Horde3: Difference between revisions

From SaruWiki
Jump to navigation Jump to search
m (→‎Configure: expounded)
(→‎Web configuration: adapted for ldap)
Line 57: Line 57:
  http://server.local.lan/horde3/
  http://server.local.lan/horde3/
==Web configuration==
==Web configuration==
Choose setup from the menu 'horde setup'
Choose setup from the menu 'horde setup'. Note: fill at LEAST all the data mentioned hereunder, and only THEN click "Generate Horde Configuration". You '''cannot''' click that button in the mean time to "save your progress", because it will then shut you out of your Horde setup.
- edit database -> username en WW - connect to database = tcp/ip - localhost - naam database
* edit the data in tab "database"
- edit preference system -> SQL database
** username: <nowiki>$conf[sql][username]</nowiki> = ''horde''
- edit authentication           -> Administrator,user@sample.com - SQL authentication
** password: put after <nowiki>$conf[sql][password]</nowiki> the strong password we put in ''create.mysql.sql.gz''
Choose Users from the menu
** connect to database: select <nowiki>$conf[sql][protocol]</nowiki> = ''tcp/ip''
- add users -> user@sample.com
** where is that database located: <nowiki>$conf[sql][hostspec]</nowiki> = ''localhost''
 
** The database name: <nowiki>$conf[sql][database]</nowiki> = ''horde''
klik generate Horde Configurtion
* edit the data in tab "preference system
Could not save the backup configuration file /usr/share/horde3/config/conf.bak.php
** set the preferences driver <nowiki>$conf[prefs][driver]</nowiki> to ''SQL database''
I had to change permissions on the /etc/horde/horde3 folder
* edit the data in tab "authentication" - this section depends heavily on how you want to authenticate. Suppose you have an OpenLDAP server on your network, perhaps even on this same server, then it could be something like this:
** <nowiki>$conf[auth][admins]</nowiki> should have your own LDAP login, e.g. "john"
** <nowiki>$conf[auth][driver]</nowiki> must be ''LDAP authentication''
** <nowiki>$conf[auth][params][hostspec]</nowiki> must be the LDAP server, e.g. "localhost"
** <nowiki>$conf[auth][params][basedn]</nowiki> will be the standard base DN, e.g. "dc=saruman,dc=biz"
** <nowiki>$conf[auth][params][binddn]</nowiki> must be the account that is allowed to bind, so it can check users; we use "cn=authenticator,dc=saruman,dc=biz"
** <nowiki>$conf[auth][params][password]</nowiki> contains the password of the binddn, in our case "authenticator"s password ("letmein", I believe it was :-)
** <nowiki>$conf[auth][params][uid]</nowiki> contains the attribute that contains the login name. This will often be "uid", as it is with us
** <nowiki>$conf[auth][params][objectclass]</nowiki> must contain an object class filter, with which horde can limit the results of its search. If all your horde users are in one single class, you can simply use that. E.g. we have all users member of "inetOrgPerson" so we can use that value.
More settings can be made, but that can also be done at a later time. For now, click "Generate Horde Configuration". You will be thrown out, and must log back in with the specified admin account (LDAP account "john" in our example).


== IMP ==
== IMP ==

Revision as of 21:24, 30 August 2009

A standard howto for the Horde3 installation can be found at wiki.debian.org. Our notes on Horde3 installation are the following:

Installation

First make sure you have a nice little LAMP server running, with MySQL, Apache2, PHP5 et cetera. Now install the base package plus dependencies:

apt-get install horde3

Now make the site available: in /etc/apache2/sites-available, find the site(s) that will get horde3 enabled. In the site definition files, include the following snippet:

Alias /horde3 /usr/share/horde3
       <Directory /usr/share/horde3>
           Options FollowSymLinks
           AllowOverride Limit
           deny from all
           allow from all 192.168 127.0.0
       </Directory>
<Files ~ "\.(inc|bak)$">
    deny from all
</Files>

If you include the code in an SSL protected site, you can also add

<Location /horde3>
    SSLCipherSuite HIGH:MEDIUM
</Location>

Restart your Apache webserver, and horde3 is operational. However, if you surf to http://your.web.server/horde3 you read this:

Horde3 configuration disabled by default because the administration/install wizard gives the whole world too much access to the system. Read /usr/share/doc/horde3/README.Debian.gz on how to allow access.

No worries, we'll get horde operational with the following steps.

Database

Horde needs its own database to keep information. To create that database there are several scripts in /usr/share/doc/horde3/examples/scripts/. We use MySQL, so we unpack the MySQL setup script:

cd /usr/share/doc/horde3/examples/scripts/sql
gunzip create.mysql.sql.gz

This unpacks create.mysql.sql, in which we need to change the password for the user horde, in line 27-29. They reads

-- IMPORTANT: Change this password.
        PASSWORD('horde')
);

We change the default password horde to something stronger. We can now run the script by feeding it into the MySQL client:

localhost:# mysql -u root -p < /usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql.gz 
Enter password:
localhost:# _

Now remove the create.mysql.sql.gz file, or change the password back to 'horde', or secure access to the file! We don't want anyone to read the horde database password.

Configure

To use the web configuration wizard we need to do a couple of things in directory /etc/horde/horde3. First, we need most files to be owned by root:www-data and have permissions 750. Next, create a backup conf.php file, named conf.bak.php, and change the permissions on both conf*.php files to 777:

chgrp -R www-data /etc/horde/horde3/
chmod -R 750 /etc/horde/horde3
touch etc/horde/horde3/conf.bak.php
chmod 777 /etc/horde/horde3/conf*.php

Next, we can prepare an alternative location for the log file, in line with our Lenny base server configuration:

mkdir /var/appsloghorde
touch /var/appsloghorde/horde3.log
chown root.www-data /var/log/horde/horde3.log
chmod 770 /var/log/horde/horde3.log

Now edit /etc/horde/horde3/conf.php and remove line 2 and 3. We should now be able to browse to the Horde3 admin page, something like:

http://server.local.lan/horde3/

Web configuration

Choose setup from the menu 'horde setup'. Note: fill at LEAST all the data mentioned hereunder, and only THEN click "Generate Horde Configuration". You cannot click that button in the mean time to "save your progress", because it will then shut you out of your Horde setup.

  • edit the data in tab "database"
    • username: $conf[sql][username] = horde
    • password: put after $conf[sql][password] the strong password we put in create.mysql.sql.gz
    • connect to database: select $conf[sql][protocol] = tcp/ip
    • where is that database located: $conf[sql][hostspec] = localhost
    • The database name: $conf[sql][database] = horde
  • edit the data in tab "preference system
    • set the preferences driver $conf[prefs][driver] to SQL database
  • edit the data in tab "authentication" - this section depends heavily on how you want to authenticate. Suppose you have an OpenLDAP server on your network, perhaps even on this same server, then it could be something like this:
    • $conf[auth][admins] should have your own LDAP login, e.g. "john"
    • $conf[auth][driver] must be LDAP authentication
    • $conf[auth][params][hostspec] must be the LDAP server, e.g. "localhost"
    • $conf[auth][params][basedn] will be the standard base DN, e.g. "dc=saruman,dc=biz"
    • $conf[auth][params][binddn] must be the account that is allowed to bind, so it can check users; we use "cn=authenticator,dc=saruman,dc=biz"
    • $conf[auth][params][password] contains the password of the binddn, in our case "authenticator"s password ("letmein", I believe it was :-)
    • $conf[auth][params][uid] contains the attribute that contains the login name. This will often be "uid", as it is with us
    • $conf[auth][params][objectclass] must contain an object class filter, with which horde can limit the results of its search. If all your horde users are in one single class, you can simply use that. E.g. we have all users member of "inetOrgPerson" so we can use that value.

More settings can be made, but that can also be done at a later time. For now, click "Generate Horde Configuration". You will be thrown out, and must log back in with the specified admin account (LDAP account "john" in our example).

IMP

apt-get install imp4

Now prepare file permissions for web configuration:

chmod 777 /etc/horde/imp4/conf.php
touch /etc/horde/imp4/conf.bak.php
chmod 777 /etc/horde/imp4/conf.bak.php

Choose setup from the menu 'mail(imp)' Generate your configuration (GPG/PGP, user constraints, enable spam/ham report, hooks...).

And when you're done change the permissions back

chmod 644 /etc/horde/imp4/conf.php
chmod 700 /etc/horde/imp4/conf.bak.php

And specify your mail server(s) in /etc/horde/imp4/servers.php file

$servers['imap'] = array(
   'name' => 'IMAP Server',
   'server' => 'localhost',
   'hordeauth' => 'full',
   'protocol' => 'imap/notls',
   'port' => 143,
   'maildomain' => 'sample.com',
   'smtphost' => 'localhost',
   'smtpport' => 25,
   'realm' => 'sample.com',
   'preferred' => ,
);

When you are ready, enable IMP in /etc/horde/horde3/registry.php file and verify if all is right. Yes, you read well, you MUST enable manually module in registry.php file after configuration!

$this->applications['imp'] = array(
   'fileroot' => '/usr/share/horde3/lib' . '/../imp',
   'webroot' => $this->applications['horde']['webroot'] . '/imp',
   'name' => _("Mail"),
   'status' => 'active',
   'provides' => array('mail', 'contacts/favouriteRecipients')
);

Change the status from inactive to active