Horde3

From SaruWiki
Jump to navigation Jump to search

A standard howto for the Horde3 installation can be found at wiki.debian.org. Our notes on Horde3 installation are the following:

Installation

First make sure you have a nice little LAMP server running, with MySQL, Apache2, PHP5 et cetera. Now install the base package plus dependencies:

apt-get install horde3

Now make the site available: in /etc/apache2/sites-available, find the site(s) that will get horde3 enabled. In the site definition files, include the following snippet:

Alias /horde3 /usr/share/horde3
       <Directory /usr/share/horde3>
           Options FollowSymLinks
           AllowOverride Limit
           deny from all
           allow from all 192.168 127.0.0
       </Directory>
<Files ~ "\.(inc|bak)$">
    deny from all
</Files>

If you include the code in an SSL protected site, you can also add

<Location /horde3>
    SSLCipherSuite HIGH:MEDIUM
</Location>

Restart your Apache webserver, and horde3 is operational. However, if you surf to http://your.web.server/horde3 you read this:

Horde3 configuration disabled by default because the administration/install wizard gives the whole world too much access to the system. Read /usr/share/doc/horde3/README.Debian.gz on how to allow access.

No worries, we'll get horde operational with the following steps.

Database

Horde needs its own database to keep information. To create that database there are several scripts in /usr/share/doc/horde3/examples/scripts/. We use MySQL, so we unpack the MySQL setup script:

cd /usr/share/doc/horde3/examples/scripts/sql
gunzip create.mysql.sql.gz

This unpacks create.mysql.sql, in which we need to change the password for the user horde, in line 27-29. They reads

-- IMPORTANT: Change this password.
        PASSWORD('horde')
);

We change the default password horde to something stronger. We can now run the script by feeding it into the MySQL client:

localhost:# mysql -u root -p < /usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql.gz 
Enter password:
localhost:# _

Now remove the create.mysql.sql.gz file, or change the password back to 'horde', or secure access to the file! We don't want anyone to read the horde database password.

Configure

To use the web configuration wizard we need to do a couple of things in directory /etc/horde/horde3. First, we need most files to be owned by root:www-data and have permissions 750. Next, create a backup conf.php file, named conf.bak.php, and change the permissions on both conf*.php files to 777:

chgrp -R www-data /etc/horde/horde3/
chmod -R 750 /etc/horde/horde3
touch etc/horde/horde3/conf.bak.php
chmod 777 /etc/horde/horde3/conf*.php

Next, we can prepare an alternative location for the log file, in line with our Lenny base server configuration:

mkdir /var/appsloghorde
touch /var/appsloghorde/horde3.log
chown root.www-data /var/log/horde/horde3.log
chmod 770 /var/log/horde/horde3.log

Now edit /etc/horde/horde3/conf.php and remove line 2 and 3. We should now be able to browse to the Horde3 admin page, something like:

http://server.local.lan/horde3/

Web configuration

Choose setup from the menu 'horde setup'. Note: fill at LEAST all the data mentioned hereunder, and only THEN click "Generate Horde Configuration". You cannot click that button in the mean time to "save your progress", because it will then shut you out of your Horde setup.

  • edit the data in tab "database"
    • username: $conf[sql][username] = horde
    • password: put after $conf[sql][password] the strong password we put in create.mysql.sql.gz
    • connect to database: select $conf[sql][protocol] = tcp/ip
    • where is that database located: $conf[sql][hostspec] = localhost
    • The database name: $conf[sql][database] = horde
  • edit the data in tab "preference system
    • set the preferences driver $conf[prefs][driver] to SQL database
  • edit the data in tab "authentication" - this section depends heavily on how you want to authenticate. Suppose you have an OpenLDAP server on your network, perhaps even on this same server, then it could be something like this:
    • $conf[auth][admins] should have your own LDAP login, e.g. "john"
    • $conf[auth][driver] must be LDAP authentication
    • $conf[auth][params][hostspec] must be the LDAP server, e.g. "localhost"
    • $conf[auth][params][basedn] will be the standard base DN, e.g. "dc=saruman,dc=biz"
    • $conf[auth][params][binddn] must be the account that is allowed to bind, so it can check users; we use "cn=authenticator,dc=saruman,dc=biz"
    • $conf[auth][params][password] contains the password of the binddn, in our case "authenticator"s password ("letmein", I believe it was :-)
    • $conf[auth][params][uid] contains the attribute that contains the login name. This will often be "uid", as it is with us
    • $conf[auth][params][objectclass] must contain an object class filter, with which horde can limit the results of its search. If all your horde users are in one single class, you can simply use that. E.g. we have all users member of "inetOrgPerson" so we can use that value.

More settings can be made, but that can also be done at a later time. For now, click "Generate Horde Configuration". You will be thrown out, and must log back in with the specified admin account (LDAP account "john" in our example).

When horde3 is installed, you can start installing Horde applications. The central part of this is IMP - the Internet Messaging Program