Kolab is not available in the main SuSE distro, but it is on the SuSE Build Service. It appears to be written in PHP. The required or optional packages appear to be these (for the server:Kolab:STABLE/openSUSE_11.2 version group, 884Mb compressed):
approvedfor use with Kolab
Currently available version groups, quoted for the base server package, appear to be:
These additional packages (not in the main SuSE 11.2 distro) are needed:
Trying to install from the Kolab repo,
zypper addrepo -r http://download.opensuse.org/repositories/server:/Kolab:/STABLE/openSUSE_11.2/server:Kolab:STABLE.repo
zypper install kolab
To do:
Identify the real keystone package(s). The ones that probably are optional are marked with (*).
These appear to not be optional:
Make sure wanted features like kolab-z-push are installed. (Isn't.)
Compare provides
of Kolab and Mathnet imap packages, see if
we can forget about their imap.
See if the pki group can be made useful; maybe install globally.
Obvious prerequisites are a webserver with either mod_php or binfmt_misc (/proc/sys/fs/binfmt_misc) actiated, and at least the ability to install Horde packages. On Papyrus we have horde-webmail-1.0.6, but installed by cowboy programming. The SuSE Build Service has
Status of Horde on Papyrus: It was last upgraded in 2008-03-28. Per the Horde website, the latest version is Horde Groupware 1.2.6 (or Groupware Webmail Edition, same version).
Package | Latest | Ours |
---|---|---|
Horde Groupware/Webmail | 1.2.6 | 1.0.6 |
Horde (framework) | 3.3.8 | 3.1.7 |
IMP | 4.3.7 | 4.1.6 |
Kronolith | 2.3.4 | 2.1.7 |
etc . . . |
Clearly we need to upgrade Horde. However, that's going to be impossible this month, and I want to make progress on the PIM server, so maybe we should try this on a different webserver.
The webservers having mod_php5 are arachne malibu papyrus zuma; those without it are bamboo01 sumac sunset simba. In reality, binfmt_misc should be sufficient for testing. I'll try this on my personal workstation, Simba.
Having installed the packages, now you have to configure the system. Relevant web links:
Kolab2 Installation from Source -- This is the default installation mode, and apparently they're up to version 2.2.4 while we have 0.5.0.
Kolab CVS Repo -- Has more documents about server configuration.
Clients for Kolab -- Clients listed as supporting most Kolab features are: Kontact, Horde, Outlook, Thunderbird.
From the first link above: To configure the Kolab server, run kolab_bootstrap. This is a Perl script and is going to ask the following questions:
/etc/kolab/kolab.globals and /etc/kolab/kolab.conf are important configuration files.
It expects to utilize these ports and wants you to get rid of existing services on them:
80 | http webserver |
443 | https webserver |
143 | imap server |
993 | imaps server |
110 | pop3 server |
995 | pop3s server |
25 | smtp server |
465 | smtps server |
10024 | amavis server |
10025 | postfix reinjection from kolabfilter |
10026 | postfix reinjection from amavis |
9999 | kolab daemon |
389 | ldap server |
636 | ldaps server |
2000 | sieve server |
2003 | lmtp server |
It plans to run slapcat on the existing LDAP database, and back up the existing content. If not found, it assumes a fresh install. Looks like it can use a remote LDAP server though.
It will put certificates in /etc/kolab/ca and /etc/kolab/*.pem
See /etc/kolab/templates for the templates it will use.
Asks for the server's FQDN.
Decide: master or slave server.
Asks for domain name (to be appended to email adr e.g. luser@dom.ain)
Asks for the base_dn of the Kolab database (LDAP).
Asks for a password for the manager
account.
Starts up slapd on localhost. But I think you can get it to use a remote LDAP server.
Uses Net::LDAP to connect to the LDAP server.
Creates a bunch of LDAP stuff.
*** Left off at "apache"
It would appear that I stumbled on an obsolete project to make Kokab native in SuSE, which is no longer supported. The officially supported version is hosted in OpenPKG. Key factoids from its FAQ:
OpenPKG is a virtual
distro
in which all infrastructure is installed in a special
prefix (/kolab in our case). The native OS's binaries, libraries,
config files, etc. are not used and are not raped.
It uses RPM for package management. The packages come from the OpenPKG build service and the app vendor (Kolab).
The only bone of contention is ports: you either have to kick off the native network daemons, or configure Kolab to use nonstandard ports. (And sockets? Or are they created in a private directory?)
Hacking Kolab config files: Edit /kolab/etc/templates/* These receive textual substitution and are then copied to operational locations such as /kolab/etc/openldap/ldap.conf when the Kolab server starts up, overwriting hacks in the derived operational files. There's a FAQ item that says to do this. In our version the directory is /kolab/etc/kolab/templates .
Typical Kolab installation: 200Mb download, 850Mb to compile the source packages, about 3 hours.
So let's let 'er rip on Simba, doing a default installation. We'll hack the configuration later to be integrated with our system. Key steps:
Kolab2 Installation - Source is the default installation method. The current version really is 2.2.4.
Deactivate apache and postfix. Use insserv -r so restarter won't try to restart them. Here's a list of the servers and ports that it wants to not be running (of which Apache and Postfix are the only ones on Simba):
Make the residence directory (1.5Gb free space needed, so it says):
mkdir /m1/kolab-2.2.4
ln -s /m1/kolab-2.2.4 /kolab
mkdir -p /kolab/srcx
Download the source from CVS. Use http://files.kolab.org in
Germany; there are mirrors in Belgium, another German site, and
United Arab Emirates.
wget -r -l1 -nd --no-parent http://files.kolab.org/server/release/kolab-server-2.2.4/sources/
Or by rsync: List first, then if looks reasonable, download.
rsync -L -rltzv rsync://rsync.kolab.org/kolab/server/development-2.2/current/sources/
rsync -rltzv --partial --copy-unsafe-links rsync://rsync.kolab.org/kolab/server/development-2.2/current/sources/ /kolab/srcx
You get a (list of a) pile of symlinks to source RPMs, for these package sets: Horde, Kolab itself, PEAR and PHP5 infrastructure, amavisd, Apache, clamav, build environment (binutils, make, gcc, etc. etc.), openldap, openpkg, openssl, perl (and modules), postfix, SASL, spamassassin, sqlite, etc, etc.
Downloaded (rsync) 381Mb at 7.7Mbyte/sec (62Mbit/sec), took 50 secs. It would be a lot longer on a home DSL line.
Follow instructions for how to check integrity. The key hex on the wiki is not up to date; you need to get the current key. Everything was OK.
Start the installation:
nice -19 sh ./install-kolab.sh >& /tmp/kolab-install.log < /dev/null &
It appears to be using these host system build tools: tar (or gtar), make (or gmake), cc (or gcc), ar, ld, as, strip, /bin/sh.
Started about 15:10, finished 16:43 (93 mins) on a Dell Optiplex GX-755 with Intel Core 2 Duo E8400 at 3GHz.
What you get:
The packages are installed. Disc space allocation:
You use /kolab/bin/openpkg command args
to
execute things.
Run the initial configuration command:
/kolab/sbin/kolab_bootstrap -b
(You can't capture the output through tee; there must be a block
buffered program and you can't see what it's asking for.)
Here is the list of configuration choices that I made. * indicates
that the default was correct already.
manager(bind_pw): the bugs password
Start Kolab and its various related services:
/kolab/bin/openpkg rc all start
Problems:
Do subsequent configuration; navigate to the URL
https://simba.math.ucla.edu/admin/ and log in as the user
manager
. Choices made were:
Accept Internet Mail.
Housebreaking Kolab: it's necessary that Kolab coexist with our existing system, meaning particularly that the host's Postfix and Apache should function. For this purpose:
I stopped Kolab's Postfix and Apache, and started the host's.
Rewrote /etc/init.d/kolab to have LSB dependency comments and to
support restart and status actions. The status action is to print
an excuse-type message and exit with status 0 (success).
It looks like you're supposed to execute something with an
argument of status
and a filename of
/kolab/etc/rc.d/rc.$service . Try: /kolab/bin/openpkg rc all status
and look for output like ${service}_enable="yes" and
${service}_active="no".
Update: I wrote a status
section in /etc/init.d/kolab
that parses this output and gives a reasonable return code.
/kolab/bin/openpkg rc can never decide if openpkg is active,
and kolabd won't start yet, so these were bypassed in the script.
Hack files in /kolab/etc/kolab/templates to customize ports:
Postfix: Hack master.cf.template. lmtp is already on 11565 (default is 24). We have smtpd on @@@bind_addr@@@:smtp (need to specify bind_addr). There's also one on 465 (deprecated smtps), 10025 (loopback from kolabfilter), 10026 (loopback from Amavis). We'll kill the one on 465, and change smtp to 11025.
Apache: hack httpd.conf.template. Changed port 80 to 11080 and 443 to 11443.
OpenLDAP: Doesn't seem to be running. Change port to 11389 . This isn't done in slapd.conf -- you need to start slapd with a command line option: -h "ldap://$FQDN:11389". May be a space separated list. Possibly the FQDN can be a null string, definitely it can be an IP address such as 127.0.0.1. 0.0.0.0 also works. See /kolab/etc/rc.d/rc.openldap openldap_url . Better yet, see /kolab/etc/rc.conf and its template copy. [Done.]
Trap for the unwary: /kolab/etc/kolab/kolab.globals also has the LDAP port. [Hacked]
saslauthd is already using port 10087. Host system only runs SASL on a UNIX domain socket.
Imapd: notify socket is on 11571.
Amavis: already on 11147; we don't want to run this.
Clamav: already on 11354; we don't want to run this.
To transfer the hacks to the operational files you need to run...
See ./lib/perl/vendor_perl/5.10.0/Kolab/Conf.pm :
Changes can be activated by running .$Kolab::config{'kolabconf_script'}.
Per etc/kolab/kolab.globals this is /kolab/sbin/kolabconf .
When running kolabconf: Error loading configuration. Maybe the LDAP
server is not running.
Duh, it is neither running locally
nor has the master server had the Kolab schema installed.
Let's try running kolab_bootstrap -b again. This clears the LDAP table, sets a new host FQDN and mail domain, gets the admin password, and runs kolabconf (with its own fake LDAP server). -b is required to get this latter behavior. It also removes /kolab/etc/kolab/{cert,key}.pem so re-create the symlinks to the real cert files.
Try starting kolab: /kolab/bin/openpkg rc all start
Configuration issues discovered:
listen 0.0.0.0:11571. Why are we using 11571 and not 11143 or 11993?
SERVICES { imap cmd="imapd" listen="$ipaddr:$port" prefork=0 }(substituting values for $ipaddr and $port). Presently it listens to 0.0.0.0:143 which of course dies. Also 993 and 995. I modified the template /kolab/etc/kolab/templates/cyrus.conf.template to use ports 11143, 11993, 11110, 11995 (IMAP and POP).
More on the chicken and egg problem: you need to change 389 to 11389 in both of:
Now logging in to the Kolab web interface for the first time.
See previous section where this was done. Connect to
https://simba.math.ucla.edu:11443/admin/ and log in as the user
manager
, password is the current bugs PW. Setup steps
(copied from previous setup attempt):
smarthost): Sumac
Accept Internet Mail.
Logging in as jimc: the URL is https://simba.math.ucla.edu:11443/client/
You get a Horde login screen, .../imp/login.php . Login fails (wrong password). Logging in as manager: it doesn't reject the password but goes right back to the login page.
We seem to be getting output from cron jobs where the command
is: /kolab/etc/rc all quarterly ; output is fatal: Unable to
connect to local Cyrus admin interface
. This is for kolabd
specifically. In /etc/crontab.
Next step would be to compare the LDAP content on 11389 with the real LDAP tables on Sunset:389. Propagate Kolab-specific stuff to Sunset. See if it will be happy using Sunset's LDAP. Go through all the other conf files and change the LDAP URI to whichever one we're using.
Guess what, kolabd wants to open a socket on 11389 and gets upset when slapd is also using it. Test command line: ldapsearch -H ldap://localhost:11389 -x -z 3 It times out and gives up, not like on a real LDAP server. And now I can't start openldap, nothing in syslog about why. I did insserv -r /etc/init.d/kolab and left it for next week.