How to install Horde Cyrus Ldap

From FedoraProject

Jump to: navigation, search
Warning (medium size).png
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.

Contents

Summary

The goal of this howto is to install a mail server based on cyrus with a webmail based on horde (version 4) Summary.jpg
Inside the server the different component
Component.jpg

Initialisation and Prerequisites

Open a terminal and connect as Root and used-it for all differents operations

> su -

First operation to do is to install all the loads from repository (fedora and rpmfusion)

> yum install httpd mysql-server  php-mysql 389-ds 389-ds-base 389-ds-console policycoreutils-gui
cyrus-imapd cyrus-imapd-utils cyrus-sasl-ldap postfix fetchmail aspell php-pear-MDB2-Driver-mysql
php-pear-Mail-mimeDecode php-pear-Date-Holidays php-pear-HTTP-Request php-idn php-libpuzzle php-facedetect php-pecl-imagick php-pecl-geoip
php-pecl-lzf php-mbstring php-mcrypt php-pear-Services-Weather php-pear-Net-DNS openssl mod_ssl

Define in “/etc/php.ini“ the value of date.timezone. If you don’t do that you will a lot of error in the http log (for example : date.timezone = Europe/Paris)

Change SELINUX right to authorise external connection: TBD (for the moment deactivate by using IHM TBD)


We will consider in the next part of this document the followings passwords

User or application Password
root Pass-root
Mysql (Application) Pass-mySql
Horde (inside mySql) Pass-horde-DB
389 DS administration Pass-389-admin
389 DS Directory Manager Pass-389-dir-man
user1 Pass-user1
user2 Pass-user2
admin pass-admin

We will also consider that your are located in the domain “domain.com” and the server is name”comp1”. The computer name and domain shall be correctly defined (can be check by command hostname) or the configuration will not be work correctly

And finally for security reason, we will used as possible crypted connection. For example LDAPS instead of LDAP. So for that we need to have a certificat First create the private certificate

> mkdir /etc/certificate 
> chmod 700 /etc/certificate 
> cd /etc/certificate 
> openssl genrsa -des3 -out server.key 1024

when the command ask you “Enter pass phrase for server.key: ” enter a sentence 'phrase' and remember it. Now create the csr file (Certificate Signing Request)

> cd /etc/certificate 
> openssl req -new -key server.key -out server.csr

  • Enter pass phrase for server.key: :==> 'phrase'
  • Country Name (2 letter code) [XX]: :==> answer it
  • State or Province Name (full name) []: :==> answer it
  • Locality Name (eg, city) [Default City]: :==> answer it
  • Organization Name (eg, company) [Default Company Ltd]: :==> answer it
  • Organizational Unit Name (eg, section) []: :==> answer it
  • Common Name (eg, your name or your server's hostname) []:==> domain.com
  • Email Address []: :==> admin@domain.com
  • A challenge password []:  :==> empty
  • An optional company name []:  :==> empty

Remove Passphrase from Key

> cd /etc/certificate 
> cp server.key server.key.org
> openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org: :==> 'phrase'

Generating a Self-Signed Certificate for 365 days (so you need to renew it each year, it's more secure)

> cd /etc/certificate 
> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


Comment definition of port 80 (non secure access) in http.conf files

> gedit /etc/httpd/conf/httpd.conf

Add # before line “Listen 80” Co,nfigure ssl acces (port 443)

> gedit /etc/httpd/conf.d

/ssl.conf set line SSLCertificateFile /etc/certificate/server.crt SSLCertificateKeyFile /etc/certificate/server.key

edit the horde server part

> gedit /etc/httpd/conf.d/horde.conf

Add after “Allow from 127.0.0.1” the line “Allow from YouExternalIP”

Start the web server for the current session and added to the list of process to be started at init

> /sbin/chkconfig httpd on
> /etc/init.d/httpd start


Mysql configuration

Mysql is used to store all the information for horde and the different addon of it. For exemple, you will find the different gallery and photo list used in Ansel.
Others DB may be used and configuration in horde is very similar

Start the DB server for the current session and added to the list of process to be started at init

> /sbin/chkconfig mysqld on
> /etc/init.d/mysqld start

Configure mysql

> mysql_secure_installation
Enter current password for root (enter for none):                                                 ==> Pass-root
Change the root password? [Y/n]                                                                   ==> y
New password:                                                                                     ==> Pass-mySql
Remove anonymous users? [Y/n]                                                                     ==> Y
Disallow root login remotely? [Y/n]                                                               ==> Y
Remove test database and access to it? [Y/n]                                                      ==> Y
Reload privilege tables now? [Y/n]                                                                ==> Y

Add in the DB the different tables for the used with horde First edit in the file “/usr/share/horde/scripts/sql/create.mysql.sql” and change the password (line after “-- IMPORTANT: Change this password.”) with “Pass-horde-BD“.

> gedit /usr/share/horde/scripts/sql/create.mysql.sql
> cd /usr/share/horde/scripts/sql/
> mysql -u root -p < create.mysql.sql

Used password : “Pass-mySql”


389 DS configuration

Initialisation of the server

Ldap server is used to contain all the users information used in horde, cyrus, postfix. This allow to have a unique place for the configuration of users.
The configuration of openldap is difficult and so the best chose on a fedora box is to use 389 DS instead (thank to the 389-console tool)

Add schema for Horde

> gedit /usr/share/horde/scripts/ldap/rfc2739.schema

Change in rfc2739.schema "attribute" by "attributetype"

> cd /usr/lib/dirsrv/perl
> wget Http://directory.fedoraproject.org/download/ol-schema-migrate.pl
> chmod 700 ol-schema-migrate.pl 
> ./ol-schema-migrate.pl -b /usr/share/horde/scripts/ldap/horde.schema > /etc/dirsrv/schema/60horde.ldif
> ./ol-schema-migrate.pl -b /usr/share/horde/scripts/ldap/rfc2739.schema > /etc/dirsrv/schema/05rfc2739.ldif

Configure 389 DS

> setup-ds-admin.pl -u
Would you like to continue with set up? [yes]:                                                    ==> yes
Do you agree to the license terms? [no]:                                                          ==> yes
Would you like to continue? [no]:                                                                 ==> yes
(With the use of 386 DS for personal usage, the limit is OK)
Choose a setup type [2]:                                                                          ==> 2
Computer name [comp1.domain.com]:                                                                 ==> comp1.domain.com 
System User [nobody]:                                                                             ==> nobody
(User ‘nobody’ already exist in based fedora install)
System Group [nobody}:                                                                            ==> nobody
Do you want to register this software with an existing configuration directory server? [no]:      ==> no
administrator ID [admin]:                                                                         ==> admin
Password:                                                                                         ==> Pass-389-admin
Password (confirm):                                                                               ==> Pass-389-admin
Administration Domain [domain.com]:                                                               ==> domain.com
Directory server network port [389]:                                                              ==> 389
Directory server identifier [comp1]:                                                              ==> comp1
Suffix [dc=domain, dc=com]:                                                                       ==> dc=domain, dc=com
Directory Manager DN [cn=Directory Manager]:                                                      ==> cn=Directory Manager
Password:                                                                                         ==> Pass-389-dir-man
Password (confirm):                                                                               ==> Pass-389-dir-man
Administration port [9830]:                                                                       ==> 9830
Are you ready to set up your servers? [yes]:                                                      ==> yes

Add the certificate so the LDAP server will be secure

> cd /etc/dirsrv/slapd-comp1 binary
> openssl pkcs12 -export -inkey /etc/certificate/server.key -in /etc/certificate/server.crt -out /tmp/crt.p12 -nodes -name 'Server-Cert' 
Enter Export Password:                                                                            ==> none
Verifying - Enter Export Password:                                                                ==> none
> pk12util -i /tmp/crt.p12 -d .
Enter new password: 	:==> none
Re-enter password: 	:==> none
Enter password for PKCS12 file: 	:==> none
> certutil -d . -A -n "My Local CA" -t CT,, -a -i /etc/certificate/server.crt 

Now we will update the configuration to use the secure port only (636) for that create 2 files

First /tmp/ssl_enable.ldif

dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: required
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha,-rc4,-rc4export,-rc2,-rc2export,-des,-desede3

dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-
replace: nsslapd-port 
nsslapd-port: 0

And /tmp/addRSA.ldif

dn: cn=RSA,cn=encryption,cn=config
changetype: add
objectclass: top
objectclass: nsEncryptionModule
cn: RSA
nsSSLPersonalitySSL: Server-Cert
nsSSLToken: internal (software)
nsSSLActivation: on


insert this file in the LDAP server

> /usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w - -f /tmp/ssl_enable.ldif
> /usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w - -a -f /tmp/addRSA.ldif

Each time used the password : Pass-389-dir-man

Start the 389 DS for the current session and added to the list of process to be started at init

> /sbin/chkconfig dirsrv on
> /etc/init.d/dirsrv restart

Directory service filling

With admin tool

insert the certificate in admin tool

> cd /etc/dirsrv/admin-serv
> certutil -A -d . -n "CA certificate" -t "CT,," -a -i /etc/certificate/server.crt

Start the 389 DS admin server for the current session. When the tool is needed (change of LDAP database) this action is needed to used it

> /etc/init.d/dirsrv-admin start


Start the tool

> /usr/bin/389-console
Name: 		“admin”
Password:	“Pass-389-admin”
Server: 	“http://comp1.domain.com:9830”

(TBD)

create admin et root account

Direct import

Mail configuration

Fetchmail

Fetchmail is the tool call periodically wich get mail from pop/imap server and send it to local mailmox through postfix
Fetchmail is configure by a single file “/etc/fetchmailrc”

> gedit /etc/fetchmailrc

The format of the file is described in the man page of fetchmail. Here is the main command of the file

  • set : allow to configure a parameter
    • set daemon <interval> : polling interval of fetchmail in second
    • set syslog : redirect status and error messages emitted to the syslog
  • smtphost <internal server>: internal server where the mail has to be send. In our case as we used postfix, we must have the socket of the postfix lmtp server
  • poll <mail server>: indicate the mail serveur to be poll
    • protocol <proto>: protocol for the polling (POP3 or IMAP)
    • username <login>: indicate the login on the server
    • password <pass>: indicate the login on the server
    • to <internal>: give the internal login on LDAP
  • Usefull option
    • keep: option to keep the mail on the server
    • fetchall : option to get all the mail on the server (read or not read)

An example of “fetchmailrc” file

set daemon 300
set syslog
poll "pop.mail.yahoo.fr"
protocol POP3
username "login"
password "password"
to user1@comp1.domain.com
fetchall
poll "serveur2"
protocol IMAP
username “login"
password "password"
keep
to user2@comp1.domain.com
smtphost "/var/lib/imap/socket/lmtp"


This file must be protected (it included your mail password)

> chmod 600 /etc/fetchmailrc

By default, no daemon mode is defined, so this must be done by creating the init function as for other daemon

> gedit /etc/init.d/fetchmail


#	This shell script takes care of starting and stopping
#		fetchmail.
#
# chkconfig: 2345 81 45
# description: The Fetchmail daemons allows to retrieve mail using various
#	       mail protocols and route them to the local MTA just as if
#	       the mail was sent directly to the local MTA. This is
#	       specially useful on intermittent dial-up connections.
# processname: fetchmail
# config: /etc/fetchmailrc
# author[s]:
#	Andrea Sterbini	<a.sterbini@itelcad.it>
#	ObiTuarY <obituary@freshmeat.net>

/etc/rc.d/init.d/functions

# Source networking configuration.
/etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
       exit 0
fi 
   
# See how we were called.
case "$1" in
    start)
        if [ -s /etc/fetchmailrc ]; then
               echo -n "Loading fetchmail: "
               daemon /usr/bin/fetchmail -f /etc/fetchmailrc
               echo
               touch /var/lock/subsys/fetchmail
        else
               exit 1
        fi
        ;;
    stop)	
        echo -n "Shutting down fetchmail: "
        /usr/bin/fetchmail -q >/dev/null 2>&1 && echo fetchmail
#        killproc fetchmail
        rm -f /var/lock/subsys/fetchmail
        ;;
    status)
        status fetchmail
        ;;
    restart|reload)
        $0 stop
        $0 start
        ;; 
        *)
        echo "Usage: fetchmail {start|stop|status|restart|reload}"
        exit 1
esac

exit 0

# === End of File ===

postfix

Postfix is used to managed the transfer of mail from/to cyrus and the external word. A lot of web article speaks about he choice of postfix versus sendmail, so we will not discuss it. The choice made here is postfix

All file for the configuration of postfix can be found in the folder ‘/etc/postfix’

Configuration of postfix

> gedit /etc/postfix/main.cf

Change this value

myhostname = comp1.domain.com
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
inet_interfaces = $myhostname,localhost
mynetworks_style = host
relayhost = smtp.monprovider.fr
smtpd_banner = $myhostname ESMTP $mail_name
# smtpd_tls_security_level = may
smtpd_tls_security_level = none
#unknown_local_recipient_reject_code = 550
unknown_local_recipient_reject_code = 450
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf

Now you must define the link between LDAP and postfix

> gedit /etc/postfix/ldap-aliases.cf
server_host = ldap://localhost:389
search_base = ou=People,dc=domain,dc=com
query_filter = mail=%u@%2.com
result_format = %u
domain = deomain.com


for internal mail we used the alias database, so you must edit the alias database

> gedit /etc/aliases

Replace all root/news/ftp/webmaster/postmaster par admin and add

“root:		admin”

Generate the binary database

> postalias /etc/aliases

cyrus

Cyrus is mail server, allowing several users to access theirs mails
Configuration of cyrus services

> gedit /etc/cyrus.conf

comment all SERVICES  : imap, impas, pop3, pop3s, sieve
Add in SERVICE : imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0

Configuration of cyrus server

> gedit /etc/imapd-local.conf
servername: 127.0.0.1
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
reject8bit: no
munge8bit: yes
admins: cyrus root
allowanonymouslogin: no
hashimapspool: true
allowplaintext: yes
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_require_cert: false
lmtpsocket: /var/lib/imap/socket/lmtp


Configuration of sasl

> gedit  /etc/sysconfig/saslauth
MECH:	==> ldap
> gedit  /etc/sysconfig/saslauthd
auxprop_plugin: slapd
ldap_servers: ldap://localhost:389
ldap_default_domain: domain.com
ldap_auth_method: bind
ldap_use_sasl: no
ldap_start_tls: no
ldap_bind_dn: cn=Directory Manager
ldap_bind_pw: ????TND????,
ldap_search_base: ou=People,dc=domain,dc=com
ldap_scope: sub
ldap_filter: uid=%u
ldap_password_attr: userPassword


Start of all server

Stop the sendmail server as we used postfix instead

> /sbin/chkconfig sendmail off
> /etc/init.d/sendmail stop

Start the servers for the current session and added to the list of process to be started at init

> /sbin/chkconfig postfix on
> /sbin/chkconfig cyrus-imapd on
> /sbin/chkconfig fetchmail on
> /sbin/chkconfig saslauthd on
> /etc/init.d/postfix start
> /etc/init.d/cyrus-imapd start
> /etc/init.d/fetchmail start
> /etc/init.d/saslauthd start

Horde configuration

Horde base configuration

Horde is a framework for all the other addon in the next chapter, it is based on php and the version include web access to mobile phone and a huge cleanup and reworking of library.
The configuration is done in two places, directly under horde/configuration website, with administration account. And also in specifics files directly under shell

First get the module directly from horde website and install it (no rpm for it)

> wget ftp://ftp.horde.org/pub/horde/gollem-h3-1.1.2.tar.gz
> tar -xvf gollem-h3-1.1.2.tar.gz
> cd gollem-h3-1.1.2
> mv config /etc/horde/gollem
> chown -R apache:apache /etc/horde/gollem
> chmod -R 770 /etc/horde/gollem
> cd ..
> mv gollem-h3-1.1.2 /usr/share/horde/gollem
> cd  /usr/share/horde/gollem
> ln -s ../../../../etc/horde/gollem config



Change under your configuration the following value (http://127.0.0.1/horde/???

Page Parameter name Value Comments
General vhosts false Default
General debug_level E_ALL & ~E_NOTICE Default
General max_exec_time 0 Default
General compress_pages true Default
General secret_key 'xxxxxxxxxxxxxxxxxxxxxxxxx' Default (generated during installation)
General umask 077 Default
General testdisable true Default
General tmpdir Default
General use_ssl 2 Default
General server/name $_SERVER['SERVER_NAME'] Default
General server/port $_SERVER['SERVER_PORT'] Default
General urls/token_lifetime 30 Default
General urls/hmac_lifetime 30 Default
General urls/pretty false Default
General safe_ips array() Default
General session/name 'Horde' Default
General session/use_only_cookies true Default
General session/cache_limiter 'nocache' Default
General session/timeout 0 Default
General cookie/domain $_SERVER['SERVER_NAME'] Default
General cookie/path '/horde' Installation path
Database sql/persistent false Default
Database sql/username 'horde' My horde login
Database sql/password 'Pass-mySql' My sql password
Database sql/protocol 'unix' Default
Database sql/socket Default
Database sql/database 'horde' The horde database
Database sql/charset 'utf-8' Default
Database sql/ca Default
Database sql/ssl false Default
Database sql/splitread false Default
Database sql/phptype 'mysql' Default
LDAP Ldap/useldap yes Sure, we need to use LDAP
LDAP Ldap/hostspec 'comp1.domain.com’ The server
LDAP Ldap/port Default
LDAP Ldap/tls no Default
LDAP Ldap/version 3 Default
LDAP Ldap/bindas Bind with administration Default
LDAP Ldap/binddn 'cn=Directory Manager' login
LDAP Ldap/bindpw 'Pass-389-dir-man’ 389 DS Directory Manager password
Authentification auth/admins array('admin') Default
Authentification auth/checkip true Default
Authentification auth/checkbrowser true Default
Authentification auth/alternate_login false Default
Authentification auth/redirect_on_logout false Default
Authentification auth/list_users 'list' Default
Authentification auth/params/driverconfig 'horde default’ Default
Authentification auth/params/basedn 'ou=people,dc=domain, dc=com' Access all people in LDAP
Authentification auth/params/scope 'sub' Default
Authentification auth/params/ad false Default
Authentification auth/params/uid 'uid' Default
Authentification auth/params/encryption 'ssha' Default
Authentification auth/params/newuser_objectclass array('inetOrgPerson', 'organizationalPerson', 'person', 'hordePerson') When create a new user used all this object
Authentification auth/params/filter (objectclass=inetOrgPerson) Search object
Authentification auth/params/password_expiration 'no' Default
Authentification auth/driver 'ldap' Sure, we need to use LDAP
Terms of Service Agreement tos/file Default
Sign Up signup/allow false Default
Logging log/enabled false Default
Logging log_accesskeys false Default
Preference System prefs/maxsize Default
Preference System prefs/params/basedn 'ou=people,dc=domain, dc=com' My config
Preference System prefs/params/driverconfig 'Horde default' Default
Preference System prefs/params/scope 'Subtree search' Default
Preference System prefs/params/uid 'uid' Default
Preference System prefs/driver 'ldap' Default
Alarm System alarms/params/driverconfig 'horde' Default
Alarm System alarms/params/ttl 300 Default
Alarm System alarms/params/table Default
Alarm System alarms/driver 'sql' Default
DataTree System datatree/params/driverconfig 'horde’ Default
DataTree System datatree/params/table '’ Default
DataTree System datatree/params/table_attributes] '’ Default
DataTree System datatree/driver 'sql’ Default
Groups group/params/driverconfig 'horde default' Default
Groups group/params/basedn 'ou=groups,dc=domain, dc=com' Default
Groups group/params/scope 'sub' Default
Groups group/params/gid 'cn’ Default
Groups group/params/memberuid 'memberUid’ Default
Groups group/params/attrisdn false Default
Groups group/params/newgroup_objectclass array('groupofuniquenames', 'hordeGroup', 'posixGroup') Default
Groups group/params/objectclass array('posixGroup') Default
Groups group/params/filter_type 'objectclass’ Default
Groups group/driver 'ldap’ Default
Groups group/cache false Default
Permissions perms/driver 'sql’ Default
Permissions perms/driverconfig 'horde default’ Default
Shares share/no_sharing true My configuration
Shares share/auto_create true Default
Shares share/world true Default
Shares share/any_group false Default
Shares share/cache false Default
Shares share/hidden false Default
Shares share/cache false Default
Shares share/driver 'sql’ Default
Cache System cache/default_lifetime 86400 Default
Cache System cache/params/dir Default
Cache System cache/params/sub 0 Default
Cache System cache/params/prefix Default
Cache System cache/params/compress yes Default
Cache System cache/use_memorycache 'none' Default
Cache System cache/driver 'file’ TBD
CSS Cachingcachecss cachecss no Default
Javascript Caching cachejs no Default
Theme Caching cachethemes no Default
Lock System lock/driver 'none’ Default
Token System token/driver 'none’ Default
Token System Token/timeout '’ Default
Mailer mailer/params/host Default
Mailer mailer/params/port Default
Mailer mailer/params/localhost Default
Mailer mailer/params/auth 'Best available authentification' My configuration
Mailer mailer/params/username Default
Mailer mailer/params/password Default
Mailer mailer/type 'smtp’ My configuration
Mailer mailformat/brokenrfc2231 false Default
Virtual File Storage vfs/params/vfsroot '/home/Horde_vf’ Default
Virtual File Storage vfs/type 'file’ Default
Custom Session Handler sessionhandler/type 'none’ Default
Custom Session Handler sessionhandler/memcache false Default
HTTP Proxy Settings Http/proxy/proxy_host Default
HTTP Proxy Settings Http/proxy/proxy_port Default
HTTP Proxy Settings Http/proxy/proxy_user Default
HTTP Proxy Settings Http/proxy/proxy_pass Default
Spell Checker Settings spell/driver 'aspell' My configuration
Spell Checker Settings spell/params/path '/usr/bin/' My configuration
OpenSSL Settings openssl/cafile Default
OpenSSL Settings openssl/path Default
GnuPG Settings Gnupg/path Default
GnuPG Settings Gnupg/keyserver Pgp.mit.edu Default
GnuPG Settings Gnupg/timeout 10 Default
Image Manipulation Settings Image/driver 'PECL image magic' My configuration
Image Metadata Driver Settings exif/driver Bundel Default
MIME Detection Settings Mime/magic_db '/usr/share/misc/magic' Fedora configuration
Country Lookup Settings geoip/datafile Default
Problem Reporting problems/email 'admin@domain.com’ Default
Problem Reporting problems/maildomain 'domain.com’ Default
Problem Reporting problems/tickets false Default
Problem Reporting problems/username Default
Problem Reporting problems/password Default
Problem Reporting problems/attachments true Default
Menu menu/apps array() Default
Menu menu/always false Default
Menu menu/links/help 'all’ Default
Menu menu/links/options 'authenticated’ Default
Menu menu/links/problem 'all’ Default
Menu menu/links/login 'all’ Default
Menu menu/links/logout 'authenticated’ Default
Menu logo/image '’ Default
Menu logo/link '’ Default
Portal Blocks portal/fixed_blocks array() Default
Portal Blocks accounts/driver 'null’ Default
User Capabilities and Constraints user/verify_from_addr false Default
API keys
API keys
API keys
API keys
API keys
IMSP Server imsp/enabled false Default
Kolab Server kolab/enabled false Default
Memcache Server memcache/enabled false Default
ActiveSync

IMP configuration

IMP is a email part of horde, all the mail are managed by cyrus, configuration is done in two places, directly under horde/configuration, with administration account. And also in a specific file written in php to describe the mail database connection

Modification of the php file of imp to access the mail database :

> gedit /etc/horde/imp/servers.php

A connection to data is made throw a “servers”, so the first operation is to comment all the “$servers[“

Add a the source to connect to the mail database.

$servers['cyrus'] = array(

   'name' => 'Cyrus IMAP Server',
   'server' => '127.0.0.1',
   'hordeauth' => true,
   'protocol' => 'imap/notls',
   'port' => 143,
   'maildomain' => domain.com',
   'smtphost' => '127.0.0.1',
   'smtpport' => 25,
   'realm' => ,
   'preferred' => ,
   'admin' => array(
       'params' => array(
           'login' => 'administrator',
           'password' => '?????TBD????,',
           // The 'userhierarchy' parameter defaults to 'user.'
           // If you are using a nonstandard hierarchy for personal
           // mailboxes, you will need to set it here.
           'userhierarchy' => 'user.',
           // Although these defaults are normally all that is required,
           // you can modify the following parameters from their default
           // values.
           'protocol' => 'imap/notls',
           'hostspec' => 'localhost',
           'port' => 143
       )
   ),
   'quota' => array(
       'driver' => 'imap',
       'params' => array('hide_quota_when_unlimited' => true),
   ),
   'acl' => array(
       'driver' => 'rfc2086',
   ),

);


Change under your configuration the following value (http://127.0.0.1/horde/??? 127.0.0.1/horde/???

Page Parameter name Value Comments
External Utilities and Menu spell/params/path '/usr/bin/' Default
External Utilities and Menu spell/driver 'aspell' Default
External Utilities and Menu utils/gnupg Default
External Utilities and Menu utils/gnupg_keyserver array('pgp.mit.edu') Default
External Utilities and Menu utils/gnupg_timeout 10 Default
External Utilities and Menu utils/openssl_cafile Default
External Utilities and Menu utils/openssl_binary Default
External Utilities and Menu menu/apps array() Default
User Capabilities and Constraints user/select_sentmail_folder false Default
User Capabilities and Constraints user/allow_resume_all_in_drafts false Default
User Capabilities and Constraints user/allow_folders true Default
User Capabilities and Constraints user/allow_resume_all false Default
User Capabilities and Constraints user/allow_view_source true Default
User Capabilities and Constraints user/alternate_login false Default
User Capabilities and Constraints user/redirect_on_logout false Default
User Capabilities and Constraints user/select_view true Default
Server server/server_list 'shown' Default
Server server/fixed_folders array() Default
Server server/sort_limit 0 Default
Server server/cache_folders true Default
Server server/token_lifetime 1800 Default
Server server/cachejs 'none' Default
Server server/cachecss 'none' Default
Mailbox and Fetchmail mailbox/show_preview true Default
Mailbox and Fetchmail fetchmail/show_account_colors false Default
Mailbox and Fetchmail fetchmail/size_limit 4000000 Default
Mailbox and Fetchmail msgcache/use_msgcache false Default
Mailbox and Fetchmail mlistcache/use_mlistcache false Default
Message and Spam msgsettings/filtering/words './config/filter.txt' Default
Message and Spam msgsettings/filtering/replacement '****' Default
Message and Spam spam/reporting false Default
Message and Spam notspam/reporting false Default
Message and Spam print/add_printedby true Default
Compose msg/prepend_header true Default
Compose msg/append_trailer false Default
Compose compose/allow_receipts true Default
Compose compose/special_characters true Default
Compose compose/use_vfs false Default
Compose compose/link_all_attachments false Default
Compose compose/link_attachments_notify true Default
Compose compose/link_attachments true Default
Compose compose/attach_size_limit 0 Default
Compose compose/attach_count_limit 0 Default
Compose compose/reply_limit 200000 Default
Custom Hooks hooks/vinfo false Default
Custom Hooks hooks/postlogin false Default
Custom Hooks hooks/postsent false Default
Custom Hooks hooks/signature false Default
Custom Hooks hooks/trailer false Default
Custom Hooks hooks/fetchmail_filter false Default
Custom Hooks hooks/mbox_redirect false Default
Custom Hooks hooks/mbox_icon false Default
Custom Hooks hooks/spam_bounce false Default
Custom Hooks hooks/msglist_format false Default
Custom Hooks hooks/display_folder false Default
Other settings maillog/use_maillog true Default
Other settings sentmail/driver 'none' Default
Other settings tasklist/use_tasklist true Default
Other settings notepad/use_notepad true Default
Other settings tos/file Default


kronolith configuration

All the information for the diary is stored in the SQL database Change under your configuration the following value (http://127.0.0.1/horde/???



Page Parameter name Value Comments
Calendar Driver calendar/params/table 'kronolith_events' Default
Calendar Driver calendar/params/driverconfig 'horde' Default
Calendar Driver calendar/driver 'sql' Default
Calendar Driver storage/params/table 'kronolith_storage' Default
Calendar Driver storage/params/driverconfig 'horde' Default
Calendar Driver storage/driver 'sql' Default
Calendar Driver metadata/keywords false Default
Calendar Driver reminder/server_name '127.0.0.1' localhost
Calendar Driver reminder/from_addr 'reminders@domain.com' The address fom witch you send remeinder
Calendar Driver autoshare/shareperms 'read' Default
Calendar Driver holidays/enable true Default
Calendar Driver menu/print true Default
Calendar Driver menu/import_export true Default
Calendar Driver menu/apps array() Default

V4


Page Parameter name Value Comments
Calendar Driver calendar/params/table 'kronolith_events' Default
Calendar Driver calendar/params/driverconfig 'horde' Default
Calendar Driver calendar/params/utc 'true' Default
Calendar Driver calendar/driver 'sql' Default
Calendar Driver storage/default_domain Default
Calendar Driver storage/params/table 'kronolith_storage' Default
Calendar Driver storage/params/driverconfig 'horde' Default
Calendar Driver storage/driver 'sql' Default
Calendar Driver reminder/server_name '127.0.0.1' localhost
Calendar Driver reminder/from_addr 'reminders@domain.com' The address fom witch you send remeinder
Calendar Driver autoshare/shareperms 'read' Default
Calendar Driver share/notify false Default
Calendar Driver holidays/enable true Default
Calendar Driver menu/print true Default
Calendar Driver menu/import_export true Default
Calendar Driver menu/apps array() Default
Calendar Driver Maps/driver 'No inline maps' Default

Ingo configuration

Turba configuration

Turba is a contact database, all the contact will be stored in the LDAP, configuration is done in two places, directly under horde/configuration, with administration account. and also in a specific file written in php to describe the LDAP connection

Modification of the php file of turba to access the contact database (LDAP) :

> gedit /etc/horde/turba/sources.php

A connection to data is made throw a “cfgSources”, so the first operation is to comment all the “$cfgSources[“ Add a first source to implement the contact (will be stored as LDAP schema 'turbaContact')

$cfgSources['localldap'] = array(

   'title' => _("Shared Directory"),
   'type' => 'ldap',
   'params' => array(
       'server' => 'comp.domain.com',
       'port' => 389,
       'tls' => true,
       'root' => 'dc=domain,dc=com',
       'bind_dn' => 'cn=Directory Manager',
       'bind_password' => '?????TBD?????,',
       'sizelimit' => 200,
       'dn' => array('cn'),
       'objectclass' => array('top',
                              'person',
                              'organizationalPerson',
                              'inetOrgPerson','turbaContact'),
                              // Add 'turbaContact' to this array if using
                              // 'turbaType' attribute below, and 'calEntry'
                              // if using 'freebusyUrl'.
       'scope' => 'one',
       'charset' => 'utf-8',
       // Consult the LDAP schema to verify that all required attributes for
       // an entry are set and add them if needed.
       'checkrequired' => false,
       // Value used to fill in missing required attributes.
       'checkrequired_string' => ' ',
       // Check LDAP schema for valid syntax. If this is false an address
       // field is assumed to have postalAddress syntax; otherwise the schema
       // is consulted for the syntax to use.
       'checksyntax' => false,
       'version' => 3
   ),
   'map' => array(
       '__key' => 'dn',
       '__uid' => 'uid',
       // From horde.schema.  Make sure you have 'turbaContact' objectClass
       // included above:
       '__type' => 'turbaType',
       '__members' => 'turbaMembers',
       'name' => 'cn',
       'lastname' => 'sn',
       'email' => 'mail',
       'homePhone' => 'homephone',
       'workPhone' => 'telephonenumber',
       'cellPhone' => 'mobiletelephonenumber',
       'homeAddress' => 'homepostaladdress',

//

       // From rfc2739.schema:
       'freebusyUrl' => 'calFBURL',
   ),
   'search' => array(
       'name',

'lastname',

       'email',
       'homePhone',
       'workPhone',
       'cellPhone',
       'homeAddress'
   ),
   'strict' => array(
       'dn',
   ),
   'approximate' => array(
       'cn',
   ),
   'export' => true,
   'browse' => true,

);


Add a second source to implement the users of the system (will be stored as LDAP schema ‘initPeople’) $_ldap_uid = Auth::getBareAuth(); $_ldap_basedn = 'dc=example,dc=com'; $cfgSources['personal_ldap'] = array(

   'title' => _("My Address Book"),
   'type' => 'ldap',
   'params' => array(
       'server' => 'localhost',
       'tls' => true,
       'root' => 'ou=' . $_ldap_uid . ',ou=personal_addressbook,' . $_ldap_basedn,
       'bind_dn' => 'uid=' . $_ldap_uid . ',ou=People,' . $_ldap_basedn,
       'bind_password' => Auth::getCredential('password'),
       'dn' => array('uid'),
       'objectclass' => array('top',
                              'person',
                              // 'turbaContact',
                              'inetOrgPerson',
                              // 'calEntry',
                              'organizationalPerson'),
       'scope' => 'one',
       'charset' => 'utf-8',
       'version' => 3
   ),
   'map' => array(
       '__key' => 'dn',
       '__uid' => 'uid',
       From horde.schema:
       // '__type' => 'turbaType',
       // '__members' => 'turbaMembers',
       'name' => 'cn',
       'email' => 'mail',
       'lastname' => 'sn',
       'title' => 'title',
       'company' => 'organizationname',
       'businessCategory' => 'businesscategory',
       'workAddress' => 'postaladdress',
       'workPostalCode' => 'postalcode',
       'workPhone' => 'telephonenumber',
       'fax' => 'facsimiletelephonenumber',
       'homeAddress' => 'homepostaladdress',
       'homePhone' => 'homephone',
       'cellPhone' => 'mobile',
       'notes' => 'description',
       // Evolution interopt attributes: (those that do not require the
       // evolution.schema)
       'office' => 'roomNumber',
       'department' => 'ou',
       'nickname' => 'displayName',
       'website' => 'labeledURI',
       // These are not stored on the LDAP server.
       'pgpPublicKey' => 'object_pgppublickey',
       'smimePublicKey' => 'object_smimepublickey',
       // From rfc2739.schema:
       // 'freebusyUrl' => 'calFBURL',
   ),
   'search' => array(
       'name',
       'email',
       'businessCategory',
       'title',
       'homePhone',
       'workPhone',
       'cellPhone',
       'homeAddress'
   ),
   'strict' => array(
       'dn',
   ),
   'approximate' => array(
       'cn',
   ),
   'export' => true,
   'browse' => true,

);


Change if necessary your configuration the following value (http://127.0.0.1/ horde/???) 127.0.0.1/horde/???

Page Parameter name Value Comments
General vhosts false Default
General debug_level E_ALL & ~E_NOTICE Default
Parameter name Value Comments
menu/import_export true Default
menu/apps array() Default
client/addressbook 'localldap' The predefined source for contact
shares/source 'localldap' The predefined source for contact
comments/allow true Default
documents/type 'Horde defaults' Change to horde configuration

Gollem configuration

Gollem is a web-based File Manager, configuration is done in two places, directly under horde/configuration, with administration account. and also in two specific files written in php to describe the file connection

First get this module directly from horde website and install it (no rpm for it)

> wget ftp://ftp.horde.org/pub/gollem/gollem-h3-1.1.2.tar.gz
> tar -xvf gollem-h3-1.1.2.tar.gz
> cd gollem-h3-1.1.2
> mv config /etc/horde/gollem
> chown -R apache:apache /etc/horde/gollem
> chmod -R 770 /etc/horde/gollem
> cd ..
> mv gollem-h3-1.1.2 /usr/share/horde/gollem
> cd  /usr/share/horde/gollem
> ln -s ../../../../etc/horde/gollem config

Modification of the php file of gollem to correct the link between configuration and php files :

> cp /etc/horde/gollem/prefs.php.dist /etc/horde/gollem/prefs.php
> chown -R apache:apache /etc/horde/gollem/prefs.php
> gedit /etc/horde/gollem/prefs.php

Change line require_once dirname(__FILE__) . '/../lib/Gollem.php'; by require_once '/usr/share/horde/gollem/lib/Gollem.php';


Modification of the php file of gollem to access file data :

> cp /etc/horde/gollem/backends.php.dist /etc/horde/gollem/backends.php
> chown -R apache:apache /etc/horde/gollem/backends.php
> gedit /etc/horde/gollem/backends.php

A connection to data is made throw a “$backends”, so the first operation is to comment all the “$backends“ Add a first source to implement the file system $backends['file'] = array(

   'name' => 'Virtual Home Directories',
   'driver' => 'file',
   'preferred' => 'comp1.domain.com',
   'hordeauth' => false,
   'params' => array(
       // The base location under which the user home directories live.
       'vfsroot' => '/home/Horde_vf/',
       // The default permissions to set for newly created folders and files.
       // 'permissions' => $conf['umask']
   ),
   'loginparams' => array(),
   'root' => '/',
   'home' => Auth::getAuth(),
   // 'createhome' => false,
   // 'filter' => '^regex$',
   // 'quota' => false,
   'clipboard' => true,
   'attributes' => array('type', 'name', 'edit', 'download', 'modified', 'size', 'permission', 'owner', 'group')

);

Change if necessary your configuration the following value (http://127.0.0.1/horde/???)

Page Parameter name Value Comments
File Manager backend/backend_list none Default
File Manager foldercache/use_cache No Default
Menu Settings menu/apps array() Default
Users capabilities and constrains User/alternate_login false Default
Users capabilities and constrains User/redirect_on_logout false Default

Ansel configuration

Ansel is a web-based photo manager, configuration is done in one places, directly under horde/configuration, with administration account.

First get this module directly from horde website and install it

> wget ftp://ftp.horde.org/pub/ansel/ansel-h3-1.1.2.tar.gz
> tar -xvf ansel-h3-1.1.2.tar.gz
> cd ansel-h3-1.1.2
> mv config /etc/horde/ansel
> chown -R apache:apache /etc/horde/ansel
> chmod -R 770 /etc/horde/ansel
> cd ..
> mv ansel-h3-1.1.2 /usr/share/horde/ansel
> cd  /usr/share/horde/ansel
> ln -s ../../../../etc/horde/ansel config



Change if necessary your configuration the following value (http://127.0.0.1/horde/???)

Page Parameter name Value Comments
General settings gallery/listlimit Default
General settings gallery/numlimit Default
General settings gallery/downloadzip true Default
General settings gallery/customlabel true Default
General settings menu/print true Default
General settings menu/apps array('horde') Default
VFS and photos options image/type Horde default Default
VFS and photos options vfs/src 'php' Default
VFS and photos options image/type 'jpeg' Default
VFS and photos options image/autogen '5' Default
VFS and photos options image/prettythumbs true Default
VFS and photos options image/squaremini true Default
VFS and photos options image/smartcrop false Default
VFS and photos options image/tiny false Default
VFS and photos options image/num_uploads '100' Default
VFS and photos options image/font Default
Thumbnail Settings thumbnail/perpage '30' Default
Thumbnail Settings thumbnail/width '150' Default
Thumbnail Settings thumbnail/height '150' Default
Thumbnail Settings thumbnail/unsharp true Default
Thumbnail Settings thumbnail/radius '0.7' Default
Thumbnail Settings thumbnail/amount '1' Default
Thumbnail Settings thumbnail/threshold ‘0.05’ Default
Screen Image Settings screen/width '800' Default
Screen Image Settings screen/height '600' Default
Screen Image Settings screen/unsharp true Default
Screen Image Settings screen/radius '0.5' Default
Screen Image Settings screen/amount '1.2' Default
Screen Image Settings screen/threshold ‘0.05’ Default
Ecard Settings ecard/enable true Default
Photo Comments comments/allow ‘Authenticated user’ Default
Cache Settings ansel_cache/usecache false Default
Tag Settings tags/relatedtags false Default
Content Reporting Settings report_content/driver false Default
Age settings ages/limits ‘’ Default
Age settings ages/hook false Default
Face Detection faces/driver ‘manuel detection of user’ Default
Face Detection faces/search '7' Default

Add the sql schema for Ansel in the database First get this module directly from horde website and install it

> cd /usr/share/horde/
> ./bin/db_migrate ansel


Mnemo configuration

Mnemo is a web-based note, configuration is done directly under horde/configuration, with administration account. But you need first to add the correct field in the SQL database

First get this module directly from horde website and install it (no rpm for it)

> wget ftp://ftp.horde.org/pub/mnemo/mnemo-h3-2.2.4.tar.gz
> tar -xvf mnemo-h3-2.2.4.tar.gz
> cd mnemo-h3-2.2.4
> mv config /etc/horde/mnemo
> chown -R apache:apache /etc/horde/mnemo
> chmod -R 770 /etc/horde/mnemo
> cd ..
> mv mnemo-h3-2.2.4 /usr/share/horde/mnemo
> cd  /usr/share/horde/mnemo
> ln -s ../../../../etc/horde/mnemo config

Modification of the php file of mnemo to correct the link between configuration and php files :

> cp /etc/horde/mnemo/prefs.php.dist /etc/horde/mnemo/prefs.php
> chown -R apache:apache /etc/horde/mnemo/prefs.php
> gedit /etc/horde/mnemo/prefs.php

Change line require_once dirname(__FILE__) . '/../lib/Mnemo.php'; by require_once '/usr/share/horde/mnemo/lib/Mnemo.php';

Add the field in the SQL database :

> cd /usr/share/horde/mnemo/scripts/sql/
> mysql -u root -p horde <mnemo.sql 

Used password : “Pass-mySql“.

Change if necessary your configuration the following value (http://127.0.0.1/horde/???) 127.0.0.1/horde/???

Page Parameter name Value Comments
Generate Notes storage/params/table mnemo_memos Default
Generate Notes storage/params/driverconfig Horde Default
Generate Notes storage/driver sql Default
Generate Notes utils/gnupg Default
Generate Notes menu/print true Default
Generate Notes menu/import_export true Default
Generate Notes menu/apps array() Default




trean configuration

trean is a Bookmarks managers , configuration is done directly under horde/configuration, with administration account. But you need first to add the correct field in the SQL database

First get this module directly from horde website and install it (no rpm for it)

> wget ftp://ftp.horde.org/pub/snaps/latest/trean-FRAMEWORK_3*.tar.gz
> tar -xvf trean-FRAMEWORK_3*.tar.gz
> cd trean-FRAMEWORK_3
> mv config /etc/horde/trean
> chown -R apache:apache /etc/horde/trean
> chmod -R 770 /etc/horde/trean
> cd ..
> mv trean-FRAMEWORK_3 /usr/share/horde/trean
> cd  /usr/share/horde/trean
> ln -s ../../../../etc/horde/trean config

Modification of the php file of horde to add this application in the horde database :

> gedit /etc/horde/registry.php

Change line $this->applications['trean'] = array(

   'fileroot' => FEDORA_FILEROOT . '/trean',
   'webroot' => $this->applications['horde']['webroot'] . '/trean',
   'name' => _("Bookmarks"),
   'status' => 'inactive',
   'provides' => 'bookmarks',
   'menu_parent' => 'organizing'

);

by $this->applications['ansel'] = array(

   'fileroot' => FEDORA_FILEROOT . '/ansel',
   'webroot' => $this->applications['horde']['webroot'] . '/ansel',
   'name' => _("Photos"),
   'status' => 'active',
   'provides' => 'images',
   'menu_parent' => 'website'

); $this->applications['trean'] = array(

   'fileroot' => FEDORA_FILEROOT . '/trean',
   'webroot' => $this->applications['horde']['webroot'] . '/trean',
   'name' => _("Bookmarks"),
   'status' => 'active',
   'provides' => 'bookmarks',
   'menu_parent' => 'organizing'

);


Add the field in the SQL database :

> cd /usr/share/horde/trean/scripts/sql/
> mysql -u root -p horde <trean.sql 

Used password : “Pass-mySql“.

Change if necessary your configuration the following value (http://127.0.0.1/horde/???) 127.0.0.1/horde/???

Page Parameter name Value Comments
Menu settings Menu/mport_export Yes Default
Menu settings Menu/apps list Default
Virtual File Storage Favicons/type Sql We want to use SQL, yes
Virtual File Storage Favicons/params/driverconfig Horde Default



(TBD)