Install and configure openchange for CentOS 6.5
In RuNet, and indeed on the Internet, little is said about such an interesting product as openchange.
In theory, openchange and its associated components should completely replace MS Exchange Server, but in practice this does not work out completely.
Those who are interested in asking in the post itself. There you will learn about installing on CentOS 6.5.
I must say right away that the product is raw enough and is not suitable for a large organization.
Initial data:
1) A large domain with subdomains and various trusted relationships with other domains.
2) In connection with the division of a large company into separate legal entities, the need for their own mail appeared.
3) Users are accustomed to the goodies in the form of shared calendars, address books, and more.
Solution: postfix + dovecot and try to all this openchange on the test domain.
Installation was done on the CentOS distribution, iptables and selinux were disabled.
Initially, postfix and dovecot with authorization in AD were installed and configured.
There are a lot of installation guides on the Internet, so I won’t give the settings in detail, but I’ll say right away that I used only standard repositories.
As internal transport lmtp is used.
To synchronize messages received through MAPI and IAMP, the following lines are added to the LDAP config:
This is necessary to authorize openchange in dovecot.
Now we proceed directly to the installation of openchange.
We connect the necessary repository.
We start the installation.
I love mysql more than postgresql, so sogo will work under mysql.
Additionally, put mysql and connector for sogo
We connect our samba4 in windows AD
The connection is automatic, you only need to enter the password for the Administrator account.
Add the following lines to /etc/samba4/smb.conf
After that we launch samba
Just in case, I
’ll explain what this command means -d is debug mode. The number 3 means the debug level
-i this is interactive, that is, all the output to the console
-M = single is the actual operation mode without forks.
For a reason I don’t understand, samba4 does not open the necessary sockets if you try to run it through the samba command, and through the init script it generally refuses to run with this configuration in smb.conf
Therefore, you have to run it with the command above, but it goes perfectly to the background via nohup .
After starting, we check the replication.
For its work, openchange rules the AD schema, but only does it when it is the owner of the schema.
We transfer the rights to the circuit to our Linux controller.
Run the setup of openchange
After that we restart samba
vim /etc/ocsmanager/ocsmanager.ini Change the
settings for connecting to LDAP
Also indicate where samba is located
In the LDAP and SAMBA_HOST settings, you can specify the domain controller for windows, this does not affect the correct operation.
Launch ocsmanager
service openchange-ocsmanager start
Create a database and user.
Edit the config /etc/sogo/sogo.conf
Specify where the base is located
We indicate the location of the directories for letters, as well as the imap and postfix server
Specify the location of the LDAP server
The key point is if you specify our samba as the hostname, then when you try to log outlook samba hangs tightly.
But maybe this is a bug only on my server.
Specify the language and time zone
Optionally, you can turn on the web interface in the same place, but I left layout on it in all browsers.
Also, if you use the web interface, you must remember to specify which ip address sogo will listen to (default 127.0.0.1)
WOPort = "0.0.0.0:20000";
We start sogo
service sogod start
We pass to setup of a web part
/etc/httpd/conf.d/rpcproxy.conf We
specify the SetEnv parameter SAMBA_HOST 127.0.0.1
We give the rights to a directory / var / cache / ntlmauthhandler
Using ssl is advisable. Install mod_ssl and generate a certificate.
/etc/httpd/conf.d/SOGo.conf
When using ssl, you must enable it in the sogo settings
We start apache
service httpd start
On this installation can be considered complete.
For those who need boxes, create them with the
openchange_newuser command --create user
You can proceed to the outlook configuration.
Unfortunately autodiscover at the moment does not work correctly correctly completely and you have to set parameters manually.
In my case, it looks like this:
Server: mail.testmail.local
Username: user
We go to the "Other settings" menu, the security section and put a check mark in front of "Always ask for login credentials"
When connecting from outside, specify a proxy server.
On a domain with subdomains, openchange did not work at all, strange bugs were revealed, somehow the bug with sogo described above. Also, samba periodically fell if the user is in AD, but he does not have a mailbox. At the moment, stopped falling. But the most unpleasant thing is that with some problems samba just crashes with a PANIC message, which makes diagnosis difficult.
The developers of this product did not promise integration into the already working windows AD, so the crawled bugs may well refer to the fact that we are doing what is not entirely provided for by the developers.
But at the moment I managed to stably run this product for testing.
I believe that the optimal structure for openchange at this stage of product development will be:
1) Install a separate samba4 \ windows AD controller
2) Transferring to a separate dovecot + postfix server with LDAP authorization (in the event of an openchange failure, the organization will still remain with a working mailer)
3) Those who need calendars and address books (and as practice has shown, not everyone needs them) connect mapi to openchange.
4) Write bug reports to developers to bring openchange to a more stable state as soon as possible.
In theory, openchange and its associated components should completely replace MS Exchange Server, but in practice this does not work out completely.
Those who are interested in asking in the post itself. There you will learn about installing on CentOS 6.5.
I must say right away that the product is raw enough and is not suitable for a large organization.
Initial data:
1) A large domain with subdomains and various trusted relationships with other domains.
2) In connection with the division of a large company into separate legal entities, the need for their own mail appeared.
3) Users are accustomed to the goodies in the form of shared calendars, address books, and more.
Solution: postfix + dovecot and try to all this openchange on the test domain.
Installation
Installation was done on the CentOS distribution, iptables and selinux were disabled.
Initially, postfix and dovecot with authorization in AD were installed and configured.
There are a lot of installation guides on the Internet, so I won’t give the settings in detail, but I’ll say right away that I used only standard repositories.
As internal transport lmtp is used.
To synchronize messages received through MAPI and IAMP, the following lines are added to the LDAP config:
passdb {
driver = static
args = nopassword = y allow_nets = 127.0.0.1 / 32
}
This is necessary to authorize openchange in dovecot.
Now we proceed directly to the installation of openchange.
We connect the necessary repository.
[sogo-rhel6]
name = Inverse SOGo Repository
baseurl = http: //inverse.ca/downloads/SOGo/RHEL6/$basearch
gpgcheck = 0
enable = 1
We start the installation.
yum install samba4 openchange sogo-openchange-backend openchange-ocsmanager openchange-rpcproxy sogo
I love mysql more than postgresql, so sogo will work under mysql.
Additionally, put mysql and connector for sogo
yum install mysql-server sope49-gdl1-mysql
Samba setup
We connect our samba4 in windows AD
samba-tool domain join testmail.local DC -UAdministrator --realm = testmail.local
The connection is automatic, you only need to enter the password for the Administrator account.
Add the following lines to /etc/samba4/smb.conf
# Begin OpenChange Server Configuration
dcerpc endpoint servers = + epmapper, + mapiproxy, + dnsserver
dcerpc_mapiproxy: server = true
dcerpc_mapiproxy: interfaces = exchange_emsmdb, exchange_nsp, exchange_ds_rfr
# End OpenChange Server configuration
After that we launch samba
samba -d 3 -i -M = single
Just in case, I
’ll explain what this command means -d is debug mode. The number 3 means the debug level
-i this is interactive, that is, all the output to the console
-M = single is the actual operation mode without forks.
For a reason I don’t understand, samba4 does not open the necessary sockets if you try to run it through the samba command, and through the init script it generally refuses to run with this configuration in smb.conf
Therefore, you have to run it with the command above, but it goes perfectly to the background via nohup .
After starting, we check the replication.
samba-tool drs kcc -Uadministrator dcmail.testmail.local
samba-tool drs showrepl
For its work, openchange rules the AD schema, but only does it when it is the owner of the schema.
We transfer the rights to the circuit to our Linux controller.
samba-tool fsmo seize --role = schema
Run the setup of openchange
openchange_provision
openchange_provision --openchangedb
After that we restart samba
We pass to setup ocsmanager
vim /etc/ocsmanager/ocsmanager.ini Change the
settings for connecting to LDAP
[main]
# Possible authentication system
auth = ldap
mapistore_root = / var / lib / samba4 / private
mapistore_data = / var / lib / samba4 / private / mapistore
debug = no
[auth: ldap]
#host = ldap: // localhost
host = mail.testmail.local
port = 3268
bind_dn = CN = user, CN = users, DC = testmail, DC = local
bind_pw = password
basedn = CN = Users, dc = testmail, dc = local
[rpcproxy: ldap]
host = mail. testmail.local
port = 389
basedn = CN = Users, dc = testmail, dc = local
Also indicate where samba is located
SAMBA_HOST = 127.0.0.1
In the LDAP and SAMBA_HOST settings, you can specify the domain controller for windows, this does not affect the correct operation.
Launch ocsmanager
service openchange-ocsmanager start
Sogo setup
Create a database and user.
CREATE DATABASE `sogo` CHARACTER SET = 'utf8';
CREATE USER 'sogo' @ 'localhost' IDENTIFIED BY 'sogo';
GRANT ALL PRIVILEGES ON `sogo`. * TO 'sogo' @ 'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Edit the config /etc/sogo/sogo.conf
Specify where the base is located
SOGoProfileURL = "mysql: // sogo: sogo @ localhost: 3306 / sogo";
OCSFolderInfoURL = "mysql: // sogo: sogo @ localhost: 3306 / sogo / sogo_folder_info";
OCSSessionsFolderURL = "mysql: // sogo: sogo @ localhost: 3306 / sogo / sogo_sessions_folder";
We indicate the location of the directories for letters, as well as the imap and postfix server
// SOGoDraftsFolderName = Drafts; But with this line samba I fell with errors that were not always reproduced, so unfortunately drafts are moved to the trash.
SOGoDraftsFolderName = Trash;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoIMAPServer = imaps: // localhost: 993;
SOGoSMTPServer = 127.0.0.1;
SOGoMailDomain = testmail.local;
SOGoMailingMechanism = smtp;
SOGoForceExternalLoginWithEmail = NO;
SOGoMailSpoolPath = / var / spool / sogo;
NGImap4ConnectionStringSeparator = "/";
Specify the location of the LDAP server
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = sAMAccountName;
baseDN = "CN = users, DC = testmail, DC = local";
bindDN = "CN = user, CN = users, DC = testmail, DC = local ";
BindFields = (sAMAccountName, mail);
bindPassword = password;
canAuthenticate = YES;
displayName =" Public ";
hostname =" dcmail.testmail.local "; // This is the windows controller
port =" 389 ";
filter =" mail = '*' ”;
Id = testmail.local;
isAddressBook = NO;
}
);
The key point is if you specify our samba as the hostname, then when you try to log outlook samba hangs tightly.
But maybe this is a bug only on my server.
Specify the language and time zone
SOGoLanguage = Russian;
SOGoTimeZone = Europe / Moscow;
Optionally, you can turn on the web interface in the same place, but I left layout on it in all browsers.
/ * Web Interface * /
SOGoPageTitle = SOGo;
SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;
SOGoSieveScriptsEnabled = YES;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
SOGoTrustProxyAuthentication = NO;
Also, if you use the web interface, you must remember to specify which ip address sogo will listen to (default 127.0.0.1)
WOPort = "0.0.0.0:20000";
We start sogo
service sogod start
We pass to setup of a web part
/etc/httpd/conf.d/rpcproxy.conf We
specify the SetEnv parameter SAMBA_HOST 127.0.0.1
We give the rights to a directory / var / cache / ntlmauthhandler
chown -R apache: apache / var / cache / ntlmauthhandler
Using ssl is advisable. Install mod_ssl and generate a certificate.
/etc/httpd/conf.d/SOGo.conf
When using ssl, you must enable it in the sogo settings
RequestHeader set “x-webobjects-server-port” “443”
RequestHeader set “x-webobjects-server-name” “mail.testmail.local”
RequestHeader set “x-webobjects-server-url” “ mail.testmail.local ”
We start apache
service httpd start
On this installation can be considered complete.
For those who need boxes, create them with the
openchange_newuser command --create user
You can proceed to the outlook configuration.
Unfortunately autodiscover at the moment does not work correctly correctly completely and you have to set parameters manually.
In my case, it looks like this:
Server: mail.testmail.local
Username: user
We go to the "Other settings" menu, the security section and put a check mark in front of "Always ask for login credentials"
When connecting from outside, specify a proxy server.
Conclusion
On a domain with subdomains, openchange did not work at all, strange bugs were revealed, somehow the bug with sogo described above. Also, samba periodically fell if the user is in AD, but he does not have a mailbox. At the moment, stopped falling. But the most unpleasant thing is that with some problems samba just crashes with a PANIC message, which makes diagnosis difficult.
The developers of this product did not promise integration into the already working windows AD, so the crawled bugs may well refer to the fact that we are doing what is not entirely provided for by the developers.
But at the moment I managed to stably run this product for testing.
I believe that the optimal structure for openchange at this stage of product development will be:
1) Install a separate samba4 \ windows AD controller
2) Transferring to a separate dovecot + postfix server with LDAP authorization (in the event of an openchange failure, the organization will still remain with a working mailer)
3) Those who need calendars and address books (and as practice has shown, not everyone needs them) connect mapi to openchange.
4) Write bug reports to developers to bring openchange to a more stable state as soon as possible.