Back to the sea ; the Open Source Groupware (SOGo), episode XI

       1099 words, 6 minutes

Quoting SOGo: Open Source Groupware homepage: SOGo is groupware server with a focus on scalability and open standards. SOGo provides a rich AJAX-based Web interface and supports multiple native clients.

It is a set of access tools to your Mail, Calendar and Address book. It provides Webmail, a CalDAV and a CardDAV services. It also enables integration with native clients, like Mozilla Thunderbird, Microsoft Outlook and Apple Mail.

The difference with M$ Exchange is that it is Open Source software. The difference with Zafara or Zimbra is that it doesn’t come with its own backend ; it sits on top of some already running SMTP and IMAP servers.

Prerequisites

Quoting SOGo homepage: SOGo reuses your existing services such as Microsoft Active Directory, OpenLDAP, your SQL database, or even your IMAP server. This is why we installed the LDAP, SMTP and IMAP servers. Now that all those are working, let’s access them in the Web 2.0 way :p

The SOGo package for OpenBSD is quite new and requires -current.
So, first of all, upgrade the system to 4.8-current. And upgrade every package you already have.

Installation

SOGo can either use PostgreSQL or MySQL as a backend service. I’ll use MySQL.

SOGo is not (yet) available as binary packages.
We need to compile it from source:

# ftp http://ftp.openbsd.org/pub/OpenBSD/snapshots/ports.tar.gz
# tar xzf ports.tar.gz -C /usr/
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/sope-mysql-1.3.4p2.tgz
# cat >> /etc/rc.conf.local
multicast_host=YES
# ln -sf /usr/local/bin/python2.6 /usr/local/bin/python
# ln -sf /usr/local/bin/python2.6-config /usr/local/bin/python-config
# ln -sf /usr/local/bin/pydoc2.6  /usr/local/bin/pydoc
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/gmake-3.81p1.tgz
# pkg_add http://ftp.fr.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/libmemcached-0.44p0.tgz
# cd /usr/ports/www/sogo/
# make install clean-depends

Alternatively, if you did not compile SOGo on the production machine (which is a “best practice”), you may install the binary package: # pkg_add /usr/ports/packages/amd64/all/sogo-1.3.4p3.tgz

A README file is available here: /usr/local/share/doc/pkg-readmes/sogo-1.3.4p3.
It explains the requirements and differences that apply to an OpenBSD installation.

Configuration

A _sogo user has been created. It will be used to store SOGo’s configuration. The complete SOGo configuration file is located here: /var/sogo/GNUstep/Defaults/.GNUstepDefaults

SOGo’s configuration is manageable in the GNUstep way:

# su - _sogo
$ cat >> .profile
export PS1="`whoami`@`hostname -s` $ "
$ defaults write sogod SOGoTimeZone "Europe/Paris"
$ defaults write sogod SOGoMailDomain "tumfatig.net"
$ defaults write sogod SOGoLanguage French
$ defaults write sogod SOGoAppointmentSendEMailNotifications YES
$ defaults write sogod SOGoFoldersSendEMailNotifications YES
$ defaults write sogod SOGoACLsSendEMailNotifications YES

LDAP authentication

The LDAP server has been created during last episodes.
The configuration looks like the Dovecot one:

# su - _sogo
$ defaults write sogod SOGoUserSources '({
type = ldap;
id = tumfatig;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users,dc=tumfatig,dc=net";
filter = "(objectClass=CourierMailAccount)";
bindDN = "cn=email,dc=tumfatig,dc=net";
bindPassword = "password";
hostname = "ldap.tumfatig.net";
port = 636;
encryption = SSL;
canAuthenticate = YES;
isAddressBook = YES;
displayName = "TuMFatig";
})'

The LDAP server should maintain indexes on the following fields : objectClass, cn, givenName, sn, mail, uid.

Database configuration

SOGo store things in a database. We chose MySQL:

# mysql -u root -p
mysql> CREATE DATABASE sogo CHARSET='UTF8';
Query OK, 1 row affected (0.45 sec)

mysql> GRANT ALL PRIVILEGES ON sogo.* TO sogo@bagheera.tumfatig.net IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.41 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.02 sec)

mysql> EXIT
Bye
# su - _sogo
$ defaults write sogod SOGoProfileURL 'mysql://sogo:pass@sql.tumfatig.net:3306/sogo/sogo_user_profile'
$ defaults write sogod OCSFolderInfoURL 'mysql://sogo:pass@sql.tumfatig.net:3306/sogo/sogo_folder_info'
$ defaults write sogod OCSEMailAlarmsFolderURL 'mysql://sogo:pass@sql.tumfatig.net:3306/sogo/sogo_alarms_folder'

SMTP configuration

SOGo will use SMTP to send e-mails:

$ defaults write sogod SOGoMailingMechanism smtp
$ defaults write sogod SOGoSMTPServer mail.tumfatig.net

IMAP configuration

SOGo uses any external IMAP server:

$ defaults write sogod SOGoIMAPServer imaps://www.tumfatig.net:993
$ defaults write sogod SOGoDraftsFolderName Drafts
$ defaults write sogod SOGoSentFolderName Sent
$ defaults write sogod SOGoTrashFolderName Trash

Webmail configuration

Setup default values for the Web interface:

$ defaults write sogod SOGoLoginModule Mail
$ defaults write sogod SOGoMailAuxiliaryUserAccountsEnabled YES
$ defaults write sogod SOGoMailMessageCheck every_2_minutes
$ defaults write sogod SOGoFirstDayOfWeek 1
$ defaults write sogod SOGoEnableEMailAlarms YES

Automatic start

The OpenBSD package ships with a rc.d management script: /etc/rc.d/sogod.

# mkdir /var/run/sogo
# chown _sogo:_sogo /var/run/sogo
# vi /etc/rc.local
(...)
if [ -x /etc/rc.d/sogod ]; then
        echo -n ' sogo';
        install -d -o _sogo -g _sogo -m 0750 /var/run/sogo
        /etc/rc.d/sogod start
fi
(...)

Apache configuration

I will use the default OpenBSD’s Apache server and SOGo will only be available from HTTPS:

# mkdir -p /var/www/lib/sogo/www
# cp -pR /usr/local/lib/GNUstep/SOGo/WebServerResources/* /var/www/lib/sogo/www/
# vi /var/www/conf/httpd.conf
(...)
# customization of HTTP response headers
LoadModule headers_module       /usr/lib/apache/modules/mod_headers.so
(...)
# caching proxy
LoadModule proxy_module /usr/lib/apache/modules/libproxy.so
(...)
Alias /SOGo.woa/WebServerResources/ 
        /lib/sogo/www/

Alias /SOGo/WebServerResources/ 
        /lib/sogo/www/

AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) 
        /lib/sogo/$1.SOGo/Resources/$2

<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*.(jpg|png|gif|css|js)">
        SetHandler default-handler
</LocationMatch>
(...)
<IfModule mod_proxy.c>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
</IfModule>
(...)
<VirtualHost _default_:8443>
(...)
ProxyPass /SOGo http://127.0.0.1:20000/SOGo
ProxyPassReverse /SOGo http://127.0.0.1:20000/SOGo

RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "www.tumfatig.net"
RequestHeader set "x-webobjects-server-url" "https://www.tumfatig.net"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"

AddDefaultCharset UTF-8
(...)
</VirtualHost>

Restart Apache to apply changes.

The SOGo Webmail interface is now available from https://www.tumfatig.net/SOGo/.

EMail reminders

The e-mail reminders are enabled via SOGoEnableEMailAlarms and a cron job:

# su - _sogo
$ crontab -e
# min   hour    dmonth  month   dweek   user    command
#
*       *       *       *       *       /usr/local/sbin/sogo-ealarms-notify

CalDAV configuration

The user’s calendar are available from the CalDAV server.

Thunderbird (and Lightning) users must connect to https://www.tumfatig.net/SOGo/dav/<b><i>USER</i></b>/Calendar/personal/using their LDAP credentials.

iCal users must connect to https://www.tumfatig.net/SOGo/dav/USER/ using their LDAP credentials.

CardDAV configuration

The user’s address-book are available from the CardDAV server.

Thunderbird (and Lightning) users must connect to https://www.tumfatig.net/SOGo/dav/USER/Contacts/personal/ using their LDAP credentials.

For the Mac users, we’ll need to add a (secured) VirtualHost to the Apache configuration:

<IfDefine SSL>
Listen 8800
<VirtualHost *:8800>
        DocumentRoot "/var/www/www.tumfatig.net"
        ServerName www.tumfatig.net
        ServerAdmin joe@tumfatig.net
        ErrorLog syslog:daemon
        CustomLog "|/usr/bin/logger -t httpd -p info" ssl

        ProxyRequests Off

        ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/
        ProxyPass /SOGo http://127.0.0.1:20000/SOGo
        ProxyPass / http://127.0.0.1:20000/SOGo/dav/

        AddDefaultCharset UTF-8

        SSLEngine on

        SSLCertificateFile    /etc/ssl/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>
</IfDefine>

The “Address Book.app” users must then connect to www.tumfatig.net using their LDAP credentials and activating SSL.

Conclusion

This ends the “Back to the sea” articles series.
There are quite a few more things to dig-on. Change the user’s password from the Web interface. Check if there are differences between OpenLDAP and OpenBSD’s ldapd ; I mean things that don’t work with the latter (so far, I didn’t found any).

Now comes the time to redo the whole installation on a real machine and put it in production.
That will be the occasion to review the whole process and correct things I would have forgotten to write down.

Later on, there may be some small “howto” posts ; like “howto migrate your IMAP data”, “howto change your user password”, “how to configure your Foo client”…

That’s All Folks!