SOGo configuration for NethServer.
SOGo offers multiple ways to access the calendaring and messaging data. Your users can either use a web browser, Microsoft Outlook, Mozilla Thunderbird, Apple iCal, or a mobile device to access the same information.
mysql
,slapd
,sogod
,memcached
configuration- apache2 configuration to access SOGo web interface at
https://<hostname>/SOGo/
- daily cronjob to check auto-reply expiration
- custom addressbooks in
/var/lib/nethserver/db/sogo_sources
(undocumented) - extension for Thunderbird intergration (see [[sogo-frontends]])
Special properties:
- AdminUsers: Parameter used to set which usernames require administrative privileges over all the users tables.
- DraftsFolder: name of draft folder, default is ‘Drafts’
- SentFolder: name of the sent folder, default is ‘Sent’
- TrashFolder: name of the trash folder, default is ‘Trash’
- WOWorkersCount: The amount of instances of SOGo that will be spawned to handle multiple requests simultaneously
- MailAuxiliaryUserAccountsEnabled: Parameter used to activate the auxiliary IMAP accounts in SOGo. When set to YES, users can add other IMAP accounts that will be visible from the SOGo Webmail interface.
- Notifications: enabled notifications. The value is a comma separated list. Default value is “Appointment, EMail”
sogod=service ... AdsLdapServer= AdsCredentials= AdminUsers=admin DraftsFolder=Drafts Notifications=Appointment,ACLs SentFolder=Sent TrashFolder=Trash VirtualHosts= memcached=service ...
Note
Italic terms are documented in SOGo installation and configuration guide
AdsLdapServer
Customized Active Directory LDAP server URI (see description below)AdsCredentials
Active Directory LDAP credentials required to browse the directory (see description below)AdminUsers
comma separated list of accounts allowed to bypass SOGo ACLs. See SOGoSuperUsernames keyNotifications
comma separated list of values (no spaces between commas). Known item names areACLs
,Folders
,Appointments
. See SOGoSendEMailNotifications{Drafts,Sent,Trash}Folder
See respective SOGoFolderName parametersVirtualHosts
comma separated list of host keys inhosts
DB, withtype=self
. SOGo is reachable from the default host name plus any host listed here (see #2371).
SOGo configuration is stored in an internal database (XML format) under
/var/lib/sogo/GNUstep/
directory. All database manipulations are
performed through /usr/bin/defaults
command.
To dump the current configuration type:
# su -s '/bin/bash' -c 'defaults read' sogo
To modify a value:
# su -s '/bin/bash' -c 'defaults write sogod SxVMemLimit 512' - sogo
For instance, to see LDAP queries add the following custom fragment:
mkdir -p /etc/e-smith/templates-custom/sogo-config echo -n "{ \$S{LDAPDebugEnabled} = 'YES'; ''; }" > /etc/e-smith/templates-custom/sogo-config/80logverbose signal-event nethserver-sogo-update
Read the SOGo FAQ for other debugging features.
To make SOGo accessible with a public DNS hostname:
- In “DNS and DHCP” UI module (Hosts), create the DNS host name as a
server alias (i.e.
public.example.com
) - Add the host name to
sogod/VirtualHosts
prop list:
# config setprop sogod VirtualHosts public.example.com # signal-event nethserver-sogo-update
Same rule applies if SOGo must be accessible using server IP address. For example:
# config setprop sogod VirtualHosts 192.168.1.1 # signal-event nethserver-sogo-update
[This section is extracted from issue #2000]
[[nethserver-samba|Join]] an Active Directory domain
In AD, create a user (ie
sogoad
) underCN=Users
container, with a non-expiring password (iePASSWORD
). This is needed by SOGo to browse AD LDAP. Choose a password that does not contain the percent%
symbol.Save
sogoad
credentials in configuration DB:# config setprop sogod AdsCredentials ‘sogoad%PASSWORD’ # signal-event nethserver-sogo-update
To disable SOGo AD integration
# config setprop sogod AdsCredentials '' # signal-event nethserver-sogo-update
WARNING
In ADS mode SOGo uses simple LDAP binds on Active Directory LDAP, that means users’ passwords are sent in clear text over the network.
If you have LDAP SSL
enabled or you know how to
set up a persistent encrypted tunnel, the AdsLdapServer
prop can
help:
# config setprop sogod AdsLdapServer PROTO://DOMAIN:PORTNUMBER # signal-event nethserver-sogo-update
Where
- PROTO:// can be
ldap://
orldaps://
(optional) - DOMAIN should be the lowercased realm
- PORTNUMBER default 389 (optional)
Also STARTTLS should be supported. Refer to the SOGo documentation about
hostname
parameter.
SOGo comes with a recompiled version of GNUStep packages that may conflict with EPEL versions. From SOGo install FAQ:
add the following line to the EPEL repo definition:
[epel] … exclude=gnustep-\*
However, gnustep-make
and gnustep-base
packages should be rarely
installed on a server system.