Horde3: Difference between revisions

From SaruWiki
Jump to navigation Jump to search
m (started updating)
m (changed link)
 
(5 intermediate revisions by the same user not shown)
Line 2: Line 2:


==Installation==
==Installation==
First install the base package plus dependencies:
First make sure you have a nice little [[LAMP]] server running, with [[Database_101|MySQL]], [[Apache2_and_PHP5|Apache2, PHP5]] et cetera.
Now install the base package plus dependencies:
  apt-get install horde3
  apt-get install horde3


Now make the site available
Now make the site available: in ''/etc/apache2/sites-available'', find the site(s) that will get horde3 enabled. In the site definition files, include the following snippet:
In ''/etc/apache2/sites-available'' the installation script has already placed a file horde3; the content will closely resemble
  Alias /horde3 /usr/share/horde3
  Alias /horde3 /usr/share/horde3
         <Directory /usr/share/horde3>
         <Directory /usr/share/horde3>
Line 14: Line 14:
             allow from all 192.168 127.0.0
             allow from all 192.168 127.0.0
         </Directory>
         </Directory>
<Files ~ "\.(inc|bak)$">
    deny from all
</Files>
If you include the code in an SSL protected site, you can also add
  <Location /horde3>
  <Location /horde3>
        SSLCipherSuite HIGH:MEDIUM
    SSLCipherSuite HIGH:MEDIUM
  </Location>
  </Location>
You could simply enable this site
Restart your Apache webserver, and horde3 is operational. However, if you surf to ''<nowiki>http://your.web.server/horde3</nowiki>'' you read this:
ln -s /etc/apache2/sites-available/horde3 00X-horde3
{| border="1"
(or use ''a2ensite horde3''). Note that this makes the horde3 package available in every virtual host that you have.
|Horde3 configuration disabled by default because the administration/install wizard gives the whole world too much access to the system. Read /usr/share/doc/horde3/README.Debian.gz on how to allow access.
|}
No worries, we'll get horde operational with the following steps.


== Database ==
==Database==
Horde needs its own database to keep information. To create that database there are several scripts in ''/usr/share/doc/horde3/examples/scripts/''. We use MySQL:
Horde needs its own database to keep information. To create that database there are several scripts in ''/usr/share/doc/horde3/examples/scripts/''. We use MySQL, so we unpack the MySQL setup script:
  gunzip /usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql.gz
  cd /usr/share/doc/horde3/examples/scripts/sql
and change the password in the script for the user ''horde''. We can run the script
gunzip create.mysql.sql.gz
  localhost:$ '''mysql -u root -p'''  
This unpacks ''create.mysql.sql'', in which we need to change the password for the user ''horde'', in line 27-29. They reads
-- IMPORTANT: Change this password.
        PASSWORD('horde')
);
We change the default password ''horde'' to something stronger.
We can now run the script by feeding it into the MySQL client:
  localhost:# '''mysql -u root -p < /usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql.gz'''  
  Enter password:
  Enter password:
  Welcome to the MySQL monitor. Commands end with ; or \g.
  localhost:# _
Your MySQL connection id is 4200
Now remove the ''create.mysql.sql.gz'' file, or change the password back to 'horde', or secure access to the file! We don't want anyone to read the horde database password.
Server version: 5.0.51a-24+lenny1 (Debian)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> '''source  /usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql'''


 
==Configure==
 
To use the web configuration wizard we need to do a couple of things in directory ''/etc/horde/horde3''. First, we need most files to be owned by root:www-data and have permissions 750. Next, create a backup ''conf.php'' file, named ''conf.bak.php'', and change the permissions on both ''conf*.php'' files to 777:
== Configure ==
 
To use the web configuration wizard we need to change the following
  chgrp -R www-data /etc/horde/horde3/
  chgrp -R www-data /etc/horde/horde3/
  chmod -R 750 /etc/horde/horde3
  chmod -R 750 /etc/horde/horde3
  chmod 777 /etc/horde/horde3/conf.php
  touch etc/horde/horde3/conf.bak.php
cp /etc/horde/horde3/conf.php /etc/horde/horde3/conf.php.bak
  chmod 777 /etc/horde/horde3/conf*.php
  chmod 777 /etc/horde/horde3/conf.php.bak
Next, we can prepare an alternative location for the log file, in line with our [[Debian_Lenny_base_server|Lenny base server configuration]]:
mkdir /var/appsloghorde
Prepare log file:
  touch /var/appsloghorde/horde3.log
  touch /var/log/horde/horde3.log
  chown root.www-data /var/log/horde/horde3.log
  chown root.www-data /var/log/horde/horde3.log
  chmod 770 /var/log/horde/horde3.log
  chmod 770 /var/log/horde/horde3.log
Now edit ''/etc/horde/horde3/conf.php'' and remove line 2 and 3.
We should now be able to browse to the Horde3 admin page, something like:
http://server.local.lan/horde3/
==Web configuration==
Choose setup from the menu 'horde setup'. Note: fill at LEAST all the data mentioned hereunder, and only THEN click "Generate Horde Configuration". You '''cannot''' click that button in the mean time to "save your progress", because it will then shut you out of your Horde setup.
* edit the data in tab "database"
** username: <nowiki>$conf[sql][username]</nowiki> = ''horde''
** password: put after <nowiki>$conf[sql][password]</nowiki> the strong password we put in ''create.mysql.sql.gz''
** connect to database: select <nowiki>$conf[sql][protocol]</nowiki> = ''tcp/ip''
** where is that database located: <nowiki>$conf[sql][hostspec]</nowiki> = ''localhost''
** The database name: <nowiki>$conf[sql][database]</nowiki> = ''horde''
* edit the data in tab "preference system
** set the preferences driver <nowiki>$conf[prefs][driver]</nowiki> to ''SQL database''
* edit the data in tab "authentication" - this section depends heavily on how you want to authenticate. Suppose you have an OpenLDAP server on your network, perhaps even on this same server, then it could be something like this:
** <nowiki>$conf[auth][admins]</nowiki> should have your own LDAP login, e.g. "john"
** <nowiki>$conf[auth][driver]</nowiki> must be ''LDAP authentication''
** <nowiki>$conf[auth][params][hostspec]</nowiki> must be the LDAP server, e.g. "localhost"
** <nowiki>$conf[auth][params][basedn]</nowiki> will be the standard base DN, e.g. "dc=saruman,dc=biz"
** <nowiki>$conf[auth][params][binddn]</nowiki> must be the account that is allowed to bind, so it can check users; we use "cn=authenticator,dc=saruman,dc=biz"
** <nowiki>$conf[auth][params][password]</nowiki> contains the password of the binddn, in our case "authenticator"s password ("letmein", I believe it was :-)
** <nowiki>$conf[auth][params][uid]</nowiki> contains the attribute that contains the login name. This will often be "uid", as it is with us
** <nowiki>$conf[auth][params][objectclass]</nowiki> must contain an object class filter, with which horde can limit the results of its search. If all your horde users are in one single class, you can simply use that. E.g. we have all users member of "inetOrgPerson" so we can use that value.
More settings can be made, but that can also be done at a later time. For now, click "Generate Horde Configuration". You will be thrown out, and must log back in with the specified admin account (LDAP account "john" in our example).


Now we can browse to the site
When ''horde3'' is installed, you can start installing Horde applications. The central part of this is [[IMP - the Internet Messaging Program]]
http://192.168.70.9/horde3/
 
This will give us the following
Horde3 configuration disabled by default because the administration/install wizard gives the whole world too much access to the system. Read /usr/share /doc/horde3/README.Debian.gz on how to allow access.
 
Change /var/log/horde/horde3/conf.php and comment line 2 and 3 leave the first line as is.
 
Choose setup from the menu 'horde setup'
- edit database -> username en WW - connect to database = tcp/ip - localhost - naam database
- edit preference system -> SQL database
- edit authentication          -> Administrator,user@sample.com - SQL authentication
Choose Users from the menu
- add users -> user@sample.com
 
klik generate Horde Configurtion
Could not save the backup configuration file /usr/share/horde3/config/conf.bak.php
I had to change permissions on the /etc/horde/horde3 folder
 
== IMP ==
apt-get install imp4
Now prepare file permissions for web configuration:
 
chmod 777 /etc/horde/imp4/conf.php
touch /etc/horde/imp4/conf.bak.php
chmod 777 /etc/horde/imp4/conf.bak.php
 
Choose setup from the menu 'mail(imp)'
Generate your configuration (GPG/PGP, user constraints, enable spam/ham report, hooks...).
 
And when you're done change the permissions back
 
chmod 644 /etc/horde/imp4/conf.php
chmod 700 /etc/horde/imp4/conf.bak.php
 
And specify your mail server(s) in /etc/horde/imp4/servers.php file
$servers['imap'] = array(
    'name' => 'IMAP Server',
    'server' => 'localhost',
    'hordeauth' => 'full',
    'protocol' => 'imap/notls',
    'port' => 143,
    'maildomain' => 'sample.com',
    'smtphost' => 'localhost',
    'smtpport' => 25,
    'realm' => 'sample.com',
    'preferred' => '',
);
 
When you are ready, enable IMP in /etc/horde/horde3/registry.php file and verify if all is right. Yes, you read well, you MUST enable manually module in registry.php file after configuration!
 
$this->applications['imp'] = array(
    'fileroot' => '/usr/share/horde3/lib' . '/../imp',
    'webroot' => $this->applications['horde']['webroot'] . '/imp',
    'name' => _("Mail"),
    'status' => 'active',
    'provides' => array('mail', 'contacts/favouriteRecipients')
);
 
Change the status from inactive to active

Latest revision as of 19:57, 31 August 2009

A standard howto for the Horde3 installation can be found at wiki.debian.org. Our notes on Horde3 installation are the following:

Installation

First make sure you have a nice little LAMP server running, with MySQL, Apache2, PHP5 et cetera. Now install the base package plus dependencies: 

apt-get install horde3

Now make the site available: in /etc/apache2/sites-available, find the site(s) that will get horde3 enabled. In the site definition files, include the following snippet: 

Alias /horde3 /usr/share/horde3
       <Directory /usr/share/horde3>
           Options FollowSymLinks
           AllowOverride Limit
           deny from all
           allow from all 192.168 127.0.0
       </Directory>
<Files ~ "\.(inc|bak)$">
    deny from all
</Files>

If you include the code in an SSL protected site, you can also add 

<Location /horde3>
    SSLCipherSuite HIGH:MEDIUM
</Location>

Restart your Apache webserver, and horde3 is operational. However, if you surf to http://your.web.server/horde3 you read this:

Horde3 configuration disabled by default because the administration/install wizard gives the whole world too much access to the system. Read /usr/share/doc/horde3/README.Debian.gz on how to allow access.

No worries, we'll get horde operational with the following steps.

Database

Horde needs its own database to keep information. To create that database there are several scripts in /usr/share/doc/horde3/examples/scripts/. We use MySQL, so we unpack the MySQL setup script: 

cd /usr/share/doc/horde3/examples/scripts/sql
gunzip create.mysql.sql.gz

This unpacks create.mysql.sql, in which we need to change the password for the user horde, in line 27-29. They reads 

-- IMPORTANT: Change this password.
        PASSWORD('horde')
);

We change the default password horde to something stronger. We can now run the script by feeding it into the MySQL client: 

localhost:# mysql -u root -p < /usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql.gz 
Enter password:
localhost:# _

Now remove the create.mysql.sql.gz file, or change the password back to 'horde', or secure access to the file! We don't want anyone to read the horde database password.

Configure

To use the web configuration wizard we need to do a couple of things in directory /etc/horde/horde3. First, we need most files to be owned by root:www-data and have permissions 750. Next, create a backup conf.php file, named conf.bak.php, and change the permissions on both conf*.php files to 777: 

chgrp -R www-data /etc/horde/horde3/
chmod -R 750 /etc/horde/horde3
touch etc/horde/horde3/conf.bak.php
chmod 777 /etc/horde/horde3/conf*.php

Next, we can prepare an alternative location for the log file, in line with our Lenny base server configuration: 

mkdir /var/appsloghorde
touch /var/appsloghorde/horde3.log
chown root.www-data /var/log/horde/horde3.log
chmod 770 /var/log/horde/horde3.log

Now edit /etc/horde/horde3/conf.php and remove line 2 and 3. We should now be able to browse to the Horde3 admin page, something like: 

http://server.local.lan/horde3/

Web configuration

Choose setup from the menu 'horde setup'. Note: fill at LEAST all the data mentioned hereunder, and only THEN click "Generate Horde Configuration". You cannot click that button in the mean time to "save your progress", because it will then shut you out of your Horde setup.

  • edit the data in tab "database"
    • username: $conf[sql][username] = horde
    • password: put after $conf[sql][password] the strong password we put in create.mysql.sql.gz
    • connect to database: select $conf[sql][protocol] = tcp/ip
    • where is that database located: $conf[sql][hostspec] = localhost
    • The database name: $conf[sql][database] = horde
  • edit the data in tab "preference system
    • set the preferences driver $conf[prefs][driver] to SQL database
  • edit the data in tab "authentication" - this section depends heavily on how you want to authenticate. Suppose you have an OpenLDAP server on your network, perhaps even on this same server, then it could be something like this:
    • $conf[auth][admins] should have your own LDAP login, e.g. "john"
    • $conf[auth][driver] must be LDAP authentication
    • $conf[auth][params][hostspec] must be the LDAP server, e.g. "localhost"
    • $conf[auth][params][basedn] will be the standard base DN, e.g. "dc=saruman,dc=biz"
    • $conf[auth][params][binddn] must be the account that is allowed to bind, so it can check users; we use "cn=authenticator,dc=saruman,dc=biz"
    • $conf[auth][params][password] contains the password of the binddn, in our case "authenticator"s password ("letmein", I believe it was :-)
    • $conf[auth][params][uid] contains the attribute that contains the login name. This will often be "uid", as it is with us
    • $conf[auth][params][objectclass] must contain an object class filter, with which horde can limit the results of its search. If all your horde users are in one single class, you can simply use that. E.g. we have all users member of "inetOrgPerson" so we can use that value.

More settings can be made, but that can also be done at a later time. For now, click "Generate Horde Configuration". You will be thrown out, and must log back in with the specified admin account (LDAP account "john" in our example).

When horde3 is installed, you can start installing Horde applications. The central part of this is IMP - the Internet Messaging Program

Retrieved from "https://www.saruman.biz/saruwiki/index.php?title=Horde3&oldid=2459"