It is still under construction and content may change. Do not rely on the information on this page.
Summary
The goal of this howto is to install a mail server based on cyrus with a webmail based on horde (version 4)
Inside the server the different component
Initialisation and Prerequisites
Open a terminal and connect as Root and used-it for all differents operations
> su -
First operation to do is to install all the loads from repository (fedora and rpmfusion)
> yum install httpd mysql-server php-mysql 389-ds 389-ds-base 389-ds-console policycoreutils-gui
cyrus-imapd cyrus-imapd-utils cyrus-sasl-ldap postfix fetchmail aspell php-pear-MDB2-Driver-mysql
php-pear-Mail-mimeDecode php-pear-Date-Holidays php-pear-HTTP-Request php-idn php-libpuzzle php-facedetect php-pecl-imagick php-pecl-geoip
php-pecl-lzf php-mbstring php-mcrypt php-pear-Services-Weather php-pear-Net-DNS openssl mod_ssl
Define in “/etc/php.ini“ the value of date.timezone. If you don’t do that you will a lot of error in the http log (for example : date.timezone = Europe/Paris)
Change SELINUX right to authorise external connection: TBD (for the moment deactivate by using IHM TBD)
We will consider in the next part of this document the followings passwords
| User or application | Password |
|---|---|
| root | Pass-root |
| Mysql (Application) | Pass-mySql |
| Horde (inside mySql) | Pass-horde-DB |
| 389 DS administration | Pass-389-admin |
| 389 DS Directory Manager | Pass-389-dir-man |
| user1 | Pass-user1 |
| user2 | Pass-user2 |
| admin | pass-admin |
We will also consider that your are located in the domain “domain.com” and the server is name”comp1”. The computer name and domain shall be correctly defined (can be check by command hostname) or the configuration will not be work correctly
And finally for security reason, we will used as possible crypted connection. For example LDAPS instead of LDAP. So for that we need to have a certificat First create the private certificate
> mkdir /etc/certificate > chmod 700 /etc/certificate > cd /etc/certificate > openssl genrsa -des3 -out server.key 1024
when the command ask you “Enter pass phrase for server.key: ” enter a sentence 'phrase' and remember it. Now create the csr file (Certificate Signing Request)
> cd /etc/certificate > openssl req -new -key server.key -out server.csr
- Enter pass phrase for server.key: :==> 'phrase'
- Country Name (2 letter code) [XX]: :==> answer it
- State or Province Name (full name) []: :==> answer it
- Locality Name (eg, city) [Default City]: :==> answer it
- Organization Name (eg, company) [Default Company Ltd]: :==> answer it
- Organizational Unit Name (eg, section) []: :==> answer it
- Common Name (eg, your name or your server's hostname) []:==> domain.com
- Email Address []: :==> admin@domain.com
- A challenge password []: :==> empty
- An optional company name []: :==> empty
Remove Passphrase from Key
> cd /etc/certificate > cp server.key server.key.org > openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org: :==> 'phrase'
Generating a Self-Signed Certificate for 365 days (so you need to renew it each year, it's more secure)
> cd /etc/certificate > openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Comment definition of port 80 (non secure access) in http.conf files
> gedit /etc/httpd/conf/httpd.conf
Add # before line “Listen 80” Co,nfigure ssl acces (port 443)
> gedit /etc/httpd/conf.d
/ssl.conf set line SSLCertificateFile /etc/certificate/server.crt SSLCertificateKeyFile /etc/certificate/server.key
edit the horde server part
> gedit /etc/httpd/conf.d/horde.conf
Add after “Allow from 127.0.0.1” the line “Allow from YouExternalIP”
Start the web server for the current session and added to the list of process to be started at init
> /sbin/chkconfig httpd on > /etc/init.d/httpd start
Mysql configuration
Mysql is used to store all the information for horde and the different addon of it. For exemple, you will find the different gallery and photo list used in Ansel.
Others DB may be used and configuration in horde is very similar
Start the DB server for the current session and added to the list of process to be started at init
> /sbin/chkconfig mysqld on > /etc/init.d/mysqld start
Configure mysql
> mysql_secure_installation Enter current password for root (enter for none): ==> Pass-root Change the root password? [Y/n] ==> y New password: ==> Pass-mySql Remove anonymous users? [Y/n] ==> Y Disallow root login remotely? [Y/n] ==> Y Remove test database and access to it? [Y/n] ==> Y Reload privilege tables now? [Y/n] ==> Y
Add in the DB the different tables for the used with horde First edit in the file “/usr/share/horde/scripts/sql/create.mysql.sql” and change the password (line after “-- IMPORTANT: Change this password.”) with “Pass-horde-BD“.
> gedit /usr/share/horde/scripts/sql/create.mysql.sql > cd /usr/share/horde/scripts/sql/ > mysql -u root -p < create.mysql.sql
Used password : “Pass-mySql”
389 DS configuration
Initialisation of the server
Ldap server is used to contain all the users information used in horde, cyrus, postfix. This allow to have a unique place for the configuration of users.
The configuration of openldap is difficult and so the best chose on a fedora box is to use 389 DS instead (thank to the 389-console tool)
Add schema for Horde
> gedit /usr/share/horde/scripts/ldap/rfc2739.schema
Change in rfc2739.schema "attribute" by "attributetype"
> cd /usr/lib/dirsrv/perl > wget Http://directory.fedoraproject.org/download/ol-schema-migrate.pl > chmod 700 ol-schema-migrate.pl > ./ol-schema-migrate.pl -b /usr/share/horde/scripts/ldap/horde.schema > /etc/dirsrv/schema/60horde.ldif > ./ol-schema-migrate.pl -b /usr/share/horde/scripts/ldap/rfc2739.schema > /etc/dirsrv/schema/05rfc2739.ldif
Configure 389 DS
> setup-ds-admin.pl -u Would you like to continue with set up? [yes]: ==> yes Do you agree to the license terms? [no]: ==> yes Would you like to continue? [no]: ==> yes (With the use of 386 DS for personal usage, the limit is OK) Choose a setup type [2]: ==> 2 Computer name [comp1.domain.com]: ==> comp1.domain.com System User [nobody]: ==> nobody (User ‘nobody’ already exist in based fedora install) System Group [nobody}: ==> nobody Do you want to register this software with an existing configuration directory server? [no]: ==> no administrator ID [admin]: ==> admin Password: ==> Pass-389-admin Password (confirm): ==> Pass-389-admin Administration Domain [domain.com]: ==> domain.com Directory server network port [389]: ==> 389 Directory server identifier [comp1]: ==> comp1 Suffix [dc=domain, dc=com]: ==> dc=domain, dc=com Directory Manager DN [cn=Directory Manager]: ==> cn=Directory Manager Password: ==> Pass-389-dir-man Password (confirm): ==> Pass-389-dir-man Administration port [9830]: ==> 9830 Are you ready to set up your servers? [yes]: ==> yes
Add the certificate so the LDAP server will be secure
> cd /etc/dirsrv/slapd-comp1 binary > openssl pkcs12 -export -inkey /etc/certificate/server.key -in /etc/certificate/server.crt -out /tmp/crt.p12 -nodes -name 'Server-Cert' Enter Export Password: ==> none Verifying - Enter Export Password: ==> none
> pk12util -i /tmp/crt.p12 -d . Enter new password: :==> none Re-enter password: :==> none Enter password for PKCS12 file: :==> none > certutil -d . -A -n "My Local CA" -t CT,, -a -i /etc/certificate/server.crt
Now we will update the configuration to use the secure port only (636) for that create 2 files
First /tmp/ssl_enable.ldif
dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on - replace: nsSSLClientAuth nsSSLClientAuth: required - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha,-rc4,-rc4export,-rc2,-rc2export,-des,-desede3 dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off - replace: nsslapd-port nsslapd-port: 0
And /tmp/addRSA.ldif
dn: cn=RSA,cn=encryption,cn=config changetype: add objectclass: top objectclass: nsEncryptionModule cn: RSA nsSSLPersonalitySSL: Server-Cert nsSSLToken: internal (software) nsSSLActivation: on
insert this file in the LDAP server
> /usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w - -f /tmp/ssl_enable.ldif > /usr/lib/mozldap/ldapmodify -D "cn=directory manager" -w - -a -f /tmp/addRSA.ldif
Each time used the password : Pass-389-dir-man
Start the 389 DS for the current session and added to the list of process to be started at init
> /sbin/chkconfig dirsrv on > /etc/init.d/dirsrv restart
Directory service filling
With admin tool
insert the certificate in admin tool
> cd /etc/dirsrv/admin-serv > certutil -A -d . -n "CA certificate" -t "CT,," -a -i /etc/certificate/server.crt
Start the 389 DS admin server for the current session. When the tool is needed (change of LDAP database) this action is needed to used it
> /etc/init.d/dirsrv-admin start
Start the tool
> /usr/bin/389-console Name: “admin” Password: “Pass-389-admin” Server: “http://comp1.domain.com:9830”
(TBD)
create admin et root account
Direct import
Mail configuration
Fetchmail
Fetchmail is the tool call periodically wich get mail from pop/imap server and send it to local mailmox through postfix
Fetchmail is configure by a single file “/etc/fetchmailrc”
> gedit /etc/fetchmailrc
The format of the file is described in the man page of fetchmail. Here is the main command of the file
- set : allow to configure a parameter
- set daemon <interval> : polling interval of fetchmail in second
- set syslog : redirect status and error messages emitted to the syslog
- smtphost <internal server>: internal server where the mail has to be send. In our case as we used postfix, we must have the socket of the postfix lmtp server
- poll <mail server>: indicate the mail serveur to be poll
- protocol <proto>: protocol for the polling (POP3 or IMAP)
- username <login>: indicate the login on the server
- password <pass>: indicate the login on the server
- to <internal>: give the internal login on LDAP
- Usefull option
- keep: option to keep the mail on the server
- fetchall : option to get all the mail on the server (read or not read)
An example of “fetchmailrc” file
set daemon 300 set syslog poll "pop.mail.yahoo.fr" protocol POP3 username "login" password "password" to user1@comp1.domain.com fetchall poll "serveur2" protocol IMAP username “login" password "password" keep to user2@comp1.domain.com smtphost "/var/lib/imap/socket/lmtp"
This file must be protected (it included your mail password)
> chmod 600 /etc/fetchmailrc
By default, no daemon mode is defined, so this must be done by creating the init function as for other daemon
> gedit /etc/init.d/fetchmail
# This shell script takes care of starting and stopping
# fetchmail.
#
# chkconfig: 2345 81 45
# description: The Fetchmail daemons allows to retrieve mail using various
# mail protocols and route them to the local MTA just as if
# the mail was sent directly to the local MTA. This is
# specially useful on intermittent dial-up connections.
# processname: fetchmail
# config: /etc/fetchmailrc
# author[s]:
# Andrea Sterbini <a.sterbini@itelcad.it>
# ObiTuarY <obituary@freshmeat.net>
/etc/rc.d/init.d/functions
# Source networking configuration.
/etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
# See how we were called.
case "$1" in
start)
if [ -s /etc/fetchmailrc ]; then
echo -n "Loading fetchmail: "
daemon /usr/bin/fetchmail -f /etc/fetchmailrc
echo
touch /var/lock/subsys/fetchmail
else
exit 1
fi
;;
stop)
echo -n "Shutting down fetchmail: "
/usr/bin/fetchmail -q >/dev/null 2>&1 && echo fetchmail
# killproc fetchmail
rm -f /var/lock/subsys/fetchmail
;;
status)
status fetchmail
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo "Usage: fetchmail {start|stop|status|restart|reload}"
exit 1
esac
exit 0
# === End of File ===
postfix
Postfix is used to managed the transfer of mail from/to cyrus and the external word. A lot of web article speaks about he choice of postfix versus sendmail, so we will not discuss it. The choice made here is postfix
All file for the configuration of postfix can be found in the folder ‘/etc/postfix’
Configuration of postfix
> gedit /etc/postfix/main.cf
Change this value
myhostname = comp1.domain.com mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp inet_interfaces = $myhostname,localhost mynetworks_style = host relayhost = smtp.monprovider.fr smtpd_banner = $myhostname ESMTP $mail_name # smtpd_tls_security_level = may smtpd_tls_security_level = none #unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 450 alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
Now you must define the link between LDAP and postfix
> gedit /etc/postfix/ldap-aliases.cf
server_host = ldap://localhost:389 search_base = ou=People,dc=domain,dc=com query_filter = mail=%u@%2.com result_format = %u domain = deomain.com
for internal mail we used the alias database, so you must edit the alias database
> gedit /etc/aliases
Replace all root/news/ftp/webmaster/postmaster par admin and add
“root: admin”
Generate the binary database
> postalias /etc/aliases
cyrus
Cyrus is mail server, allowing several users to access theirs mails
Configuration of cyrus services
> gedit /etc/cyrus.conf
comment all SERVICES : imap, impas, pop3, pop3s, sieve
Add in SERVICE : imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
Configuration of cyrus server
> gedit /etc/imapd-local.conf
servername: 127.0.0.1 configdirectory: /var/lib/imap partition-default: /var/spool/imap reject8bit: no munge8bit: yes admins: cyrus root allowanonymouslogin: no hashimapspool: true allowplaintext: yes sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN tls_require_cert: false lmtpsocket: /var/lib/imap/socket/lmtp
Configuration of sasl
> gedit /etc/sysconfig/saslauth
MECH: ==> ldap
> gedit /etc/sysconfig/saslauthd
auxprop_plugin: slapd ldap_servers: ldap://localhost:389 ldap_default_domain: domain.com ldap_auth_method: bind ldap_use_sasl: no ldap_start_tls: no ldap_bind_dn: cn=Directory Manager ldap_bind_pw: ????TND????, ldap_search_base: ou=People,dc=domain,dc=com ldap_scope: sub ldap_filter: uid=%u ldap_password_attr: userPassword
Start of all server
Stop the sendmail server as we used postfix instead
> /sbin/chkconfig sendmail off > /etc/init.d/sendmail stop
Start the servers for the current session and added to the list of process to be started at init
> /sbin/chkconfig postfix on > /sbin/chkconfig cyrus-imapd on > /sbin/chkconfig fetchmail on > /sbin/chkconfig saslauthd on > /etc/init.d/postfix start > /etc/init.d/cyrus-imapd start > /etc/init.d/fetchmail start > /etc/init.d/saslauthd start
Horde configuration
Horde base configuration
Horde is a framework for all the other addon in the next chapter, it is based on php and the version include web access to mobile phone and a huge cleanup and reworking of library.
The configuration is done in two places, directly under horde/configuration website, with administration account. And also in specifics files directly under shell
First get the module directly from horde website and install it (no rpm for it)
> wget ftp://ftp.horde.org/pub/horde/gollem-h3-1.1.2.tar.gz > tar -xvf gollem-h3-1.1.2.tar.gz > cd gollem-h3-1.1.2 > mv config /etc/horde/gollem > chown -R apache:apache /etc/horde/gollem > chmod -R 770 /etc/horde/gollem > cd .. > mv gollem-h3-1.1.2 /usr/share/horde/gollem > cd /usr/share/horde/gollem > ln -s ../../../../etc/horde/gollem config
Change under your configuration the following value (http://127.0.0.1/horde/???
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| General | vhosts | false | Default |
| General | debug_level | E_ALL & ~E_NOTICE | Default |
| General | max_exec_time | 0 | Default |
| General | compress_pages | true | Default |
| General | secret_key | 'xxxxxxxxxxxxxxxxxxxxxxxxx' | Default (generated during installation) |
| General | umask | 077 | Default |
| General | testdisable | true | Default |
| General | tmpdir | Default | |
| General | use_ssl | 2 | Default |
| General | server/name | $_SERVER['SERVER_NAME'] | Default |
| General | server/port | $_SERVER['SERVER_PORT'] | Default |
| General | urls/token_lifetime | 30 | Default |
| General | urls/hmac_lifetime | 30 | Default |
| General | urls/pretty | false | Default |
| General | safe_ips | array() | Default |
| General | session/name | 'Horde' | Default |
| General | session/use_only_cookies | true | Default |
| General | session/cache_limiter | 'nocache' | Default |
| General | session/timeout | 0 | Default |
| General | cookie/domain | $_SERVER['SERVER_NAME'] | Default |
| General | cookie/path | '/horde' | Installation path |
| Database | sql/persistent | false | Default |
| Database | sql/username | 'horde' | My horde login |
| Database | sql/password | 'Pass-mySql' | My sql password |
| Database | sql/protocol | 'unix' | Default |
| Database | sql/socket | Default | |
| Database | sql/database | 'horde' | The horde database |
| Database | sql/charset | 'utf-8' | Default |
| Database | sql/ca | Default | |
| Database | sql/ssl | false | Default |
| Database | sql/splitread | false | Default |
| Database | sql/phptype | 'mysql' | Default |
| LDAP | Ldap/useldap | yes | Sure, we need to use LDAP |
| LDAP | Ldap/hostspec | 'comp1.domain.com’ | The server |
| LDAP | Ldap/port | Default | |
| LDAP | Ldap/tls | no | Default |
| LDAP | Ldap/version | 3 | Default |
| LDAP | Ldap/bindas | Bind with administration | Default |
| LDAP | Ldap/binddn | 'cn=Directory Manager' | login |
| LDAP | Ldap/bindpw | 'Pass-389-dir-man’ | 389 DS Directory Manager password |
| Authentification | auth/admins | array('admin') | Default |
| Authentification | auth/checkip | true | Default |
| Authentification | auth/checkbrowser | true | Default |
| Authentification | auth/alternate_login | false | Default |
| Authentification | auth/redirect_on_logout | false | Default |
| Authentification | auth/list_users | 'list' | Default |
| Authentification | auth/params/driverconfig | 'horde default’ | Default |
| Authentification | auth/params/basedn | 'ou=people,dc=domain, dc=com' | Access all people in LDAP |
| Authentification | auth/params/scope | 'sub' | Default |
| Authentification | auth/params/ad | false | Default |
| Authentification | auth/params/uid | 'uid' | Default |
| Authentification | auth/params/encryption | 'ssha' | Default |
| Authentification | auth/params/newuser_objectclass | array('inetOrgPerson', 'organizationalPerson', 'person', 'hordePerson') | When create a new user used all this object |
| Authentification | auth/params/filter | (objectclass=inetOrgPerson) | Search object |
| Authentification | auth/params/password_expiration | 'no' | Default |
| Authentification | auth/driver | 'ldap' | Sure, we need to use LDAP |
| Terms of Service Agreement | tos/file | Default | |
| Sign Up | signup/allow | false | Default |
| Logging | log/enabled | false | Default |
| Logging | log_accesskeys | false | Default |
| Preference System | prefs/maxsize | Default | |
| Preference System | prefs/params/basedn | 'ou=people,dc=domain, dc=com' | My config |
| Preference System | prefs/params/driverconfig | 'Horde default' | Default |
| Preference System | prefs/params/scope | 'Subtree search' | Default |
| Preference System | prefs/params/uid | 'uid' | Default |
| Preference System | prefs/driver | 'ldap' | Default |
| Alarm System | alarms/params/driverconfig | 'horde' | Default |
| Alarm System | alarms/params/ttl | 300 | Default |
| Alarm System | alarms/params/table | Default | |
| Alarm System | alarms/driver | 'sql' | Default |
| DataTree System | datatree/params/driverconfig | 'horde’ | Default |
| DataTree System | datatree/params/table | '’ | Default |
| DataTree System | datatree/params/table_attributes] | '’ | Default |
| DataTree System | datatree/driver | 'sql’ | Default |
| Groups | group/params/driverconfig | 'horde default' | Default |
| Groups | group/params/basedn | 'ou=groups,dc=domain, dc=com' | Default |
| Groups | group/params/scope | 'sub' | Default |
| Groups | group/params/gid | 'cn’ | Default |
| Groups | group/params/memberuid | 'memberUid’ | Default |
| Groups | group/params/attrisdn | false | Default |
| Groups | group/params/newgroup_objectclass | array('groupofuniquenames', 'hordeGroup', 'posixGroup') | Default |
| Groups | group/params/objectclass | array('posixGroup') | Default |
| Groups | group/params/filter_type | 'objectclass’ | Default |
| Groups | group/driver | 'ldap’ | Default |
| Groups | group/cache | false | Default |
| Permissions | perms/driver | 'sql’ | Default |
| Permissions | perms/driverconfig | 'horde default’ | Default |
| Shares | share/no_sharing | true | My configuration |
| Shares | share/auto_create | true | Default |
| Shares | share/world | true | Default |
| Shares | share/any_group | false | Default |
| Shares | share/cache | false | Default |
| Shares | share/hidden | false | Default |
| Shares | share/cache | false | Default |
| Shares | share/driver | 'sql’ | Default |
| Cache System | cache/default_lifetime | 86400 | Default |
| Cache System | cache/params/dir | Default | |
| Cache System | cache/params/sub | 0 | Default |
| Cache System | cache/params/prefix | Default | |
| Cache System | cache/params/compress | yes | Default |
| Cache System | cache/use_memorycache | 'none' | Default |
| Cache System | cache/driver | 'file’ | TBD |
| CSS Cachingcachecss | cachecss | no | Default |
| Javascript Caching | cachejs | no | Default |
| Theme Caching | cachethemes | no | Default |
| Lock System | lock/driver | 'none’ | Default |
| Token System | token/driver | 'none’ | Default |
| Token System | Token/timeout | '’ | Default |
| Mailer | mailer/params/host | Default | |
| Mailer | mailer/params/port | Default | |
| Mailer | mailer/params/localhost | Default | |
| Mailer | mailer/params/auth | 'Best available authentification' | My configuration |
| Mailer | mailer/params/username | Default | |
| Mailer | mailer/params/password | Default | |
| Mailer | mailer/type | 'smtp’ | My configuration |
| Mailer | mailformat/brokenrfc2231 | false | Default |
| Virtual File Storage | vfs/params/vfsroot | '/home/Horde_vf’ | Default |
| Virtual File Storage | vfs/type | 'file’ | Default |
| Custom Session Handler | sessionhandler/type | 'none’ | Default |
| Custom Session Handler | sessionhandler/memcache | false | Default |
| HTTP Proxy Settings | Http/proxy/proxy_host | Default | |
| HTTP Proxy Settings | Http/proxy/proxy_port | Default | |
| HTTP Proxy Settings | Http/proxy/proxy_user | Default | |
| HTTP Proxy Settings | Http/proxy/proxy_pass | Default | |
| Spell Checker Settings | spell/driver | 'aspell' | My configuration |
| Spell Checker Settings | spell/params/path | '/usr/bin/' | My configuration |
| OpenSSL Settings | openssl/cafile | Default | |
| OpenSSL Settings | openssl/path | Default | |
| GnuPG Settings | Gnupg/path | Default | |
| GnuPG Settings | Gnupg/keyserver | Pgp.mit.edu | Default |
| GnuPG Settings | Gnupg/timeout | 10 | Default |
| Image Manipulation Settings | Image/driver | 'PECL image magic' | My configuration |
| Image Metadata Driver Settings | exif/driver | Bundel | Default |
| MIME Detection Settings | Mime/magic_db | '/usr/share/misc/magic' | Fedora configuration |
| Country Lookup Settings | geoip/datafile | Default | |
| Problem Reporting | problems/email | 'admin@domain.com’ | Default |
| Problem Reporting | problems/maildomain | 'domain.com’ | Default |
| Problem Reporting | problems/tickets | false | Default |
| Problem Reporting | problems/username | Default | |
| Problem Reporting | problems/password | Default | |
| Problem Reporting | problems/attachments | true | Default |
| Menu | menu/apps | array() | Default |
| Menu | menu/always | false | Default |
| Menu | menu/links/help | 'all’ | Default |
| Menu | menu/links/options | 'authenticated’ | Default |
| Menu | menu/links/problem | 'all’ | Default |
| Menu | menu/links/login | 'all’ | Default |
| Menu | menu/links/logout | 'authenticated’ | Default |
| Menu | logo/image | '’ | Default |
| Menu | logo/link | '’ | Default |
| Portal Blocks | portal/fixed_blocks | array() | Default |
| Portal Blocks | accounts/driver | 'null’ | Default |
| User Capabilities and Constraints | user/verify_from_addr | false | Default |
| API keys | |||
| API keys | |||
| API keys | |||
| API keys | |||
| API keys | |||
| IMSP Server | imsp/enabled | false | Default |
| Kolab Server | kolab/enabled | false | Default |
| Memcache Server | memcache/enabled | false | Default |
| ActiveSync |
IMP configuration
IMP is a email part of horde, all the mail are managed by cyrus, configuration is done in two places, directly under horde/configuration, with administration account. And also in a specific file written in php to describe the mail database connection
Modification of the php file of imp to access the mail database :
> gedit /etc/horde/imp/servers.php
A connection to data is made throw a “servers”, so the first operation is to comment all the “$servers[“
Add a the source to connect to the mail database.
$servers['cyrus'] = array(
'name' => 'Cyrus IMAP Server',
'server' => '127.0.0.1',
'hordeauth' => true,
'protocol' => 'imap/notls',
'port' => 143,
'maildomain' => domain.com',
'smtphost' => '127.0.0.1',
'smtpport' => 25,
'realm' => ,
'preferred' => ,
'admin' => array(
'params' => array(
'login' => 'administrator',
'password' => '?????TBD????,',
// The 'userhierarchy' parameter defaults to 'user.'
// If you are using a nonstandard hierarchy for personal
// mailboxes, you will need to set it here.
'userhierarchy' => 'user.',
// Although these defaults are normally all that is required,
// you can modify the following parameters from their default
// values.
'protocol' => 'imap/notls',
'hostspec' => 'localhost',
'port' => 143
)
),
'quota' => array(
'driver' => 'imap',
'params' => array('hide_quota_when_unlimited' => true),
),
'acl' => array(
'driver' => 'rfc2086',
),
);
Change under your configuration the following value (http://127.0.0.1/horde/???
127.0.0.1/horde/???
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| External Utilities and Menu | spell/params/path | '/usr/bin/' | Default |
| External Utilities and Menu | spell/driver | 'aspell' | Default |
| External Utilities and Menu | utils/gnupg | Default | |
| External Utilities and Menu | utils/gnupg_keyserver | array('pgp.mit.edu') | Default |
| External Utilities and Menu | utils/gnupg_timeout | 10 | Default |
| External Utilities and Menu | utils/openssl_cafile | Default | |
| External Utilities and Menu | utils/openssl_binary | Default | |
| External Utilities and Menu | menu/apps | array() | Default |
| User Capabilities and Constraints | user/select_sentmail_folder | false | Default |
| User Capabilities and Constraints | user/allow_resume_all_in_drafts | false | Default |
| User Capabilities and Constraints | user/allow_folders | true | Default |
| User Capabilities and Constraints | user/allow_resume_all | false | Default |
| User Capabilities and Constraints | user/allow_view_source | true | Default |
| User Capabilities and Constraints | user/alternate_login | false | Default |
| User Capabilities and Constraints | user/redirect_on_logout | false | Default |
| User Capabilities and Constraints | user/select_view | true | Default |
| Server | server/server_list | 'shown' | Default |
| Server | server/fixed_folders | array() | Default |
| Server | server/sort_limit | 0 | Default |
| Server | server/cache_folders | true | Default |
| Server | server/token_lifetime | 1800 | Default |
| Server | server/cachejs | 'none' | Default |
| Server | server/cachecss | 'none' | Default |
| Mailbox and Fetchmail | mailbox/show_preview | true | Default |
| Mailbox and Fetchmail | fetchmail/show_account_colors | false | Default |
| Mailbox and Fetchmail | fetchmail/size_limit | 4000000 | Default |
| Mailbox and Fetchmail | msgcache/use_msgcache | false | Default |
| Mailbox and Fetchmail | mlistcache/use_mlistcache | false | Default |
| Message and Spam | msgsettings/filtering/words | './config/filter.txt' | Default |
| Message and Spam | msgsettings/filtering/replacement | '****' | Default |
| Message and Spam | spam/reporting | false | Default |
| Message and Spam | notspam/reporting | false | Default |
| Message and Spam | print/add_printedby | true | Default |
| Compose | msg/prepend_header | true | Default |
| Compose | msg/append_trailer | false | Default |
| Compose | compose/allow_receipts | true | Default |
| Compose | compose/special_characters | true | Default |
| Compose | compose/use_vfs | false | Default |
| Compose | compose/link_all_attachments | false | Default |
| Compose | compose/link_attachments_notify | true | Default |
| Compose | compose/link_attachments | true | Default |
| Compose | compose/attach_size_limit | 0 | Default |
| Compose | compose/attach_count_limit | 0 | Default |
| Compose | compose/reply_limit | 200000 | Default |
| Custom Hooks | hooks/vinfo | false | Default |
| Custom Hooks | hooks/postlogin | false | Default |
| Custom Hooks | hooks/postsent | false | Default |
| Custom Hooks | hooks/signature | false | Default |
| Custom Hooks | hooks/trailer | false | Default |
| Custom Hooks | hooks/fetchmail_filter | false | Default |
| Custom Hooks | hooks/mbox_redirect | false | Default |
| Custom Hooks | hooks/mbox_icon | false | Default |
| Custom Hooks | hooks/spam_bounce | false | Default |
| Custom Hooks | hooks/msglist_format | false | Default |
| Custom Hooks | hooks/display_folder | false | Default |
| Other settings | maillog/use_maillog | true | Default |
| Other settings | sentmail/driver | 'none' | Default |
| Other settings | tasklist/use_tasklist | true | Default |
| Other settings | notepad/use_notepad | true | Default |
| Other settings | tos/file | Default |
kronolith configuration
All the information for the diary is stored in the SQL database Change under your configuration the following value (http://127.0.0.1/horde/???
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| Calendar Driver | calendar/params/table | 'kronolith_events' | Default |
| Calendar Driver | calendar/params/driverconfig | 'horde' | Default |
| Calendar Driver | calendar/driver | 'sql' | Default |
| Calendar Driver | storage/params/table | 'kronolith_storage' | Default |
| Calendar Driver | storage/params/driverconfig | 'horde' | Default |
| Calendar Driver | storage/driver | 'sql' | Default |
| Calendar Driver | metadata/keywords | false | Default |
| Calendar Driver | reminder/server_name | '127.0.0.1' | localhost |
| Calendar Driver | reminder/from_addr | 'reminders@domain.com' | The address fom witch you send remeinder |
| Calendar Driver | autoshare/shareperms | 'read' | Default |
| Calendar Driver | holidays/enable | true | Default |
| Calendar Driver | menu/print | true | Default |
| Calendar Driver | menu/import_export | true | Default |
| Calendar Driver | menu/apps | array() | Default |
V4
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| Calendar Driver | calendar/params/table | 'kronolith_events' | Default |
| Calendar Driver | calendar/params/driverconfig | 'horde' | Default |
| Calendar Driver | calendar/params/utc | 'true' | Default |
| Calendar Driver | calendar/driver | 'sql' | Default |
| Calendar Driver | storage/default_domain | Default | |
| Calendar Driver | storage/params/table | 'kronolith_storage' | Default |
| Calendar Driver | storage/params/driverconfig | 'horde' | Default |
| Calendar Driver | storage/driver | 'sql' | Default |
| Calendar Driver | reminder/server_name | '127.0.0.1' | localhost |
| Calendar Driver | reminder/from_addr | 'reminders@domain.com' | The address fom witch you send remeinder |
| Calendar Driver | autoshare/shareperms | 'read' | Default |
| Calendar Driver | share/notify | false | Default |
| Calendar Driver | holidays/enable | true | Default |
| Calendar Driver | menu/print | true | Default |
| Calendar Driver | menu/import_export | true | Default |
| Calendar Driver | menu/apps | array() | Default |
| Calendar Driver | Maps/driver | 'No inline maps' | Default |
Ingo configuration
Turba configuration
Turba is a contact database, all the contact will be stored in the LDAP, configuration is done in two places, directly under horde/configuration, with administration account. and also in a specific file written in php to describe the LDAP connection
Modification of the php file of turba to access the contact database (LDAP) :
> gedit /etc/horde/turba/sources.php
A connection to data is made throw a “cfgSources”, so the first operation is to comment all the “$cfgSources[“ Add a first source to implement the contact (will be stored as LDAP schema 'turbaContact')
$cfgSources['localldap'] = array(
'title' => _("Shared Directory"),
'type' => 'ldap',
'params' => array(
'server' => 'comp.domain.com',
'port' => 389,
'tls' => true,
'root' => 'dc=domain,dc=com',
'bind_dn' => 'cn=Directory Manager',
'bind_password' => '?????TBD?????,',
'sizelimit' => 200,
'dn' => array('cn'),
'objectclass' => array('top',
'person',
'organizationalPerson',
'inetOrgPerson','turbaContact'),
// Add 'turbaContact' to this array if using
// 'turbaType' attribute below, and 'calEntry'
// if using 'freebusyUrl'.
'scope' => 'one',
'charset' => 'utf-8',
// Consult the LDAP schema to verify that all required attributes for
// an entry are set and add them if needed.
'checkrequired' => false,
// Value used to fill in missing required attributes.
'checkrequired_string' => ' ',
// Check LDAP schema for valid syntax. If this is false an address
// field is assumed to have postalAddress syntax; otherwise the schema
// is consulted for the syntax to use.
'checksyntax' => false,
'version' => 3
),
'map' => array(
'__key' => 'dn',
'__uid' => 'uid',
// From horde.schema. Make sure you have 'turbaContact' objectClass
// included above:
'__type' => 'turbaType',
'__members' => 'turbaMembers',
'name' => 'cn',
'lastname' => 'sn',
'email' => 'mail',
'homePhone' => 'homephone',
'workPhone' => 'telephonenumber',
'cellPhone' => 'mobiletelephonenumber',
'homeAddress' => 'homepostaladdress',
//
// From rfc2739.schema:
'freebusyUrl' => 'calFBURL',
),
'search' => array(
'name',
'lastname',
'email',
'homePhone',
'workPhone',
'cellPhone',
'homeAddress'
),
'strict' => array(
'dn',
),
'approximate' => array(
'cn',
),
'export' => true,
'browse' => true,
);
Add a second source to implement the users of the system (will be stored as LDAP schema ‘initPeople’)
$_ldap_uid = Auth::getBareAuth();
$_ldap_basedn = 'dc=example,dc=com';
$cfgSources['personal_ldap'] = array(
'title' => _("My Address Book"),
'type' => 'ldap',
'params' => array(
'server' => 'localhost',
'tls' => true,
'root' => 'ou=' . $_ldap_uid . ',ou=personal_addressbook,' . $_ldap_basedn,
'bind_dn' => 'uid=' . $_ldap_uid . ',ou=People,' . $_ldap_basedn,
'bind_password' => Auth::getCredential('password'),
'dn' => array('uid'),
'objectclass' => array('top',
'person',
// 'turbaContact',
'inetOrgPerson',
// 'calEntry',
'organizationalPerson'),
'scope' => 'one',
'charset' => 'utf-8',
'version' => 3
),
'map' => array(
'__key' => 'dn',
'__uid' => 'uid',
From horde.schema:
// '__type' => 'turbaType',
// '__members' => 'turbaMembers',
'name' => 'cn',
'email' => 'mail',
'lastname' => 'sn',
'title' => 'title',
'company' => 'organizationname',
'businessCategory' => 'businesscategory',
'workAddress' => 'postaladdress',
'workPostalCode' => 'postalcode',
'workPhone' => 'telephonenumber',
'fax' => 'facsimiletelephonenumber',
'homeAddress' => 'homepostaladdress',
'homePhone' => 'homephone',
'cellPhone' => 'mobile',
'notes' => 'description',
// Evolution interopt attributes: (those that do not require the
// evolution.schema)
'office' => 'roomNumber',
'department' => 'ou',
'nickname' => 'displayName',
'website' => 'labeledURI',
// These are not stored on the LDAP server.
'pgpPublicKey' => 'object_pgppublickey',
'smimePublicKey' => 'object_smimepublickey',
// From rfc2739.schema:
// 'freebusyUrl' => 'calFBURL',
),
'search' => array(
'name',
'email',
'businessCategory',
'title',
'homePhone',
'workPhone',
'cellPhone',
'homeAddress'
),
'strict' => array(
'dn',
),
'approximate' => array(
'cn',
),
'export' => true,
'browse' => true,
);
Change if necessary your configuration the following value (http://127.0.0.1/ horde/???)
127.0.0.1/horde/???
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| General | vhosts | false | Default |
| General | debug_level | E_ALL & ~E_NOTICE | Default |
| Parameter name | Value | Comments | |
| menu/import_export | true | Default | |
| menu/apps | array() | Default | |
| client/addressbook | 'localldap' | The predefined source for contact | |
| shares/source | 'localldap' | The predefined source for contact | |
| comments/allow | true | Default | |
| documents/type | 'Horde defaults' | Change to horde configuration |
Gollem configuration
Gollem is a web-based File Manager, configuration is done in two places, directly under horde/configuration, with administration account. and also in two specific files written in php to describe the file connection
First get this module directly from horde website and install it (no rpm for it)
> wget ftp://ftp.horde.org/pub/gollem/gollem-h3-1.1.2.tar.gz > tar -xvf gollem-h3-1.1.2.tar.gz > cd gollem-h3-1.1.2 > mv config /etc/horde/gollem > chown -R apache:apache /etc/horde/gollem > chmod -R 770 /etc/horde/gollem > cd .. > mv gollem-h3-1.1.2 /usr/share/horde/gollem > cd /usr/share/horde/gollem > ln -s ../../../../etc/horde/gollem config
Modification of the php file of gollem to correct the link between configuration and php files :
> cp /etc/horde/gollem/prefs.php.dist /etc/horde/gollem/prefs.php > chown -R apache:apache /etc/horde/gollem/prefs.php > gedit /etc/horde/gollem/prefs.php
Change line require_once dirname(__FILE__) . '/../lib/Gollem.php'; by require_once '/usr/share/horde/gollem/lib/Gollem.php';
Modification of the php file of gollem to access file data :
> cp /etc/horde/gollem/backends.php.dist /etc/horde/gollem/backends.php > chown -R apache:apache /etc/horde/gollem/backends.php > gedit /etc/horde/gollem/backends.php
A connection to data is made throw a “$backends”, so the first operation is to comment all the “$backends“ Add a first source to implement the file system $backends['file'] = array(
'name' => 'Virtual Home Directories',
'driver' => 'file',
'preferred' => 'comp1.domain.com',
'hordeauth' => false,
'params' => array(
// The base location under which the user home directories live.
'vfsroot' => '/home/Horde_vf/',
// The default permissions to set for newly created folders and files.
// 'permissions' => $conf['umask']
),
'loginparams' => array(),
'root' => '/',
'home' => Auth::getAuth(),
// 'createhome' => false,
// 'filter' => '^regex$',
// 'quota' => false,
'clipboard' => true,
'attributes' => array('type', 'name', 'edit', 'download', 'modified', 'size', 'permission', 'owner', 'group')
);
Change if necessary your configuration the following value (http://127.0.0.1/horde/???)
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| File Manager | backend/backend_list | none | Default |
| File Manager | foldercache/use_cache | No | Default |
| Menu Settings | menu/apps | array() | Default |
| Users capabilities and constrains | User/alternate_login | false | Default |
| Users capabilities and constrains | User/redirect_on_logout | false | Default |
Ansel configuration
Ansel is a web-based photo manager, configuration is done in one places, directly under horde/configuration, with administration account.
First get this module directly from horde website and install it
> wget ftp://ftp.horde.org/pub/ansel/ansel-h3-1.1.2.tar.gz > tar -xvf ansel-h3-1.1.2.tar.gz > cd ansel-h3-1.1.2 > mv config /etc/horde/ansel > chown -R apache:apache /etc/horde/ansel > chmod -R 770 /etc/horde/ansel > cd .. > mv ansel-h3-1.1.2 /usr/share/horde/ansel > cd /usr/share/horde/ansel > ln -s ../../../../etc/horde/ansel config
Change if necessary your configuration the following value (http://127.0.0.1/horde/???)
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| General settings | gallery/listlimit | Default | |
| General settings | gallery/numlimit | Default | |
| General settings | gallery/downloadzip | true | Default |
| General settings | gallery/customlabel | true | Default |
| General settings | menu/print | true | Default |
| General settings | menu/apps | array('horde') | Default |
| VFS and photos options | image/type | Horde default | Default |
| VFS and photos options | vfs/src | 'php' | Default |
| VFS and photos options | image/type | 'jpeg' | Default |
| VFS and photos options | image/autogen | '5' | Default |
| VFS and photos options | image/prettythumbs | true | Default |
| VFS and photos options | image/squaremini | true | Default |
| VFS and photos options | image/smartcrop | false | Default |
| VFS and photos options | image/tiny | false | Default |
| VFS and photos options | image/num_uploads | '100' | Default |
| VFS and photos options | image/font | Default | |
| Thumbnail Settings | thumbnail/perpage | '30' | Default |
| Thumbnail Settings | thumbnail/width | '150' | Default |
| Thumbnail Settings | thumbnail/height | '150' | Default |
| Thumbnail Settings | thumbnail/unsharp | true | Default |
| Thumbnail Settings | thumbnail/radius | '0.7' | Default |
| Thumbnail Settings | thumbnail/amount | '1' | Default |
| Thumbnail Settings | thumbnail/threshold | ‘0.05’ | Default |
| Screen Image Settings | screen/width | '800' | Default |
| Screen Image Settings | screen/height | '600' | Default |
| Screen Image Settings | screen/unsharp | true | Default |
| Screen Image Settings | screen/radius | '0.5' | Default |
| Screen Image Settings | screen/amount | '1.2' | Default |
| Screen Image Settings | screen/threshold | ‘0.05’ | Default |
| Ecard Settings | ecard/enable | true | Default |
| Photo Comments | comments/allow | ‘Authenticated user’ | Default |
| Cache Settings | ansel_cache/usecache | false | Default |
| Tag Settings | tags/relatedtags | false | Default |
| Content Reporting Settings | report_content/driver | false | Default |
| Age settings | ages/limits | ‘’ | Default |
| Age settings | ages/hook | false | Default |
| Face Detection | faces/driver | ‘manuel detection of user’ | Default |
| Face Detection | faces/search | '7' | Default |
Add the sql schema for Ansel in the database First get this module directly from horde website and install it
> cd /usr/share/horde/ > ./bin/db_migrate ansel
Mnemo configuration
Mnemo is a web-based note, configuration is done directly under horde/configuration, with administration account. But you need first to add the correct field in the SQL database
First get this module directly from horde website and install it (no rpm for it)
> wget ftp://ftp.horde.org/pub/mnemo/mnemo-h3-2.2.4.tar.gz > tar -xvf mnemo-h3-2.2.4.tar.gz > cd mnemo-h3-2.2.4 > mv config /etc/horde/mnemo > chown -R apache:apache /etc/horde/mnemo > chmod -R 770 /etc/horde/mnemo > cd .. > mv mnemo-h3-2.2.4 /usr/share/horde/mnemo > cd /usr/share/horde/mnemo > ln -s ../../../../etc/horde/mnemo config
Modification of the php file of mnemo to correct the link between configuration and php files :
> cp /etc/horde/mnemo/prefs.php.dist /etc/horde/mnemo/prefs.php > chown -R apache:apache /etc/horde/mnemo/prefs.php > gedit /etc/horde/mnemo/prefs.php
Change line require_once dirname(__FILE__) . '/../lib/Mnemo.php'; by require_once '/usr/share/horde/mnemo/lib/Mnemo.php';
Add the field in the SQL database :
> cd /usr/share/horde/mnemo/scripts/sql/ > mysql -u root -p horde <mnemo.sql
Used password : “Pass-mySql“.
Change if necessary your configuration the following value (http://127.0.0.1/horde/???) 127.0.0.1/horde/???
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| Generate Notes | storage/params/table | mnemo_memos | Default |
| Generate Notes | storage/params/driverconfig | Horde | Default |
| Generate Notes | storage/driver | sql | Default |
| Generate Notes | utils/gnupg | Default | |
| Generate Notes | menu/print | true | Default |
| Generate Notes | menu/import_export | true | Default |
| Generate Notes | menu/apps | array() | Default |
trean configuration
trean is a Bookmarks managers , configuration is done directly under horde/configuration, with administration account. But you need first to add the correct field in the SQL database
First get this module directly from horde website and install it (no rpm for it)
> wget ftp://ftp.horde.org/pub/snaps/latest/trean-FRAMEWORK_3*.tar.gz > tar -xvf trean-FRAMEWORK_3*.tar.gz > cd trean-FRAMEWORK_3 > mv config /etc/horde/trean > chown -R apache:apache /etc/horde/trean > chmod -R 770 /etc/horde/trean > cd .. > mv trean-FRAMEWORK_3 /usr/share/horde/trean > cd /usr/share/horde/trean > ln -s ../../../../etc/horde/trean config
Modification of the php file of horde to add this application in the horde database :
> gedit /etc/horde/registry.php
Change line $this->applications['trean'] = array(
'fileroot' => FEDORA_FILEROOT . '/trean',
'webroot' => $this->applications['horde']['webroot'] . '/trean',
'name' => _("Bookmarks"),
'status' => 'inactive',
'provides' => 'bookmarks',
'menu_parent' => 'organizing'
);
by $this->applications['ansel'] = array(
'fileroot' => FEDORA_FILEROOT . '/ansel',
'webroot' => $this->applications['horde']['webroot'] . '/ansel',
'name' => _("Photos"),
'status' => 'active',
'provides' => 'images',
'menu_parent' => 'website'
); $this->applications['trean'] = array(
'fileroot' => FEDORA_FILEROOT . '/trean',
'webroot' => $this->applications['horde']['webroot'] . '/trean',
'name' => _("Bookmarks"),
'status' => 'active',
'provides' => 'bookmarks',
'menu_parent' => 'organizing'
);
Add the field in the SQL database :
> cd /usr/share/horde/trean/scripts/sql/ > mysql -u root -p horde <trean.sql
Used password : “Pass-mySql“.
Change if necessary your configuration the following value (http://127.0.0.1/horde/???) 127.0.0.1/horde/???
| Page | Parameter name | Value | Comments |
|---|---|---|---|
| Menu settings | Menu/mport_export | Yes | Default |
| Menu settings | Menu/apps | list | Default |
| Virtual File Storage | Favicons/type | Sql | We want to use SQL, yes |
| Virtual File Storage | Favicons/params/driverconfig | Horde | Default |
(TBD)