Kolab.org Groupware Solution

This HOWTO is for CentOS 6.5 and Kolab 3.2 Download the Kolab packages but don't run setup-kolab. Warning: This will not work if you follow this HOWTO: chwala (File Storing) Roundcube tasklist does not show created entries (Maybe a bug in Dovecot ... [More] , Tasklist plugin or configuration problem) Delegation Kolab Command-Line Interface! too much Roundcube bugs (I solved this with using nginx instead of httpd) At least Sieve and ACL are working. :) I hope this text helps others.. Dependencies # yum install mercurial # setup-kolab ldap Look for the Cyrus Administrator Passwort. It is needed for the config of the master user in Dovecot. Also Directory Manager password is needed later in this HOWTO. Install Dovecot 2.2.13 (stable at time of this HOWTO) Install and erase old dovecot # yum install dovecot # yum erase dovecot Build dependencies: # yum install gcc gcc-c kernel-devel make # yum install autoconf automake libtool pkg-config gettext # yum install openssl-devel openldap-devel # mkdir -p /root/dovecot && cd /root/dovecot # hg clone http://hg.dovecot.org/dovecot-2.2/ && cd dovecot-2.2 && hg update -r c55c660d6e9d # ./autogen.sh # ./configure --enable-maintainer-mode --with-ldap --sysconfdir=/etc --prefix=/usr --localstatedir=/var --with-ssl=openssl # make # make install Dovecot Startscript Start Dovecot at boot: http://wiki2.dovecot.org/DovecotInit Install Pigeonhole for Sieve filtering # cd /root/dovecot # hg clone http://hg.rename-it.nl/dovecot-2.2-pigeonhole/ && cd dovecot-2.2-pigeonhole && hg update -r 1c6130ff5dd6 # ./autogen.sh # ./configure --with-dovecot=../dovecot-2.2 --sysconfdir=/etc --prefix=/usr --localstatedir=/var # make # make install Create vmail user # groupadd -g 5000 vmail # useradd -g vmail -u 5000 vmail -d /var/vmail -m -s /sbin/nologin Dovecot configuration # cp -rf /usr/share/doc/dovecot/example-config/* /etc/dovecot/ Dovecot master user For the htpasswd command use the password for cyrus-admin from the setup-kolab ldap. # htpasswd -c -s /etc/dovecot/master-users cyrus-admin When asked for New password type in the password of the cyrus admin twice. # chown dovecot:dovecot /etc/dovecot/master-users # chmod 600 /etc/dovecot/master-users Edit /etc/dovecot/conf.d/auth-master.conf.ext # Authentication for master users. Included from 10-auth.conf. # By adding master=yes setting inside a passdb you make the passdb a list # of "master users", who can log in as anyone else. # <doc/wiki/Authentication.MasterUsers.txt> # Example master user passdb using passwd-file. You can use any passdb though. auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/master-users master = yes pass = yes } passdb { driver = shadow } userdb { driver = passwd } Dovecot Auth Edit conf.d/10-auth.conf write # in front of !include auth-system.conf.ext and remove the # before ldap and master Dovecot LMTP and Auth add lmtp to protocols in /etc/dovecot/dovecot.conf /etc/dovecot/conf.d/10-master.conf service lmtp { executable = lmtp unix_listener /var/spool/postfix/private/dovecot-lmtp { user = postfix group = postfix mode = 0660 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } In same file uncomment the lines under Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } Dovecot metadata In /etc/dovecot.conf add imap_metadata = yes mail_attribute_dict = file:Maildir/dovecot-metadata Dovecot SSL # mkdir -p /etc/ssl/private # openssl req -newkey rsa:4096 -x509 -days 1000 -nodes -out "/etc/ssl/certs/dovecot.pem" -keyout "/etc/ssl/private/dovecot.pem" Dovecot ldap Edit dnpass = in this file to the Password of the Directory Manager. /etc/dovecot/dovecot-ldap.conf.ext # This file is commonly accessed via passdb {} or userdb {} section in # conf.d/auth-ldap.conf.ext # This file is opened as root, so it should be owned by root and mode 0600. # # http://wiki2.dovecot.org/AuthDatabase/LDAP # # NOTE: If you're not using authentication binds, you'll need to give # dovecot-auth read access to userPassword field in the LDAP server. # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should # already be something like this: # access to attribute=userPassword # by dn="<dovecot's dn>" read # add this # by anonymous auth # by self write # by * none # Space separated list of LDAP hosts to use. host:port is allowed too. hosts = localhost # LDAP URIs to use. You can use this instead of hosts list. Note that this # setting isn't supported by all LDAP libraries. #uris = # Distinguished Name - the username used to login to the LDAP server. # Leave it commented out to bind anonymously (useful with auth_bind=yes). dn = cn=Directory Manager # Password for LDAP server, if dn is specified. dnpass = PASSWORD # Use SASL binding instead of the simple binding. Note that this changes # ldap_version automatically to be 3 if it's lower. Also note that SASL binds # and auth_bind=yes don't work together. #sasl_bind = no # SASL mechanism name to use. #sasl_mech = # SASL realm to use. #sasl_realm = # SASL authorization ID, ie. the dnpass is for this "master user", but the # dn is still the logged in user. Normally you want to keep this empty. #sasl_authz_id = # Use TLS to connect to the LDAP server. #tls = no # TLS options, currently supported only with OpenLDAP: #tls_ca_cert_file = #tls_ca_cert_dir = #tls_cipher_suite = # TLS cert/key is used only if LDAP server requires a client certificate. #tls_cert_file = #tls_key_file = # Valid values: never, hard, demand, allow, try #tls_require_cert = # Use the given ldaprc path. #ldaprc_path = # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h. # -1 = everything. You may need to recompile OpenLDAP with debugging enabled # to get enough output. #debug_level = -1 # Use authentication binding for verifying password's validity. This works by # logging into LDAP server using the username and password given by client. # The pass_filter is used to find the DN for the user. Note that the pass_attrs # is still used, only the password field is ignored in it. Before doing any # search, the binding is switched back to the default DN. auth_bind = no # If authentication binding is used, you can save one LDAP request per login # if users' DN can be specified with a common template. The template can use # the standard %variables (see user_filter). Note that you can't # use any pass_attrs if you use this setting. # # If you use this setting, it's a good idea to use a different # dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as # the filename is different in userdb's args). That way one connection is used # only for LDAP binds and another connection is used for user lookups. # Otherwise the binding is changed to the default DN before each user lookup. # # For example: # auth_bind_userdn = cn=%u,ou=people,o=org # #auth_bind_userdn = # LDAP protocol version to use. Likely 2 or 3. #ldap_version = 3 # LDAP base. %variables can be used here. # For example: dc=mail, dc=example, dc=org base = dc=example, dc=org # Dereference: never, searching, finding, always #deref = never deref = searching # Search scope: base, onelevel, subtree scope = subtree # User attributes are given in LDAP-name=dovecot-internal-name list. The # internal names are: # uid - System UID # gid - System GID # home - Home directory # mail - Mail location # # There are also other special fields which can be returned, see # http://wiki2.dovecot.org/UserDatabase/ExtraFields #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_attrs =uid= mail,uid=home=/var/vmail/%d/%{ldap:uid} # Filter for user lookup. Some variables can be used (see # http://wiki2.dovecot.org/Variables for full list): # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if user there's no domain #user_filter = (&(objectClass=posixAccount)(uid=%u)) #user_filter = (|(&((uid=%u))(&(|(uid=%n)(mail=%u))(objectclass=kolabinetorgperson))) #user_filter = (&(|(uid=%n)(mail=%u))(objectclass=kolabinetorgperson)) user_filter = (|(uid=%n)(mail=%u)) # Password checking attributes: # user: Virtual user name (user@domain), if you wish to change the # user-given username to something else # password: Password, may optionally start with {type}, eg. {crypt} # There are also other special fields which can be returned, see # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields #pass_attrs = uid=user,userPassword=password pass_attrs = uid=user,userPassword=password,=user=%{ldap:mail} # If you wish to avoid two LDAP lookups (passdb userdb), you can use # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll # also have to include user_attrs in pass_attrs field prefixed with "userdb_" # string. For example: #pass_attrs = uid=user,userPassword=password,\ # homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid # Filter for password lookups #pass_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_filter = (&(|(uid=%n)(mail=%u))(objectclass=kolabinetorgperson)) pass_filter = (|(uid=%n)(mail=%u)) # Attributes and filter to get a list of all users #iterate_attrs = uid=user #iterate_filter = (objectClass=posixAccount) iterate_attrs = uid=user iterate_filter = (objectClass=kolabinetorgperson) # Default password scheme. "{scheme}" before password overrides this. # List of supported schemes is in: http://wiki2.dovecot.org/Authentication #default_pass_scheme = CRYPT default_pass_scheme = SSHA Dovecot 10-mail.conf mail_uid = 5000 mail_gid = 5000 mail_location = maildir:~/Maildir Postfix main.cf replace lines with ".pem" with smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem smtpd_tls_key_file=/etc/ssl/private/dovecot.pem SASL auth via dovecot. add to main.cf: smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes Kolab setup # setup-kolab mysql # setup-kolab php # setup-kolab mta # setup-kolab kolabd # setup-kolab roundcube # setup-kolab syncroton # setup-kolab freebusy LMTP edit /etc/postfix/ldap/transport_maps.cf result_format = lmtp:unix:private/dovecot-lmtp Dovecot ACL for sharing mailboxes in 10-mail.conf change (if empty) mail_plugins to mail_plugins = $mail_plugins acl add to doveconf.conf protocol imap { mail_plugins = $mail_plugins imap_acl } plugin { # Without global ACLs: acl = vfile # With global ACL files in /etc/dovecot/dovecot-acls file (v2.2.11 ): #acl = vfile:/etc/dovecot/dovecot-acl # With global ACLs in /etc/dovecot/acls/ directory (obsolete): #acl = vfile:/etc/dovecot/acls } Edit 10-mail.conf. Search for namespace inbox and change the seperator to / Search for "shared namespace configuration". Also change seperator to / and prefix = "Shared Folders/%%u/" and location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u Don't change the prefix Shared Folders or Roundcube won't recognize this as a shared folder for calendars or other types. Example configuration: namespace inbox { # Namespace type: private, shared or public #type = private # Hierarchy separator to use. You should use the same separator for all # namespaces or some clients get confused. '/' is usually a good one. # The default however depends on the underlying mail storage format. separator = / # Prefix required to access this namespace. This needs to be different for # all namespaces. For example "Public/". #prefix = # Physical location of the mailbox. This is in same format as # mail_location, which is also the default for it. #location = # There can be only one INBOX, and this setting defines which namespace # has it. inbox = yes # If namespace is hidden, it's not advertised to clients via NAMESPACE # extension. You'll most likely also want to set list=no. This is mostly # useful when converting from another server with different namespaces which # you want to deprecate but still keep working. For example you can create # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/". #hidden = no # Show the mailboxes under this namespace with LIST command. This makes the # namespace visible for clients that don't support NAMESPACE extension. # "children" value lists child mailboxes, but hides the namespace prefix. #list = yes # Namespace handles its own subscriptions. If set to "no", the parent # namespace handles them (empty prefix should always have this as "yes") #subscriptions = yes } # Example shared namespace configuration namespace { type = shared separator = / # Mailboxes are visible under "shared/user@domain/" # %%n, %%d and %%u are expanded to the destination user. #prefix = shared/%%u/ #Kolab Prefix prefix = "Shared Folders/%%u/" # Mail location for other users' mailboxes. Note that %variables and ~/ # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the # destination user's data. location = "maildir:%%h/Maildir:INDEX=~/Maildir/Shared Folders/%%u" # Use the default namespace for saving subscriptions. #subscriptions = no # List the shared/ namespace only if there are visible shared mailboxes. list = children } # chown vmail:vmail /var/lib/dovecot # mkdir -p /var/lib/dovecot/db # chown vmail:vmail /var/lib/dovecot/db # chmod 0770 /var/lib/dovecot/db # touch /var/lib/dovecot/db/shared-mailboxes.db # chown vmail:vmail /var/lib/dovecot/db/shared-mailboxes.db Configure in conf.d/90-acl.conf if you want users to be able to share to users of all domains plugin { acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db } For multiple separated databases or to allow users to share to anyone: http://wiki2.dovecot.org/SharedMailboxes/Shared Edit 10-master.conf look for auth-userdb and change it to this unix_listener auth-userdb { #mode = 0666 user = vmail group = vmail } In 10-master.conf look for service dict change to: service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #0600 mode = 0666 user = vmail group = vmail } } Dovecot sieve Edit 90-sieve.conf change the following sieve = ~/.dovecot.sieve sieve_dir = ~/sieve Edit 20-managesieve.conf Uncomment protocols = $protocols sieve Uncomment and edit: service managesieve-login { inet_listener sieve { address = 127.0.0.1 ::1 port = 4190 } #inet_listener sieve_deprecated { # port = 2000 #} # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = 64M } service managesieve { # Max. number of ManageSieve processes (connections) #process_limit = 1024 } Since my managesieve only listens to localhost I had to edit /usr/share/roundcubemail/plugins/managesieve/config.inc.php $config['managesieve_host'] = '127.0.0.1'; Edit Dovecot's 15-lda.conf and add sieve to mail_plugins protocol lda { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins sieve } Edit Dovecot's 15-lmtp.conf and add sieve to mail_plugins protocol lda { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins sieve } References http://kolab.org/blog/grote/2013/03/19/using-kolab-dovecot-imap-server (Mihai Badici's blog entry)   [Less]

Create the file /etc/postfix/ldap/virtual_alias_maps_catchall.cf server_host = localhost server_port = 389 version = 3 search_base = dc=example,dc=org scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = ... [More] uid=kolab-service,ou=Special Users,dc=example,dc=org bind_pw = PASSWORD_FROM_kolab-service query_filter = (&(alias=catchall@%d)(objectclass=kolabinetorgperson)) result_attribute = mail Change dc=example,dc=org twice and the password in this file. Then edit /etc/postfix/main.cf add , ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf at the end of virtual_alias_maps In the kolab-webadmin page you can now add a new alias called [email protected] References http://whvneo.blogspot.de/p/catchall.html   [Less]

After a longer period of time I have decided to install Kolab and use it as personal information manager. Installation process went as expected up to the point where setup process tried to install Roundcube database and failed miserably. Source of ... [More] the problem The problem can be easily identified by the error messages returned by the setup process. Follow the example below to see MySQL errors at the very end. # setup-kolab Please supply a password for the LDAP administrator user 'admin', used to login to the graphical console of 389 Directory server. Administrator password [Sii79iQyU3gkHN3]: Please supply a password for the LDAP Directory Manager user, which is the administrator user you will be using to at least initially log in to the Web Admin, and that Kolab uses to perform administrative tasks. Directory Manager password [nNQAwQVnSDRzSUq]: Please choose the system user and group the service should use to run under. These should be existing, unprivileged, local system POSIX accounts with no shell. User [dirsrv]: Group [dirsrv]: This setup procedure plans to set up Kolab Groupware for the following domain name space. This domain name is obtained from the reverse DNS entry on your network interface. Please confirm this is the appropriate domain name space. sleeplessbeastie.eu [Y/n]: The standard root dn we composed for you follows. Please confirm this is the root dn you wish to use. dc=sleeplessbeastie,dc=eu [Y/n]: Setup is now going to set up the 389 Directory Server. This may take a little while (during which period there is no output and no progress indication). [..] Please supply a Cyrus Administrator password. This password is used by Kolab to execute administrative tasks in Cyrus IMAP. You may also need the password yourself to troubleshoot Cyrus IMAP and/or perform other administrative tasks against Cyrus IMAP directly. Cyrus Administrator password [qolmP-8qsQAiPRe]: Please supply a Kolab Service account password. This account is used by various services such as Postfix, and Roundcube, as anonymous binds to the LDAP server will not be allowed. Kolab Service password [yp48IyJvn8rd12H]: [..] What MySQL server are we setting up? - 1: Existing MySQL server (with root password already set). - 2: New MySQL server (needs to be initialized). Choice: 1 Please supply the root password for MySQL, so we can set up user accounts for other components that use MySQL. MySQL root password: Please supply a password for the MySQL user 'kolab'. This password will be used by Kolab services, such as the Web Administration Panel. MySQL kolab password [LAOv8Gmn2l1Gs-G]: Please supply the timezone PHP should be using. You have to use a Continent or Country / City locality name like 'Europe/Berlin', but not just 'CEST'. Timezone ID [UTC]: Please supply a password for the MySQL user 'roundcube'. This password will be used by the Roundcube webmail interface. MySQL roundcube password [yP7R_m4wJVcNiDW]: ERROR 1005 (HY000) at line 9: Can't create table 'roundcube.kolab_alarms' (errno: 150) ERROR 1146 (42S02) at line 179: Table 'roundcube.system' doesn't exist [..] These errors are generated due to the following code inside /usr/share/pyshared/pykolab/setup/setup_roundcube.py file. schema_files = [] for root, directories, filenames in os.walk('/usr/share/doc/'): for directory in directories: if directory.startswith("roundcubemail"): for root, directories, filenames in os.walk(os.path.join(root, directory)): for filename in filenames: if filename.startswith('mysql.initial') and filename.endswith('.sql'): schema_filepath = os.path.join(root,filename) if not schema_filepath in schema_files: schema_files.append(schema_filepath) break break I assume that its goal is to recursively find every mysql.initial*.sql file inside /usr/share/doc/roundcubemail*/ directories. Finding the solution First approach - Problem identification Copy the earlier mentioned code to the disctinct script and slightly modify it to output additional information. $ cat first_code_check.py import os schema_files = [] for root, directories, filenames in os.walk('/usr/share/doc/'): for directory in directories: if directory.startswith("roundcubemail"): print "-> " + directory + " (" + root + ")" for root, directories, filenames in os.walk(os.path.join(root, directory)): for filename in filenames: print " \ " + filename if filename.startswith('mysql.initial') and filename.endswith('.sql'): schema_filepath = os.path.join(root,filename) if not schema_filepath in schema_files: schema_files.append(schema_filepath) It is easy to notice the problem after the script execution - the root variable inside third for loop is messing with future iterations. $ python first_code_check.py -> roundcubemail-plugins-kolab (/usr/share/doc/) \ changelog.Debian.gz \ copyright -> roundcubemail-plugin-threadingasdefault (/usr/share/doc/roundcubemail-plugins-kolab) -> roundcubemail (/usr/share/doc/roundcubemail-plugins-kolab) Second approach - Python script The most obious fix is to rename second occurence of the root variable. $ cat second_code_check.py import os schema_files = [] for root, directories, filenames in os.walk('/usr/share/doc/'): for directory in directories: if directory.startswith("roundcubemail"): print "-> " + directory + "(" + root + ")" for nested_root, directories, filenames in os.walk(os.path.join(root, directory)): for filename in filenames: print " \ " + filename if filename.startswith('mysql.initial') and filename.endswith('.sql'): schema_filepath = os.path.join(nested_root,filename) if not schema_filepath in schema_files: schema_files.append(schema_filepath) print " ! added schema file" Simple test reveals that it works as expected. $ python second_code_check.py -> roundcubemail-plugins-kolab(/usr/share/doc/) \ changelog.Debian.gz \ copyright -> roundcubemail-plugin-threadingasdefault(/usr/share/doc/) \ changelog.Debian.gz \ copyright -> roundcubemail(/usr/share/doc/) \ mysql.initial.sql ! added schema file \ mssql.initial.sql \ README.md \ sqlite.initial.sql \ changelog.Debian.gz \ copyright \ postgres.initial.sql -> roundcubemail-plugin-contextmenu(/usr/share/doc/) \ changelog.gz \ changelog.Debian.gz \ copyright Second approach - Path --- /usr/share/pyshared/pykolab/setup/setup_roundcube.py.orig 2014-06-21 18:43:40.975058719 +0200 +++ /usr/share/pyshared/pykolab/setup/setup_roundcube.py 2014-06-21 19:12:46.957149746 +0200 @@ -139,16 +139,13 @@ for root, directories, filenames in os.walk('/usr/share/doc/'): for directory in directories: if directory.startswith("roundcubemail"): - for root, directories, filenames in os.walk(os.path.join(root, directory)): + for nested_root, directories, filenames in os.walk(os.path.join(root, directory)): for filename in filenames: if filename.startswith('mysql.initial') and filename.endswith('.sql'): - schema_filepath = os.path.join(root,filename) + schema_filepath = os.path.join(nested_root,filename) if not schema_filepath in schema_files: schema_files.append(schema_filepath) - break - break - if os.path.isdir('/usr/share/roundcubemail'): rcpath = '/usr/share/roundcubemail/' elif os.path.isdir('/usr/share/roundcube'): Third approach - Python script This could be simplified a bit by replacing problematic os.walk call. $ cat third_code_check.py import os import fnmatch schema_files = [] for root, directories, filenames in os.walk('/usr/share/doc/'): for directory in directories: if directory.startswith("roundcubemail"): print "-> " + directory + "(" + root + ")" for filename in os.listdir(os.path.join(root, directory)): if fnmatch.fnmatch(filename, 'mysql.initial*.sql'): schema_filepath = os.path.join(root,directory,filename) if not schema_filepath in schema_files: schema_files.append(schema_filepath) print " \ " + filename $ python third_code_check.py -> roundcubemail-plugins-kolab (/usr/share/doc/) -> roundcubemail-plugin-threadingasdefault (/usr/share/doc/) -> roundcubemail (/usr/share/doc/) \ mysql.initial.sql -> roundcubemail-plugin-contextmenu (/usr/share/doc/) Third approach - Patch --- /usr/share/pyshared/pykolab/setup/setup_roundcube.py.orig 2014-06-21 18:43:40.975058719 +0200 +++ /usr/share/pyshared/pykolab/setup/setup_roundcube.py 2014-06-21 19:43:14.235162418 +0200 @@ -20,6 +20,7 @@ from Cheetah.Template import Template import hashlib import os +import fnmatch import random import re import subprocess @@ -139,15 +140,11 @@ for root, directories, filenames in os.walk('/usr/share/doc/'): for directory in directories: if directory.startswith("roundcubemail"): - for root, directories, filenames in os.walk(os.path.join(root, directory)): - for filename in filenames: - if filename.startswith('mysql.initial') and filename.endswith('.sql'): - schema_filepath = os.path.join(root,filename) - if not schema_filepath in schema_files: - schema_files.append(schema_filepath) - - break - break + for filename in os.listdir(os.path.join(root, directory)): + if fnmatch.fnmatch(filename, 'mysql.initial*.sql'): + schema_filepath = os.path.join(root,directory,filename) + if not schema_filepath in schema_files: + schema_files.append(schema_filepath) if os.path.isdir('/usr/share/roundcubemail'): rcpath = '/usr/share/roundcubemail/' Fourth approach - Python script This code can be simplified further by not reading directories recursively. $ cat fourth_code_check.py import os import fnmatch import glob schema_files = [] for directory in glob.glob('/usr/share/doc/roundcubemail*'): print "-> " + directory for filename in os.listdir(directory): if fnmatch.fnmatch(filename, 'mysql.initial*.sql'): schema_filepath = os.path.join(directory,filename) if not schema_filepath in schema_files: schema_files.append(schema_filepath) print " \ " + filename $ python fourth_code_check.py -> roundcubemail-plugins-kolab (/usr/share/doc/) -> roundcubemail-plugin-threadingasdefault (/usr/share/doc/) -> roundcubemail (/usr/share/doc/) \ mysql.initial.sql -> roundcubemail-plugin-contextmenu (/usr/share/doc/) Fourth approach - Patch --- /usr/share/pyshared/pykolab/setup/setup_roundcube.py.orig 2014-06-21 18:43:40.975058719 +0200 +++ /usr/share/pyshared/pykolab/setup/setup_roundcube.py 2014-06-21 19:59:42.380040035 +0200 @@ -20,6 +20,8 @@ from Cheetah.Template import Template import hashlib import os +import glob +import fnmatch import random import re import subprocess @@ -136,18 +138,12 @@ fp.close() schema_files = [] - for root, directories, filenames in os.walk('/usr/share/doc/'): - for directory in directories: - if directory.startswith("roundcubemail"): - for root, directories, filenames in os.walk(os.path.join(root, directory)): - for filename in filenames: - if filename.startswith('mysql.initial') and filename.endswith('.sql'): - schema_filepath = os.path.join(root,filename) - if not schema_filepath in schema_files: - schema_files.append(schema_filepath) - - break - break + for directory in glob.glob('/usr/share/doc/roundcubemail*'): + for filename in os.listdir(directory): + if fnmatch.fnmatch(filename, 'mysql.initial*.sql'): + schema_filepath = os.path.join(directory,filename) + if not schema_filepath in schema_files: + schema_files.append(schema_filepath) if os.path.isdir('/usr/share/roundcubemail'): rcpath = '/usr/share/roundcubemail/' Ending notes I am not a Python developer. I wrote about this issue as it was an interesting way to learn about directory traversal and file filtering implemented in Python language. It is up to you to decide which solution is appropriate for you - for more recent information please read the official bug report.   [Less]

Wouldn’t it be great if Kontact would allow you to select a set of folders you’re interested in, that setting would automatically be respected by all your devices and you’d still be able to control for each individual folder whether it should be ... [More] visible and available offline? I’ll line out a system that allows you to achieve just that in a groupware environment. I’ll take Kolab and calendar folders as example, but the concept applies to all groupware systems and is just as well applicable to email or other groupware content. User Scenarios  Anna has access to hundreds of shared calendars, but she usually only uses a few selected ones. She therefore only has a subset of the available calendars enabled, that are shown to her in the calendar selection dialog, available for offline usage and also get synchronized to her mobile phone. If she realizes she no longer requires a calendar, she simply disables it and it disappears from the Kontact, the Webclient and her phone. Joe works with a small team that shares their calendars with him. Usually he only uses the shared team-calendar, but sometimes he wants to quickly check if they are in the office before calling them, and he’s often doing this in the train with unreliable internet connection. He therefore disables the team member’s calendars but still enables synchronization for them. This hides the calendars from all his devices, but he still can quickly enable them on his laptop while being offline. Fred has a mailing list folder that he always reads on his mobile, but never on his laptop. He keeps the folder enabled, but hides it on his laptop so his folder list isn’t unnecessarily cluttered. What these scenarios tell us is that we need a flexible mechanism to specify the folders we want to see and the folders we want synchronized. Additionally we want, in today’s world where we have multiple devices, to synchronize the selection of folders that are important to us. It is likely I’d like to see the calendar I have just enabled in Kontact also on my phone. However, we always want to keep the possibility to alter that default setting on specific devices. Current State If you’re using a Kolab Server, you can use IMAP subscriptions to control what folders you want to see on your devices. Kontact currently respects that setting in that it makes all folders visible and available for offline usage. Additionally you have local subscriptions to disable certain folders (so they are not downloaded or displayed) on a specific device. That is not very flexible though, and personally I ended up having pretty much all folders enabled that I ever used, leading to cluttered folder selections and lot’s of bandwith and storage space used to keep everything available offline. To change the subscription state, KMail offers to open the IMAP-subscription dialog which allows to toggle the subscription state of individual folders. This works, but is not well integrated (it’s a separate dialog), and is also not well integrable since it’s IMAP specific. Because the solution is not well integrated, it tends to be rather static in my experience. I tend to subscribe to all folders that I ever use, which results in a very long and cluttered folder-list. A new integrated subscription system What would be much better, is if the back-end could provide a default setting that is synchronized to the server, and we could quickly enable or disable folders as we require them. Additionally we can override the default settings for each individual folder to optimize our setup as required. To make the system more flexible, while not unnecessarily complex, we need a per folder setting that allows to override a backend provided default value. Additionally we need an interface for applications to alter the subscription state through Akonadi (instead of bypassing it). This allows for a well integrated solution that doesn’t rely on a separate, IMAP-specific dialog. Each folder requires the following settings: An enabled/disabled state that provides the default value for synchronizing and displaying a folder. An explicit preference to synchronize a folder. An explicit preference to make a folder visible. A folder is visible if: There is an explicit preference that the folder is visible. There is no explicit preference on visibility and the folder is enabled. A folder is synchronized if: There is an explicit preference that the folder is synchronized. There is no explicit preference on synchronization and the folder is enabled. The resource-backend can synchronize the enabled/disabled state which should give a default experience as expected. Additionally it is possible to override that default state using the explicit preference on a per folder level. User Interaction By default you would be working with the enabled/disabled state, that is synchronized by the resource backend. If you enable a folder it becomes visible and synchronized, if you disable it, it becomes invisible and not synchronized. For the enabled/disabled state we can build a very easy user interface, as it is a single boolean state, that we can integrate into the primary UI. Because the enabled/disabled state is synchronized, an enabled calendar will automatically appear on your MyKolab.com web interface and your mobile. One click, and you’re all set. Example mockup of folder sync properties In the advanced settings, you can then override visibility and synchronization preference at will as a local-only setting, giving you full flexibility. This can be hidden in a properties dialog, so it doesn’t clutter the primary UI. This makes the default usecase very simple to use (you either want a folder or you don’t want it), while we keep full flexibility in overriding the default behaviour. IMAP Synchronization The IMAP resource will synchronize the enabled/disabled state with IMAP subscriptions if you have subscriptions enabled in the resource. This way we can use the enabled/disabled state as interface to change the subscriptions, and don’t have to use a separate dialog to toggle that state. Interaction with existing mechanisms This mechanism can probably replace local subscriptions eventually. However, in order not to break existing setups I plan to leave local subscriptions working as they currently are. Conclusion By implementing this proposal we get the required flexibility to make sure the resources of our machine are optimally used, while different clients still interact with each other as expected. Additionally we gain a uniform interface to enable/disable a collection that can be synchronized by backends (e.g. using the IMAP subscription state). This will allow applications to nicely integrate this setting, and should therefore make this feature a lot easier to use and overall more agile. New doors are opened as this will enable us to do on-demand loading of folders. By having the complete folder list available locally (but disabled by default and thus hidden), we can use the collections to load their content temporarily and on-demand. Want to quickly look at that shared calendar you don’t have enabled? Simply search for it and have a quick look, the data is synchronized on-demand and the folder is as quickly gone as you found it, once it is no longer required. This will diminish the requirement to have folders constantly clutter your folder list even further. So, what do you think?   [Less]

This is the first service release to update the stable version 1.0. It contains some important bug fixes and improvements, mainly a fix for the unintentional redirect from the compose page in Google Chrome which started to happen after a recent ... [More] Chrome update. It’s considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from roundcube.net/download, see the full changelog here. Please note that the update includes a small database schema change so make sure you run the update script.   [Less]

Kolab is an excellent open source messaging and collaboration suite, the installation of which I discussed in a previous post. Currently, there is one feature missing from the Kolab suite and that is the ability to send instant messages (IM) between ... [More] authenticated Kolab users or even outside of the domain. This is where ejabbered comes in. The following is a summary of how you can integrate ejabberd into a Kolab system running on CentOS 6.5 As Kolab is already installed, there is no need to add the EPEL repository used to host the ejabbered .rpm installer. Installation is as simple as: sudo yum install ejabberd Ejabbered is written in Erlang and is configured by editing /etc/ejabbered/ejabberd.cfg sudo nano /etc/ejabberd/ejabberd.cfg Search for the following code and edit accordingly: %%{auth_method, internal}. change to {auth_method, ldap}. Search for the remaining lines of code ('ctrl' 'w' in nano) and change them to fit your environment: {ldap_servers, ["localhost"]}. {ldap_port, 389}. {ldap_rootdn, "cn=Directory Manager"}. {ldap_password, "the_password_you_set_during_kolab_install_for_ldap"}. {ldap_filter, "(objectClass=mailrecipient)"}. {ldap_uids, [{"alias", "%u@%d"}]}. {acl, admin, {user, "admin", "yourdomain.org"}}. {hosts, ["yourdomain.org"]}. {ldap_base, "ou=People,dc=yourdomain,dc=org"}. Save the file by ctrl 'x' and then pressing 'y' (yes) and enter. Start ejabberd service sudo service ejabberd start Add ejabberd as a service to start at boot chkconfig ejabberd on Update iptables sudo iptables -I INPUT -ptcp --dport 5280 -j ACCEPT sudo iptables -I INPUT -ptcp --dport 5222 -j ACCEPT sudo service iptables save sudo service iptables restart You should now be able to login with your IM client such as Jitsi or Pidgin. As ejabberd is set to use ldap_uids with 'alias' you can login with an alias instead of [email protected] You now have an excellent communication and collaboration system. Voice, video, email, IM, calendar, address book, file share. Source code freely available, so adapt to your requirements. Original credit goes to Andreas Cordes for assistance with ldap authentication with ejabberd.   [Less]

Since now I'm using +Kolab on my +Raspberry Pi  for 100 days. Syncroton (Active-Sync) is working like a charme, access to my files via WebDav is also working. After changing the webserver from +Apache  to +Nginx the performance in using roundcube ... [More] is now ok and after the logrotate during midnight I had no sync problems any more with my mobile. Power consumption is below 3W so it costs only about 7€ per year (0,60€ per month) which is really cheap. Ok you have to add 1€ per month for the domain if you use +regfish for the domain.  A few days ago I exported all my contacts hosted on the google server and imported them into Kolab.  So if you don't like to let google know the phone number from your grandma and so on it's up to you to change this and get your own groupware on your server at your home :-) BTW you can do a lot of other things with your Raspberry Pi. Greetz   [Less]

Communication, collaboration and dissemination of ideas is an important part of learning and I happen to believe that learning to build systems that enhance communication leads to a better understanding of the whole communication process, especially ... [More] in this age of all things connected, all the time. Kolab is a collection of a number of mature open source projects, which enables you to build a very powerful communication platform whilst maintaining full control of the system. The installation, configuration and management can be delegated to individuals or groups within the learning environment and this system can scale from a small user base such as a single class to a whole institution. Big thank you to the Kolab community for such a great product! This post will document installing and configuring Kolab 3.2 on CentOS 6.5 Kolab is a collection of opensource projects packaged together to make a unified system. I have a lot of experience with the many parts that make Kolab - Roundcube, Postfix, Cyrus etc and Kolab strives to bring them all together into one manageable install with a central web administration interface for the directory server (LDAP) used for domain and user management. For installation I mainly followed 2 different guides, here (English) and here (German). Many thanks to them! Firstly and most importantly, your server needs to have correctly configured DNS and MX records. Without these, nothing will work. Secondly, you need to have your server hostname set correctly. I would also highly recommend setting up on a freshly installed and updated CentOS system. [user@kolab ~]$ hostname -f kolab.dsp3.org My server resolves to kolab.dsp3.org When the kolab installer runs, it will check to see that your hostname is resolvable by public DNS. I have reverse DNS set to resolve back to the domain from which I will be sending email. In this case @dsp3.org You should check "/etc/sysconfig/network" and "/etc/hosts" before you begin installation to save yourself a lot of headaches later on. [user@kolab ~]$ nano /etc/sysconfig/network HOSTNAME="kolab.dsp3.org" [user@kolab ~]$ nano /etc/hosts 94.156.77.58 kolab.dsp3.org kolab My server IP address 94.156.77.58 resolves to kolab.dsp3.org with a machine host called kolab. If everything is set, we can begin the installation. Firstly, install the Redhat EPEL repositories (x86_64) for 64 bit systems and then install the repo's needed for the Kolab packages. [user@kolab ~]$ sudo -i [sudo] password for user: [root@kolab ~]# cd /tmp [root@kolab tmp]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@kolab tmp]# wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm [root@kolab tmp]# rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm [root@kolab tmp]# rm -rf remi-release-6*.rpm epel-release-6*.rpm [root@kolab tmp]# yum update [root@kolab tmp]# cd /etc/yum.repos.d/ [root@kolab yum.repos.d]# wget http://obs.kolabsys.com:82/Kolab:/3.2/CentOS_6/Kolab:3.2.repo [root@kolab yum.repos.d]# wget http://obs.kolabsys.com:82/Kolab:/3.2:/Updates/CentOS_6/Kolab:3.2:Updates.repo [root@kolab yum.repos.d]# yum install kolab There is a bug in the current installer for CentOS, so a small edit is required before completing setup. [root@kolab yum.repos.d]# nano /usr/lib/python2.6/site-packages/pykolab/setup/setup_mta.py Find the following code: if os.path.isdir('/etc/amavisd'): fp = open('/etc/amavisd/amavisd.conf', 'w') elif os.path.isdir('/etc/amavis'): fp = open('/etc/amavis/amavisd.conf', 'w') fp.write(t.__str__()) fp.close() and replace it with the following: if os.path.isdir('/etc/amavisd'): fp = open('/etc/amavisd/amavisd.conf', 'w') fp.write(t.__str__()) fp.close() elif os.path.isdir('/etc/amavis'): fp = open('/etc/amavis/amavisd.conf', 'w') fp.write(t.__str__()) fp.close() The installer may have displayed an error regarding missing pykolab.log which can be fixed with the following: [root@kolab yum.repos.d]# chown root:root /var/log/kolab/pykolab.log Now we can run the setup script: [root@kolab yum.repos.d]# setup-kolab Go ahead and follow the onscreen prompts, either accepting the passwords generated for each part (and noting them down for future reference!) or supplying your own. The most important part to pay attention to is as follows: This setup procedure plans to set up Kolab Groupware for the following domain name space. This domain name is obtained from the reverse DNS entry on your network interface. Please confirm this is the appropriate domain name space. dsp3.org [Y/n]: y The standard root dn we composed for you follows. Please confirm this is the root dn you wish to use. dc=dsp3,dc=org [Y/n]: y Please ensure this matches the primary domain from which your users will be sending mail from (the part after '@'). Congratulations. You are almost finished. There was one final gotcha that I encountered, which can be fixed by editing the config.inc.php file found in /etc/roundcubemail/ [root@kolab yum.repos.d]# nano /etc/roundcubemail/config.inc.php Find the following section: // Plugins $config['plugins'] = array( and comment out the section on 'kolab_files' so that it looks like this: // 'kolab_files', This will disable Chwala, the new file storage componenet which didn't work for me in my environment. Save and restart apache. service httpd restart Open a browser and navigate to your domain adding /kolab-webadmin to the end of the url. You should be presented with this: You must login with the credential you supplied during setup. You are now ready to add users Finally, I would recommend having a look at securing your Kolab server In a later post, I will describe the setup of ejabbered and how to integrate it with the Kolab ldap server.   [Less]

Hello, yesterday I needed the functionality of storing files in +Kolab. I found out that this does not work on my installation. This is a known bug in cyrus. ... [More] https://lists.kolabsys.com/pipermail/packaging-commits/2012-November/007932.htmlhttps://bugzilla.cyrusimap.org/show_bug.cgi?id=3754 Raspbian does not have an updated package :-( so I started the compile issue again but now for a raspbian package. To do the changes I downloaded the package cyrus-imapd and tried to compile like I did for all the +Kolab packages. But that didn't fix the error because I had to modify imap/message.c. Ok, googling showed me that I have to use the right method with quilt. So here are the instructions apt-get -y source cyrus-imapdapt-get -y build-dep cyrus-imapdcd cyrus-imapd-2.4-2.4.16quilt push -aquilt new failed_asserting_during_appendquilt add imap/message.c Edit the file imap/message.c. In line 389 add the line: message_guid_generate(&(*body)->guid, msg.base, msg.len); And continue with the following commands quilt refreshdebuild -us -uc -b and now go for coffee break :-) After less than 2 hours you can install the new package. cd ..dpkg -i cyrus-imapd-2.4_2.4.16-4+deb7u1_all.deb  To get the indexes working on the existing files you have to reconstruct the mailboxes with the following command: cyrreconstruct -C /etc/imapd.conf -r 'user/name/Files@domain' You can also mount the files in Windows. For me only the command line is working. So click on Start->run (or press Windows-R) and enter the following command: net use x: https://example.com/iRony/files/ YourPasswordGoesHere /user:[email protected] The impatient people can you use my prebuild package on my APT-Repo deb http://kolab-deb.zion-contro.org /    greetz   [Less]

Hello, I create a new page with my nginx config to cover all changes and mods which I've done on my Raspberry Pi. The instructions are based on http://kolab.org/blog/grote/2013/07/08/using-kolab-3-nginx and ... [More] https://docs.kolab.org/howtos/nginx-webserver.html. So feel free to leave any comments and to get your Kolab running on your Pi with a bit more performance. More tuning tips are welcome. :-) greetz   [Less]