Open-Xchange
From Gentoo Linux Wiki
| Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc |
Contents |
[edit] Overview
Some people think that Open-Xchange is a GPL'd version of SLOX (SuSE's Groupware Server). The story is more complex than this. Netline Internet Service GmbH, Martinstr. 41, D-57462 Olpe, Germany, an independent german company, had already developed the basic functionality of Open-Xchange when it put together a deal with SuSE to combine it with its Linux distribution and sell it under the brand SuSE Linux Open Xchange (SLOX). A few years later, when Novell acquired SuSE, SLOX became the third groupware tool that was in its portfolio (the other 2 being Netmail and Groupwise). In order to clarify its groupware story, Novell decided to give back to Netline the full rights of the component that made SLOX (including development made by SuSE) without the underlying OS (at the same time Novell made an open-source version of Netmail, called Hula). Part of the deal included that OX should be available in a GPL version. Netline has now changed its name to Open-Xchange Inc. based in the state of New-York (with offices in Germany) and is now developing two versions from the same trunk: one GPL and one commercial with a much simpler installation interface and a web administration module, for RedHat and SuSE Linux. Open-Xchange allows for much of the functionality of MS Exchange but the connector for Outlook is only licensed with the commercial version.
From their website: The OPEN-XCHANGE™ Collaboration and Integration Server Environment allows you to store appointments, contacts, tasks, emails, bookmarks, documents and many more elements and share them with other users. This environment can be accessed via any modern web browser and multiple fat clients like KDE Kontact, Apples iCAL, Konqueror, Mozilla Calendar and many more.
There is an online demo that you should try out to get a feel for the polish and functionality of this app.
[edit] Assumptions
NOTICE: this HOWTO assumes you have a working mailserver, and database. Once we have this doc complete (can install OX via the ebuild), we'll complete this HOWTO and cover all of the steps to have a fully functional document.
[edit] OX installation script
I've created an install script that does all the hard work and should provide you with a usable open-xchange server after a few steps. You can get it from [1]
[edit] Requirements
There are some requirements for OX, we will try to discover them and write the gentoo-specific information.
[edit] OpenLDAP
OpenLDAP is required for managing all the acounts, addresses and so on. UPDATE: OpenLDAP 2.2.20 is now stable in portage.
If you've got OpenLDAP 2.2.* or greater just skip this section it is enabled default by the ebuild, if you have to use OpenLDAP 2.1.* go on reading with this section.
You need the feature ACI(Access Control Instructions) for Open-Xchange E.g. there are personal addresses and global addresses. Your addresses should be manageable by you, global addresses should just manageable by your boss or a small group of users. For restricting the usage you need this aci-feature.
[edit] Enable ACI-support in OpenLDAP-2.1.*
At first create your overlay-directory. Just do the steps of this one section.
equery list net-nds/openldap
Now you've got the exact version of your current OpenLDAP copy it into your overlay-directory
mkdir /usr/local/portage/net-nds mkdir /usr/local/portage/net-nds/openldap cp /usr/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild /usr/local/portage/net-nds/openldap/ cp -r /usr/portage/net-nds/openldap/files /usr/local/portage/net-nds/openldap/
just edit that file with the editor of your choice
nano /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild
now scroll down to the following line:
| File: /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild |
|
src_compile() {
local myconf |
and insert following line after it:
| File: /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild |
|
myconf="${myconf} --enable-aci"
|
save and close the file.
The last step, making this ebuild valid:
ebuild /usr/local/portage/net-nds/openldap/openldap-2.MY_EXACT_VERSTION.ebuild manifest
Now you can emerge ldap again:
emerge =net-nds/openldap-2.MY_EXACT_VERSION
And now you're finished. You should restart openldap.
Please be carefull, if a newer version of openldap-2.1.* apears in the portage you have to do these steps again for the new version
[edit] Unmask the ebuilds
Unmask and emerge Open-Xchange
mkdir -p /etc/portage/ echo '=www-apps/open-xchange-0.8.*' >> /etc/portage/package.unmask echo 'www-apps/open-xchange ~x86' >> /etc/portage/package.keywords echo 'dev-java/jdbc3-postgresql ~x86' >> /etc/portage/package.keywords emerge open-xchange
If the build fails you might have to alter one line in the ebuild file (/usr/portage/www-apps/open-xchange/open-xchange-0.8.2.ebuild).
Find the line starting with "myconf="${myconf} --with-jsdkjar=" and edit it so that it points to the correct jar file (eg. /usr/share/servletapi-2.3/lib/servlet.jar or /usr/share/servletapi-2.4/lib/servlet-api.jar) and not the symlink.
[edit] USE flags used by Open-Xchange
| SSL | Enables secure communications between backend components. This does not secure communication between browser and web server. Currently SSL is working with OX 0.8.0.* and development version since 0.8.1.4 |
| WEBDAV | Enables webdav support for Open-Xchange, this means you can use fat-clients which support webdav to update your calendar (e.g. KDEs Kontact, Evolution, ...) |
| POSTGRES | enables PostgreSQL as database backend (if MYSQL is also used. Open-Xchange is just build with PostgreSQL support) |
| MYSQL | Warning: This is currently not supported. Some of the features that are required by Open-Xchange are not provided by MySQL.
Update:With MySQL 5.* this is reported to work enables MySQL as database backend (if POSTGRES is also used, Open-Xchange is just build with PostgreSQL support)
|
[edit] Check install
Test your installation by pointing your browser at http://ox-domain.tld/cgi-bin/login.pl. You should recieve the Open-Xchange login screen. If you do not see this login screen, something is probably wrong with your Apache and/or PERL installation.
[edit] Launch
Launch Open-Xchange
| Code: /etc/init.d/open-xchange start |
Starting all Starting SESSIOND [ done ] Starting OX [ done ] Starting OXWebmail [ done ] |
[edit] TLS-encryption
If you compiled Open-Xchange with SSL-flag turned on your server-components will communicate in a secure way.
Attention. This has nothing to do with the encryption between your browser and the web-server (e.g. apache).
The problem is, you have to provide the key-files and a certificate-files which are used for communication of the components and a ca-file.
A Certificate Authority (CA) signes your certificate-file this is usefull for authentication purposes. CAs are independend, they check your idendity and sign your certificate. Third parties can now check whether you are you or not by using the ca-certificate to check against your certificate.
- The problem is you have to pay for this service.
- Or join the http://cacert.org community, which is movement for the freedom of privacy/security and get free certificates there
- But you can also be your own CA.
The key-file for the session-server: /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondkey.pem
The certificate-file session-server: /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondcert.pem
The key-file for the groupware: /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarekey.pem
The certificate-file groupware: /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarecert.pem
The groupware keys are also used for webmail.
and at last the ca-certificate: /etc/open-xchange/groupware/sslcerts/oxCA/cacert.pem
[edit] HowTo Create Certs and Keys
create a directory of your choice
mkdir /tmp/ox_ssl
cd /tmp/ox_ssl
At first we create our CA:
/etc/ssl/misc/CA.pl -newca
Enter the password (1) for your CA. Answer the informations like you want or just press enter using the defaults.
Now we will create the request for our Open-Xchange itself.
/etc/ssl/misc/CA.pl -newreq
Remember the password (2) for this key we need it later.
/etc/ssl/misc/CA.pl -sign
You will be asked for password, enter the password (1) of the CA.
Now, we need to remove password from the keyfile, or Open-Xchange wont work, because it can not enter the password.
openssl rsa -in newreq.pem -out newkey.pem
You will be asked for password, enter the password (2) of the key.
Now after we have generated everything, we will put the files into the right place.
cp demoCA/cacert.pem /etc/open-xchange/groupware/sslcerts/oxCA/cacert.pem cp newkey.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarekey.pem cp newkey.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondkey.pem cp newcert.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/groupwarecert.pem cp newcert.pem /etc/open-xchange/groupware/sslcerts/oxCERTS/sessiondcert.pem
Now you should remove the temporary directory.
After that restart Open-Xchange - it should work.
[edit] (Re)Configure Open Xchange
The first time you have to configure Open Xchange.
| Code: execute config |
|
emerge --config www-apps/open-xchange
|
[edit] Configure webmail
Pre install webmail assumes you've got IMAP installed and access per localhost and IMAP protocol not IMAPS.
But sometimes and with some security in mind you want to change this.
You've to edit your /etc/open-xchange/webmail/webmail.properties file.
| File: /etc/open-xchange/webmail/webmail.properties |
|
#decomment those lines to enable IMAPS support
mail.imap.socketFactory.class=com.openexchange.tools.ssl.TrustAllSSLSocketFactory
mail.imap.socketFactory.port=993
mail.imap.socketFactory.fallback=false
# mail.imap.socketFactory.host=localhost #or your host of choice
# decomment those lines to enable SMTP with TLS support
mail.smtp.starttls.enable=true
mail.smtp.socketFactory.class=com.openexchange.tools.ssl.TrustAllSSLSocketFactory
mail.smtp.socketFactory.port=465
mail.smtp.socketFactory.fallback=false
# mail.smtp.socketFactory.host=localhost #or your host of choice
|
This should be all.
[edit] Debugging Open Xchange
There are often problems getting the system running. To help you searching for the failure the logging level should be increased.
[edit] Open Xchange
Edit
| File: /etc/open-xchange/groupware/system.properties |
|
LOGLEVEL: 10
|
Edit
| File: /etc/open-xchange/webmail/system.properties |
|
LOGLEVEL:10
|
A have to restart Open-Xchange to apply these changes.
[edit] Apache
Append a -w to the first line:
| File: /var/www/localhost/cgi-bin/login.pl |
|
#!/usr/bin/perl -w
|
The information are stored in the apache logfile.
[edit] OpenLDAP
| File: /etc/openldap/slapd.conf |
|
loglevel 16
|
This was taken from man slapd.conf
loglevel <integer>
Specify the level at which debugging statements and operation statistics should be syslogged
(currently logged to the syslogd(8) LOG_LOCAL4 facility). Log levels are additive, and available
levels are:
1 trace function calls
2 debug packet handling
4 heavy trace debugging
8 connection management
16 print out packets sent and received
32 search filter processing
64 configuration file processing
128 access control list processing
256 stats log connections/operations/results
512 stats log entries sent
1024 print communication with shell backends
2048 entry parsing
[edit] Tips
to reset your postgres db:
/etc/init.d/postgresql stop << VERY IMPORTANT if you forget to do this, you will definitely run into problems stopping postgres later. su - postgres rm -R data mkdir data initdb data exit /etc/init.d/postgresql start then run the command under HOWTO: Setup database (following commands) which should have appeared after you emerged, and ran the ebuild command.
to reset your ldap tables:
/etc/init.d/slapd stop rm /var/lib/openldap-data/* slapadd -l /usr/share/open-xchange/init_ldap.ldif chown ldap:ldap /var/lib/openldap-data/* << if you get ldap_bind: Can't contact LDAP server (-1) error after you adduser, this could be the problem /etc/init.d/slapd restart
to create your matching imap user after you created your ox user
cyradm -user cyrus domain.com cm user.<user> cm user.<user>.Sent << creates sent folder you could do the same if you wanted a Draft or Spam folder.
if you set unixhierarchysep: yes in /etc/imapd.conf the separator is / so to create a mailbox you should use:
cyradm -user cyrus domain.com cm user/<user> cm user/<user>/Sent << creates sent folder you could do the same if you wanted a Draft or Spam folder.
if the cyradm login fail try cyradm --user cyrus --auth login <domain>
you would have to manually go to the email acct options, subscribe to the new sent folder and set it to save your sent mail to the sent folder. might be wise to set permanently delete deleted mail in the options there as well. though in my setup, i managed to somehow get webmail.properties: default.folder.autocreate=true so i dont need to create the individual folders, just the main mailbox (user.<acct>). check your /var/log/open-xchange/webmail.log
to delete an errorneous mailbox you created
cyradm -user cyrus domain.com dm badmailbox
if that doesnt work...
sam badmailbox cyrus lrswipcda dm badmailbox
saving settings at logout
chown -R tomcat:tomcat /var/open-xchange/settings
can't receive mail? If in your /var/log/mail.log and/or /var/log/mail.err files you see reference to the the LMTP socket and permission denied, make sure that the postfix user is a member of the mail group.
id postfix
if user postfix is not a member of mail...
usermod -g postfix -G mail postfix
also, check permissions of /var/imap is cyrus:mail 750
[edit] TODO
- Tomcat install/config
- Mail server install/config
- Postgres server install/config
- Perl modules install
- etc...
Until then have a look at http://www.mikefetherston.ca/OX/html/
