoftheSSLprivatekeyfileonthe
filesystemthatisusedbySOGotosignandencryptcommunicationswiththeSAML2identity
provider.Thisfilemustbegeneratedforeach
runningSOGoservice(ratherthanhost).

S SOGoSAML2CertiticateLocation

ThelocationoftheSSLcertificatefile.Thisfile
mustbegeneratedforeachrunningSOGoservice.

S SOGoSAML2IdpMetadataLocation

Thelocationofthemetadatafilethatdescribes
theservicesavailableontheSAML2identify
provider.

S SOGoSAML2IdpPublicKeyLocation

ThelocationoftheSSLpublickeyfileonthe
filesystemthatisusedbySOGotosignanden-

Configuration

13

Chapter5
cryptcommunicationswiththeSAML2identity
provider.Thisfileshouldbepartofthesetupof
youridentityprovider.
S SOGoSAML2IdpCertificateLocation

ThelocationoftheSSLcertificatefile.Thisfile
shouldbepartofthesetupofyouridentity
provider.

S SOGoSAML2LogoutEnabled

Booleanvalueindicatedwhetherthe"Logout"
linkisenabledwhenusingSAML2asauthenticationmechanism.

D SOGoTimeZone

Parameterusedtosetadefaulttimezonefor
users.ThedefaulttimezoneissettoUTC.The
Olsondatabaseisastandarddatabasethat
takesallthetimezonesaroundtheworldinto
accountandrepresentsthemalongwiththeir
history.OnGNU/Linuxsystems,timezonedefinitionfilesareavailableunder/usr/share/
zoneinfo.Listingtheavailablefileswillgive
youthenameoftheavailabletimezones.This
couldbeAmerica/New_York,Europe/Berlin,
Asia/TokyoorAfrica/Lubumbashi.
Inourexample,wesetthetimezonetoAmerica/Montreal.

D SOGoMailDomain

Parameterusedtosetthedefaultdomainname
usedbySOGo.SOGousesthisparameterto
buildthelistofvalidemailaddressesforusers.
Inourexample,wesetthedefaultdomainto
acme.com.

D SOGoAppointmentSendEMailNotifications

ParameterusedtosetwhetherSOGosendsor
notemailnotificationstomeetingparticipants.
Possiblevaluesare:
YEStosendnotifications
NOtonotsendnotifications
DefaultstoNOwhenunset.

D SOGoFoldersSendEMailNotifications

Sameasabove,butthenotificationsaretriggeredonthecreationofacalendaroranaddressbook.

D SOGoACLsSendEMailNotifications

Sameasabove,butthenotificationsaresent
totheinvolvedusersofacalendaroraddress
booksACLs.

D SOGoCalendarDefaultRoles

Parameterusedtodefinethedefaultroles
whengivingpermissionstoausertoaccessa
calendar.Defaultsrolesareignoredforpublic
accesses.Mustbeanarrayofuptofivestrings.
Eachstringdefiningaroleforaneventcategorymustbeginwithoneofthosevalues:
Public

Configuration

14

Chapter5
Confidential
Private
Andeachstringmustendwithoneofthose
values:

Viewer
DAndTViewer
Modifier
Responder

Thearraycanalsocontainoneormanyofthe
followingstrings:
ObjectCreator
ObjectEraser
Example:SOGoCalendarDefaultRoles = ("ObjectCreator", "PublicViewer");
Defaultstonorolewhenunset.RecommendedvaluesarePublicViewerandConfidentialDAndTViewer.
D SOGoContactsDefaultRoles

Parameterusedtodefinethedefaultroles
whengivingpermissionstoausertoaccess
anaddressbook.Defaultsrolesareignoredfor
publicaccesses.Mustbeanarrayofoneor
manyofthefollowingstrings:

ObjectViewer
ObjectEditor
ObjectCreator
ObjectEraser

Example:SOGoContactsDefaultRoles = ("ObjectEditor");
Defaultstonorolewhenunset.
D SOGoSuperUsernames

Parameterusedtosetwhichusernamesrequire
administrativeprivilegesoveralltheuserstables.Forexample,thiscouldbeusedtopost
eventsintheuserscalendarwithoutrequiringtheusertoconfigurehis/herACLs.Inthis
caseyouwillneedtospecifythosesuperusers
usernameslikethis:SOGoSuperUsernames =
(<username1>[, <username2>, ...]);

U SOGoLanguage

Parameterusedtosetthedefaultlanguage
usedintheWebinterfaceforSOGo.Possible
valuesare:

Configuration

BrazilianPortuguese
Czech
Dutch
English

15

Chapter5

D SOGoNotifyOnPersonalModifications

French
German
Hungarian
Italian
Russian
Spanish
Swedish
Welsh

ParameterusedtosetwhetherSOGosendsor
notemailreceiptswhensomeonechangeshis/
herowncalendar.Possiblevaluesare:
YEStosendnotifications
NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwrite
thisfromthecalendarpropertieswindow.

D SOGoNotifyOnExternalModifications

ParameterusedtosetwhetherSOGosendsor
notemailreceiptswhenamodificationisbeing
donetohis/herowncalendarbysomeoneelse.
Possiblevaluesare:
YEStosendnotifications
NOtonotsendnotifications
DefaultstoNOwhenunset.Usercanoverwrite
thisfromthecalendarpropertieswindow.

D SOGoLDAPContactInfoAttribute

ParameterusedtospecifyanLDAPattribute
thatshouldbedisplayedwhenauto-completing
usersearches.

D SOGoiPhoneForceAllDayTransparency

WhensettoYES,thiswillforceall-dayevents
sentoverbyiPhoneOSbaseddevicestobe
transparent.Thismeansthattheall-dayevents
willnotbeconsideredduringfreebusylookups.
DefaultstoNOwhenunset.

S SOGoEnablePublicAccess

Parameterusedtoallowornotyourusersto
sharepublicly(ie.,requiringnotauthentication)
theircalendarsandaddressbooks.
Possiblevaluesare:
YEStoallowthem
NOtopreventthemfromdoingso
DefaultstoNOwhenunset.

S SOGoPasswordChangeEnabled

Parameterusedtoallowornotuserstochange
theirpasswordsfromSOGo.
Possiblevaluesare:
YEStoallowthem
NOtopreventthemfromdoingso
Configuration

16

Chapter5
DefaultstoNOwhenunset.
ForthisfeaturetoworkproperlywhenauthenticatingagainstADorSamba4,theLDAPconnectionmustuseSSL/TLS.Serversiderestrictionscanalsocausethepasswordchangeto
fail,inwhichcaseSOGowillonlylogaConstraintviolation(0x13)error.Theserestrictions
includepasswordtooyoung,complexityconstraintsnotsatisfied,usercannotchangepassword,etcAlsonotethatSambahasaminimumpasswordageof1daybydefault.
S SOGoSupportedLanguages

Parameterusedtoconfigurewhichlanguages
areavailablefromSOGosWebinterface.Availablelanguagesarespecifiedasanarrayof
string.
Thedefaultvalueis:( "Czech", "Welsh",
"English", "Spanish", "French", "German", "Italian", "Hungarian", "Dutch",
"BrazilianPortuguese", "Polish", "Russian", Ukrainian", "Swedish" )

D SOGoHideSystemEMail

ParameterusedtocontrolifSOGoshould
hideornotthesystememailaddress
(UIDFieldName@SOGoMailDomain).Thisis
currentlylimitedtoCalDAV(calendar-user-address-set).
DefaultstoNOwhenunset.

D SOGoSearchMinimumWordLength

Parameterusedtocontroltheminimumlength
tobeusedforthesearchstring(attendeecompletion,addressbooksearch,etc.)priortriggeringtheserver-sidesearchoperation.
Defaultsto2whenunsetwhichmeansa
searchoperationwillbetriggeredonthe3rd
typedcharacter.

S SOGoMaximumFailedLoginCount

Parameterusedtocontrolthenumberoffailed
loginattemptsrequiredduringSOGoMaximumFailedLoginIntervalsecondsormore.Ifconditionsaremet,theaccountwillbeblockedfor
SOGoFailedLoginBlockIntervalsecondssincethe
firstfailedloginattempt.
Defaultvalueis0,ordisabled.

S SOGoMaximumFailedLoginInterval

Numberofseconds,defaultsto10.

S SOGoFailedLoginBlockInterval

Numberofseconds,defaultsto300(or5minutes).NotethatSOGoCacheCleanupInterval
mustbesettoavalueequalorhigherthanSOGoFailedLoginBlockInterval.

S SOGoMaximumMessageSubmissionCount

Parameterusedtocontrolthenumberofemail
messagesausercansendfromSOGosweb-

Configuration

17

Chapter5
mailinterface,toSOGoMaximumRecipientCount,
inSOGoMaximumSubmissionIntervalsecondsor
more.Ifconditionsaremetorexceeded,the
userwontbeabletosendmailsforSOGoMessageSubmissionBlockIntervalseconds.
Defaultvalueis0,ordisabled.
S SOGoMaximumRecipientCount

Maximumnumberofrecipients.Defaultvalue
is0,ordisabled.

S SOGoMaximumSubmissionInterval

Numberofseconds,defaultsto30.

S SOGoMessageSubmissionBlockInterval

Numberofseconds,defaultto300(or5minutes).NotethatSOGoCacheCleanupInterval
mustbesettoavalueequalorhigherthanSOGoFailedLoginBlockInterval.

AuthenticationusingLDAP
SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks.
SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_
laterinthisdocument).InsertthefollowingtextintoyourconfigurationfiletoconfigureanauthenticationandglobaladdressbookusinganLDAPdirectoryserver:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
IMAPHostFieldName = mailHost;
baseDN = "ou=users,dc=acme,dc=com";
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = "ldap://127.0.0.1:389";
id = public;
isAddressBook = YES;
}
);
Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled.
Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,you
coulddefine,inyour.GNUstepDefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingto
theorganizationInversewithamailaddressandnotinactive:
filter = "(o='Inverse' AND mail='*' AND status <> 'inactive')";

Configuration

18

Chapter5
SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,you
canspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule:
displayName = "<human identification name of the addressbook>";
isAddressBook = YES;
ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisan
example:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = sAMAccountName;
baseDN = "cn=Users,dc=acme,dc=com";
bindDN = "cn=sogo,cn=Users,dc=acme,dc=com";
bindFields = (sAMAccountName);
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Active Directory";
hostname = ldap://10.0.0.1:389;
id = directory;
isAddressBook = YES;
}
);
Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.Thatvalueisfound
bydoingasearchonthefieldsspecifiedinbindFields.Mostofthetime,therewillbeonlyone
fieldbutitispossibletospecifymoreintheformofanarray(forexample,bindFields = (sAMAccountName, cn)).Whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname.
Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountName
entryinalltheusercards,andoncethiscardisfound,theuserDNofthiscardwillbeusedfor
checkingtheuserspassword.
Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthentication
sources(ie.,canAuthenticatemustbesettoYESandagroupmusthaveavalidemailaddress).In
orderforSOGotodetermineifaspecificLDAPentryisagroup,SOGowilllookforoneofthe
followingobjectClassattributes:
group
groupOfNames
groupOfUniqueNames
posixGroup
You can set ACLs based on group membership and invite a group to a meeting (and the group
willbedecomposedtoitslistofmembersuponsavebySOGo).Youcanalsocontrolthevisibility
ofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingthe
isAddressBookparametertoYESorNO.ThefollowingLDAPentryshowshowatypicalgroupis
defined:
Configuration

19

Chapter5

dn: cn=inverse,ou=groups,dc=inverse,dc=ca
objectClass: groupOfUniqueNames
objectClass: top
objectClass: extensibleObject
uniqueMember: uid=alice,ou=users,dc=inverse,dc=ca
uniqueMember: uid=bernard,ou=users,dc=inverse,dc=ca
uniqueMember: uid=bob,ou=users,dc=inverse,dc=ca
cn: inverse
structuralObjectClass: groupOfUniqueNames
mail: inverse@inverse.ca
ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe:
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = cn;
baseDN = "ou=groups,dc=inverse,dc=ca;
bindDN = "cn=sogo,ou=services,dc=inverse,dc=ca";
bindPassword = zot;
canAuthenticate = YES;
displayName = Inverse Groups;
hostname = ldap://127.0.0.1:389;
id = inverse_groups;
isAddressBook = YES;
}
ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource:
D SOGoUserSources

ParameterusedtosettheLDAPand/orSQL
sourcesusedforauthenticationandglobaladdressbooks.Multiplesourcescanbespecified
asanarrayofdictionaries.AdictionarythatdefinesanLDAPsourcecancontainthefollowing
values:
type Thetypeofthisusersource,settoldap`foran
LDAPsource.
id TheidentificationnameoftheLDAPrepository.Thismustbeuniqueevenwhenusing
multipledomains.
CNFieldName Thefieldthatreturnsthecompletename.
IDFieldName ThefieldthatstartsauserDNifbindFieldsis
notused.Thisfieldmustbeuniqueacrossthe
entireSOGodomain.
UIDFieldName Thefieldthatreturnstheloginnameofauser.
Thereturnedvaluemustbeuniqueacrossthe
wholeSOGoinstallationsinceitisusedto
identifytheuserinthefolder_infodatabase
table.

Configuration

20

Chapter5
MailFieldNames Anarrayoffieldsthatreturnstheusersemail
addresses(defaultstomailwhenunset).
SearchFieldNames Anarrayoffieldstotomatchagainstthe
searchstringwhenfilteringusers(defaultsto
sn,displayName,andtelephoneNumberwhen
unset).
IMAPHostFieldName(optional) ThefieldthatreturnseitheranURItothe
IMAPserverasdescribedforSOGoIMAPServer,orasimpleserverhostnamethatwouldbe
usedasareplacementforthehostnamepartin
theURIprovidedbytheSOGoIMAPServerparameter.
IMAPLoginFieldName(optional) ThefieldthatreturnstheIMAPloginnamefor
theuser(defaultstothevalueofUIDFieldName
whenunset).
SieveHostFieldName(optional) ThefieldthatreturnseitheranURItothe
SIEVEserverasdescribedforSOGoSieveServer,orasimpleserverhostnamethatwouldbe
usedasareplacementforthehostnamepartin
theURIprovidedbytheSOGoSieveServerparameter.
baseDN ThebaseDNofyouruserentries.
KindFieldName(optional) Ifset,SOGowilltrytodetermineifthevalue
ofthefieldcorrespondstoeither"group","location"or"thing".Ifthatsthecase,SOGowill
considerthereturnedentrytobearesource.
ForLDAP-basedsources,SOGocanalsoautomaticallydetermineifitsaresourceiftheentry
hasthecalendarresourceobjectClassset.
MultipleBookingsFieldName(optional) Thevalueofthisattributeisthemaximum
numberofconcurrenteventstowhicharesourcecanbepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,it
meansnolimit.
filter(optional) ThefiltertouseforLDAPqueries,itshouldbe
definedasanEOQualifier.Thefollowingoperatorsaresupported:
<>inequalityoperator
=equalityoperator
MultiplequalifierscanbejoinedbyusingOR
andAND,theycanalsobegroupedtogetherby
usingparenthesis.Attributevaluesshouldbe
quotedtoavoidunexpectedbehaviour.
Forexample:filter =
"(objectClass='mailUser' OR
objectClass='mailGroup') AND

Configuration

21

Chapter5

accountStatus='active' AND uid <> 'alice'";

scope(optional) EitherBASE,ONEorSUB.
bindDN TheDNoftheloginnametouseforbindingto
yourserver.
bindPassword Itspassword.
bindAsCurrentUser IfsettoYES,SOGowillalwayskeepbindingto
theLDAPserverusingtheDNofthecurrently
authenticateduser.IfbindFieldsisset,bindDN
andbindPasswordwillstillberequiredtofind
theproperDNoftheuser.
bindFields(optional) Anarrayoffieldstousewhendoingindirect
binds.
hostname Aspace-delimitedlistofLDAPURLsorLDAP
hostnames.
LDAPURLsarespecifiedinRFC4516and
havethefollowinggeneralformat:
scheme://host:port/DN?attributes?scope?
filter?extensions
NotethatSOGodoesntcurrentlysupportDN,
attributes,scopeandfilterinsuchURLs.Using
themmayhaveundefinedsideeffects.
URLsexamples:
ldap://127.0.0.1:3389
ldaps://127.0.0.1
ldap://127.0.0.1/????!StartTLS
port(deprecated) PortnumberoftheLDAPserver.
Anon-defaultportshouldbepartoftheldap
URLinthehostnameparameter.
encryption(deprecated) EitherSSLorSTARTTLS
SSLshouldbespecifiedasldaps://inthe
LDAPURL.STARTTLSshouldbespecified
asaLDAPExtensionintheLDAPURL(e.g.
ldap://127.0.0.1/????!StartTLS)
userPasswordAlgorithm Thealgorithmusedforpasswordencryption
whenchangingpasswordswithoutPassword
Policiesenabled.
Possiblevaluesare:none,plain,crypt,md5,
md5-crypt,smd5,cram-md5andsha,sha256,
sha512anditsssha(e.g.sshaorssha256)variants(plussettingoftheencodingwith.b64or
.hex).

Configuration

22

Chapter5
Foramoredetaileddescriptionseehttp://
wiki.dovecot.org/Authentication/PasswordSchemes.
Notethatcram-md5isnotactuallyusingcrammd5(duetothelackofchallenge-response
mechanism),itsjustsavingtheintermediate
MD5contextasDovecotstoresinitsdatabase.
canAuthenticate IfsettoYES,thisLDAPsourceisusedforauthentication
passwordPolicy IfsettoYES,SOGowillusetheextendedLDAP
PasswordPoliciesattributes.IfyouLDAPserverdoesnotsupportthoseandyouactivatethis
feature,everyLDAPrequestswillfail.
isAddressBook IfsettoYES,thisLDAPsourceisusedasa
sharedaddressbook(withread-onlyaccess).
NotethatifsettoNO,autocompletionwillnot
workforentriesinthissourceandthus,freebusylookups.
displayName(optional) Ifsetasanaddressbook,thehumanidentificationnameoftheLDAPrepository
ModulesConstraints(optional) LimitstheaccessofanymodulethroughaconstraintbasedonanLDAPattribute;mustbea
dictionarywithkeysMail,and/orCalendar,for
example:
ModulesConstraints = {
Calendar = {
ou = employees;
};
};
mapping Adictionarythatmapscontactattributesused
bySOGototheLDAPattributesusedbythe
schemaoftheLDAPsource.Eachentrymust
haveanattributenameaskeyandanarrayof
stringsasvalue.Thisenablesactualfieldstobe
mappedoneafteranotherwhenfetchingcontactinformations.
SeetheLDAPAttributeMappingsectionbelow
foranexampleandalistofsupportedattributes.
objectClasses Whenthemodifierslist(seebelow)isset,or
whenusingLDAP-baseduseraddressbooks
(seeabOUbelow),thislistofobjectclasseswill
beappliedtonewrecordsastheyarecreated.
modifiers Alist(array)ofusernamesthatareauthorized
toperformmodificationstotheaddressbook
definedbythisLDAPsource.

Configuration

23

Chapter5
abOU ThisfieldenablesLDAP-baseduser
addressbooksbyspecifyingthevalueoftheaddressbookcontainerbeneatheachuserentry,forexample:
ou=addressbooks,uid=username,dc=domain.
The following parameters can be defined along the other keys of each entry of the SOGoUserSources,butcanalsodefinedatthedomainand/orsystemlevels:
D SOGoLDAPContactInfoAttribute

Parameterusedtospecifyanattributethat
shouldappearinautocompletionofthewebinterface.

D SOGoLDAPQueryLimit

Parameterusedtolimitthenumberofreturned
resultsfromtheLDAPserverwheneverSOGoperformsaLDAPquery(forexample,duringaddressescompletioninasharedaddress
book).

D SOGoLDAPQueryTimeout

ParametertodefinethetimeoutofLDAP
queries.Theactualtimelimitforoperationsis
alsoboundedbythemaximumtimethatthe
serverisconfiguredtoallow.
Defaultsto0(unlimited).

LDAPAttributesIndexing
To ensure proper performance of the SOGo application, the following LDAP attributes must be
fullyindexed:
givenName
cn
mail
sn
Pleaserefertothedocumentationofthesoftwareyouuseinordertoindexthoseattributes.

LDAPAttributesMapping
SomeLDAPattributesaremappedtocontactsattributesintheSOGoUI.Thetablebelowlistmost
ofthem.Itispossibletooverridethesebyusingthemappingconfigurationparameter.
Forexample,iftheLDAPschemausesthefaxattributetostorethefaxnumber,onecouldmapit
tothefacsimiletelephonenumberattributelikethis:
Configuration

24

Chapter5

mapping = \{
facsimiletelephonenumber = ("fax", "facsimiletelephonenumber");
};
Name
First

givenName

Last

sn

DisplayName

displayNameorcnorgivenName+sn

Nickname

mozillanickname

Internet
Email

mail

Secondaryemail

mozillasecondemail

ScreenName

nsaimid

Phones
Work

telephoneNumber

Home

homephone

Mobile

mobile

Fax

facsimiletelephonenumber

Pager

pager

Home
Address

mozillahomestreet+mozillahomestreet2

City

mozillahomelocalityname

State/Province

mozillahomestate

Zip/PostalCode

mozillahomepostalcode

Country

mozillahomecountryname

Webpage

mozillahomeurl

Work
Title

title

Department

ou

Organization

Address

street+mozillaworkstreet2

City

State/Province

st

Zip/Postalcode

postalCode

Country

Webpage

mozillaworkurl

Other
Birthday

birthyear-birthmonth-birthday

Note

description

Configuration

25

Chapter5

AuthenticatingusingC.A.S.
SOGonativelysupportsC.A.S.authentication.ForactivatingC.A.S.authenticationyouneedfirstto
makesurethattheSOGoAuthenticationType settingissettocasandthattheSOGoCASServiceURL
settingisconfiguredappropriately.
ThetrickypartshowsupwhenusingSOGoasafrontendinterfacetoanIMAPserverasthisimposes
constraintsneededbytheC.A.S.protocoltoensuresecurecommunicationbetweenthedifferent
services.Failingtotakethoseprecautionswillpreventusersfromaccessingtheirmails,whilestill
grantingbasicauthenticationtoSOGoitself.
ThefirstconstraintisthattheamountofworkersthatSOGousesmustbehigherthan1inorder
toenabletheC.A.S.servicetoperformsomevalidationrequestsduringIMAPauthentication.A
singleworkeralonewouldnot,bydefinition,beabletorespondtotheC.A.S.requestswhiletreating
theuserrequestthatrequiredthetriggeringofthoserequests.Youmustthereforeconfigurethe
WOWorkersCountsettingappropriately.
ThesecondconstraintisthattheSOGoservicemustbeaccessibleandaccessedviahttps.Moreover,thecertificateusedbytheSOGoserverhastoberecognizedandtrustedbytheC.A.S.service.Inthecaseofacertificateissuedbyathird-partyauthority,thereshouldbenothingtoworryabout.Inthecaseofaself-signedcertificate,thecertificatemustberegisteredinthetrusted
keystoreoftheC.A.S.application.Theproceduretoachievethiscanbesummarizedasimporting
thecertificateintheproper"keystore"usingthekeytoolutilityandspecifyingthepathforthat
keystoretotheTomcatinstancewhichprovidestheC.A.S.service.Thisisdonebytweakingthe
javax.net.ssl.trustStoresetting,eitherinthecatalina.propertiesfileorinthecommand-line
parameters.Ondebian,theSOGocertificatecanalsobeaddedtothetruststoreasfollows:
openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \
-out /tmp/sogo-cert.der
keytool -import -keystore /etc/ssl/certs/java/cacerts \
-file /tmp/sogo-cert.der -alias sogo-cert
# The keystore password is 'changeit'
# tomcat must be restarted after this operation
The certificate used by the CAS server must also be trusted by SOGo. In case of a self-signed
certificate,thismeansexportingtomcatscertificateusingthe+keytool+utility,convertingittoPEM
formatandappendingittotheca-certificates.crtfile(thenameandlocationofthatfilediffers
betweendistributions).Basically:
# export tomcat's cert to openssl format
keytool -keystore /etc/tomcat7/keystore -exportcert -alias tomcat | \
openssl x509 -inform der >tomcat.pem
Enter keystore password:

tomcat

# add the pem to the trusted certs

cp tomcat.pem /etc/ssl/certs
cat tomcat.pem >>/etc/ssl/certs/ca-certificates

Configuration

26

Chapter5
Ifanyofthoseconstraintsisnotsatisfied,thewebmailinterfaceofSOGowilldisplayanemptyemail
account.Unfortunately,SOGohasnopossibilitytodetectwhichoneisthecauseoftheproblem.
Theonlyindicatorsarelogmessagesthatatleastpinpointthesymptoms:
"failuretoobtainaPGTfromtheC.A.S.service"
SuchanerrorwillshowupduringauthenticationoftheusertoSOGo.Ithappenswhentheauthenticationservicehasacceptedtheuserauthenticationticketbuthasnotreturneda"ProxyGranting
Ticket".
"aCASfailureoccurredduringoperation."
Thiserrorindicatethatanattemptwasmadetoretrieveanauthenticationticketforathird-party
servicesuchasIMAPorsieve.Mostofthetime,thishappensasaconsequencetotheproblem
describedabove.Totroubleshoottheseissues,oneshouldbetailingcas.log,pamlogsandsogo
logs.
Currently,SOGowillaskforaCASticketusingthesameCASservicenameforbothIMAPand
Sieve.WhenCASifyingsieve,thismeansthatthe-sparameterof`pam_cas`shouldbethesame
forbothIMAPandSieve,otherwisetheCASserverwillcomplain:
ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket
[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service [imap://myimapserver
does not match supplied service [sieve://mysieveserver:2000]
Finally,whenusingimapproxytospeeduptheimapaccesses,theSOGoIMAPCASServiceName
shouldbesettotheactualimapservicenameexpectedbypam_cas,otherwiseitwillfailtoauthenticateincomingconnectionproperly.

AuthenticatingusingSAML2
SOGonativelysupportsSAML2authentication.PleaserefertothedocumentationofyouridentityproviderandtheSAML2configurationkeysthatarelistedaboveforpropersetup.OnceaSOGoinstanceisconfiguredproperly,themetadataforthatinstancecanberetrievedfromhttp://
<hostname>/SOGo/saml2-metadataforregistrationwiththeidentityprovider.
In order to relay authentication information to your IMAP server and if you make use of the
CrudeSAMLSASLplugin,youneedtomakesurethatNGImap4AuthMechanismisconfiguredtouse
theSAMLmechanism.IfyoumakeuseoftheCrudeSAMLPAMplugin,thisvaluemaybeleftempty.

DatabaseConfiguration
SOGo requires a relational database system in order to store appointments, tasks and contacts
information.ItalsousesthedatabasesystemtostorepersonalpreferencesofSOGousers.Inthis
guide,weassumeyouusePostgreSQLsocommandsprovidedthecreatethedatabasearerelated
tothisapplication.However,otherdatabaseserversaresupported,suchasMySQLandOracle.
Configuration

27

Chapter5
First,makesurethatyourPostgreSQLserverhasTCP/IPconnectionssupportenabled.
Createthedatabaseuserandschemausingthefollowingcommands:
su # postgres
createuser --no-superuser --no-createdb #-no-createrole \
#-encrypted --pwprompt sogo
(specify sogo as password)
createdb -O sogo sogo
Youshouldthenadjusttheaccessrightstothedatabase.Todoso,modifytheconfigurationfile/
var/lib/pgsql/data/pg_hba.confinordertoaddthefollowinglineattheverybeginningofthe
file:
host sogo sogo 127.0.0.1/32 md5
Onceadded,restartthePostgreSQLdatabaseservice.Then,modifytheSOGoconfigurationfile(/
etc/sogo/sogo.conf)toreflectyourdatabasesettings:
SOGoProfileURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
OCSFolderInfoURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
Thefollowingtabledescribestheparametersthatwereset:
D SOGoProfileURL

ParameterusedtosetthedatabaseURLso
thatSOGocanretrieveuserprofiles.
ForMySQL,setthedatabaseURLtosomething
like:mysql://sogo:sogo@localhost:3306/sogo/sogo_user_profile.

D OCSFolderInfoURL

ParameterusedtosetthedatabaseURLso
thatSOGocanretrievethelocationofuser
folders(addressbooksandcalendars).
ForOracle,setthedatabaseURLtosomething
like:oracle://sogo:sogo@localhost:1526/sogo/sogo_folder_info.

D OCSSessionsFolderURL

ParameterusedtosetthedatabaseURLso
thatSOGocanstoreandretrievesecureduser
sessionsinformation.ForPostgreSQL,thedatabaseURLcouldbesettosomethinglike:postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder.

D OCSEMailAlarmsFolderURL

ParameterusedtosetthedatabaseURL
foremail-basedalarms(thatcanbeseton
eventsandtasks).ThisparameterisrelevantonlyifSOGoEnableEMailAlarmsis
settoYES.ForPostgreSQL,thedatabase
URLcouldbesettosomethinglike:postConfiguration

28

Chapter5

gresql://sogo:sogo@localhost:5432/sogo/sogo_alarms_folder
Seethe"EMailreminders"sectioninthisdocumentformoreinformation.
IfyoureusingMySQL,makesureinyourmy.cnffileyouhave:
[mysqld]
...
character_set_server=utf8
character_set_client=utf8
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8

AuthenticationusingSQL
SOGocanuseaSQL-baseddatabaseserverforauthentication.Theconfigurationisverysimilar
toLDAP-basedauthentication.
ThefollowingtabledescribesallthepossibleparametersrelatedtoaSQLsource:
D SOGoUserSources

ParameterusedtosettheSQLand/orLDAP
sourcesusedforauthenticationandglobaladdressbooks.Multiplesourcescanbespecified
asanarrayofdictionaries.AdictionarythatdefinesaSQLsourcecancontainthefollowing
values:

type

Thetypeofthisusersource,settosqlfora
SQLsource.

id

TheidentificationnameoftheSQLrepository.
Thismustbeuniqueevenwhenusingmultipledomains.

viewURL

DatabaseURLoftheviewusedbySOGo.The
viewexpectscolumnstobepresent.Required
columnsare:
c_uid:willbeusedforauthenticationitsa
usernameorusername@domain.tld
c_name:willbeusedtouniquelyidentifyentrieswhichcanbeidenticaltoc_uid
c_password:passwordoftheuser,plaintext,
crypt,md5orshaencoded
c_cn:theuserscommonname
mail:theusersemailaddress
Configuration

29

Chapter5
Othercolumnscanexistandwillactuallybe
mappedautomaticallyiftheyhavethesame
nameaspopularLDAPattributes(suchas
givenName,sn,department,title,telephoneNumber,etc.).
userPasswordAlgorithm

Thedefaultalgorithmusedforpasswordencryptionwhenchangingpasswords.Possible
valuesare:none,plain,crypt,md5,md5-crypt,
smd5,cram-md5,ldap-md5,andsha,sha256,
sha512anditsssha(e.g.sshaorssha256)variants.Passwordscanhavetheschemeprependedintheform{scheme}encryptedPass.
Ifnoschemeisgiven,userPasswordAlgorithmisusedinstead.Theschemeslisted
abovefollowthealgorithmsdescribedin
http://wiki.dovecot.org/Authentication/PasswordSchemes.
Notethatcram-md5isnotactuallyusingcrammd5(duetothelackofchallenge-response
mechanism),itsjustsavingtheintermediate
MD5contextasDovecotstoresinitsdatabase.

prependPasswordScheme

Thedefaultbehaviouristostorenewlyset
passwordswithoutthescheme(default:
NO).Thiscanbeoverriddenbysettingto
YESandwillresultinpasswordsstoredas
{scheme}encryptedPass.

canAuthenticate

IfsettoYES,thisSQLsourceisusedforauthentication.

isAddressBook

IfsettoYES,thisSQLsourceisusedasa
sharedaddressbook(withread-onlyaccess).
NotethatifsettoNO,autocompletionwillnot
workforentriesinthissourceandthus,freebusylookups.

authenticationFilter(optional)

Afilterthatlimitswhichuserscanauthenticate
fromthissource.

displayName(optional)

Ifsetasanaddressbook,thehumanidentificationnameoftheSQLrepository.

LoginFieldNames(optional)

Anarrayoffieldsthatspecifiesthecolumn
namesthatcontainvalidauthenticationusernames(defaultstoc_uidwhenunset).

MailFieldNames(optional)

Aanarrayoffieldsthatspecifiesthecolumn
namesthatholdadditionalemailaddresses(besidethemailcolumn)foreachuser.

IMAPHostFieldName(optional)

ThefieldthatreturnstheIMAPhostnamefor
theuser.

IMAPLoginFieldName(optional)

ThefieldthatreturnstheIMAPloginnamefor
theuser(defaultstoc_uidwhenunset).

Configuration

30

Chapter5
SieveHostFieldName(optional)

ThefieldthatreturnstheSievehostnamefor
theuser.

KindFieldName(optional)

Ifset,SOGowilltrytodetermineifthevalue
ofthefieldcorrespondstoeither"group","location"or"thing".Ifthatsthecase,SOGowill
considerthereturnedentrytobearesource.

MultipleBookingsFieldName(optional)

Thevalueofthisfieldisthemaximumnumber
ofconcurrenteventstowhicharesourcecan
bepartofatanypointintime.
Ifthisissetto0,oriftheattributeismissing,it
meansnolimit.

DomainFieldName(optional)

Ifset,SOGowillusethevalueofthatfieldas
thedomainassociatedtotheuser.
SeetheMulti-domainsConfigurationsectionin
thisdocumentformoreinformation.

HereisanexampleofanSQL-basedauthenticationandaddressbooksource:
SOGoUserSources =
(
{
type = sql;
id = directory;
viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
canAuthenticate = YES;
isAddressBook = YES;
userPasswordAlgorithm = md5;
}
);
Certaindatabasecolumnsmustbepresentintheview/table,suchas:
c_uidwillbeusedforauthenticationitstheusernameorusername@domain.tld
c_namewhichcanbeidenticaltoc_uidwillbeusedtouniquelyidentifyentries
c_passwordpasswordoftheuser,plain-text,md5orshaencodedfornow
c_cntheuserscommonnamesuchas"JohnDoe"
mailtheusersmailaddress
NotethatgroupsarecurrentlynotsupportedforSQL-basedauthenticationsources.

SMTPServerConfiguration
SOGomakesuseofaSMTPservertosendemailsfromtheWebinterface,iMIP/iTIPmessages
andvariousnotifications.
Configuration

31

Chapter5
Thefollowingtabledescribestherelatedparameters.
D SOGoMailingMechanism

ParameterusedtosethowSOGosendsmail
messages.Possiblevaluesare:
sendmailtousethesendmailbinary
smtptousetheSMTPprotocol

D SOGoSMTPServer

TheDNSnameorIPaddressoftheSMTP
serverusedwhenSOGoMailingMechanismisset
tosmtp.

D SOGoSMTPAuthenticationType

ActivateSMTPauthenticationandspecifies
whichtypeisinuse.Current,onlyPLAINissupportedandothervalueswillbeignored.

S WOSendMail

Thepathofthesendmailbinary.
Defaultsto/usr/lib/sendmail.

D SOGoForceExternalLoginWithEmail

Parameterusedtospecifyif,whenlogginginto
theSMTPserver,theprimaryemailaddressof
theuserwillbeusedinsteadoftheusername.
Possiblevaluesare:
YES
NO
DefaultstoNOwhenunset.

IMAPServerConfiguration
SOGorequiresanIMAPserverinordertoletusersconsulttheiremailmessages,managetheirfoldersandmore.
Thefollowingtabledescribestherelatedparameters.
U SOGoDraftsFolderName

ParameterusedtosettheIMAPfoldername
usedtostoredraftsmessages.
DefaultstoDraftswhenunset.
Usea/asahierarchyseparatorifreferringto
anIMAPsubfolder.Forexample:INBOX/Drafts.

U SOGoSentFolderName

ParameterusedtosettheIMAPfoldername
usedtostoresentmessages.
DefaultstoSentwhenunset.
Usea/asahierarchyseparatorifreferringto
anIMAPsubfolder.Forexample:INBOX/Sent.

U SOGoTrashFolderName

ParameterusedtosettheIMAPfoldername
usedtostoredeletedmessages.
Configuration

32

Chapter5
DefaultstoTrashwhenunset.
Usea/asahierarchyseparatorifreferringto
anIMAPsubfolder.Forexample:INBOX/Trash.
D SOGoIMAPCASServiceName

ParameterusedtosettheCASservicename
(URL)oftheimapservice.ThisisusefulifSOGoisconnectingtotheIMAPservicethrough
aproxy.Whenusingpam_cas,thisparameter
shouldbesettothesamevalueasthe-sargumentoftheimappamservice.

D SOGoIMAPServer

ParameterusedtosettheDNSnameorIPaddressoftheIMAPserverusedbySOGo.You
canalsouseSSLorTLSbyprovidingavalue
usinganURL,suchas:
imaps://localhost:993
imaps://localhost:143/?tls=YES

D SOGoSieveServer

ParameterusedtosettheDNSnameorIPaddressoftheSieve(managesieve)serverusedby
SOGo.YoumustuseanURLsuchas:
sieve://localhost
sieve://localhost:2000
sieve://localhost:2000/?tls=YES
NotethatTLSissupportedbutSSLisnot.

D SOGoSieveFolderEncoding

Parameterusedtospecifywhichencodingis
usedforIMAPfoldernamesinSievefilters.Defaultsto"UTF-7".Theotherpossiblevalueis
"UTF-8".

U SOGoMailShowSubscribedFoldersOnly

ParameterusedtospecifyiftheWebinterfaceshouldonlyshowsubscribedIMAPfolders.Possiblevaluesare:
YES
NO
DefaultstoNOwhenunset.

D SOGoIMAPAclStyle

ParameterusedtospecifywhichRFCtheIMAP
serverimplementswithrespecttoACLs.Possiblevaluesare:
rfc2086
rfc4314
Defaultstorfc4314whenunset.

D SOGoIMAPAclConformsToIMAPExt

ParameterusedtospecifyiftheIMAPserver
implementstheInternetMessageAccessProtocolExtension.Possiblevaluesare:
YES
NO

Configuration

33

Chapter5
DefaultstoNOwhenunset.
D SOGoForceExternalLoginWithEmail

Parameterusedtospecifyif,whenlogginginto
theIMAPserver,theprimaryemailaddressof
theuserwillbeusedinsteadoftheusername.
Possiblevaluesare:
YES
NO
DefaultstoNOwhenunset.

D SOGoMailSpoolPath

Parameterusedtosetthepathwheretemporaryemaildraftsarewritten.Ifyouchangethis
value,youmustalsomodifythedailycronjob
sogo-tmpwatch.
Defaultsto/var/spool/sogo.

S NGImap4ConnectionStringSeparator

ParameterusedtosettheIMAPmailbox
separator.Settingthiswillalsohaveanimpact
onthemailboxseparatorusedbySievefilters.
Thedefaultseparatoris/.

S NGImap4AuthMechanism

TriggertheuseoftheIMAPAUTHENTICATE
commandwiththespecifiedSASLmechanism.
Pleasenotethatfeaturemightbelimitedatthis
time.

D NGImap4ConnectionGroupIdPrefix

PrefixtoprependtonamesinIMAPACLtransactions,toindicatethenameisagroupname
notausername.
RFC4314givesexampleswheregroupnames
areprefixedwith$.Dovecot,forone,follows
thisscheme,andwill,forexample,applypermissionsfor$adminstoallusersingroupadminsintheabsenceofspecificpermissionsfor
theindividualuser.
Thedefaultprefixis$.

WebInterfaceConfiguration
ThefollowingadditionalparametersonlyaffecttheWebinterfacebehaviourofSOGo.
S SOGoPageTitle

ParameterusedtodefinetheWebpagetitle.
DefaultstoSOGowhenunset.

U SOGoLoginModule

Parameterusedtospecifywhichmoduleto
showafterlogin.Possiblevaluesare:

Configuration

34

Chapter5
Calendar
Mail
Contacts
DefaultstoCalendarwhenunset.
S SOGoFaviconRelativeURL

ParameterusedtospecifytherelativeURLof
thesitefavion.
Whenunset,defaultstothefilesogo.icounderthedefaultwebresourcesdirectory.

S SOGoZipPath

Parameterusedtospecifythepathofthezip
binaryusedtoarchivemessages.
Defaultsto/usr/bin/zipwhenunset.

D SOGoSoftQuotaRatio

Parameterusedtochangethequotareturned
bytheIMAPserverbymultiplyingitbythe
specifiedratio.Actsasasoftquota.Example:
0.8.

U SOGoMailUseOutlookStyleReplies(notcurrentlyeditableinWebinterface)

Parameterusedtosetifemailrepliesshould
useOutlooksstyle.
DefaultstoNOwhenunset.

U SOGoMailListViewColumnsOrder(notcurrentlyeditableinWebinterface)

Parameterusedtospecifythedefaultorderof
thecolumnsfromtheSOGowebmailinterface.
Theparameterisanarray,forexample:
SOGoMailListViewColumnsOrder =
(Flagged, Attachment, Priority, From,
Subject, Unread, Date, Size);

D SOGoVacationEnabled

Parameterusedtoactivatetheeditionfromthe
preferenceswindowofavacationmessage.
RequiresSievescriptsupportontheIMAP
host.
DefaultstoNOwhenunset.
Whenenablingthisparameter,onemustalso
enabletheassociatedcronjobin/etc/cron.d/
sogoinordertoactivateautomaticvacation
messageexpiration.
SeetheCronjobVacationmessagesexpiration
sectionbelowfordetails.

D SOGoForwardEnabled

Parameterusedtoactivatetheeditionfrom
thepreferenceswindowofaforwardingemail
address.RequiresSievescriptsupportonthe
IMAPhost.
DefaultstoNOwhenunset.

Configuration

35

Chapter5
D SOGoSieveScriptsEnabled

Parameterusedtoactivatetheeditionfrom
thepreferenceswindowsofserver-sidemailfilters.RequiresSievescriptsupportontheIMAP
host.
DefaultstoNOwhenunset.

D SOGoMailPollingIntervals

Parameterusedtodefinethemailpollingintervals(inminutes)availabletotheuser.Theparameterisanarraythatcancontainthefollowing
numbers:

1
2
5
10
20
30
60

Defaultstothelistabovewhenunset.
U SOGoMailMessageCheck

ParameterusedtodefinethemailpollingintervalatwhichtheIMAPserverisqueriedfornew
messages.Possiblevaluesare:

manually
every_minute
every_2_minutes
every_5_minutes
every_10_minutes
every_20_minutes
every_30_minutes
once_per_hour

Defaultstomanuallywhenunset.
D SOGoMailAuxiliaryUserAccountsEnabled

ParameterusedtoactivatetheauxiliaryIMAP
accountsinSOGo.WhensettoYES,userscan
addotherIMAPaccountsthatwillbevisible
fromtheSOGoWebmailinterface.
DefaultstoNOwhenunset.

U SOGoDefaultCalendar

Parameterusedtospecifywhichcalendaris
usedwhencreatinganeventoratask.Possible
valuesare:
selected
personal
first
Defaultstoselectedwhenunset.

U SOGoDayStartTime

Thehouratwhichthedaystarts(0through12).
Defaultsto8whenunset.

Configuration

36

Chapter5
U SOGoDayEndTime

Thehouratwhichthedayends(12through
23).
Defaultsto18whenunset.

U SOGoFirstDayOfWeek

Thedayatwhichtheweekstartsintheweek
andmonthviews(0through6).0indicatesSunday.
Defaultsto0whenunset.

U SOGoFirstWeekOfYear

Parameterusedtodefinedhowisidentifiedthe
firstweekoftheyear.Possiblevaluesare:
January1
First4DayWeek
FirstFullWeek
DefaultstoJanuary1whenunset.

U SOGoTimeFormat

Theformatusedtodisplaytimeinthetimeline
ofthedayandweekviews.Pleaserefertothe
documentationforthedatecommandorthe
strftimeCfunctionforthelistofavailableformatsequence.
Defaultsto%H:%M.

U SOGoCalendarCategories

Parameterusedtodefinethecategoriesthat
canbeassociatedtoevents.Thisparameteris
anarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.

U SOGoCalendarDefaultCategoryColor

Parameterusedtodefinethedefaultcolourof
categories.
Defaultsto#F0F0F0whenunset.

U SOGoCalendarEventsDefaultClassification

Parameterusedtodefinedthedefaultclassificationfornewevents.Possiblevaluesare:
PUBLIC
CONFIDENTIAL
PRIVATE
DefaultstoPUBLICwhenunset.

U SOGoCalendarTasksDefaultClassification

Parameterusedtodefinedthedefaultclassificationfornewtasks.Possiblevaluesare:
PUBLIC
CONFIDENTIAL
PRIVATE
DefaultstoPUBLICwhenunset.

U SOGoCalendarDefaultReminder

Parameterusedtodefinedadefaultreminder
fornewevents.Possiblevaluesare:

Configuration

37

Chapter5

D SOGoFreeBusyDefaultInterval

-PT5M
-PT10M
-PT15M
-PT30M
-PT45M
-PT1H
-PT2H
-PT5H
-PT15H
-P1D
-P2D
-P1W

Thenumberofdaystoincludeinthefreebusy
information.Theparameterisanarrayoftwo
numbers,thefirstbeingthenumberofdays
priortothecurrentdayandthesecondbeing
thenumberofdaysfollowingthecurrentday.
Defaultsto(7, 7)whenunset.

U SOGoBusyOffHours

Parameterusedtospecifyifoff-hoursshould
beautomaticallyaddedtothefree-busyinformation.OffhoursincludedweekendsandperiodscoveredbetweenSOGoDayEndTimeand
SOGoDayStartTime .
DefaultstoNOwhenunset.

U SOGoMailMessageForwarding

Themethodthemessageistobeforwarded.
Possiblevaluesare:
inline
attached
Defaultstoinlinewhenunset.

U SOGoMailCustomFullName

Thestringtouseasfullnamewhencomposing
anemail,ifSOGoMailCustomFromEnabledisset
intheusersdomaindefaults.
Whenunset,thefullnamespecifiedintheuser
sourcesfortheuserisusedinstead.

U SOGoMailCustomEmail

Thestringtouseasemailaddresswhencomposinganemail,ifSOGoMailCustomFromEnabledissetintheusersdomaindefaults.
Whenunset,theemailspecifiedintheuser
sourcesfortheuserisusedinstead.

U SOGoMailReplyPlacement

Thereplyplacementwithrespecttothequoted
message.Possiblevaluesare:
above
below
Defaultstobelow.

Configuration

38

Chapter5
U SOGoMailReplyTo

Theemailaddresstouseinthereply-toheaderfieldwhentheusersendsamessage.
Ignoredwhenempty.

U SOGoMailSignaturePlacement

Theplacementofthesignaturewithrespectto
thequotedmessage.Possiblevaluesare:
above
below
Defaultstobelow.

U SOGoMailComposeMessageType

Themessagecompositionformat.Possiblevaluesare:
text
html
Defaultstotext.

S SOGoEnableEMailAlarms

Parameterusedtoenableemail-basedalarms
oneventsandtasks.
DefaultstoNOwhenunset.
Forthisfeaturetoworkcorrectly,onemust
alsosettheOCSEMailAlarmsFolderURLparameterandenabletheassociatedcronjob.See
theCronjobEMailreminderssectionfromthis
documentformoreinformation.

U SOGoContactsCategories

Parameterusedtodefinethecategoriesthat
canbeassociatedtocontacts.Thisparameteris
anarrayofarbitrarystrings.
Defaultstoalistthatdependsonthelanguage.

D SOGoUIAdditionalJSFiles

ParameterusedtodefinealistofadditionalJavaScriptfilesloadedbySOGoforalldisplayedwebpages.Thisparameterisanarrayof
stringscorrespondingofpathstothearbitrary
JavaScriptfiles.Thepathsarerelativetothe
WebServerResourcesdirectory,whichisusually
foundunder/usr/lib/GNUstep/SOGo/.

D SOGoMailCustomFromEnabled

Parameterusedtoallowornotuserstospecify
custom"From"addressesfromSOGospreferencespanel.
DefaultstoNOwhenunset.

D SOGoSubscriptionFolderFormat

Parameterusedtosetthedefaultformattingof
asubscriptionfoldername.Availablevariables
are:
%{FolderName}
%{UserName}
Configuration

39

Chapter5
%{Email}
Defaultsto%{FolderName} (%{UserName} <
%{Email}>)whenunset.
D SOGoUIxAdditionalPreferences

Parameterusedtoenableanextrapreferences
tabusingthecontentofthetemplatenamed
UIxAdditionalPreferences.wox.Thistemplateshouldbeputunder~sogo/GNUstep/Library/SOGo/Templates/PreferencesUI/.
DefaultstoNOwhenunset.

SOGoConfigurationSummary
ThecompleteSOGoconfigurationfile+/etc/sogo/sogo.conf+shouldlooklikethis:

Configuration

40

Chapter5

{
SOGoProfileURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile";
OCSFolderInfoURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder";
SOGoAppointmentSendEMailNotifications = YES;
SOGoCalendarDefaultRoles = (
PublicViewer,
ConfidentialDAndTViewer
);
SOGoLanguage = English;
SOGoTimeZone = America/Montreal;
SOGoMailDomain = acme.com;
SOGoIMAPServer = localhost;
SOGoDraftsFolderName = Drafts;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=acme,dc=com";
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = public;
isAddressBook = YES;
port = 389;
}
);
}

Multi-domainsConfiguration
Ifyouwantyourinstallationtoisolatetwogroupsofusers,youmustdefineadistinctauthenticationsourceforeachdomain.Followingisthesameconfigurationthatnowincludestwodomains
(acme.comandcoyote.com):

Configuration

41

Chapter5

{
...
domains = {
acme = {
SOGoMailDomain = acme.com;
SOGoDraftsFolderName = Drafts;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=acme,dc=com";
bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = public_acme;
isAddressBook = YES;
port = 389;
}
);
};
coyote = {
SOGoMailDomain = coyote.com;
SOGoIMAPServer = imap.coyote.com;
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=coyote,dc=com";
bindDN = "uid=sogo,ou=users,dc=coyote,dc=com";
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = public_coyote;
isAddressBook = YES;
port = 389;
}
);
};
};
}
ThefollowingadditionalparametersonlyaffectSOGowhenusingmultipledomains.
S SOGoEnableDomainBasedUID

Parameterusedtoactivateuseridentificationbydomain.Userswillbeable(withoutbeingrequired)tologinusingtheform
Configuration

42

Chapter5

username@domain,meaningthatvaluesofUIDFieldNamenolongerhavetobeuniqueamong
alldomainsbutonlywithinthesamedomain.
Internally,userswillalwaysbeidentifiedbythe
concatenationoftheirusernameanddomain.
Consequently,activatingthisparameteronan
existingsystemimpliesthatuseridentifierswill
changeandtheirpreviouscalendarsandaddressbookswillnolongerbeaccessibleunless
aconversionisperformed.
DefaultstoNOwhenunset.
S SOGoLoginDomains

Parameterusedtodefinewhichdomains
shouldbeselectablefromtheloginpage.This
parameterisanarrayofkeysfromthedomains
dictionary.
Defaultstoanemptyarray,whichmeansthat
nodomainsappearontheloginpage.Ifyou
preferhavingthedomainnameslisted,justuse
theseaskeysforthethedomainsdictionary.

S SOGoDomainsVisibility

Parameterusedtosetdomainsvisibleamong
themselves.Thisparameterisanarrayofarrays.
Example:SOGoDomainsVisibility = ((acme,
coyote));
Defaultstoanemptyarray,whichmeansdomainsareisolatedfromeachother.

ApacheConfiguration
TheSOGoconfigurationforApacheislocatedin/etc/httpd/conf.d/SOGo.conf.
UponSOGoinstallation,adefaultconfigurationfileiscreatedwhichissuitableformostconfigurations.
YoumustalsoconfigurethefollowingparametersintheSOGoconfigurationfileforApacheinorder
tohaveaworkinginstallation:
RequestHeader set "x-webobjects-server-port" "80"
RequestHeader set "x-webobjects-server-name" "yourhostname"
RequestHeader set "x-webobjects-server-url" "http://yourhostname"
YoumayconsiderenablingSSLontopofthiscurrentinstallationtosecureaccesstoyourSOGo
installation.
Seehttp://httpd.apache.org/docs/2.2/ssl/fordetails.
Configuration

43

Chapter5
YoumightalsohavetoadjusttheconfigurationifyouhaveSELinuxenabled.
Thedefaultconfigurationwillusemod_proxyandmod_headerstorelayrequeststothesogodparent
process.Thisissuitableforsmalltomediumdeployments.

StartingServices
OnceSOGoiffullyinstalledandconfigured,starttheservicesusingthefollowingcommand:
service sogod start
YoumayverifyusingthechkconfigcommandthattheSOGoserviceisautomaticallystartedatboot
time.RestarttheApacheservicesincemodulesandconfigurationfileswereadded:
service httpd restart
Finally,youshouldalsomakesurethatthememcachedserviceisstartedandthatitisalsoautomaticallystartedatboottime.

CronjobEMailreminders
SOGoallowsyoutosetemail-basedremindersforeventsandtasks.Toenablethis,youmustenable
theSOGoEnableEMailAlarmspreferenceandsettheOCSEMailAlarmsFolderURLpreferenceaccordingly.
Onceyouvecorrectlysetthosetwopreferences,youmustcreateacronjobthatwillrununderthe
"sogo"user.Thiscronjobshouldberuneveryminute.
Acommentedoutexampleshouldhavebeeninstalledin/etc/cron.d/sogo,toenableit,simply
uncommentit.
Asareference,thecronjobshoulddedefinedlikethis:
* * * * * /usr/sbin/sogo-ealarms-notify
If your mail server requires use of SMTP AUTH, specify a credential file using -p /path/
to/credFile. This file should contain the username and password, separated by a colon
(username:password)

Configuration

44

Chapter5

CronjobVacationmessagesexpiration
Whenvacationmessagesareenabled(seetheparameterSOGoVacationEnabled ),userscansetan
expirationdatetomessagesauto-reply.Forthisfeaturetowork,youmustrunacronjobunderthe
"sogo"user.
A commented out example should have been installed in /etc/cron.d/sogo. To work correctly
thistoolmustloginasanadministrativeuseronthesieveserver.Therequiredcredentialsmust
bespecifiedinafilebyusing-p /path/to/credFile.Thisfileshouldcontaintheusernameand
password,separatedbyacolon(username:password).
Thecronjobshouldlooklikethis:
0 0 * * *sogo /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds

Configuration

45

Chapter6

ManagingUserAccounts

CreatingtheSOGoAdministrativeAccount
First, create the SOGo administrative account in your LDAP server. The following LDIF file
(sogo.ldif)canbeusedasanexample:
dn: uid=sogo,ou=users,dc=acme,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
uid: sogo
cn: SOGo Administrator
mail: sogo@acme.com
sn: Administrator
givenName: SOGo
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f sogo.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefollowingcommand:
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com
uid=sogo,ou=users,dc=acme,dc=com -s qwerty

CreatingaUserAccount
SOGousesLDAPdirectoriestoauthenticateusers.UsethefollowingLDIFfile(jdoe.ldif)asan
exampletocreateaSOGouseraccount:

ManagingUserAccounts

46

Chapter6

dn: uid=jdoe,ou=users,dc=acme,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
uid: jdoe
cn: John Doe
mail: jdoe@acme.com
sn: Doe
givenName: John
LoadtheLDIFfileinsideyourLDAPserverusingthefollowingcommand:
ldapadd -f jdoe.ldif -x -w qwerty -D cn=Manager,dc=acme,dc=com
Finally,setthepassword(tothevalueqwerty)oftheSOGoadministrativeaccountusingthefollowingcommand:
ldappasswd -h localhost -x -w qwerty -D cn=Manager,dc=acme,dc=com
uid=jdoe,ou=users,dc=acme,dc=com -s qwerty
As an alternative to using command-line tools, you can also use LDAP editors such as Luma or
ApacheDirectoryStudiotomakeyourworkeasier.TheseGUIutilitiescanmakeuseoftemplates
tocreateandpre-configuretypicaluseraccountsoranystandardizedLDAPrecord,alongwiththe
correctobjectclasses,fieldsanddefaultvalues.

ManagingUserAccounts

47

Chapter7

MicrosoftActiveSync

SOGosupportstheMicrosoftActiveSyncprotocol.
ActiveSyncclientscanfullysynchronizecontacts,emails,eventsandtaskswithSOGo.Freebusy
andGALlookupsarealsosupported,aswellas"Smartreply"and"Smartforward"operations.
ToenableMicrosoftActiveSyncsupportinSOGo,youmustinstalltherequiredpackages.
yum install sogo-activesync libwbxml
Onceinstalled,simplyuncommentthefollowinglinesfromyourSOGoApacheconfiguration:
ProxyPass /Microsoft-Server-ActiveSync \
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
retry=60 connectiontimeout=5 timeout=360
RestartApacheafterwards.
ThefollowingadditionalparametersonlyaffectSOGowhenusingActiveSync:
S SOGoMaximumPingInterval

Parameterusedtosetthemaximumamountof
time,inseconds,SOGowillwaitbeforereplying
toaPingcommand.
Ifnotset,itdefaultsto5seconds.

S SOGoMaximumSyncInterval

Parameterusedtosetthemaximumamountof
time,inseconds,SOGowillwaitbeforereplying
toaSynccommand.
Ifnotset,itdefaultsto30seconds.

S SOGoInternalSyncInterval

Parameterusedtosetthemaximumamount
oftime,inseconds,SOGowillwaitbeforedoinganinternalcheckfordatachanges(add,
delete,andupdate).Thisparametermustbe
lowerthanSOGoMaximumSyncInterval.
Ifnotset,itdefaultsto10seconds.

S SOGoMaximumSyncWindowSize

Parameterusedtooverwritethemaximum
numberofitemsreturnedduringaSyncoperation.
Defaultsto0,whichmeansnooverwriteisperformed.

MicrosoftActiveSync

48

Chapter7
Settingthisparametertoavaluegreaterthan
512willhaveunexpectedbehaviourwithvariousActiveSyncclients.
Pleasebeawareofthefollowinglimitations:
Currently,onlythepersonalcalendarandaddressbookaresynchronized.Addingsupportforall
foldersisplanned.
WhencreatinganOutlook2013profile,youmustactuallykillOutlookbeforetheendofthe
creationprocess.Seehttp://www.vionblog.com/connect-zimbra-community-with-outlook-2013
foraprocedureexample.
Outlook2013doesnotsearchtheGAL.OnepossiblealternativesolutionistoconfigureOutlook
touseaLDAPserver(overSSL)withauthentication.Alternatively,whensupportingmorethan
justthepersonaladdressbook,wellalsobeabletoexposetheLDAP/SQLbasedaddressbooks
inSOGooverActiveSync.
Makesureyoudonotuseaself-signedcertificate.Whilethiswillwork,Outlookwillworkintermittentlyasitwillraisepopupsforcertificatevalidation,sometimesinbackground,preventing
theusertoseethewarningandthus,preventinganysynchronizationtohappen.
ActiveSyncclientskeepconnectionsopenforawhile.Eachconnectionwillgrabaholdonasogod
processsoyouwillneedalotofprocessestohandlemanyclients.Thislimitationwilleventually
beovercomeinSOGo.
Repetitiveeventswithoccurrencesexceptionsarecurrentlynotsupported.
Outlook2013Autodiscoveryiscurrentlynotsupported.
Outlook2013freebusylookupsaresupportedusingtheInternetFree/BusyfeatureofOutlook
2013.Pleaseseehttp://support.microsoft.com/kb/291621forconfigurationinstructions.Onthe
SOGoside,SOGoEnablePublicAccessmustbesettoYESandtheURLtousemustbeofthefollowingformat:http://<hostname>/SOGo/dav/public/%NAME%/freebusy.ifb
InordertousetheSOGoActiveSyncsupportcodeinproductionenvironments,youneedtogeta
properusagelicensefromMicrosoft.Pleasecontactthemdirectlytonegotiatethefeesassociated
toyouruserbase.
TocontactMicrosoft,pleasevisit:
http://www.microsoft.com/en-us/
legal/intellectualproperty/IPLicensing/Programs/exchangeactivesyncprotocol.aspx and send an
emailtoiplicreq@microsoft.com
Inverseinc.providesthissoftwareforfree,butisnotresponsibleforanythingrelatedtoitsusage.

MicrosoftActiveSync

49

Chapter8

UsingSOGo

SOGoWebInterface
ToaccestheSOGoWebInterface,pointyourWebbrowser,whichisrunningfromthesameserver
whereSOGowasinstalled,tothefollowingURL:http://localhost/SOGo.
Loginusingthe"jdoe"userandthe"qwerty"password.TheunderlyingdatabasetableswillautomaticallybecreatedbySOGo.

MozillaThunderbirdandLightning
Alternatively,youcanaccessSOGowithaGroupDAVandaCalDAVclient.Atypicalwell-integrated
setupistouseMozillaThunderbirdandMozillaLightningalongwithInversesSOGoConnectorplug
intosynchronizeyouraddressbooksandtheInversesSOGoIntegratorplugintoprovideacomplete
integrationofthefeaturesofSOGointoThunderbirdandLightning.Refertothedocumentation
ofThunderbirdtoconfigureaninitialIMAPaccountpointingtoyourSOGoserverandusingthe
usernameandpasswordmentionedabove.
WiththeSOGoIntegratorplugin,yourcalendarsandaddressbookswillbeautomaticallydiscovered
whenyoulogininThunderbird.Thisplugincanalsopropagatespecificextensionsanddefaultuser
settingsamongyoursite.However,beawarethatinordertousetheSOGoIntegratorplugin,you
willneedtorepackageitwithspecificmodifications.Pleaserefertothedocumentationpublished
online:
http://www.sogo.nu/downloads/documentation.html
IfyouonlyusetheSOGoConnectorplugin,youcanstilleasilyaccessyourdata.
Toaccessyourpersonaladdressbook:
ChooseGo>AddressBook.
ChooseFile>New>RemoteAddressBook.
EnterasignificantnameforyourcalendarintheNamefield.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Contacts/personal/
UsingSOGo

50

Chapter8
ClickonOK.
Toaccessyourpersonalcalendar:
ChooseGo>Calendar.
ChooseCalendar>NewCalendar.
SelectOntheNetworkandclickonContinue.
SelectCalDAV.
TypethefollowingURLintheURLfield:http://localhost/SOGo/dav/jdoe/Calendar/personal/
ClickonContinue.

AppleiCal
AppleiCalcanalsobeusedasaclientapplicationforSOGo.
ToconfigureitsoitworkswithSOGo,createanewaccountandspecify,astheAccountURL,an
URLsuchas:
http://localhost/SOGo/dav/jdoe/
NotethatthetrailingslashisimportantforAppleiCal3.

AppleAddressBook
SinceMacOSX10.6(SnowLeopard),AppleAddressBookcanbeconfiguredtouseSOGo.
Inordertomakethiswork,youmustaddanewvirtualhostinyourApacheconfigurationfileto
listenonport8800andhandlerequestscomingfromiOSdevices.
Thevirtualhostshouldbedefinedlike:

UsingSOGo

51

Chapter8

<VirtualHost *:8800>
RewriteEngine Off
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPassInterpolateEnv On
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
<Location />
Order allow,deny
Allow from all
</Location>
<Proxy http://127.0.0.1:20000>
RequestHeader set "x-webobjects-server-port" "8800"
RequestHeader set "x-webobjects-server-name" "acme.com:8800"
RequestHeader set "x-webobjects-server-url" "http://acme.com:8800"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
</Proxy>
ErrorLog /var/log/apache2/ab-error.log
CustomLog /var/log/apache2/ab-access.log combined
</VirtualHost>
ThisconfigurationisalsorequiredifyouwanttoconfigureaCardDAVaccountonanAppleiOS
device(version4.0andlater).

MicrosoftActiveSync/MobileDevices
Youcansynchronizecontacts,emails,eventsandtasksfromSOGowithanymobiledevicesthat
supportMicrosoftActiveSync.MicrosoftOutlook2013isalsosupported.
The Microsoft ActiveSync server URL is generally something like: http://localhost/Microsoft-Active-Sync.

UsingSOGo

52

Chapter9

Upgrading

ThissectiondescribeswhatneedstobedonewhenupgradingtothecurrentversionofSOGofrom
thepreviousrelease.
2.2.8
Theconfigurationconfigurationparameterswererenamed:
SOGoMailMessageCheckwasreplacedwithSOGoRefreshViewCheck
SOGoMailPollingIntervalswasreplacedwithSOGoRefreshViewIntervals
Backwardcompatibilityisinplacefortheoldpreferencesvalues.
2.0.5
Theconfigurationisnowstoredin/etc/sogo/sogo.conf.Performthefollowingcommandsas
roottomigrateyourprevioususerdefaults:
install -d -m 750 -o sogo -g sogo /etc/sogo
sudo -u sogo sogo-tool dump-defaults > /etc/sogo/sogo.conf
chown root:sogo /etc/sogo/sogo.conf
chmod 640 /etc/sogo/sogo.conf
sudo -u sogo mv ~/GNUstep/Defaults/.GNUstepDefaults \
~/GNUstep/Defaults/GNUstepDefaults.old
2.0.4
TheparameterSOGoForceIMAPLoginWithEmailisnowdeprecatedandisreplacedbySOGoForceExternalLoginWithEmail(whichextendsthefunctionalitytoSMTPauthentication).Updateyour
configurationifyouusethisparameter.
Thesogouserisnowasystemuser.Fornewinstalls,thismeansthatsu - sogowontworkanymore.Pleaseusesudo -u sogo <cmd>instead.Ifusedinscriptsfromcronjobs,requirettymust
bedisabledinsudoers.
1.3.17
Runtheshellscriptsql-update-1.3.16_to_1.3.17.shorsql-update-1.3.16_to_1.3.17mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"cycleinfo"fieldofcalendartablestoalargersize.
1.3.12
OnceyouhaveupdatedandrestartedSOGo,runtheshellscriptsqlupdate-1.3.11_to_1.3.12.shorsql-update-1.3.11_to_1.3.12-mysql.sh(ifyouuseMySQL).
Thiswillgrowthe"content"fieldofcalendarandaddressbooktablestoalargersizeandfixthe
primarykeyofthesessiontable.
1.3.9

Upgrading

53

Chapter9
ForRedHat-baseddistributions,version1.23ofGNUstepwillbeinstalled.Sincethelocationof
theWebresourceschanges,theApacheconfigurationfile(SOGo.conf)hasbeenadapted.Verify
yourApacheconfigurationifyouhavecustomizedthisfile.

Upgrading

54

Chapter10

AdditionalInformation

Formoreinformation,pleaseconsulttheonlineFAQs(FrequentlyAskedQuestions):
http://www.sogo.nu/english/support/faq.html
Youcanalsoreadthemailingarchivesorpostyourquestionstoit.Fordetails,see:
https://lists.inverse.ca/sogo

AdditionalInformation

55

Chapter11

CommercialSupportandContact
Information

Foranyquestionsorcomments,donothesitatetocontactusbywritinganemailto:
support@inverse.ca
Inverse(http://inverse.ca)offersprofessionalservicesaroundSOGotohelporganizationsdeploy
thesolutionandmigratefromtheirlegacysystems.

CommercialSupport
andContactInformation

56