엮음 7.1
cache_cell_size)cache_object_size)cache_indexedobject_size)innodb_buffer_pool_sizeinnodb_log_file_sizeinnodb_log_buffer_sizequery_cache_sizeinnodb_file_per_tablemax_allowed_packet
zarafa-server) — The server process accepts connections for all clients through SOAP (HTTP), and stores the data in an SQL database.
zarafa-licensed) — The licensed process checks which features will be available dependent on the subscription for the Small Business, Professional or Enterprise edition.
zarafa-webaccess) — A full featured web interface (with an Outlook look and feel) that enables users to collaborate from any computer with an internet connection.
zarafa-webapp) — The next generation collaboration web client, which offers integration with chat, presence and video conferencing.
zarafa-dagent, zarafa-spooler) — The tools which serve the email communication with the outside world. The dagent delivers mail from the Mail Transport Agent (MTA) to a Zarafa user. The spooler sends mail waiting in the outgoing queue to the specified MTA.
zarafa-admin) — The command line administration tool is used to manage users, user information and groups.
zarafa-gateway) — Optional service to provide POP3 and IMAP access to Zarafa users.
zarafa-monitor) — Service which monitors user stores for quota exceeds.
zarafa-caldav) — Optional service that provides iCal and CalDAV support. CalDAV is recommended due to speed and less data transfer.
zarafa-backup, zarafa-restore) — A brick-level backup tools to create simple backups of stores and to restore (part of) those backups on a later point in time. This part is only available in Zarafa commercial editions.
zarafa-webaccess-mobile) which provides basic web interface with limited functionality. Please note that this component is deprecated and will probably be removed from future version of ZCP.
80, or port 443 in case of HTTPS). Because of these standards it is possible to connect transparently through proxies, allowing connectivity over most networks without modifications.
ldap_nonactive_attribute configuration directive. When using the DB back end, it’s possible to specify the non-active flag with the -n option when using zarafa-admin to create users. The Unix user plugin uses the unix-shell of the user as specified in /etc/passwd to determine if the store should be a non-active store.
| Size of all mailboxes/Users | CPU (Cores)* | Memory | Harddisk | Raid level |
|---|---|---|---|---|
|
< 5 GB / 1-25 users
|
2
|
2 GB
|
SATA, SAS
|
RAID1, 7.2K
|
|
> 5 - < 10 GB / 26-50 users
|
4
|
4 GB
|
SAS
|
RAID1, 7.2K
|
|
> 10 - < 20 GB / 51-100 users
|
4
|
6 GB
|
SAS
|
RAID10, 7.2K
|
|
> 20 - < 50 GB / 101-200 users
|
6
|
8 GB
|
SAS
|
RAID10, 10K
|
|
> 50 GB - < 100GB / 201-300 users
|
6
|
10 GB
|
SAS
|
RAID10, 10K
|
|
> 100GB - < 250 GB / 301-500 users
|
6
|
12 GB
|
SAS
|
RAID10, 10K
|
|
> 250 GB / 501-1000 users
|
8
|
16 GB
|
SAS
|
RAID10, 15K or SSD/7.2K Hybrid
|
ia64 architecture will be dropped in the ZCP-7.x.x cycle
| OS Release | Supported CPU Architectures |
|---|---|
|
RHEL 5
|
i386, x86_64, ia64*
|
|
RHEL 6
|
i686, x86_64
|
|
SLES 10
|
i586, x86_64, ia64*
|
|
SLES 11
|
i586, x86_64, ia64*
|
|
Debian 5.0 (Lenny)
|
i386, x86_64, ia64*
|
|
Debian 6.0 (Squeeze)
|
i386, x86_64
|
|
Ubuntu 8.04 LTS (Hardy)
|
i386, x86_64
|
|
Ubuntu 10.04 LTS (Lucid)
|
i386, x86_64
|
|
Ubuntu 12.04 LTS (Precise)
|
i386, x86_64
|
| MS Windows Release | Supported CPU Architectures |
|---|---|
|
Windows Server 2003
|
32bit, 64bit
|
|
Windows Server 2008
|
32bit, 64bit
|
|
Windows XP
|
32bit, 64bit
|
|
Windows Vista
|
32bit, 64bit
|
|
Windows 7
|
32bit, 64bit
|
zarafa-licensed is not needed, though in order to have Outlook support in the community edition, it is necessary to run the zarafa-licensed daemon.
zarafa-webaccess-muc is a feature not available in the community edition. A valid subscription is needed.
/usr/lib64/zarafa, instead of the /usr/lib/zarafa location. This path has to be adjusted in the server.cfg configuration file. Set the plugin_path to /usr/lib64/zarafa, so the server can find the user plugin files.
max_allowed_packet should not be set higher than 128M. This can conflict with Zarafa offline mode in Outlook. If the MySQL option must be higher you must also update the Zarafa offline clients. Change the value max_allowed_packet in C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\MySQL\My.ini on the client.
install.sh and uninstall.sh scripts (and an additional helpers.inc file)
windows containing Windows specific binaries
browsers containing the Firefox Drag&Drop plugin
install.sh script will automatically execute the actions described under Manual Installation below. Thus, it will:
sh ./install.sh
install.sh, the server should be ready to start. Proceed with creating stores as explained by the script.
install.sh script is invoked with the -config parameter, it will not install any software but ask the configuration options only.
sh ./install.sh -config
install.sh script always configures the server to use the DB user plugin. If another user base is neccesary, please read 4장. Configure ZCP Components for information on how to configure the server.
install.sh script is not usable in this case.
| Package name | Description |
|---|---|
|
libical
|
Contains the ical library used for Caldav and iCal
|
|
libvmime
|
Contains the library for working with mime and rfc822 messages
|
|
libkyotocabinet16
|
Contains the library of routines for managing the full text search database
|
|
php-mapi
|
Contains the php-mapi extension
|
|
python-mapi
|
Contains the Python MAPI bindings for Zarafa
|
|
python-zcp-license
|
Contains the python licensed bindings for zarafa
|
|
zarafa
|
Can be used to install the complete ZCP stack on a server
|
|
zarafa-backup
|
Contains the zarafa backup and restore tools
|
|
zarafa-client
|
Contains the MAPI provider for the MAPI clients
|
|
zarafa-dagent
|
Contains the delivery dagent
|
|
zarafa-gateway
|
Contains the POP3/IMAP gateway
|
|
zarafa-ical
|
Contains the iCAL/Caldav gateway
|
|
zarafa-libarchiver
|
Contains the de-stubbing libary for the Zarafa Archiver
|
|
zarafa-libs
|
Contains the conversion libraries for email and calendaring
|
|
zarafa-licensed
|
Contains the non opensource binaries and config files
|
|
zarafa-search
|
Contains the full text search engine
|
|
zarafa-monitor
|
Contains the quota monitor
|
|
zarafa-multiserver
|
Contains the multi-server libraries
|
|
zarafa-search
|
Contains the full text search component
|
|
zarafa-server
|
Contains the backend server and configuration files
|
|
zarafa-spooler
|
Contains the spooler
|
|
zarafa-utils
|
Contains the administration tools, like zarafa-admin and zarafa-fsck
|
|
zarafa-backup
|
Contains the Bricklevel backup tool
|
|
zarafa-webaccess
|
Contains the WebAccess
|
|
zarafa-webaccess-muc
|
Contains the multi-user calendar for WebAccess
|
|
zarafa-webapp
|
Contains the WebApp, which is the replacement for WebAccess
|
|
zarafa-archiver-extra
|
Contains additional licensed archiver tools
|
rpm -Uvh <package file>
<package file> with the packages found in the tarball. Start with libvmime, libical and zarafa (in this order) then install the other packages. The package manager might find unresolved dependencies, try to install packages for these dependencies as normal would be done for that distribution (yum -i on Red Hat, zypper -i on OpenSUSE/SLES).
dpkg -i <package file>
apt-get or an equivalent tool can be used.
apt-get install mysql-server
apt-get install apache2-mpm-prefork libapache2-mod-php5
apt-get -f install
dpkg-reconfigure zarafa
gettext
session
iconv
xml
php5-gettext-5.2.8-37.4.x86_64.rpm php5-iconv-5.2.8-37.4.x86_64.rpm
WebAccess/tmp directory. If a user is directly logged off when he tries to login to the WebAccess, make sure PHP is configured with:
register_globals = off
setenforce permissive
/etc/sysconfig/selinux also has to be edited, to disable it for after reboots too.
CONFIG_CHECK_COOKIES_SSL.
/etc/init.d/postfix stop
/etc/init.d/zarafa-spooler stop /etc/init.d/zarafa-server stop /etc/init.d/zarafa-licensed stop
/etc/init.d/zarafa-dagent stop /etc/init.d/zarafa-gateway stop /etc/init.d/zarafa-ical stop /etc/init.d/zarafa-indexer stop /etc/init.d/zarafa-search stop /etc/init.d/zarafa-monitor stop
/etc/zarafa directory, which contains the configuration files.
cp -r /etc/zarafa /etc/zarafa.bck
cp -r /var/lib/zarafa /var/lib/zarafa.bck
mysqldump can be executed:
mysqldump --single-transaction -p zarafa > zarafa.sql
/etc/init.d/mysqld stop cp -r /var/lib/mysql /var/lib/mysql.bck cp -r /etc/my.cnf /etc/my.cnf.bck
| Distribution | Dependencies |
|---|---|
|
Debian 5
|
libboost-filesystem1.35.0, libboost-system1.35.0, libicu38, w3m, python-mysqldb
|
|
Debian 6
|
libboost-filesystem1.42.0, libboost-system1.42.0, libicu44, w3m, python-mysqldb
|
|
RHEL5
|
libicu, w3m, MySQL-python
|
|
RHEL6
|
boost-filesystem, boost-system, libicu, w3m, MySQL-python
|
|
SLES10
|
libicu, w3m, python-mysql
|
|
SLES11
|
libicu, w3m, python-mysql
|
|
Ubuntu 8.04
|
libicu38, w3m, python-mysqldb
|
|
Ubuntu 10.04
|
libboost-filesystem1.40.0, libboost-system1.40.0, libicu42, w3m, python-mysqldb
|
rpm -Uvh <package name>.rpm
zarafa-licensed is not needed. Only when Outlook integration is used the zarafa-licensed daemon is required.
/usr/share/doc/zarafa/example-config directory can be checked for new configuration options. The new changes can also be found in the Release Notes.
dpkg -Bi libvmime0_0.9.2*
dpkg -Bi libical0_0.44*
dpkg -i python-mapi*
dpkg -Bi <package name>
dpkg -i <package name>
apt-get install -f
zarafa-licensed is not needed. Only when Outlook integration is used the zarafa-licensed daemon is required.
/usr/share/doc/zarafa/example-config directory can be checked for new configuration options. The new changes can also be found in the Release Notes.
ldap_user_unique_attribute config field must be changed from objectSid to objectGuid. Since this is the unique identifier for users, changing this without updating the database will make the Zarafa server delete all users, and recreate the new detected users. This is not wanted, so it’s required to use the db-upgrade-objectsid-to-objectguid.pl script found in /usr/share/zarafa/doc/ directory. This script will detect the LDAP settings from the existing /etc/zarafa/server.cfg file and change the database to the new unique id. After the script, it’s required to update the LDAP configuration file to use the new unique attribute. Make sure the Zarafa server process is not running when using this script.
ldap_user_unique_attribute.
ldap-switch-sendas.pl script must be run. This script will update the LDAP or ADS server with the current send-as information and switches it to the 6.40 format.
cd /usr/share/doc/zarafa chmod 755 ldap-switch-sendas.pl ./ldap-switch-sendas.pl
info@company exists and some users need to send with that address in the from header. The users are added on the info@company object in the send-as attribute list.
ldap_search_base. All other old search_base options should be removed. Also, all scope options should be removed.
objectClass attribute. Every user object must be defined by it’s objectClass.
zarafaAccount in the user filter, so the options are still available.
server.cfg. Enabling this option will disable all delete and create actions of users and groups.
/etc/zarafa/server.cfg to enable safe mode:
user_safe_mode = yes
user_safe_mode can safely be disabled.
zarafa7-upgrade tool that comes with the zarafa-server package in ZCP 7.0. This upgrade tool will perform the necessary upgrade steps and will keep you informed about the progress. The zarafa7-upgrade tool can be found in /usr/share/doc/zarafa and requires the python-mysqldb or MySQL-python package, as well as the python-mapi packages. That last one can be found in the ZCP tarball.
zarafa7-upgrade script can be started, the Zarafa-server has to be started to convert the database to the latest 6.40 database revision.
/etc/init.d/zarafa-server start
/var/log/zarafa/server.log for the progress of this update.
[root@zarafa ~]# tail -f /var/log/zarafa/server.log Mo 27 Feb 2012 09:50:48 CET: Starting zarafa-server version 7,0,5,31880, pid 30725 Mo 27 Feb 2012 09:50:48 CET: Connection to database 'zarafa' succeeded Mo 27 Feb 2012 09:50:48 CET: WARNING: zarafa-licensed not running, commercial features will not be available until it's started. Mo 27 Feb 2012 09:50:48 CET: Start: Move IMAP subscribed list from store to inbox Mo 27 Feb 2012 09:50:55 CET: Done: Move IMAP subscribed list from store to inbox Mo 27 Feb 2012 09:50:55 CET: Start: Update sync table time index Mo 27 Feb 2012 09:50:58 CET: Done: Update sync table time index Mo 27 Feb 2012 09:50:58 CET: Start: Update changes table state key Mo 27 Feb 2012 11:05:12 CET: Done: Update changes table state key Mo 27 Feb 2012 11:05:12 CET: Start: Converting database to Unicode Mo 27 Feb 2012 11:05:12 CET: Will not upgrade your database from 6.40.x to 7.0. Mo 27 Feb 2012 11:05:12 CET: The recommended upgrade procedure is to use the zarafa7-upgrade commandline tool. Mo 27 Feb 2012 11:05:12 CET: Please consult the Zarafa administrator manual on how to correctly upgrade your database. Mo 27 Feb 2012 11:05:12 CET: Alternatively you may try to upgrade using --force-database-upgrade, Mo 27 Feb 2012 11:05:12 CET: but no progress and estimates within the updates will be available. Mo 27 Feb 2012 11:05:12 CET: Failed: Rollback database Mo 27 Feb 2012 11:05:12 CET: Can't update the database: Unable to upgrade zarafa from version 6.40.30778 to 7.0.5.31880 Mo 27 Feb 2012 11:05:12 CET: Server shutdown complete.
zarafa7-upgrade to convert the database layout and make the database unicode ready.
gunzip /usr/share/doc/zarafa/zarafa7-upgrade.gz python /usr/share/doc/zarafa/zarafa7-upgrade
[root@zarafa ~]# python /usr/share/doc/zarafa/zarafa7-upgrade Converting search folders to Unicode: 879 / 879 (100%) Converting properties for IO performance: 69318024 / 69318024 (100%) Creating counters for IO performance: 16 / 16 (100%) Creating common properties for IO performance: 4 / 4 (100%) Creating message attachment properties for IO performance: 2 / 2 (100%) Creating tproperties for IO performance: 69318023 / 69318023 (100%) Converting hierarchy for IO performance: 69318023 / 69318023 (100%) Creating deferred table for IO performance: 1 / 1 (100%) Converting changes for IO performance: 56266424 / 56266424 (100%) Converting names table to Unicode: 10331 / 10331 (100%)
zarafa-indexer has been replaced by the zarafa-search package. Make sure you remove zarafa-indexer when upgrading to 7.1 and install the zarafa-search package. You can remove the old index directories and files as they won’t be used anymore. All directories found in the index_path location (default: /var/lib/zarafa/index/) can be removed. The new zarafa-search application only creates .kct files and will not interfere with the old index files.
zarafa-search options in the server.cfg file have also changed. All the old indexer options are replaced by new search options. The following config options can be removed from the old server config file:
index_services_enabled index_services_path index_services_search_timeout
search_enabled = yes search_socket = file:///var/run/zarafa-search search_timeout = 10
/etc/default/zarafa contains the following lines at the end.
# set to no to disable zarafa-search at startup SEARCH_ENABLED=yes # Location of the configuration files SEARCH_CONFIG=/etc/zarafa/search.cfg # Additional options that are passed to the Daemon. SEARCH_OPTS=""
zarafa-search service will not start automatically. The lines can be manually added or the file can be overwritten by the file provided in the package.
mv /etc/default/zarafa.dpkg-dist /etc/default/zarafa
zarafa-search and for offline users. This changes the privileges zarafa-server needs to correctly use the MySQL database. The mysql user needs the CREATE PROCEDURE privilege, which can be given using the GRANT sql command. Please see 4장. Configure ZCP Components for a full list of all required privileges and grant examples.
/etc/init.d/zarafa-server start /etc/init.d/zarafa-spooler start /etc/init.d/zarafa-licensed start
/etc/init.d/zarafa-dagent start /etc/init.d/zarafa-gateway start /etc/init.d/zarafa-ical start /etc/init.d/zarafa-search start /etc/init.d/zarafa-monitor start
php-mapi extension, the webserver has to be restarted as well:
/etc/init.d/apache2 restart
/etc/init.d/httpd restart
disabled.
optimize-imap.py script is available. By executing this script for every existing email the envelope structure and body structure and store these entries in the database. Additionally the whole RFC822 message file is generated and stored gzip compressed in the attachment directory.
python /usr/share/doc/zarafa-gateway/optimize-imap.py
/etc/init.d/zarafa-<component name> restart
/etc/zarafa/<component name>.cfg
/usr/share/doc/zarafa-<component name>/example-config/zarafa-<component name>.cfg
man <component name>.cfg
man zarafa-server.cfg
GRANT ALL PRIVILEGES ON zarafa.* TO 'zarafa'@'localhost' IDENTIFIED BY 'password';
GRANT alter, create, create routine, delete, drop, index, insert, lock tables, select, update ON zarafa.* TO 'zarafa'@'localhost' IDENTIFIED BY 'password';
mysql in the zarafa-server.cfg need to be set. Once this is setup the Zarafa Zerver should start normally.
/etc/sysconfig/zarafa
ZARAFA_USERSCRIPT_LOCALE to the correct language, for example nl_NL.UTF-8 or fr_FR.UTF-8.
ZARAFA_LOCALE in the /etc/sysconfig/zarafa file can be used to start the Zarafa Server component in the correct language. This language setting is used to set the default options, like the Public Folder name to the correct language.
/etc/default/zarafa
ZARAFA_USERSCRIPT_LOCALE to the correct language, for example nl_NL.UTF-8 or fr_FR.UTF-8.
apt-get install language-pack-nl
dpkg-reconfigure locales
ZARAFA_LOCALE in the /etc/default/zarafa file can be used to start the Zarafa Server component in the correct language. This language setting is used to set the default options, like the Public Folder name to the correct language.
## The locale used by some modules like mod_dav # export LANG=C ## Uncomment the following line to use the system default locale instead: . /etc/default/locale
user_plugin. This setting determines which back-end is used for managing users and groups. There are four options, namely db, unix and ldap and ldapms.
db plugin is used as it does not require any further configuration. The ldap plugin is used most in larger setups as it proves to be most flexible and integrates nicely with an organization’s the existing infrastructure.
ldapms plugin is required when configuring a multi-server Zarafa environment. Multi-server support is only available in the Enterprise edition.
| Feature | DB | Unix | LDAP | LDAPMS |
|---|---|---|---|---|
|
Create/delete/modify users
|
X
|
X
|
X
|
X
|
|
Set aliases
|
On MTA level
|
On MTA level
|
X
|
X
|
|
Hide users
|
-
|
-
|
X
|
X
|
|
Sendas permissions
|
X
|
X
|
X
|
X
|
|
Sendas permissions of groups
|
-
|
-
|
X
|
X
|
|
Security Groups
|
X
|
X
|
X
|
X
|
|
Distribution groups
|
-
|
-
|
X
|
X
|
|
Hide groups
|
-
|
-
|
X
|
X
|
|
Dynamic groups
|
-
|
-
|
X
|
X
|
|
Contacts support
|
-
|
-
|
X
|
X
|
|
Multi-tenancy support
|
X
|
-
|
X
|
X
|
|
Addresslists support
|
-
|
-
|
X
|
X
|
|
Multi-server support
|
-
|
-
|
-
|
X
|
zarafa-admin tool can be used to manage users.
zarafa-admin tool, see 8장. User Management.
/etc/passwd file. Group information will be read from /etc/group. Passwords are checked against /etc/shadow, so the zarafa-server process must have read access to this file (this process is normally run as root, so usually that is not a problem).
zarafa-admin tool has to be used to update these user properties. All other user properties are done using the normal unix tools.
/etc/zarafa/unix.cfg, exists for this plugin. The default set by this file are usually enough, in-line comments explain each option. In this configuration file the uid range of users wanted in the Zarafa server needs to be defined. The same goes for the groups.
/bin/false. These users cannot login, but the stores can be opened by other users. An administrator should setup the correct access rights for these stores.
man zarafa-unix.cfg
server.cfg configuration file to use the LDAP backend, namely:
user_plugin = ldap user_plugin_config = /etc/zarafa/ldap.cfg
/usr/share/doc/zarafa/example-config directory. Based on these examples the /etc/zarafa/ldap.cfg file should be adjusted to configure the LDAP authentication plugin.
zarafa-dagent to a store that has the ‘Out of Office’ option turned ON.
/etc/zarafa/autorespond. This file contains the following settings, which will be used for all autorespond messages server-wide:
AUTORESPOND_CC=0
AUTORESPOND_NORECIP=0
TIMELIMIT=$[24*60*60]
SENDDB=${TMP:-/tmp}/zarafa-vacation-$USER.dbSENDDBTMP=${TMP:-/tmp}/zarafa-vacation-$USER-$$.tmpSENDMAILCMD=/usr/sbin/sendmail
SENDMAILPARAMS="-t -f"
zarafa-dagent manual page which describes how to use an alternate script (using the -a option).
/etc/zarafa/server.cfg.
attachment_storage = files attachment_path = /var/lib/zarafa/attachments
/usr/share/doc/zarafa, and is named db-convert-attachments-to-files. This script can be used as follows:
db-convert-attachments-to-files <mysqluser> <mysqlpass> <mysqldb> <destination path> [delete]
<delete> switch is optional. If this parameter is given, the attachments are also removed from the database. Keep in mind that during the conversion the storage of the attachments on the harddisk will double. The amount of storage in MySQL used by ZCP can be looked up the with the following MySQL statements:
mysql> use zarafa; mysql> show table status;
data_length column for the lob table. This contains the number of bytes needed for the attachment storage.
attachment_storage option in the server.cfg file and point the attachment_path option to the folder where the attachments should be stored. After changing this option zarafa-server needs to be started once with the --ignore-attachment-storage-conflict parameter.
mkdir /etc/zarafa/ssl chmod 700 /etc/zarafa/ssl
ssl-certificates.sh script in the /usr/share/doc/zarafa directory, which uses the openssl command and the CA.pl script from OpenSSL. Depending on the distribution used this script can be installed in different directories. The script will try to find it on its own. If it is not found, either OpenSSL is not installed, or the script is in an unknown location, and location of the script has to be provided manually. Normally, the ssl-certificates.sh script can be run without problems.
cd /etc/zarafa/ssl sh /usr/share/doc/zarafa/ssl-certificates.sh server
server.pem. When the CA is not found in the default ./demoCA directory, it needs to be created. By pressing enter, the creation of the new CA is started.
Common Name field blank, otherwise the creation will fail.
ssl-certificates.sh script will automatically continue with this step. Enter a password for the request, and enter the certificate details. Some details need to be different from those typed when the CA was created. At least the field Organizational Unit Name needs to be different. The challenge password at the end may be left empty.
server.cfg file, which is normally disabled. The port 237 is set for SSL connections. This port number can be changed if necessary.
server_ssl_enabled = yes server_ssl_port = 237
server_ssl_ca_file setting. The server certificate and password must be set in the server_ssl_cert_file and server_ssl_cert_pass options.
server_ssl_ca_file = /etc/zarafa/ssl/demoCA/cacert.pem server_ssl_key_file = /etc/zarafa/ssl/server.pem server_ssl_key_pass = <password>
zarafa-server process, and now it’s possible to connect directly to the SSL port. Create a new Outlook profile, and mark the SSL connection option. Set the port to 237. The connection to the server has now been encrypted.
zarafa-licensed) expects /etc/zarafa/license to contain a file named base which simply holds the license key. To install a subscription key, use the following command:
mkdir -p /etc/zarafa/license echo <subscription key> > /etc/zarafa/license/base
<subscription key> should be replaced with a valid subscription key obtained from Zarafa or one of its partners.
echo 'CAL key' > /etc/zarafa/license/cal1
/etc/zarafa/license folder are not allowed.
smtp_server
server_socket
/var/run/zarafa.
[logging]
zarafa-spooler, use:
man zarafa-spooler.cfg
server_bind
0.0.0.0 for any address. Default value: 0.0.0.0
ical_enable
yes. Default value: yes
ical_port
8080
icals_enable
yes. Default value: no
icals_port
8443
server_socket
http://localhost:236/zarafa
zarafa-server (as set in its local_admin_users configuration setting). Unless Zarafa Caldav is specified to run as an untrusted user, it always authenticates users even if they provide no or wrong credentials!
ssl_private_key_file
/etc/zarafa/privkey.pem
ssl_certificate_file
/etc/zarafa/cert.pem
ssl_verify_client
yes. Default value: no
ssl_verify_file / ssl_verify_path
[logging]
ssl_private_key_file and ssl_certificate_file.
ssl_verify_client, ssl_verify_file and ssl_verify_path. Certificates can be self-signed or signed by a trusted certificate authority.
openssl genrsa -out /etc/zarafa/privkey.pem 2048
openssl req -new -x509 -key /etc/zarafa/privkey.pem -out /etc/zarafa/cert.pem -days 1095
.cer file and a .key file are already present, you can create a .pem file from these using the following command:
cat my_server.key > my_server_combined.pem cat my_server.cer >> my_server_combined.pem
my_server_combined.pem file for ssl_private_key_file or ssl_certificate_file. Please make sure first the .key file is processed, and then the .cer file.
| URL | Calendar |
|---|---|
http://server:8080/ical/<user>/<calendar>
|
user’s own default calendar via ical (not recommended)
|
http://server:8080/caldav/<user>/<calendar>
|
user’s own default calendar
|
http://server:8080/caldav/<other-user>/<calendar>
|
Other-user’s calendar
|
http://server:8080/caldav/<user>/<other-calendar>
|
user’s self created subcalendar in a self created calendar
|
http://server:8080/caldav/public/<calendar>/
|
Calendar folder in the public folder.
|
| URL For MAC OSX iCal client | Calendar |
|---|---|
http://server:8080/caldav/
|
User’s calendar list
|
http://server:8080/caldav/<other-user>
|
Other-users calendar list
|
http://server:8080/caldav/public
|
Public folders list
|
<other user> or <user>/<calendar> is only reachable if the correct permissions are available. If you want to open another user’s Calendar it is necessary to have folder visible permissions on the toplevel mailbox folder so the caldav servers can scan the mailbox for the right calendar folder. All other permissions are working the same as in Outlook.
server_bind
0.0.0.0 for any address. Default value: 0.0.0.0
imap_enable
yes. Default value: yes
imap_port
143
imaps_enable
yes. Default value: no
imaps_port
993
pop3_enable
yes. Default value: yes
pop3_port
110
pop3s_enable
yes. Default value: no
pop3s_port
995
imap_only_mailfolders
yes. Default value: yes
server_socket
http://localhost:236/zarafa
zarafa-server (as set in its local_admin_users configuration setting). Unless Zarafa Gateway is specified to run as an untrusted user, it always authenticates users even if they provide no or wrong credentials!
ssl_private_key_file
/etc/zarafa/privkey.pem
ssl_certificate_file
/etc/zarafa/cert.pem
ssl_verify_client
yes. Default value: no
ssl_verify_file / ssl_verify_path
[logging]
server.cfg or per user via the user plugin.
quota_warn = 100 quota_soft = 150 quota_hard = 200
0, that particular quota level is disabled.
zarafa-admin tool, the user quota can be set for a specific user. Example:
zarafa-admin -u john --qo 1 --qw 80 --qs 90 --qh 100
zarafa-admin does not work with LDAP. With LDAP the properties are stored in the LDAP server per user. See the 8장. User Management for more information.
zarafa-admin when using the db or unix plugin, or by editing the LDAP values as described in the User Management section.
/etc/init.d/zarafa-monitor start
zarafa-monitor -c /etc/zarafa/monitor.cfg
zarafa-monitor will daemonise, so the prompt will almost immediately return. Use -F to start it in the foreground. More information about the configuration options can be found in the manual page:
man zarafa-monitor.cfg
userquota_warning_template
userquota_soft_template
userquota_hard_template
companyquota_warning_template
/etc/zarafa/quotamail, in each of these templates certain variables are provided which will be substituted for the real value before the email is sent:
ZARAFA_QUOTA_NAME - The name of the user or company who exceeded his quota
ZARAFA_QUOTA_COMPANY - The name of the company to which the user belongs
ZARAFA_QUOTA_STORE_SIZE - When a user exceeds his quota, this variable contains the total size of the user’s store. When a company exceeds its quota this variable contains the total size of all stores, including the public store within the company space.
ZARAFA_QUOTA_WARN_SIZE - The quota warning limit for the user or company.
ZARAFA_QUOTA_SOFT_SIZE - The quota soft limit for the user or company.
ZARAFA_QUOTA_HARD_SIZE - The quota hard limit for the user or company.
B,KB,MB,GB) as part of the variable.
zarafa-search service, introduced in ZCP 7.10, offers full text searching capabilities for the Zarafa Server. The service will continuously index all mails, and optionally their attachments, of a single zarafa-server instance. Each zarafa-server instance in a multi-server setup needs it’s own zarafa-search service.
/etc/init.d/zarafa-search start
/etc/zarafa/server.cfg configuration file:
search_enabled = yes
zarafa-search service. To set the connection path change the following configuration option:
search_socket = file://var/run/zarafa-search
/etc/zarafa/search.cfg:
index_path = /var/lib/zarafa/index/
zarafa-search must be stopped first before deleting the file for that particular store.
zarafa-search service uses streaming synchronization offered by the zarafa-server for fast indexing of messages. To enable streaming, ensure that the following configuration option is enabled in the zarafa-server config:
enable_enhanced_ics = yes
/etc/zarafa/search.cfg:
index_attachments = yes
index_attachment_max_size can be used to prevent large attachments to be indexed. The value provided to this configuration option must be set in kilobytes.
/etc/zarafa/searchscripts/attachments_parser but the exact location can be configured using the configuration option index_attachment_parser.
attachments_parser will use the file attachments_parser.db to decide how the attachment should be parsed to plain text. Within this file is a list containing the command to parse each attachment type to plain text. This file can be edited to control the way attachments are parsed and to add or remove support for particular attachment types.
<mime-type>;<extension> `<command>`
/dev/stdin for the attachment data and must return the plain text through /dev/stdout. Some tools cannot parse attachment data from a stream, and require the data to be provided as file. To store the attachment in a temporary file, the script zmktemp can be used. That script will write all attachment data in a temporary file and print the location of the file to /dev/stdout.
echo -n can be used.
cat <attachment> | <command>
attachments_parser during the parsing of a single attachment can be restricted by limiting the total memory and CPU time usage. To control the maximum amount of memory the script can use is controlled by the configuration option index_attachment_parser_max_memory. By default this value is set to 0, to disable any memory consumption restriction. If a restriction should be applied, the maximum number of bytes should be provided. The best restriction size depends on the maximum attachment size which can be provided to the script (configured using index_attachment_max_size) and the 3rd party tools used to parse the attachments.
index_attachment_parser_max_cputime can be used. By default this value is set to 0, to disable any CPU time restriction. If a restriction should be applied, the maximum number of seconds should be provided. The best restriction depends on the 3rd party tools used to parse the attachments.
/usr/lib/php5/modules/
/usr/lib/php/extensions/
/usr/lib/php5/20060613/
/usr/lib/php5/20060613/
mapi.so* files to this location, eg:
mv /usr/lib/php/mapi.so* \
/usr/local/lib/php/php-config --extension-dir
php.ini configuration file. Add the following line to the php.ini if it does not already exist:
extension = mapi.so
php.ini file are:
/etc/php.ini
/etc/php5/apache2/php.ini
phpinfo() function it is possible to check whether the module will be loaded correctly. Search for the ‘MAPI’ part to check for the module. The phpinfo can also be viewed by running php -i on the command line if php cli is installed.
mapi.so extension, the webserver needs to be restarted. The following example shows how to restart Apache2:
/etc/init.d/apache2 restart
/etc/init.d/httpd restart
http://<ip-address server>/webaccess/
Alias /webaccess /usr/share/zarafa-webaccess/
<Directory /usr/share/zarafa-webaccess/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>/etc/init.d/apache2 reload
http://<ip-address server>/webapp/
Alias /webapp /usr/share/zarafa-webapp/
<Directory /usr/share/zarafa-webapp/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>/etc/init.d/apache2 reload
FileETag All
ExpiresActive On
<filesMatch "\.(jpg|gif|png)$">
ExpiresDefault "access plus 2 months"
Header append Cache-Control "public"
</filesMatch>
<FilesMatch "\.(js|css)$">
ExpiresDefault "access plus 2 weeks"
Header append Cache-Control "no-cache, must-revalidate"
</FilesMatch>
<filesMatch "\.(php)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</filesMatch>80 to the Zarafa Server on port 236. When the Apache server also accepts HTTPS connections, the proxyed connections can also be encrypted. The proxy and proxy_html modules of Apache need to be loaded.
<IfModule mod_proxy.c>
ProxyPass /zarafa http://127.0.0.1:236/
ProxyPassReverse /zarafa http://127.0.0.1:236/
</IfModule>/zarafa will be forwarded to localhost on port 236, where the Zarafa Server listens for incoming connections. These lines can be placed globally, or within a VirtualHost declaration.
389 or 636 (SSL). For best speed and reliability, it is always best to install an OpenLDAP server on the same physical host as the Zarafa Server that replicates with the main LDAP server. Besides performance improvements it also allows the Zarafa Server to run even when the main LDAP server goes down.
/etc, depending on the used distribution it is:
/etc/openldap
/etc/openldap
/etc/ldap
/etc/openldap
/etc/openldap/slapd.conf:
include /etc/openldap/schema/zarafa.schema
cp /usr/share/doc/zarafa/zarafa.schema /etc/openldap/schema/zarafa.schema
| Attribute name | Type |
|---|---|
|
cn
|
pres,eq,sub
|
|
gidNumber
|
pres,eq
|
|
mail
|
pres,eq,sub
|
|
memberUid
|
pres,eq
|
|
objectClass
|
pres,eq
|
|
ou
|
pres,eq
|
|
sn
|
pres,eq,sub
|
|
uid
|
pres,eq
|
|
uidNumber
|
pres,eq
|
|
zarafaAliases
|
pres,eq,sub
|
|
zarafaAccount
|
pres,eq
|
|
zarafaSendAsPrivilege
|
preq,eq
|
|
zarafaViewPrivilege
|
pres,eq
|
May 13 14:37:17 zarafa slapd[4507]: <= bdb_equality_candidates: (mail) not indexed
ldap.cfg configuration file:
ldap_host option the ip-address or server name of the LDAP server.
ldap_host = localhost
ldap_port = 389 ldap_protocol = ldap
ldap_uri = ldap://ldapserver1:389 ldap://ldapserver2:389
ldap_uri option, the options ldap_host, ldap_port and ldap_protocol are ignored.
ldap_bind_user = cn=Manager,dc=example,dc=com ldap_bind_passwd = secret ldap_authentication_method = bind
password, so the Zarafa Server will compare the encrypted password from the LDAP server with the encrypted password the user filled in during the login.
ldap_search_base = dc=example,dc=com ldap_object_type_attribute = objectClass ldap_user_type_attribute_value = posixAccount ldap_group_type_attribute_value = posixGroup ldap_contact_type_attribute_value = zarafa-contact ldap_company_type_attribute_value = zarafa-company ldap_addresslist_type_attribute_value = zarafa-addresslist ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup
ldap_user_search_filter = (zarafaAccount=1)
ldap_user_unique_attribute = uidNumber ldap_user_unique_attribute_type = text
ldap_fullname_attribute = cn ldap_loginname_attribute = uid ldap_emailaddress_attribute = mail ldap_emailaliases_attribute = zarafaAliases ldap_password_attribute = userPassword ldap_isadmin_attribute = zarafaAdmin ldap_nonactive_attribute = zarafaSharedStoreOnly
!propmap /etc/zarafa/ldap.propmap.cfg
ldap_group_search_filter = (objectClass=zarafa-group) ldap_group_unique_attribute = gidNumber ldap_group_unique_attribute_type = text
ldap_groupmembers_attribute = memberUid
ldap_groupmembers_attribute_type = text ldap_groupmembers_relation_attribute = uid
zarafaSecurityGroup) must be set to 1. When the zarafaSecurityGroup attribute is set to 0, the group will be a distribution group. Distribution groups are only available in the Global Address Book when creating a new email but cannot be used for configuring mailbox permissions.
ldap_group_security_attribute = zarafaSecurityGroup ldap_group_security_attribute_type = boolean
ldap.cfg the following configuration settings for the addresslist objects:
ldap_addresslist_search_filter = ldap_addresslist_unique_attribute = gidNumber ldap_addresslist_unique_attribute_type = text ldap_addresslist_filter_attribute = zarafaFilter ldap_addresslist_name_attribute = cn
/etc/init.d/zarafa-server reload
zarafa-admin -l
zarafa-admin -L
log_level to 6 in the /etc/zarafa/server.cfg will display all LDAP queries send to the server and possible errors.
zarafa-admin -l is done, all mailboxes will be created. This can take some time, so be patient.
man zarafa-ldap.cfg
regedit Then press ENTER.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
DWORD Value.
Value Name: Schema Update Allowed Data Type: REG_DWORD Base: Binary Value Data: Type 1 to enable this feature, or 0 (zero) to disable it.
users and computers, select a user and get the properties. The Zarafa tab should be available if the installation is successfully completed.
ldap.cfg configuration file:
ldap_host = 192.168.0.100
ldap_port = 636 ldap_protocol = ldaps
ldap_uri = ldap://dc1:389 ldap://dc2:389
ldap_uri option, the options ldap_host, ldap_port and ldap_protocol are ignored.
ldap_bind_user = cn=administrator,cn=users,dc=example,dc=com ldap_bind_passwd = secret ldap_authentication_method = bind
ldap_search_base = dc=example,dc=com
ldap_object_type_attribute = objectClass ldap_user_type_attribute_value = User ldap_group_type_attribute_value = Group ldap_contact_type_attribute_value = Contact ldap_company_type_attribute_value = ou ldap_addresslist_type_attribute_value = zarafa-addresslist ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup
# Default ADS MaxPageSize is 1000. ldap_page_size = 1000
which have specified user type attribute an additional search filter can be specified. For example:
ldap_user_search_filter = (zarafaAccount=1)
ldap_user_unique_attribute = objectGUID ldap_user_unique_attribute_type = binary
ldap_fullname_attribute = cn ldap_loginname_attribute = sAMAccountName ldap_emailaddress_attribute = mail ldap_emailaliases_attribute = otherMailbox ldap_password_attribute = ldap_isadmin_attribute = zarafaAdmin ldap_nonactive_attribute = zarafaSharedStoreOnly
!include /etc/zarafa/ldap.propname.cfg
otherMailbox is by default not indexed in Active Directory. It’s required to index this attribute in Active Directory, otherwise the Active Directory server will have a high CPU load during search queries on this attribute. For more information about indexing attributes in Active Directory, see http://go.microsoft.com/fwlink/?LinkId=46790.
ldap_group_search_filter = ldap_group_unique_attribute = objectSid ldap_group_unique_attribute_type = binary
ldap_groupmembers_attribute = member ldap_groupmembers_attribute_type = dn
ldap_group_security_attribute = groupType ldap_group_security_attribute_type = ads
ldap.cfg the following configuration settings for the addresslist objects.
ldap_addresslist_search_filter = ldap_addresslist_unique_attribute = cn ldap_addresslist_unique_attribute_type = text ldap_addresslist_filter_attribute = zarafaFilter ldap_addresslist_name_attribute = cn
/etc/init.d/zarafa-server reload
zarafa-admin -l
zarafa-admin -L
6 in the /etc/zarafa/server.cfg will display all LDAP queries by the Zarafa server and possible errors.
zarafa-admin -l is done, all mailboxes will be created. This can take some time, so be patient.
man zarafa-ldap.cfg
zarafa-dagent is executed. Messages are passed to the zarafa-dagent from the standard input or by the LMTP protocol. The usage of LMTP is the recommended delivery method as this enable the Single Instance Attachment Storage.
/etc/postfix directory. The main configuration file is logically called main.cf
inet_interfaces = all
main.cf.
virtual_mailbox_domains = example.com, example.org, example.net
main.cf to have Postfix use LDAP for looking up (valid) recipients:
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf virtual_transport = lmtp:127.0.0.1:2003
zarafa-dagent. The delivery needs to be done on the primary mail address of a user. For resolving the primary mail address of the user, create the file /etc/postfix/ldap-users.cf and add the following lines:
server_host = localhost search_base = ou=Users,dc=example,dc=com version = 3 scope = sub query_filter = (&(objectClass=posixAccount)(mail=%s)) result_attribute = mail
/etc/postfix/ldap-aliases.cf and add the following lines:
server_host = localhost search_base = ou=Users,dc=example,dc=com version = 3 scope = sub query_filter = (&(objectClass=posixAccount)(zarafaAliases=%s)) result_attribute = mail
/etc/init.d/postfix restart
zarafa-dagent is run as a daemon and started at boot time.
chkconfig zarafa-dagent on /etc/init.d/zarafa-dagent start
yes in the file /etc/default/zarafa-dagent. To enable the zarafa-dagent at boot time use:
update-rc.d zarafa-dagent defaults
zarafa-dagent when running in LMTP mode for monitoring purposes. Enable the logging options in the zarafa-dagent in /etc/zarafa/dagent.cfg.
/etc/postfix directory. The main configuration file is logically called main.cf.
inet_interfaces = all
main.cf:
virtual_mailbox_domains = example.com, example.org, example.net
main.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf virtual_transport = lmtp:127.0.0.1:2003
zarafa-dagent. The delivery needs to be done on the primary mail address of a user. For resolving the primary mail address of the user, create the file /etc/postfix/ldap-users.cf and add the following lines:
server_host = 192.168.0.100 search_base = ou=Users,dc=example,dc=local version = 3 bind = yes bind_dn = cn=zarafa,ou=Users,dc=example,dc=local bind_pw = secret scope = sub query_filter = (&(objectClass=user)(mail=%s)) result_attribute = mail
/etc/postfix/ldap-aliases.cf and add the following lines:
server_host = 192.168.0.100 search_base = ou=Users,dc=example,dc=local version = 3 bind = yes bind_dn = cn=zarafa,ou=Users,dc=example,dc=local bind_pw = secret scope = sub query_filter = (&(objectClass=user)(otherMailbox=%s)) result_attribute = mail
virtual_alias_maps:
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf
/etc/postfix/ldap-group.cf and insert the LDAP group configuration in there:
server_host = 192.168.0.100 search_base = ou=groups,dc=example,dc=local version = 3 bind = yes bind_dn = cn=zarafa,ou=Users,dc=example,dc=local bind_pw = secret query_filter = (&(objectclass=group)(mail=%s)) leaf_result_attribute = mail special_result_attribute = member
/etc/init.d/postfix restart
zarafa-dagent is run as a daemon and started at boot time.
chkconfig zarafa-dagent on /etc/init.d/zarafa-dagent start
yes in the file /etc/default/zarafa-dagent. To enable the zarafa-dagent at boot time use:
update-rc.d zarafa-dagent defaults
zarafa-dagent when running in LMTP mode for monitoring purposes. Enable the logging options in the zarafa-dagent in /etc/zarafa/dagent.cfg.
inet_interfaces = all
/etc/postfix directory. The main configuration file is logically called main.cf
main.cf:
virtual_mailbox_domains = example.com, example.org, example.net
main.cf config file in order to have Postfix look up recipient from a hash map:
virtual_mailbox_maps = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual virtual_transport = lmtp:127.0.0.1:2003
/etc/postfix/virtual should contain all email addresses and aliases of a user, in the following structure:
#Emailaddress or alias primary mailaddress of user john@example.com john@example.com user1@example.com user1@example.com user1@example.net user1@example.com alias_user1@example.com user1@example.com info@example.com user2@example.com, user1@example.com
/etc/postfix/virtual.db.
postmap /etc/postfix/virtual
zarafa-dagent over LMTP using the primary mail address of as specified in the hash map.
/etc/init.d/postfix restart
chkconfig zarafa-dagent on /etc/init.d/zarafa-dagent start
yes in the file /etc/default/zarafa-dagent. To enable the zarafa-dagent at boot time use:
update-rc.d zarafa-dagent defaults
zarafa-dagent when running in LMTP mode for monitoring purposes. To alter logging options for the zarafa-dagent, adjust the configuration file: /etc/zarafa/dagent.cfg.
tar zxvf z-push-<version>.tar.gz -C /usr/share/
-C option is the destination where the files need to be installed.
mkdir /var/lib/z-push mkdir /var/log/z-push
chmod 755 /var/lib/z-push /var/log/z-push chown apache:apache /var/lib/z-push /var/log/z-push
| Distribution | Apache username | Groupname |
|---|---|---|
|
Red Hat Enterprise Linux
|
apache
|
apache
|
|
SLES
|
wwwrun
|
www
|
|
Debian and Ubuntu
|
www-data
|
www-data
|
chcon -R -t httpd_sys_rw_content_t /var/lib/z-push chcon -R -t httpd_sys_rw_content_t /var/log/z-push
Microsoft-Server-ActiveSync to the index.php file in the z-push directory. This can be done by adding the following line to the httpd.conf file:
Alias /Microsoft-Server-ActiveSync /usr/share/z-push/index.php
| Distribution | Package name |
|---|---|
|
Red Hat Enterprise Linux*
|
php-cli php-soap php-process
|
|
SLES
|
php5 php5-soap php5-pcntl php5-sysvshm php5-sysvsem
|
|
Debian and Ubuntu
|
php5-cli php-soap
|
Z-Push directory to Microsoft-Server-ActiveSync. This will cause Apache to send redirects to the smartphone, which will definitely prevent proper synchronization.
php_flag magic_quotes_gpc = off php_flag register_globals = off php_flag magic_quotes_runtime = off php_flag short_open_tag = on
php.ini or in a .htaccess file in the root directory of Z-Push.
/usr/share/z-push and execute:
./z-push-top.php
./z-push-admin.php
ln -s /usr/share/z-push/z-push-admin.php /usr/sbin/z-push-admin
ln -s /usr/share/z-push/z-push-top.php /usr/sbin/z-push-top
z-push-admin tool.
openssl x509 -in ca.crt -inform PEM -out ca.cer -outform DER
openssl x509 -in host.crt -inform PEM -out host.cer -outform DER
ca.crt is your CA certificate file and host.crt is your certified file.
http://intranet/certs/ca.cer
http://intranet/certs/host.cer
http://<server>/Microsoft-Server-ActiveSync
*GET not supported* This is the z-push location and can only be accessed by Microsoft ActiveSync-capable devices.
config.php.
debug.txt file has to be created in the root directory of Z-Push. This file should be writeable by the Apache server process.
touch /var/www/z-push/debug.txt chmod 777 /var/www/z-push/debug.txt
debug.txt file will collect debug information about the synchronisation.
wbxml.php has to be edited and the parameter WBXML_DEBUG set to true:
define('WBXML_DEBUG', true);debug.txt logfile contains sensitive data and should be protected so it can not be downloaded from the internet.
debug.txt logfile, a .htaccess has to be created in the z-push root directory, containing:
<Files debug.txt> Deny from All </Files>
zarafa-spooler, zarafa-monitor, zarafa-gateway, zarafa-dagent and zarafa-admin. It’s possible to create one certificate for all these programs, or a certificate can be created for each program separetely. These clients can then login on the SSL connections with their certificate as authentication.
sh /usr/share/doc/zarafa/ssl-certificates.sh client
client.pem and a public key called client-public.pem are present. As an example, the configuration options needed to edit on the dagent.cfg file are as follows:
server_socket = https://name-or-ip-address:237/zarafa sslkey_file = /etc/zarafa/ssl/client.pem sslkey_pass = ssl-client-password
zarafa-admin tool to function correctly in a multi-server set-up, a admin.cfg file is required in the ZCP configuration directory, usually /etc/zarafa/. It also should contain the options mentioned above.
client-public.pem file to the server location:
mkdir /etc/zarafa/sslkeys mv client-public.pem /etc/zarafa/sslkeys
client.pem file. Anybody who has this private key can login to the Zarafa server and will be the internal SYSTEM user, who can do anything without restriction.
zarafa-admin tool can be used to manage tenants (companies), while with the LDAP plugin all information will come directly from LDAP or Active Directory.
server.cfg will be used when enabling the multi-tenancy support.
enable_hosted_zarafa
true it’s possible to create tenants within the Zarafa instance and assign all users and groups to particular tenants. When set to false, the normal single-tenancy environment is created.
createcompany_script
createcompany script which will be executed when a new tenant has been created.
deletecompany_script
deletecompany script which will be executed when a tenant has been deleted.
loginname_format
storename_format
server.cfg:
enable_hosted_zarafa = yes
loginname_format configuration option in server.cfg. This configuration option can contain the following variables:
%u - The username
%c - The companyname to which the user belongs
@ and \.
loginname_format for a user named "John Doe" who is member of "Exampleorg":
%u > john
\\%c\%u > \\exampleorg\john
%c is mandatory for the DB plugin, it is optional for the LDAP plugin. Managing unique loginname_s is easier in LDAP because it is possible to use the email address as the _loginname attribute. See the LDAP configuration file for more information about the loginname attribute.
zarafa-admin tool it should be formatted as configured. For example if the loginname_format configuration value includes company name variable (%c), the company name should be passed to the zarafa-admin tool everytime a username is needed.
server.cfg the configuration option storename_format is provided for exactly this purpose. In the format different variables are provided which can be used to different kinds of information.
%u — The username
%f — The fullname of the user
%c — The companyname, name of the tenant, to which the user belongs
%u > john
%f > John Doe
%f (%c) > John Doe (Exampleorg)
ldap_company_unique_attribute = ou ldap_companyname_attribute = ou ldap_company_scope = sub
zarafa-admin --list-companies and zarafa-admin -l.
6 in the /etc/zarafa/server.cfg will display all LDAP queries by the Zarafa server and possible errors.
zarafa-ldap.cfg man page for more detailed information about these multi-tenancy LDAP features.
man zarafa-ldap.cfg
/usr/bin/zarafa-admin -s -I <tenant>
<tenant> with the name of the tenant (company) for which the public store should be created. When the -I option is not used, the public folder will be created for a single-tenancy environment (And will not be accessible when multi-tenancy Zarafa is enabled). The public folder is by default available for all users within a tenant (company).
zarafa-admin is only available when using the DB plugin. When the LDAP plugin is used, all administration needs to be done through the LDAP or Active Directory server.
/usr/bin/zarafa-admin --create-company <companyname>
/usr/bin/zarafa-admin --delete-company <companyname>
/usr/bin/zarafa-admin --set-company <companyname>
--qw for setting the quota warning level for the specified company space.
/usr/bin/zarafa-admin --add-view <viewer> -I <companyname> /usr/bin/zarafa-admin --del-view <viewer> -I <companyname> /usr/bin/zarafa-admin --list-view -I <companyname>
<viewer> is the companyname which receives or looses permission to view company <companyname>. With the view privileges the Global Address Book can be shared between multiple organizations or use cross organization mailbox delegation.
/usr/bin/zarafa-admin --add-admin <admin> -I <companyname> /usr/bin/zarafa-admin --del-admin <admin> -I <companyname> /usr/bin/zarafa-admin --list-view -I <companyname>
<admin> is the loginname of the user who receives or looses admin privileges over the company <companyname>.
zarafa-admin tool. For details about using the zarafa-admin tool see man zarafa-admin. The user- or group name that should be given to the zarafa-admin tool depends on the loginname_format configuration option.
loginname_format is set to %u@%c creating a user for tenant exampleorg would be:
/usr/bin/zarafa-admin --c john@exampleorg ...other options...
exampleorg would be:
/usr/bin/zarafa-admin -g group@exampleorg ...other options...
Global company quota: Configured in /etc/zarafa/server.cfg and affects all tenants within the system.
Specific company quota: The quota level for a tenant configured through the plugin (LDAP or zarafa-admin tool).
Global user quota: This is configured in /etc/zarafa/server.cfg and affects all users from all tenants.
Company user quota: This is the default quota level for all users within a tenant, and is configured through the plugin at tenant level.
Specific user quota: This is the quota level for a specific user, and is configured through the user plugin.
Global company quota and Global user quota can be configured in the /etc/zarafa/server.cfg file, in there the options quota_warn, quota_soft and quota_hard for the user quota, and the options companyquota_warn for the tenant quota.
Specific company quota the zarafa-admin tool can be used when using the DB plugin. The following command will set the various quota levels over the tenant:
zarafa-admin --update-company <tenant> --qo y --qw <warningquota>
Specific user quota the zarafa-admin tool can be used when using the DB plugin. The following command will set the various quota levels over the user:
zarafa-admin -u <user> --qo y --qh <hardquota> --qs <softquota> --qw <warningquota>
Company user quota the zarafa-admin tool can be used when using the DB plugin by using the --update-company argument. The following command will set the various user default quota levels over the tenant:
zarafa-admin --update-company <tenant> --udqo y --udqh <hardquota> --udqs <softquota> --udqw <warningquota>
/etc/zarafa/ldap.cfg.
zarafaAdmin attribute to 2 when using LDAP or use -a 2 when using the DB plugin. A company administrator can be configured by setting the zarafaAdmin attribute to 1.
zarafa-admin --details <admin username> Username: admin@example.com Fullname: Administrator Emailaddress: admin@example.com Active: yes Administrator: yes (system)
Computer template can be used for this. When using OpenLDAP a custom LDAP object can be created, with the device, ipHost and zarafa-server objectClass.
common name, FQDN or ip-address and the Zarafa server details. Make sure the FQDN can always be resolved by the clients.
ZarafaContainsPublic attribute can only be set for one multi-server node. At the moment there is no support for multiple Public Folders on different nodes.
/usr/share/doc/zarafa-multiserver/example-config directory. The files ldapms.*.cfg are the specific multi-server configuration files. The following LDAP configuration entries need to be configured for a multi-server setup:
ldap_server_type_attribute_value = zarafa-server ldap_user_server_attribute = zarafaUserServer ldap_server_address_attribute = ipHostNumber ldap_server_http_port_attribute = zarafaHttpPort ldap_server_ssl_port_attribute = zarafaSslPort ldap_server_file_path_attribute = zarafaFilePath ldap_server_search_filter = ldap_server_unique_attribute = cn
zarafaCompanyServer attribute. Use the server name as well for this.
server.cfg are provided for Multi-server support.
enable_distributed_zarafa
true it is possible to spread users and companies over multiple servers. When set to false, the single-server environment is created.
server_name
zarafaUserServer attribute.
server.cfg:
user_plugin = ldapms enable_distributed_zarafa = yes server_name = <servername> server_ssl_enabled = yes
zarafa-dagent, zarafa-admin, zarafa-monitor need an SSL certifcate to login to the different multi-server nodes.
zarafa-dagent, a private and public key need to be created.
mkdir /etc/zarafa/ssl chmod 700 /etc/zarafa/ssl
ssl-certificates.sh script in the /usr/share/doc/zarafa directory, which uses the openssl command and the CA.pl script. Before a server certificate can be created a root CA is required. If no root CA is found, the script will first create an own CA.
cd /etc/zarafa/ssl/ sh /usr/share/doc/zarafa/ssl-certificates.sh server
ssl-certificates.sh script, the server certificate is created in the current directory. The root CA certificate can be found in the same directory or in the default SSL directory of the Linux distribution. On Ubuntu the root CA will be created as ./demoCA/cacert.pem, on RedHat the root CA will be created as /etc/CA/cacert.pem. Edit the following lines in /etc/zarafa/server.cfg.
server_ssl_enabled = yes server_ssl_port = 237 server_ssl_ca_file = /etc/zarafa/ssl/demoCA/cacert.pem server_ssl_key_file = /etc/zarafa/ssl/server.pem server_ssl_key_pass = <ssl-password> sslkeys_path = /etc/zarafa/sslkeys
cd /etc/zarafa/ssl sh /usr/share/doc/zarafa/ssl-certificates.sh client
client.pem and client-public.pem. The client.pem is the private key and will be used by a client (like dagent or spooler). The client-public.pem is the public key which is used by the server.
/etc/zarafa/sslkeys directory.
mv /etc/zarafa/ssl/client-public.pem /etc/zarafa/sslkeys
zarafa-server on all nodes to activate the new certificates:
/etc/init.d/zarafa-server restart
/etc/zarafa/dagent.cfg.
server_socket = https://127.0.0.1:237/zarafa sslkey_file = /etc/zarafa/ssl/client.pem sslkey_pass = <ssl-client-password>
zarafa-dagent -v -c /etc/zarafa/dagent.cfg <username_on_this_node> Subject: test email Test <ctrl-d>
yum install openssl-perl cp /etc/CA/cacert.pem /etc/pki/tls/certs/zarafa-ca.pem c_rehash /etc/pki/tls/certs
server_socket = file:///var/run/zarafa
scp -r /etc/zarafa/ssl /etc/zarafa/sslkeys root@node2:/etc/zarafa/
server.cfg and dagent.cfg on all the different nodes. On Red Hat based nodes also add the root CA to the CA bundle. When done test remote delivery width:
zarafa-dagent -v -c /etc/zarafa/dagent.cfg <username_on_other_node> Subject: test email Test <ctrl-d>
zarafa-dagent zarafa-spooler zarafa-backup, zarafa-restore zarafa-admin
yes in the server.cfg of the zarafa-server:
client_update_enabled = yes
zarafa-server is upgraded, it will copy the latest updated client installer to the path which is specified in the server configuration file server.cfg, As shown below.
client_update_path = /var/lib/zarafa/client/x32 client_update_path_x64 = /var/lib/zarafa/client/x64
zarafaclient-<major version>.<minor version>.<update number>-<build number>.msi
zarafaclient-6.40.0-19050.msi is a valid name of an update.
zarafa-server will send the new client update package to the client, so that it can update itself to the latest version.
237, the root CA certificate needs to be installed on the desktop used.
ZarafaLaunchUpdater.exe and a windows service known as ZarafaUpdaterService.exe.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Zarafa\Client\Version
c:\windows\temp\zarafaclient.msi. The zarafa updater service launches this update for installation in a silent mode.
All users\Application data\ directory and the Launch updater log will be written in the <user>\Application data\ directory.
<user>\Local Settings\Temp directory. These files are sent to the server depending on the server settings.
zarafa-server reports the status from the Zarafa client updater in the server.log. The zarafa-admin reports the latest status of the client update. Using the following command, you can view the update information per user: zarafa-admin --details <user>
Client update Information: Trackid: 1889610488 Last update: <date> From version: <version> To version: <version> Computername: <name> Update: Succeed
server.cfg field client_update_log_path (by default, this is set to /var/log/zarafa/autoupdate). The trackid value can be used to find the log files, for example: /var/log/zarafa/autoupdate/0x70A12AF8/
msiexec /i zarafaclient.msi ADDDEFAULT=Client /q
log_method is set to file, make sure this directory and file is writable by the user or group the service will be running as. When a logrotate happens, by sending the service the HUP signal, a new file is created, which will be owned by the user the service is running under.
/var/run, and will open the network sockets which most likely have a number under 1024, which may only be opened as root.
zarafa-server to run as user zarafa and group zarafa:
addgroup --system zarafa
adduser --system ---home /dev/null ---no-create-home \
--ingroup zarafa \
--disabled-password --gecos 'Zarafa services' \
--shell /bin/false zarafa
mkdir /var/log/zarafa
chown zarafa:zarafa /var/log/zarafa
chown zarafa:zarafa /etc/zarafa/report
chown -R zarafa:zarafa /var/lib/zarafarun_as_user and run_as_group options in the server.cfg file, and set them both to zarafa. Make sure the local_admin_users option still contains root as an administrative user, so the zarafa-admin tool can still be used. Otherwise su or sudo has to be used each time the zarafa-admin tool is started.
winbind
kinit
apt-get install krb5-user winbind
krb5-user will also install the Kerberos library configuration files in /etc. The package winbind depends on samba-common which will therefore be installed as well. On Red Hat Enterprise Linux both the krb5-workstation and the samba-common package are required for this.
/etc/zarafa/server.cfg:
enable_sso = yes
FQDN of the Windows ADS server: ADSERVER.ADSDOMAIN.LOCAL. Therefore, the windows server is named: ADSERVER, the realm is ADSDOMAIN.LOCAL, and the domain name is ADSDOMAIN. Workstations can therefore either join the domain using the ADSDOMAIN or ADSDOMAIN.LOCAL name.
FQDN of the Linux server is LINUXSERVER.LOCAL. This name does not matter much, as long as it is handled by the DNS server.
/etc/krb5.conf. Under the libdefaults section, set:
default_realm = ADSDOMAIN.LOCAL
realms section, add the windows realm:
[realms]
ADSDOMAIN.LOCAL = {
kdc = 192.168.0.100
admin_server = 192.168.0.100
password_server = 192.168.0.100
default_domain = ADSDOMAIN.LOCAL
}192.168.0.100 is the IP-address of the Windows ADS domain server.
kinit on the linux server:
kinit Administrator
Password of Administrator@ADSDOMAIN.LOCAL:
/etc/samba/smb.conf file, and add/set the following options:
[global] realm = ADSDOMAIN.LOCAL use kerberos keytab = true security = ads
[global] realm = ADSDOMAIN.LOCAL kerberos method = dedicated keytab dedicated keytab file = /etc/krb5.keytab security = ads
kerberos method may also be set to system keytab, and dedicated keytab file may be left out. Please consult the smb.conf(5) manual page for more information about these settings.
net ads join
net ads join -S ADSDOMAIN -U Administrator
Joined 'LINUXSERVER' to realm 'ADSDOMAIN.LOCAL'
/etc/init.d/winbind restart
ntlm_auth --username=john
john is a user on the ADS server.
NT_STATUS_OK: Success (0x0)
winbind, check the DNS names, check with strace what ntlm_auth tries to do, check with tcpdump if there is actual traffic on the network from ntlm_auth to the domain server and other lowlevel debugging tools.
winbind
apt-get install winbind
samba-common package is required for this.
/etc/zarafa/server.cfg file:
enable_sso = yes
net rpc join
Joined domain <DOMAIN>
ntlm_auth --username=john
john is a valid Samba user.
NT_STATUS_OK: Success (0x0)
winbind, check the DNS names, check with strace what ntlm_auth tries to do, check with tcpdump if there is actual traffic on the network from ntlm_auth to the domain server and other lowlevel debugging tools.
ADSERVER.ADSDOMAIN.LOCAL. Therefore the windows server is named: ADSERVER, the realm is ADSDOMAIN.LOCAL, and the workgroup name is ADSDOMAIN.
ZARAFA.LINUXDOMAIN.LOCAL.
httpd-linux to the Active Directory (this user will be used to create the principal for SSO with WebAccess, username may differ).
zarafa-linux to the Active Directory (this user will be used to create the principal for SSO with Outlook, username may differ).
ktpass.exe program. The Support tools can be found on the Windows Server install cd or can be downloaded from the Microsoft website.
RC4-HMAC-NT as the crypto, -mapop set +desonly must be left out.
ktpass.exe -princ HTTP/zarafa.linuxdomain.local@ADSDOMAIN.LOCAL -mapuser EXAMPLE\httpd-linux -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -pass <password> -out c:\keytab.apache
ktpass.exe -princ zarafa/zarafa.linuxdomain.local@ADSDOMAIN.LOCAL -mapuser EXAMPLE\zarafa-linux -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -pass <password> -out c:\keytab.zarafa
keytab.apache to /etc/httpd/conf/ on the Linux server.
keytab.zarafa to /etc/zarafa/ on the Linux server.
/etc/krb5.conf and insert the following lines:
[libdefaults]
default_realm = ADSDOMAIN.LOCAL
default_tgs_enctypes = des-cbc-md5 arcfour-hmac-md5
default_tkt_enctypes = des-cbc-md5 arcfour-hmac-md5
permitted_enctypes = des-cbc-md5 arcfour-hmac-md5
[realms]
ADSDOMAIN.LOCAL = {
kdc = adserver.adsdomain.local
admin_server = adserver.adsdomain.local
}
[domain_realm]
.adsdomain.local = ADSDOMAIN.LOCAL
adsdomain.local = ADSDOMAIN.LOCAL[libdefaults] section of /etc/krb5.conf:
default_keytab_name = /etc/zarafa/keytab.zarafa
server.cfg file:
enable_sso = yes
hostname command) does not equal the FQDN of the Linux server, the server_hostname variable will need to be changed in the server.cfg file:
server_hostname = zarafa.linuxdomain.local
service zarafa-server restart
mod_auth_kerb Apache module, e.g. for Red Hat:
yum install mod_auth_kerb
Alias /webaccess /usr/share/zarafa-webaccess <Directory /usr/share/zarafa-webaccess> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbServiceName HTTP KrbAuthRealms ADSDOMAIN.LOCAL Krb5KeyTab /etc/httpd/conf/keytab.apache require valid-user </Directory>
chmod 400 /etc/httpd/conf/keytab.apache chown apache:apache /etc/httpd/conf/keytab.apache
service httpd restart
/etc/zarafa/server.cfg:
local_admin_users = root apache
config.php file:
define("LOGINNAME_STRIP_DOMAIN", true);service zarafa-server restart
about:config
auth
network.negotiate-auth.trusted-uris and network.negotiate-auth.delegation-uris to .testdomain.com
zarafa-server. Now log on to a Windows workstation on the domain and create a new Outlook profile for the user just logged on, but leave the password field empty. Outlook should create the profile without the password.
zarafa-dagent process and can be controlled with the archive_on_delivery configuration option in the dagent configuration file.
zarafa-spooler process and can be controlled with the archive_on_send configuration option in the spooler configuration file.
zarafa-spooler is not involved in the send process in this situation.
plugin_path and look for a specific type of plugin. If the plugins are found it will be verified and loaded. Everytime the spooler or dagent is called it will execute the hooks based on priority. Plugins can validate and change a message on different stages of the spooler and dagent process.
| Option | Default | Description |
|---|---|---|
|
plugin_enabled
|
yes
|
Enable the plugin framework in the specfic component
|
|
plugin_manager_path
|
/usr/share/zarafa-
<componentname>/python
|
Path to the plugin manager.
|
|
plugin_path
|
/var/lib/zarafa/
<componentname>/plugins
|
Path to the activated plugins.
|
<componentname> can be dagent or spooler
<componentname>/python/plugins/’. To activate a plugin create a symbolic link in the plugin_path directory to the plugin which you want to activate. For example, to activate the disclaimer plugin in the spooler, run the follow command:
ln -s /usr/share/zarafa-spooler/python/plugins/disclaimer.py /var/lib/zarafa/spooler/plugins/disclaimer.py
ln -s /usr/share/zarafa-dagent/python/plugins/movetopublic.py /var/lib/zarafa/dagent/plugins/movetopublic.py
cp /usr/share/zarafa-dagent/python/plugins/movetopublic.cfg /etc/zarafa/movetopublic.cfg
ln -s /usr/share/zarafa-dagent/python/plugins/BMP2PNG.py /var/lib/zarafa/dagent/plugins/BMP2PNG.py
python-imaging is required to use this plugin.
| Filename | Description |
|---|---|
|
default.txt
|
The plain text version of the disclaimer
|
|
default.html
|
The HTML version of the disclaimer
|
|
<companyname>.txt
|
The plain text version of the disclaimer of a company
|
|
<companyname>.html
|
The HTML version of the disclaimer of a company
|
ln -s /usr/share/zarafa-spooler/python/plugins/disclaimer.py /var/lib/zarafa/spooler/plugins/disclaimer.py
log_level to 6. This will show all the information about the plugin framework.
<DATE> [id] PYTHONPATH = /usr/share/zarafa-dagent/python/Unknown_path <DATE> [id] Python type: (null) <DATE> [id] Python error: No module named mapiplugin <DATE> [id] Unable to initialize the dagent plugin manager
plugin_manager_path should refer to the directory with the following files,
<DATE> [id] * Loading plugins started <DATE> [id] ! Plugins directory '/usr/share/zarafa-dagent/python/plugins/invalid' doesn't exists. Plugins not loaded.
plugin_path by default it refer to the directory ‘/var/lib/zarafa/dagent/plugins’, the permissions on the directory must atleast have read and execute permissions.
<DATE> [id] PYTHONPATH = /usr/share/zarafa-dagent/python/ <DATE> [id] Python type: (null) <DATE> [id] Python error: 'PySwigObject' object has no attribute 'Log' <DATE> [id] Python trace: /usr/share/zarafa-dagent/python/mapiplugin.py(13) __init__ <DATE> [id] Python trace: /usr/share/zarafa-dagent/python/pluginmanager.py(16) loadPlugins <DATE> [id] Python trace: /usr/share/zarafa-dagent/python/wraplogger.py(16) logInfo <DATE> [id] Unable to initialize the dagent plugin manager
/usr/lib/python2.6/dist-packages/MAPICore.pyc
plugin_path by default in ‘/var/lib/zarafa/dagent/plugins’? If not, create a symlink to the plugin to activated or just copy the plugin into the directory.
plugin_path by default in ‘/var/lib/zarafa/spooler/plugins’? If not, create a symlink to the plugin to activated or just copy the plugin into the directory.
ldap attribute: ZARAFAPROXYURL.
<IfModule mod_ssl.c> NameVirtualHost *:237 Listen 237 </IfModule>
<VirtualHost *:237> ServerName zproxy.example.com SSLProxyEngine On ProxyPass /zarafa https://z1:237/zarafa retry=0 ProxyPassReverse /zarafa https://z1:237/zarafa retry=0 ProxyPass /z1 https://z1:237/z1 retry=0 ProxyPassReverse /z1 https://z1:237/z1 retry=0 ProxyPass /z2 https://z2:237/z2 retry=0 ProxyPassReverse /z2 https://z2:237/z2 retry=0 Header add zarafa_proxy "yes" RequestHeader set zarafa_proxy "yes" SSLEngine On SSLVerifyDepth 2 SSLCertificateFile /path/to/WEB.CRT SSLCertificateKeyFile /path/to/WEB.KEY SSLCACertificateFile /path/to/CA.CRT CustomLog /var/log/apache2/zproxy.example.com-access.log combined ErrorLog /var/log/apache2/zproxy.example.com-error.log </VirtualHost>
ldap add the attribute ZARAFAPROXYURL to all servers in the multi-server environment.
ZARAFAPROXYURL: https://zproxy.example.com:237/z1
ldap record for node Z1 may look something like this:
objectClass: top objectClass: zarafa-server objectClass: device objectClass: ipHost ZARAFAHTTPPORT: 236 ZARAFASSLPORT: 237 ZARAFAFILEPATH: /var/run/zarafa ipHostNumber: 192.168.1.1 cn: z1 ZARAFAPROXYURL: https://zproxy.example.com:237/z1
ZARAFAPROXYURL: https://zproxy.example.com:237/z2
ldap record for node Z2 may look something like this:
objectClass: top objectClass: zarafa-server objectClass: device objectClass: ipHost ZARAFAHTTPPORT: 236 ZARAFASSLPORT: 237 ZARAFAFILEPATH: /var/run/zarafa ipHostNumber: 192.168.1.2 cn: z2 ZARAFAPROXYURL: https://zproxy.example.com:237/z2
proxy_header = zarafa_proxy
ldap database.
zarafa-server, the server process
zarafa-spooler, sends outgoing email to an SMTP server
zarafa-monitor, checks for quota limits
zarafa-gateway, provides POP3 and IMAP access
zarafa-ical, provides iCal and CALDAV access for clients that use this type of calendar
zarafa-licensed, needed when using any closed source zarafa module with zarafa-server
zarafa-search, provides a full text indexing service for quick searching through email and attachments
zarafa-dagent, runs as a service when using local mail transfer protocol (LMTP, see 5.4절. “ZCP Postfix integration”)
zarafa-server and zarafa-spooler processes are mandatory to run Zarafa. The zarafa-monitor, zarafa-gateway, and zarafa-ical services are optional. To start a service, type:
/etc/init.d/zarafa-<servicename> start
<servicename> with the service that needs to start. To start the zarafa-server, type:
/etc/init.d/zarafa-server start
init.d scripts can start, stop and restart the services. If the init.d script cannot be used, the server needs to be started manually. It is possible to explicitly tell the zarafa server where the configuration file is, using the -c switch:
/usr/bin/zarafa-server -c /etc/zarafa/server.cfg
zarafa-server will daemonise, so prompt will almost immediately return. Use -F to start it in the foreground. The -F switch can also be used for programs like daemontools that monitor services.
/etc/init.d/zarafa-<servicename> stop
zarafa-spooler may take up to 10 seconds to stop. The zarafa-server may take up to 60 seconds to stop.
zarafa-server, type the following command to get the configuration manual page:
man zarafa-server.cfg
reloading chapter are all the options that can be reloaded for that service. To make a service reload the configuration file, type:
/etc/init.d/zarafa-<servicename> reload
/var/log/zarafa. This directory is created when the packages are installed. When this directory is not present, or not writable under the running user, services will not be able to open their log file and will print the log messages to the standard output.
log_method
file sends the messages to a file. On Linux systems, syslog sends the messages to the default maillog through syslog.
log_file
log_method is set to file, this is the variable that defines the name of file. The server needs write access to the directory and file.
log_level
6 is the highest level.
log_timestamp
1 or 0; This will enable or disable a timestamp, when using a file as the log method.
zarafa-server are configured in a same manner as the server.
zarafa-server startup by user uid=0
zarafa-server signalled sig=15
man 7 signal for a list of most common signal IDs.
authenticate ok user='john' from='127.0.0.1' method='User supplied password' program='apache2'
authenticate failed user='john' from='127.0.0.1' program='apache2'
authenticate spoofed user='john' requested='test' from='192.168.50.178' method='kerberos sso' program='OUTLOOK.EXE'
authenticate ok user='john' from='127.0.0.1' method='User supplied password' program='apache2' impersonate ok user='jane', from='127.0.0.1' program='apache2' impersonator='john'
authenticate ok user='john' from='127.0.0.1' method='User supplied password' program='apache2' impersonate failed user='jane', from='127.0.0.1' program='apache2' impersonator='john'
Public store, messages will be logged.
access allowed objectid=387538 type=3 ownername='test' username='constant' rights='view'
access denied objectid=387538 type=3 ownername='test' username='constant' rights='view'
Public store the ownername will be SYSTEM in single-tenancy mode, and the company name in multi-tenancy mode.
perl /usr/share/doc/zarafa/audit-parse.pl < /var/log/zarafa/audit.log
access allowed rights='view' type='folder' objectid='store\27\IPM_SUBTREE\Calendar' username='john' ownername='mary'
/etc/zarafa/server.cfg the following options are added:
audit_log_enabled = no audit_log_method = syslog audit_log_file = - audit_log_level = 1 audit_log_timestamp = 0
authpriv facility will be used to send the messages to.
--system Gives information about threads, SQL and caches
--session Gives information about sessions and server time spent in SOAP calls
--users Gives information about users, store sizes and quotas
--company Gives information about companies, company sizes and quotas
--top Shows top-like information about sessions and server resource usage
zarafa-stats --top Last update: Tue Mar 29 13:40:18 2011 Sess: 1 Sess grp: 1 Users: 1 Hosts: 1 CPU: 0% QLen: QAge: SQL/s SEL: 0 UPD: 0 INS: 0 DEL: 0 Threads(idle): () SOAP calls: 6 VERSION USERID IP/PID APP TIME CPUTIME CPU NREQ TASK 7,0,0,24874 SYSTEM 4527 zarafa-spooler 0:00 0:00 0 6 tableQueryRows
--top overview gives every second status information about CPU usage, connected clients, active threads, queue length and SQL queries. When the server has a high queue length and age the amount of threads should be normally increased.
Deleted Items folder.
Deleted Items, the items still will not be fully removed from the database. Rather, they are marked as deleted, so the user does not see the items. Even when a user deletes items with <SHIFT> <delete> they are not removed from the database, but marked as deleted.
softdelete_lifetime configuration value. The default value is 30 (days).
30. This means that deleted items will be purged from the database 30 days after they were deleted. When this option is set to 0 (zero), the items will never be removed from the database.
zarafa-admin --purge-softdelete <days>
<days> denotes the number of days that recently removed items are kept. When 0 (zero) all removed items are purged.
/usr/bin/zarafa-admin -s
zarafa-admin administration tool for managing user and groups. When using the DB plugin the tool can be used to create or delete users and groups. When using the unix or ldap plugin the tool can’t be used for creation of users and groups, but the tool can still be used to get more information about users and groups.
zarafa-admin -l zarafa-admin -L
zarafa-admin --details john
Username: john
Fullname: John Doe
Emailaddress: j.doe@example.com
Active: yes
Administrator: no
Address book: Visible
Last logon: 03/25/11 19:50:29
Last logoff: 03/25/11 19:50:29
Quota overrides: no
Warning level: 1024 MB
Soft level: 2048 MB
Hard level: 3072 MB
Current store size: 462 MB
Groups (1):
Everyone
Sales teamzarafa-admin --details sales --type group
Groupname: sales
Fullname: sales
Emailaddress:
Address book: Visible
Users (1):
Username Fullname Homeserver
-----------------------------------------------
john John Doe
mary Mary Jones /usr/bin/zarafa-admin --list-orphans
Stores without users:
Store guid Guessed username Last modified Store size
-----------------------------------------------------------------------------------------------
CAC27E6D70BB45B0B712B760AE6BA0A8 steve 2010/03/22 14:22 2334KB
Users without stores:
Username
-----------------------------
jane/usr/bin/zarafa-admin --remove-store <store-guid>
/usr/bin/zarafa-admin --hook-store <store-guid> -u <user>
-u option will now have the new store attached to it. Re-login with the webaccess or create a new profile in Outlook to access the store.
list-orphans options of the zarafa-admin command.
zarafa-admin can be found in the man-page.
man zarafa-admin
zarafa-admin command. For user management with the LDAP user plugin, please see 8.5절. “User Management with LDAP or Active Directory”.
/usr/bin/zarafa-admin -c <user name> -p <password> \
-e <email> -f <full name> -a <administrator><user name>@<email domain>.
'').
0 or 1. When a user is administrator, the user will be allowed to open all Zarafa stores of any user. It is also possible to pass 2 as administrator level, this will make the user a system administrator who can access mailboxes within other companies.
-P switch. The password is then not given at the command prompt, but asked for by the zarafa-admin tool. The password is not echoed on the screen and needs to be typed twice for verification.
zarafa-admin -c <user name> -P -e <email> -f <full name> -n 1
zarafa-admin tool can be used to update the stores and user information. Use the following command to update:
/usr/bin/zarafa-admin -u <user name> [-U <new user name>] \
[-p <new password>] [-e <email>] \
[-f <full name>] [-a <0|1>]/usr/bin/zarafa-admin -d <user name>
<delegate> on behalf of <user>. This setting can only be set from the WebAccess or Outlook client.
zarafa-admin is only applicable with the DB or UNIX plugin. For setting up LDAP or Active Directory see 8.5절. “User Management with LDAP or Active Directory”.
-u update action.
zarafa-admin -u <delegate> --add-sendas <user>
zarafa-admin -u helpdesk --add-sendas john
-u update action.
zarafa-admin -u <delegate> --del-sendas <user>
zarafa-admin --list-sendas helpdesk
Send-as list (1) for user helpdesk:
Username Fullname
-----------------------------
john John Doezarafa-admin tool, groups can be created and users can be added or removed from groups. In the following example, a user john is created, a group administration is created, and the user john is added to the group administration.
zarafa-admin -c john -p secret -f “John Doe” -e “j.doe@domain.com” zarafa-admin -g administration zarafa-admin -b john -i administration
-l or -L, a list of users or groups can be listed from the server.
useradd tool and the Zarafa specific user administration has to be done with the zarafa-admin tool.
adduser command.
useradd <username> -c "Full name" passwd <username>
adduser command, the default email address will be <username>@default_domain. The default domain is specified in the /etc/zarafa/unix.cfg.
zarafa-admin tool.
zarafa-admin -u <username> -e <email address>
/bin/false. The login shell for non-active users can be configured as well in the /etc/zarafa/unix.cfg.
zarafa-admin tool.
/etc/passwd file or with default Linux user management tools:
zarafa-admin tool.
userdel <username>
<delegate> on behalf of <user>. This setting can only be set from the WebAccess or Outlook client.
-u update action.
zarafa-admin -u <delegate> --add-sendas <user>
zarafa-admin -u helpdesk --add-sendas john
-u update action.
zarafa-admin -u <delegate> --del-sendas <user>
zarafa-admin --list-sendas helpdesk
Send-as list (1) for user helpdesk:
Username Fullname
-----------------------------
john John Doegroupadd administration usermod -a -G administration john
-l or -L, a list of users or groups can be listed from the server.
5 in the Zarafa system, and may refer to the item (dn=cn=user,dc=example,dc=com) on the LDAP server.
server.cfg configuration file. When this option is set to no there is no real-time synchronisation between the LDAP directory and the Zarafa-server. In this case all Global Address Book entries will be retrieved from the cache of the Zarafa-server. This is especially useful for setups which have large addressbooks (more than 10000 entries in the addressbook).
zarafa-admin --sync
OU record or any other dc-type object can be used to create these folders.
/etc/ldap/ldap.conf which is compatible with both Microsoft Active Directory as OpenLDAP servers. Zarafa does not yet currently support STARTTLS-type encryption. More information about setting up Active Directory with SSL support can be found on http://wiki.zarafa.com.
Zarafa tab of the user in Active Directory.
not be displayed when setting the security permissions on a folder.
zarafa-admin --list-sendas <username>
zarafa-admin --list-sendas helpdesk
Send-as list (1) for user helpdesk:
Username Fullname
-----------------------------
john John DoeAction > New > Zarafa Addresslist
Hide from addressbook option in the Zarafa tab in Active Directory .
/etc/zarafa/server.cfg.
phpldapadmin or the Windows tool ldapadmin.
not be displayed when setting the security permissions on a folder.
zarafaSecurityGroup has to be set to 0.
ldap_unique_user_attribute in the ldap.cfg for the correct attribute.
zarafa-admin --list-sendas <username>
zarafa-admin --list-sendas helpdesk
Send-as list (1) for user helpdesk:
Username Fullname
-----------------------------
john John Doeldap_sendas_attribute_type is set to dn. See the following LDAP configuration:
ldap_sendas_attribute = zarafaSendAsPrivilege ldap_sendas_attribute_type = dn ldap_sendas_relation_attribute =
Organisation Unit for all the addresslists in the LDAP tree.
zarafa-addresslist
zarafaFilter attribute, see 8.6절. “LDAP Condition examples” for example condition queries.
zarafa-server, the addresslists should be visible in the global addressbook.
zarafaHidden attribute in OpenLDAP to 1 on a specific object.
/etc/zarafa/server.cfg.
mail=*@example.de) is used for the addresslist German, and (mail=*@example.nl) for the addresslist Dutch.
p in the cn value.
(&(cn=*p*)(zarafaAdmin=1))
(|(mail=piet@example.com)(mail=klaas@example.com))
| Service enabled for user | Service disabled for user | Nothing configured for user | |
|---|---|---|---|
|
Service listed in disable_feature in server.cfg
|
|
|
|
|
Service not listed in disable_feature in server.cfg
|
|
|
|
disabled_features setting in your server configuration:
disabled_features = imap pop3
db and unix plugin the zarafa-admin tool has to be used to control the features:
zarafa-admin -u john --enable-feature imap zarafa-admin -u john --disable-feature pop3
ldap or ldapms user plugin), the features will be managed from two LDAP attributes zarafaEnabledFeatures and zarafaDisabledFeatures. Make sure the latest schema file or Active Directory plugin is installed, before using these attributes. These multi-valued attributes can contain any string, but only the features Zarafa knows about will actually be provided through the system.
zarafa-admin -u <resource name> --mr-accept 1
zarafa-admin -u <resource name> --mr-decline-conflict 1 zarafa-admin -u <resource name> --mr-decline-recurring 1
| Direct booking | MR booking |
|---|---|
|
Books directly in target calendar
|
Sends meeting request which is responded to
|
|
Needs read/write access to resource’s calendar
|
Needs no read or write access to resource’s calendar
|
|
Possible to limit bookers through permissions
|
Not possible to limit bookers
|
|
Does not support multiple resources using the same calendar
|
Possible to set double-booking limit to 2 or higher for equipment
|
|
Doesn’t work with external bookers
|
Works with external bookers
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options\Calendar\EnableDirectBooking = (DWORD) 0x00000001
HKEY_CURRENT_USER\Software\Microsoft\Office\<OUTLOOK VERSION>\Outlook\Options\Calendar\EnableDirectBooking = (DWORD) 0x00000001
define('ENABLE_DIRECT_BOOKING', true)zarafa-set-oof <username> 1|0 "Out of office subject" <path to out of office text>
zarafa-set-oof john 1 "I'm on holiday till the 30th of June" /tmp/oof.txt
zarafa-msr tool should be used to relocate mailboxes from one multi-server node to another.
zarafa-msr tool will connect to the user-backend server (LDAP/AD) as defined in the Zarafa server.cfg file. It will request the current homeserver-setting of that user from the backend server. It will then connect to that homeserver and migrate the entire mailstore to the new homeserver as specified in the msr configuration file. After the migration, the zarafa-msr tool will keep the two mailstores in sync with each other.
zarafa-msr is not only migrating items and folders, but also permissions, rules and settings.
zarafa-msr can only be used in multi-server setups. Multi-server support is available in the Zarafa Enterprise and Hosted edition.
zarafa-msr will be used for large scale migrations, please contact Zarafa Professional Services for advise on the recommended setup.
zarafa-msr is a configuration file specifying the details of the relocation operation.
zarafa-msr msr.cfg
zarafa-msr has finished relocating all mailboxes, it will print the following message:
"x migrations have completed successfully, maintaining sync."
zarafa-msr by pressing Ctrl-C.
zarafa-msr can safely be stopped at any time by pressing Ctrl-C. On the next run it will continue where it left off when it was stopped.
zarafa-msr tool can be run on either the destination, or the source homeserver. Or, albeit inefficiently, any other node in the multiserver setup.
zarafa-msr is still running. In this case all changes in the original mailbox will continue to be propagated to the new mailbox.
[Connection] serverpath: file:///var/run/zarafa sslkey_file: ssl.cert sslkey_pass: pass [Servers] [Mapping] user1: https://server2:237/zarafa user2: https://server1:237/zarafa [Logging] log_file: /var/log/zarafa/msr.log
Connection section contains information on how to connect to a particular node in the multi-server cluster. This section is mandatory.
| Option | Default value | Description |
|---|---|---|
|
serverpath
|
Path to the server. Can be any node in the cluster.
| |
|
sslkey_file
|
-
|
Path to the SSL key file.
|
|
sslkey_pass
|
-
|
Password for the SSL key specified with
sslkey_file.
|
|
bidirectional
|
yes
|
When enabled changes in the destination mailbox will get synced back.
|
|
force_source
|
no
|
When enabled the msr won’t redirect to source server from LDAP information
|
|
workers
|
4
|
Amount of concurrent sync worker threads
|
Servers section is an optional section that contains a list of server aliases. These aliases can be used in the Mapping section when a lot of mailboxes are relocated to the same server.
Servers section has no predefined options. Instead the format is
sever_alias: server_path
Mapping section contains the list of usernames and the destination node for their mailboxes. The destination node can be a full server path or an alias specified in the Servers section.
Mapping section has no predefined options. Instead, the format is
username: destination_node
__public__ must be used.
Logging section is optional and contains logging specific settings. Currently the only setting is the log_file setting, which allows an alternate log file to be selected. By default a file called zarafa-msr.log will be created in the working directory.
zarafa-msr will migrate the complete mailbox including all settings to the destination node. However the zarafa-msr will not migrate the sync state of the user. The sync state is used for Z-Push users, Blackberry users and offline Outlook users.
zarafa-msr will not remove the source mailbox when the migration is finished, the administrator should remove it. On the source server the following commands can be used to cleanup the migrated mailboxes:
zarafa-admin --unhook-store <username> zarafa-admin --list-orphans
zarafa-admin --remove-store <store GUID>
cache_cell_size)cache_object_size)cache_indexedobject_size)innodb_buffer_pool_sizeinnodb_log_file_sizeinnodb_log_buffer_sizequery_cache_sizeinnodb_file_per_tablemax_allowed_packetcache_cell_size: around 25% of total RAM size
cache_object_size: about 100kb per user
cache_indexedobject_size: about 512kb per user
/etc/zarafa/server.cfg file. To activate the cache size changes the Zarafa Server need to be restarted.
innodb_buffer_pool_size: around 50% of total RAM size
mysql_query_cache: 32Mb
innodb_log_file_size: 25% of the innodb_buffer_pool_size
innodb_log_buffer_size: 32M
innodb_file_per_table
max_allowed_packet: 16M
table_cache: 1000
/etc/my.cnf or /etc/mysql/my.cnf file below the [mysqld] section.
cache_cell_size)0 disk accesses for the second access. It is a good idea to set the cell cache as high as can be managed, usually about the same size as the MySQL buffer size.
cache_object_size)cache_indexedobject_size)entryid, to the server to request that item. This cache is a 2 way index of the MAPI key to a database key and the other way around. The translation of the keys are quite important. This cache is filled per folder, so large folders will push out otherwise important information. Normal usage is about 0.5 Mb per user.
innodb_buffer_pool_sizeinnodb_log_file_sizeinnodb_log_file_size is the size of the transaction log. By default there are two logfiles. The preferred value size for the innodb_log_file_size is 25% of the innodb_buffer_pool_size.
innodb_log_buffer_sizeinnodb_log_buffer_size that InnoDB uses to write to the log files on disk. A large log buffer allows large transactions to run without a need to write the log to disk before the transactions commit. If big transactions are present, making the log buffer larger will save disk I/O. This value should be 25% of the innodb_log_file_size.
query_cache_sizeinnodb_file_per_tablemax_allowed_packetzarafa-server process on Server2. This can very easily be done by setting the correct login and host configuration in Zarafa’s server.cfg.
zarafa-server process is listening on port 236 on Server2, and the other servers can connect with it.
25 or fetch email via some email protocol like POP3. After passing the email through anti-spam and anti-virus, the email will be passed to the zarafa-dagent process. The zarafa-dagent process can be configured to connect with an SSL certificate with Server2. This SSL certificate is required because the zarafa-dagent needs to be authenticated because it is connecting from a different server over port 236. When this is configured in both Server3 and Server2, the email can be delivered directly to Server2 by Server3.
80 (or 443 for SSL). The Zarafa WebAccess can be configured (in config.php) to connect over port 236 (or port 237 for SSL) to Server2 for the actual data. Once this has been configured, this server is ready to serve users. No additional configuration is required.
server.cfg configuration time and it set to 30 days by default.
| Restore request | % of time spent | Backup solution | Performer |
|---|---|---|---|
|
Items < 30 days old
|
80 %
|
Softdelete system
|
User and Administrator
|
|
Items >= 30 days old
|
10 %
|
Bricklevel
|
Administrator
|
|
Items from a specific sender
|
5 %
|
Bricklevel
|
Administrator
|
|
Items over a specific time period
|
3 %
|
Bricklevel
|
Administrator
|
|
Disaster recovery
|
2 %
|
MySQL Dump
|
Administrator
|
zarafa-backup tool steps in.
zarafa-backup tool contain not enough information for disaster recovery. A complete dump of the MySQL database will be needed to perform this type of recovery.
mysqldump command. There are, however, some options that are important in this case: the --single-transaction option should always be specified to mysqldump. When this is done, it will cause mysqldump to write a single snapshot of the database to disk. This will make sure that any writes done in the database during the backup will not be backed up. In effect, the dump that is made is a ‘snapshot’ of the database at the moment that the dump started.
mysqldump, it is very important not to do any table locking. This means that the --opt option and --lock-tables should never be used while dumping a Zarafa database. The reason is that these options will ‘lock’ the tables while they are being dumped to disk, causing any accesses to the database to ‘freeze’ while the backup runs. This is firstly unnecessary and secondly may cause emails that are arriving during backup to bounce (depending on the MTA settings).
mysqldump --skip-opt ---single-transaction -p <database> > <dumpfile>
R, C and M. The R stands for Root, and is always the first and the only R entry in the index. It contains a key which folders use as their parent key to denote that they are directly connected to the root container of the store.
C stands for Container, which can be any type of folder. It has 2 keys, one parent and one to identify the container itself. It also has a unique restore key. This key can be used to select the folder for the restore tool. It has an indicator of how many items there are in the folder, a last modification unix timestamp, and a type of the folder (eg. IPF.Note for a mail folder, IPF.Appointment for a calender). The last part of a C entry is the name of the folder, which may contain a colon itself, so therefore it is the last part in the entry. A detailed list of the fields for a Container can be found in the appendix.
M in the index stands for Message, which can be any type of message or item. It has a parent key, which matches a folder key. Then it has a restore key, which can be used to restore this specific message. A unix timestamp follows which is the last modification time of the message. If a user changed the message, this timestamp will be updated. The index entry continues with the type of message (mail, calendar, meeting request, etc). The entry contains an offset where the item starts in the data file, and lastly contains the subject of the item. Since this subject may contain colons, it is at the end of the entry. A detailed list of the fields for a Message can be found in the appendix.
zarafa-backup -u <username>
zarafa-backup -a
backup.cfg. The default option is 1 thread, so for larger environment increasing this number is recommended.
zarafa-backup tool use:
man zarafa-backup
zarafa-backup tool, use the zarafa-restore tool. To restore items or complete folders, find the corresponding restore key in the user.index.zbk file.
readable-index.pl Perl script, which can be found in /usr/share/zarafa-backup/. To identify items, use the folder name field or the subject to find the items needed to be restored.
/usr/share/zarafa-backup/readable-index.pl username.index.zbk
zarafa-restore tool. If the restore key of a folder is entered, the complete folder with all its items will be restored on one level. If the sub folders of the selected folder need to be restored, add the -r parameter to the command. The following example restores the inbox with sub folders from userA. The restore key AF000000 is found in the userA.index.zbk file and needs to be defined at the end of the command.
zarafa-restore -u userA -r -c userA.index.zbk AF000000
--c parameter as a reference for the index file is not necessary when using an index file from the same user. For example, if using zarafa-restore --u userA, the zarafa-restore tool will automatically use the userA.index.zbk file when index.zbk is in the same directory as where the command is executed.
keys.txt) containing multiple restore keys from multiple items and folders from user userA is used. Every restore key in the file needs to be separated with a new line.
zarafa-restore -u userA --r --i keys.txt
/usr/share/zarafa-backup/full-restore.sh <username>
/usr/share/zarafa-backup/full-restore.sh <username> <destination_username>
zarafa-restore tool, please check the man page.
man zarafa-restore
CalHelper.exe) and Zarafa. For normal (email) communication all that is necessary is a user on the server with administrator privileges. An existing administrator account can be used for this but it is also possible to create a new administrator account, normally besadmin.
bes.pem) to the window machine running BES, and place the public key (e.g. bes-public.pem) in Zarafa’s /etc/zarafa/sslkeys folder.
CalHelper.exe.local directory is deleted, as it is no longer needed in this version.
cdo.dll and gapi32.dll from c:\program files\common files\system\msmapi\langid to c:\windows\system32, otherwise blackberry server will be unable to detect CDO.
Start→+Zarafa+→+Zarafa BES connector+→+Create MAPI profile+. This will prompt for Zarafa’s server address, username and password. An Admin account should be specified here to create the profile. It is recommended SSL is used here, because it will expose any problems with the SSL setup early on.
ems*32.dll (normally any of emsui32.dll, emsmdb32.dll and emsabp.32.dll) and replace each of them with the supplied emsmdb32.dll in the program files folder for the Zarafa BES Connector.
C:\Program Files\Zarafa\Zarafa BES Connector\exchange-redirector.cfg
ems*32.dll files.
db-convert-4.1-to-4.2
perl /usr/share/doc/zarafa/db-convert-4.1-to-4.2 \
<dbuser> <dbpass> <dbname><dbuser> with the username used to connect to the database. Replace <dbpass> with the password of the database user. If there is no password, enter 2 '' single quotes here. Replace <dbname> with the name of the Zarafa database. This will result in something like:
perl /usr/share/doc/zarafa/db-convert-4.1-to-4.2 root '' zarafa
db-convert-4.20-to-4.21
db-convert-4.1-to-4.2 script.
db-convert-4.20-to-innodb.sql
mysql> source /usr/share/doc/zarafa/db-convert-4.20-to-innodb.sql
db-convert-4.2x-to-5.00
db-convert-4.1-to-4.2 script.
server.cfg has been changed since 4.20. The option server_name has been renamed to server_bind. A configuration file with typing errors in the option names or non-existing options will render a service inoperable, and it will not start. All the errors found in the configuration file will be printed.
internal_path was also removed. If this option is in the server.cfg file, please remove this line before starting the zarafa-server process.
/usr/share/doc/zarafa/example-config. Alternatively the specific manual page for the service can be read:
man zarafa-<service>.cfg
-F switch of a service to keep it running in the foreground.
ssl_private_file_key and ssl_certificate_file have been changed. The default directory is now /etc/zarafa/gateway/, to distinguish it from the service ssl files.
/usr/share/doc/zarafa.
/etc/zarafa/server.cfg. This attribute always need to be enabled to use a custom quota setting.
|
OID
|
1.3.6.1.4.1.26278.1.1.1.1
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.2
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.3
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.4
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.5
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.6
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.7
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.1.8
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.1
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.2
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.3
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.4
|
|
Syntax
|
DN or DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
not used in the current Zarafa versions.
|
OID
|
1.3.6.1.4.1.26278.1.1.2.5
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
not used in the current Zarafa versions.
|
OID
|
1.3.6.1.4.1.26278.1.1.2.6
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
not used in the current Zarafa versions.
|
OID
|
1.3.6.1.4.1.26278.1.1.2.7
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
not used by Zarafa.
|
OID
|
1.3.6.1.4.1.26278.1.1.2.8
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
Room or "Equipment"
|
OID
|
1.3.6.1.4.1.26278.1.1.2.9
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.10
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.11
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.13
|
|
Syntax
|
String
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.2.14
|
|
Syntax
|
String
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.3.1
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.1.4.1
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Single-Valued
|
0, the group will be seen as distribution list.
|
OID
|
1.3.6.1.4.1.26278.1.2.2.1
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.3.2.4
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.3.2.5
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.3.2.6
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.3.1.5
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.3.1.6
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Multi-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.3.4.1
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.4.4.1
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.4.4.2
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.4.4.3
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.4.4.4
|
|
Syntax
|
Integer
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.5.5.1
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Single-Valued
|
|
OID
|
1.3.6.1.4.1.26278.1.5.5.2
|
|
Syntax
|
DirectoryString
|
|
Multi- or Single-Valued
|
Single-Valued
|
dn: dc=example,dc=com objectClass: dcObject objectClass: organization dc: zarafa description: My LDAP Root o: example.com dn: cn=Manager,dc=example,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin cn: Manager userPassword: secret description: LDAP administrator dn: ou=Addresslists,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Addresslists dn: ou=People,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: People dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Groups dn: ou=Contacts,dc=example,dc=com objectClass: organizationalUnit objectClass: top ou: Contacts dn: cn=Mary Poppins,ou=Contacts,dc=example,dc=com objectClass: inetOrgPerson objectClass: top objectClass: zarafa-contact uidNumber: 1001 sn: Poppins cn: Mary Poppins mail: mary@poppins.org dn: uid=john,ou=People,dc=example,dc=com objectClass: posixAccount objectClass: top objectClass: zarafa-user objectClass: inetOrgPerson gidNumber: 1000 cn: John Doe homeDirectory: /home/john mail: john@example.com uidNumber: 1000 zarafaAliases: j.doe@example.com zarafaUserServer: node1 uid: john zarafaAccount: 1 zarafaAdmin: 0 sn: Doe userPassword: john zarafaQuotaOverride: 1 zarafaEnabledFeatures: imap zarafaDisabledFeatures: pop3 zarafaQuotaWarn: 1000000000 zarafaQuotaSoft: 1100000000 zarafaQuotaHard: 1200000000 dn: cn=Example addresslist,ou=Addresslists,dc=example,dc=com objectClass: zarafa-addresslist objectClass: top cn: Example addresslist zarafaFilter: (mail=*@example.com) dn: cn=Example security group,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: top objectClass: zarafa-group zarafaHidden: 0 cn: Example security group gidNumber: 1000 memberUid: john zarafaAccount: 1 description: Example security group zarafaSecurityGroup: 1 dn: cn=Example distribution group,ou=Groups,dc=example,dc=com objectClass: posixGroup objectClass: top objectClass: zarafa-group zarafaHidden: 0 cn: Example distribution group memberUid: john zarafaAccount: 1 gidNumber: 1001 description: Example distribution group zarafaSecurityGroup: 0