Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: Open-Xchange on Gentoo
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 5, 6, 7 ... 37, 38, 39  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 05, 2004 5:31 pm    Post subject: Reply with quote

BulletSponge wrote:
ok, after i fixed my ldap.conf, i created the user just fine,

but now, after i log in, it just goes
Redirecting to Groupware ...
SessionID: 2b6a6bc27552d1c812c62a71805b976d
and that's it.

if i do it on the localhost, it redirects just fine. could it be a firewall issue?
had anyone heard of a firewall stripping off a redirect?
do i need to specifically open a new port?


Did you enable the -i option in /etc/conf.d/postgresql ?
Code:
# Extra options to run postmaster with.
# If you want to enable TCP/IP for PostgreSQL, add -i to the following:
# PGOPTS="-N 1024 -B 2048 -i"
PGOPTS="-i"

_________________
write quit bang
Back to top
View user's profile Send private message
BulletSponge
n00b
n00b


Joined: 30 Sep 2003
Posts: 26
Location: Calgary, Canada

PostPosted: Fri Nov 05, 2004 5:37 pm    Post subject: Reply with quote

if anyone has a firebox, it strips unknown headers, and the cgi-redirect is one of them.

paranoid firewalls are a pain in the ass
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 05, 2004 6:20 pm    Post subject: Reply with quote

Virus scan is up and running. I tested all 27 emails on the site and only one made it through. And that was test #25.. Pretty damn good if ya ask me. I am going to retest 26 and 27 .

The howto was great. I did have some permission issues with /var/amavis and /var/run/amavis ..
Maybe have them add amavis user to the clamav group or something similar.
I just chmod 777 the dirs because this is my sandboxed env and I am lazy and just testing. :D
_________________
write quit bang
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 05, 2004 8:23 pm    Post subject: Reply with quote

I am still stuck with webdav.* Not one thing seems to be working. I attempted to connect from a mac via ical to webdav.ical and It complained about incorrect data format. I do however get a login screen for each webdav.* url. Like was stated before I can view documents but all sub_dirs do not allow access.. I dont really no were to begin but I will be messing with this untill 5:00 EST so any ideas please shoot them my way.
_________________
write quit bang
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Fri Nov 05, 2004 8:26 pm    Post subject: Reply with quote

init-zero wrote:
I am still stuck with webdav.* Not one thing seems to be working. I attempted to connect from a mac via ical to webdav.ical and It complained about incorrect data format. I do however get a login screen for each webdav.* url. Like was stated before I can view documents but all sub_dirs do not allow access.. I dont really no were to begin but I will be messing with this untill 5:00 EST so any ideas please shoot them my way.


I've never really had WebDAV working myself either. That section was based from the other HOWTO's posted on OX's website. Mostly from the Fedora HOWTO. May want to ask on the list if anyone's ever successfully gotten WebDAV working.
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 05, 2004 9:12 pm    Post subject: Reply with quote

It seems some people are having read-only issues.. This was taken from the default tomcat webdav web.xml

Code:
 <init-param>
      <param-name>readonly</param-name>
      <param-value>false</param-value>
    </init-param>

This would need to be in the desired writeable servlet section.
_________________
write quit bang
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 05, 2004 10:12 pm    Post subject: Reply with quote

Well it is 5:00 and i am done working for the weekend. I have got mozilla-sunbird to view the calendar, however even with the post above I am still not able to write to it.

Monday Is a new day :wink:
_________________
write quit bang
Back to top
View user's profile Send private message
amigafan
Tux's lil' helper
Tux's lil' helper


Joined: 10 Jul 2003
Posts: 134
Location: Ahrensburg, Germany

PostPosted: Sat Nov 06, 2004 2:01 pm    Post subject: Reply with quote

I followed your guide but I cannot login to ox. The only difference in my setup is the self-compiled apache2 located in /usr/local/apache2. My webpages are in /www/hosts/ , e.g. open-xchange.mydom.tld.

I changed all paths pointing to /var/www/localhost/htdocs to /www/hosts/open-xchange.mydom.tld. Every service starts fine, I see my login-screen but I cannot login - I am always redirected to the login screen. If I enter a wrong username/password I see a message "authentication failed", so the connection to the ldap is established.

groupware.log says:
Code:
Nov 06 14:50 h9121 openexchange: ERROR: CHECKSESSION: Unable to check sessiond: uid=null, id=98a153c0d29cfa4d90cd6607ddd421e$
Nov 06 14:50 h9121 openexchange: ERROR: No language found - Using "EN" as default.
Nov 06 14:50 h9121 openexchange: DEBUG: Using non-cached version EN/logout
java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
        at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
        at java.net.Socket.connect(Socket.java:452)
        at java.net.Socket.connect(Socket.java:402)
        at java.net.Socket.<init>(Socket.java:309)
        at java.net.Socket.<init>(Socket.java:124)
        at com.openexchange.thread.Sdc.createSSLSocket(Sdc.java:105)
        at com.openexchange.groupware.UserLogout.logout(UserLogout.java:77)
        at com.openexchange.server.SessionBroker.killSession(SessionBroker.java:104)
        at com.openexchange.server.ComfireListener.removeSession(ComfireListener.java:165)
        at com.openexchange.thread.ComfireThread.validateSession(ComfireThread.java:454)
        at com.openexchange.thread.ComfireThread.run(ComfireThread.java:152)
        at java.lang.Thread.run(Thread.java:534)
Sdc Exception: Connection refused
java.lang.NullPointerException
        at com.openexchange.thread.Sdc.removeSession(Sdc.java:178)
        at com.openexchange.groupware.UserLogout.logout(UserLogout.java:78)
        at com.openexchange.server.SessionBroker.killSession(SessionBroker.java:104)
        at com.openexchange.server.ComfireListener.removeSession(ComfireListener.java:165)
        at com.openexchange.thread.ComfireThread.validateSession(ComfireThread.java:454)
        at com.openexchange.thread.ComfireThread.run(ComfireThread.java:152)
        at java.lang.Thread.run(Thread.java:534)
Nov 06 14:50 h9121 openexchange: logout session=98a153c0d29cfa4d90cd6607ddd421ee - null
Back to top
View user's profile Send private message
el'cool0r
n00b
n00b


Joined: 03 Jul 2004
Posts: 3

PostPosted: Sat Nov 06, 2004 11:40 pm    Post subject: Session error Reply with quote

I have some problem with my ox installation... i've followed the guide so far except of cyrus and apache...
the login screen (i use the pl script to login) is working but if i try to login i'm getting redirected to the login. it's not a false jdbc or a su error.
my log says it's a session error

==> sessiond.log <==
oxsessiond init (Port=<33333>)
getSession <295340145eff410978a71901dfae5b62>
(ERROR) SEND to client -->ERROR: No Session found


==> groupware.log <==
Nov 06 23:59 h9121 openexchange: bind to port 6661
Nov 06 23:59 h9121 openexchange: upload bind to port 6663
done
Nov 06 23:59 h9121 openexchange: WARN: CHECKSESSION: sessionID not found or invalid: uid=null, id=295340145eff410978a71901dfae5b62, response=ERROR: No Session found
Nov 06 23:59 h9121 openexchange: ERROR: No language found - Using "EN" as default.
Nov 06 23:59 h9121 openexchange: DEBUG: Using non-cached version EN/logout
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Tue Nov 09, 2004 5:25 pm    Post subject: HOWTO v0.14 Reply with quote

Ok, we're up to v0.14. A few minor corrections, additions, modifications and notes have been added. init-zero's LDAP ACL's have been added as well, untested.

Good Luck to all!

http://www.mikefetherston.ca/OX
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Wed Nov 10, 2004 3:04 pm    Post subject: Reply with quote

I have got addresses to be accessible via evolution and ldap however can write from evolution.

I run a different mail-server at work using mysql. And am just getting use to this new setup and have a couple question.

I seem to be getting an error

Code:
Nov 10 09:59:49 laptop imap[6759]: SQL engine 'mysql' not supported
Nov 10 09:59:49 laptop imap[6759]: auxpropfunc error no mechanism available
Nov 10 09:59:49 laptop imap[6759]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql


Everything is working I am authing against ldap I also see that in the logs but this error keeps popping up.

I want my FQDN to be mail.mydomain.net but I want users e-mail to be user1@mydomain2.com
How do I set up a virtualhost with this new mailsetup?

bitwh0re I have had a conversation on the mail-lists about pushing the 7.4 release out at my work. From your experience with this do you think an upgrade to 8 will be a nightmare? Our do you reccomend I wait untill 8 to push.
_________________
write quit bang
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Wed Nov 10, 2004 6:58 pm    Post subject: Reply with quote

I figured out how to set up virtual domains..

In you /etc/postfix/main.cf add the following.

Code:
virtual_alias_domains = example.com
         virtual_alias_maps = hash:/etc/postfix/virtual


Than create /etc/postfix/virtual and add

Code:
postmaster@example.com postmaster


Than "Execute the command "postmap /etc/postfix/virtual" after changing the virtual
file, and execute the command "postfix reload" after changing the main.cf file"

works just like your alias file and newalises.

Taken from the VIRTUAL_README :D
_________________
write quit bang
Back to top
View user's profile Send private message
rumchumchum
n00b
n00b


Joined: 10 Nov 2004
Posts: 2

PostPosted: Wed Nov 10, 2004 11:38 pm    Post subject: Reply with quote

Moin!

In the manual page 8:
Code:
Foobar: telnet ox-domain.tdl imap

I thing you forgot the “s” of “imaps”
Code:
Foobar: telnet ox-domain.tdl imaps


If I type this command in my shell I get that
Code:
Trying 192.168.1.21...
    Connected to steffen-pc.lan.
    Escape character is '^]'.

I enter “return” some times and I get an error

Code:
* BYE Fatal error: tls_start_servertls() failed
    Connection closed by foreign host.


Can anyone help me pleas ? thank you !!!


---
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 11, 2004 12:01 am    Post subject: Reply with quote

The connection between OX and the imap server is not imaps I do not think.
I would focus on getting imap to work before trying to secure it.

telnet localhost 143

imaps would be on port 993 i think.
_________________
write quit bang
Back to top
View user's profile Send private message
rumchumchum
n00b
n00b


Joined: 10 Nov 2004
Posts: 2

PostPosted: Thu Nov 11, 2004 4:38 am    Post subject: Reply with quote

In this HOWTO pop and imap is only with ssl activated.
So you must us imaps
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Thu Nov 11, 2004 12:22 pm    Post subject: Reply with quote

rumchumchum wrote:
In this HOWTO pop and imap is only with ssl activated.
So you must us imaps


No, IMAP/143 is proper. This is just a simple test to see that cyrus is listening responding on 143. I have not yet covered encrypting network traffic in this howto yet.
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Thu Nov 11, 2004 12:27 pm    Post subject: Reply with quote

init-zero wrote:
I have got addresses to be accessible via evolution and ldap however can write from evolution.

I run a different mail-server at work using mysql. And am just getting use to this new setup and have a couple question.

I seem to be getting an error

Code:
Nov 10 09:59:49 laptop imap[6759]: SQL engine 'mysql' not supported
Nov 10 09:59:49 laptop imap[6759]: auxpropfunc error no mechanism available
Nov 10 09:59:49 laptop imap[6759]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql


Everything is working I am authing against ldap I also see that in the logs but this error keeps popping up.

bitwh0re I have had a conversation on the mail-lists about pushing the 7.4 release out at my work. From your experience with this do you think an upgrade to 8 will be a nightmare? Our do you reccomend I wait untill 8 to push.


That sql error is coming from SASL. You can safely ignore it. If it's bothering you, it would bother me in a production environment, there's got to be a way to stop SASL from trying a SQL plugin. This could be done possibly through a USE flag or by editing /etc/conf.d/saslauthd.

I would wait until 0.8.0 or even 0.8.1 to start pushing OX. There have been changes to the database table structures between 0.7 releases. I'm sure that there have been many other changes to the back-end software as well. I would become very familiar with the product and then start pushing it when the developers consider it "release ready". The reason I said "or even 0.8.1" is because, as most of us know, the first stable release may not be so.

Thanks for your tips on Postfix and virtual aliases, I'll be adding them to the HOWTO. If you haven't noticed, you've been added to the Thanks / Credits section.
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 11, 2004 3:07 pm    Post subject: Reply with quote

Cool.. You may want to take out the init-parm stuff. Speaking with a Dev on the mail-lists they do _not_ use the tomcat implementation of webDav they use only some of webDav's commands .. So this option will do nothing nor will it cause any issues.

Another thing you may want to add is viewing contacts from evolution.

Keep in mind it does not support external writing yet due to the fact that from your client you will only write to the ldap tree and not the postgresql data-base in which the web front end needs in order to be visable on the web site.

Global address book..
Quote:

Server : <servername>
Port : 389 (unless running in ssl)

Log in method : Use DN

Login : uid=<youruname>,ou=Users,ou=OxObjects,dc=<your-domain>,dc=<tld>

Search Base : o=AddressBook,ou=OxObjects,dc=<your-domain>,dc=<tld>

Search Scope : One

Timeout : default

Download limit : 100


This should allow you to search your contacts go to the search bar and press enter and you should see all your contacts.

Personal Address Book (only listing the differences, much the same as above)

Quote:

Search Base: ou=addr,uid=<youruname>,ou=Users,ou=OxObjects,dc=<your-domain>,dc=<tdl>

The difference is the ou=addr. If you browse the ldap tree (with gq :D ) and look at a user you will see the personal book.

Pretty self explainitory but it may be nice to have in there. I tested with outlook express, entourage and evolution. all works well.

Another thing to get document to be browsable change the server-mapping i will post my full webdav.documents section to get the idea...


Code:
<servlet>
        <servlet-name>webdav.documents</servlet-name>
        <servlet-class>com.openexchange.webdav.documents</servlet-class>
        <display-name>webdav.documents</display-name>
        <description>webdav.documents</description>
    </servlet>

<servlet-mapping>
        <servlet-name>webdav.documents</servlet-name>
        <url-pattern>/webdav.documents/*</url-pattern>
    </servlet-mapping>



Sorry for the confusion on the init-parm stuff..
_________________
write quit bang
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 11, 2004 3:10 pm    Post subject: Reply with quote

On another note There must be a way to set up virtual domains in the ldap tree which ideally would be a better way to do it. The way I set it up will only allow for example.

user@mydomain1.com to get sent to user@mydomain.com

just want to make that clear.
_________________
write quit bang
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 11, 2004 3:17 pm    Post subject: Reply with quote

On another note :D postcount + + lol

I am going to use this release in a production env (depending on the time it takes to get a new server). We only have a user base of 10 or so. Have you ever done an upgrade of any of the 7 versions. I am sure worst case senerio I could pull out entries in the data base and ldap tree and sync them up manualy after a fresh install. However I dont know how I would do this with ldap.. I guess I could create a new tree.. I will have a look at that not sure if I can run multiple ldap trees. As far as postgres goes I could create a new db and toss all the content into it.. May be a lot of work but I want to get this damn thing out there already.
_________________
write quit bang
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 11, 2004 6:02 pm    Post subject: Reply with quote

Securing Postfix .. stuff

As of the current docs. Postfix (smtp) does not support auth. IMAP is using ldap to auth via saslauthd so lets set up postfix to do the same. Also we will allow no relaying.

In your /etc/postfix/main.cf add..

Code:

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =


smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination
this will allow only users in your ip range to send mail unless they authenticate. May want to confirm that your mynetworks setting is correct. Also if you want to allow a pc outside your network to send / relay mail off your server add thier IP to this section.

Since our saslauthd auth mech has been set to use ldap already for the imap part we need to change nothing in /etc/conf.d

You will need to create a file in /etc/sasl2 called smtp .
and in that file add the following.

Code:
pwcheck_method:saslauthd
mech_list: LOGIN PLAIN


So now to send an email postfix will use saslauthd than saslauthd will than look to ldap.

Restart postfix and saslauthd just to be safe..

You can test if you are an open-relay using this site.. http://www.abuse.net/relay.html
However I did not do this because my test Env is behind a f-wall.

minimaly you can check by telnet ..

Code:
telnet localhost 25
Trying 127.0.0.1...
Connected to laptop.mydomain.net.
Escape character is '^]'.
220 ox-domain.net ESMTP Postfix

EHLO blaaa.com
250-mydomain.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME



Now with your email-client set up your send options to authenticate.

A few things to keep in mind.. We are not using SSL on smtp yet so passwords are getting thrown through the air in plain text. Once I figure out how to get ssl to work I would consider this method to be secure.. How ever I am no security guru :D so I take no responsibility

Another note imap ssl works via your how-to as far as clients go... Of course the key is bogus.

Hopfully by EOD today I will have smtp ssl working and post info here.
_________________
write quit bang


Last edited by dashnu on Tue Nov 23, 2004 4:52 pm; edited 1 time in total
Back to top
View user's profile Send private message
jkomar
Apprentice
Apprentice


Joined: 24 Sep 2004
Posts: 192
Location: Calgary, Canada

PostPosted: Fri Nov 12, 2004 5:55 pm    Post subject: saslauthd -v problem Reply with quote

I made it through the tutorial no problem up to testing the IMAP server. I connect via telnet OK, but when I do saslauthd -v, I get "saslauthd BAD Please login first."

Anyone have any ideas/suggestions?

Thanks,

Jason
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 12, 2004 6:04 pm    Post subject: Reply with quote

I have no idea why you would be getting that error.. That command is only looking at your configuration not logging into anything (i think).. hmmm

I would try to re-emerge that again and make sure your use flags are set up per the howto.

Sorry I could not be more help.

**edit have you created your cyrus saslpasswd ? may need to do that first.
_________________
write quit bang
Back to top
View user's profile Send private message
jkomar
Apprentice
Apprentice


Joined: 24 Sep 2004
Posts: 192
Location: Calgary, Canada

PostPosted: Fri Nov 12, 2004 6:17 pm    Post subject: Reply with quote

init-zero wrote:
**edit have you created your cyrus saslpasswd ? may need to do that first.


I haven't. How do you create it?

Thanks,

Jason
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 12, 2004 6:25 pm    Post subject: Reply with quote

First make sure saslauthd is running
Code:
/etc/init.d/saslauthd status

Than run...
Code:
/usr/sbin/saslpasswd2 -c cyrus

_________________
write quit bang
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 5, 6, 7 ... 37, 38, 39  Next
Page 6 of 39

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum