Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: Open-Xchange on Gentoo
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 7, 8, 9 ... 37, 38, 39  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
playworker
n00b
n00b


Joined: 28 Jul 2004
Posts: 21
Location: UK

PostPosted: Wed Nov 17, 2004 2:26 pm    Post subject: Reply with quote

Hello all,

Just installed Open-Xchange 0.7.4 on a fresh Gentoo box and had slightly different issues to last time - guess this is a Gentoo "feature" :D

o I had to create an Apache log directory before Apache would start
o To get postfix to deliver mail I had to add the users "cyrus" and "postfix" to the mail group and then
Code:
chown cyrus:mail /var/imap/socket/lmtp

o I had to change the "allowplaintext" option in the /etc/imapd.conf file to "yes" to get webmail to work

That was about it though I think! All in all not a bad install... :)

Matt
Back to top
View user's profile Send private message
playworker
n00b
n00b


Joined: 28 Jul 2004
Posts: 21
Location: UK

PostPosted: Wed Nov 17, 2004 2:34 pm    Post subject: Reply with quote

Just thought of something else!

If the
Code:
/usr/local/open-xchange/etc/init.d/openexchange start
command doesn't work for you then you probably need to go into the 3 individual init scripts (sessiond, webmail and groupware) in the same directory and in each script there is a line that starts with "su" and a commented out line next to it that begins "sudo". Simply swap the comment over so that the "sudo" line is uncommented and the startup script should work properly now ;)
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Wed Nov 17, 2004 2:49 pm    Post subject: Reply with quote

This should all be covered in the HOWTO, except maybe for the apache log problem and chowning the lmtp socket.
Back to top
View user's profile Send private message
temp
n00b
n00b


Joined: 03 Aug 2002
Posts: 11

PostPosted: Wed Nov 17, 2004 4:47 pm    Post subject: Reply with quote

Hi folks,

great stuff, the howto works like a charme :-)

But I have one problem now, when I add/edit a contact I get this error:

Code:
 Contacts
The contact has been created successfully in the database \nbut couldn't be inserted into the LDAP addressbook: Naming err in ContactLdap javax.naming.NoPermissionException: [LDAP: error code 50 - no write access to parent]; remaining name 'uid=9,ou=addr,uid=swentz,ou=Users,ou=OxObjects'

You will be redirected ...


I haven't played around with LDAP's ACL, but shouldn't this work without this? I used phpldapadmin to get to "ou=addr,uid=swentz,ou=Users,ou=OxObjects", it's there, but nothing under it (no uid=9).

Can someone help me?
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Wed Nov 17, 2004 5:23 pm    Post subject: Reply with quote

temp wrote:
Hi folks,

great stuff, the howto works like a charme :-)

But I have one problem now, when I add/edit a contact I get this error:

Code:
 Contacts
The contact has been created successfully in the database \nbut couldn't be inserted into the LDAP addressbook: Naming err in ContactLdap javax.naming.NoPermissionException: [LDAP: error code 50 - no write access to parent]; remaining name 'uid=9,ou=addr,uid=swentz,ou=Users,ou=OxObjects'

You will be redirected ...


I haven't played around with LDAP's ACL, but shouldn't this work without this? I used phpldapadmin to get to "ou=addr,uid=swentz,ou=Users,ou=OxObjects", it's there, but nothing under it (no uid=9).

Can someone help me?


This is because of acl's. Write need to be set for ou=addr.....

Code:
#access to dn="ou=addr,uid=(.*),ou=Users,ou=OxObjects,dc=ox-yourdomain,dc=net"
# attr=uid,objectClass,entry filter=(objectClass=OXUserObject)
#   by self write
#   by dn="uid=$1,ou=Users,ou=OxObjects,dc=ox-youdomain,dc=net"
#   write
#   by * none


Code:
#access to dn.subtree="o=AddressBook,ou=OxObjects,dc=ox-yourdomain,dc=net"
#  by group="cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=ox-yourdomain,dc=net"
#  write
#  by users read
#  by * none


or to cheat :D
Code:
access to *
        by * write

_________________
write quit bang
Back to top
View user's profile Send private message
playworker
n00b
n00b


Joined: 28 Jul 2004
Posts: 21
Location: UK

PostPosted: Wed Nov 17, 2004 6:32 pm    Post subject: Reply with quote

bitwh0re wrote:
This should all be covered in the HOWTO, except maybe for the apache log problem and chowning the lmtp socket.


I don't think the allowplaintext change is in your HOWTO unless I'm just being a fool and can't see it? :D

Also, does anyone know how I should go about getting the browser interface secured so that external users can connect to my OX server securely - is it just a case of setting up Apache to use mod_ssl or is there a lot more to it than that? Sorry if this is a stupid question but I'm new to most of this :)

Matt
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Wed Nov 17, 2004 6:41 pm    Post subject: Reply with quote

I would use ssl yes. The webfront end using ssl would be secure.. However what _needs_ to be worked on is internal security. Of coures have only port 80 or 443 open. As far as security goes it is a work in progress .. I _think_ I secured the mail server in previous posts . The main thing is to truly understand ldap acl's. Allowing write acces to 'all' is a bit crazy I think.. Your site may get destroyed by the swell user base that most companies have. :D Other things like ldap crypt method would be nice and maybe securing postgresql which I am totally unfimiliar with.
_________________
write quit bang
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Wed Nov 17, 2004 7:16 pm    Post subject: Reply with quote

playworker wrote:
bitwh0re wrote:
This should all be covered in the HOWTO, except maybe for the apache log problem and chowning the lmtp socket.


I don't think the allowplaintext change is in your HOWTO unless I'm just being a fool and can't see it? :D

Also, does anyone know how I should go about getting the browser interface secured so that external users can connect to my OX server securely - is it just a case of setting up Apache to use mod_ssl or is there a lot more to it than that? Sorry if this is a stupid question but I'm new to most of this :)

Matt


My bad, it was in the original document which was accidentally erased by me. I tried to recreate all changes since the first release into v0.13 and must have missed that one. Sorry, it *was* in the document, but no longer is. I'll add that back in and go through the last few pages of this forum topic to cover the latest changes and additions.

init-zero, wanna write the instructions for spell check in webmail? I saw them once on the General mailinglist. That's a section in this HOWTO that's been nagging at me.
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Wed Nov 17, 2004 7:19 pm    Post subject: Reply with quote

Quote:
init-zero, wanna write the instructions for spell check in webmail? I saw them once on the General mailinglist. That's a section in this HOWTO that's been nagging at me.


I may be able to do that tomorrow for ya.. I need spellcheck bad :D jhuytsfnd
_________________
write quit bang
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Wed Nov 17, 2004 7:31 pm    Post subject: Reply with quote

init-zero wrote:
Quote:
init-zero, wanna write the instructions for spell check in webmail? I saw them once on the General mailinglist. That's a section in this HOWTO that's been nagging at me.


I may be able to do that tomorrow for ya.. I need spellcheck bad :D jhuytsfnd


LOL!
Back to top
View user's profile Send private message
temp
n00b
n00b


Joined: 03 Aug 2002
Posts: 11

PostPosted: Thu Nov 18, 2004 9:08 am    Post subject: Reply with quote

Thanks for your answer, it worked fine :-)

Now I have another problem, I have about 10.000 contacts that I need to import - any help on that? Are there import-tools or something?

I looked at the postgres-database and found the prg_addresses and prg_contacts tables, can i write directly into these? I'd write myself a little php-script that would fill these tables if no other tools are available... Do I have to take care of something else? Other tables? I'd skip importing these to LDAP cause I don't need an LDAP-Addessbook...

Hope someone can give me tips on this one ;-)
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 18, 2004 2:47 pm    Post subject: Reply with quote

temp wrote:
Thanks for your answer, it worked fine :-)

Now I have another problem, I have about 10.000 contacts that I need to import - any help on that? Are there import-tools or something?

I looked at the postgres-database and found the prg_addresses and prg_contacts tables, can i write directly into these? I'd write myself a little php-script that would fill these tables if no other tools are available... Do I have to take care of something else? Other tables? I'd skip importing these to LDAP cause I don't need an LDAP-Addessbook...

Hope someone can give me tips on this one ;-)
Lets just say If you write an import script will you please share it :D I am not sure but I _think_ you may still need the contacts in ldap for the site to function properly. You will notice if you go to you global or personal book via the web interface it will still access the ldap tree. You can introduce them to ldap via a ldiff file I think but to this I also am not sure.
_________________
write quit bang
Back to top
View user's profile Send private message
temp
n00b
n00b


Joined: 03 Aug 2002
Posts: 11

PostPosted: Thu Nov 18, 2004 2:56 pm    Post subject: Reply with quote

init-zero wrote:
Lets just say If you write an import script will you please share it :D I am not sure but I _think_ you may still need the contacts in ldap for the site to function properly. You will notice if you go to you global or personal book via the web interface it will still access the ldap tree. You can introduce them to ldap via a ldiff file I think but to this I also am not sure.


Hmmm a few postings above I had the problem with the ldap-actions failing, so there where NO contacts in LDAP... But the site still worked!
So I guess that when I figure out all of the fields for contacts and companies an import should go fairly easy... I'll report as soon as the script is ready ;-)
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 18, 2004 3:42 pm    Post subject: Reply with quote

hmm, yea I guess you might be correct.. to some extent, but those ldap errors will continue to plague you I bet ...

What would happen if you tried to edit a contact that was only in the db would it sync up the ldap tree or would it barf..

I would be curious to know the outcome.
_________________
write quit bang
Back to top
View user's profile Send private message
temp
n00b
n00b


Joined: 03 Aug 2002
Posts: 11

PostPosted: Thu Nov 18, 2004 4:26 pm    Post subject: Reply with quote

Works fine, just checked that. LDAP-entries are created even if they didn't exist before editing!

So it should really be a matter of getting the data into the right spot in the database...

I'll keep you informed ;-)
Back to top
View user's profile Send private message
playworker
n00b
n00b


Joined: 28 Jul 2004
Posts: 21
Location: UK

PostPosted: Thu Nov 18, 2004 7:41 pm    Post subject: Reply with quote

init-zero wrote:
I would use ssl yes. The webfront end using ssl would be secure.. However what _needs_ to be worked on is internal security. Of coures have only port 80 or 443 open. As far as security goes it is a work in progress .. I _think_ I secured the mail server in previous posts . The main thing is to truly understand ldap acl's. Allowing write acces to 'all' is a bit crazy I think.. Your site may get destroyed by the swell user base that most companies have. :D Other things like ldap crypt method would be nice and maybe securing postgresql which I am totally unfimiliar with.


The company I am working for is only small so the internal security isn't a priority but people are asking for remote access so securing the web interface is a priority :D

Am I right in thinking I just have to set apache up to use SSL and that's it done or is there more to it than that?

Also I had email spellchecking working on my previous install (0.7.3) I'm guessing it's pretty similar with this version, just had to mess with the webmail config file I think, although I'm not at work so I can't check for you now :)

Let me know if you need any info about the spellchecking and I can get you settings etc. from work tomorrow...
Back to top
View user's profile Send private message
jkomar
Apprentice
Apprentice


Joined: 24 Sep 2004
Posts: 192
Location: Calgary, Canada

PostPosted: Thu Nov 18, 2004 8:02 pm    Post subject: Startup Reply with quote

I don't know if this has been covered, but here goes.

The problem with the /usr/local/open-xchange/etc/init.d/openexchange startup script lies in the first 7 lines of the script. Sessiond is started OK, but the lines with the paths for webmail and groupware have an extra / near the end. This causes those individual scripts to not be run.

The next thing that needs to be done to use the openexchange script is to modify each of the other 3 scripts in the same folder. Look for the line beginning with su and you will see a commented line beginning with sudo. Uncomment the sudo line and comment the su line, and things will work properly.

I put a symlink to /usr/local/open-xchange/etc/init.d/openexchange in /etc/init.d, but when I added it to my default runlevel with rc-update it didn't start automatically. I can start it no problem after the above modifications with /etc/init.d/openexchange.

Jason


Last edited by jkomar on Thu Nov 18, 2004 8:11 pm; edited 1 time in total
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Thu Nov 18, 2004 8:09 pm    Post subject: Reply with quote

Quote:
Am I right in thinking I just have to set apache up to use SSL and that's it done or is there more to it than that?

It would than be as secure as ssl / apache / and the ox-app it self. So yes I am not sure what else you could do... BTW sounds like you are going to roll this out to production, is this correct?
I think I may wait untill 8 but have not fully decided..
Quote:
Let me know if you need any info about the spellchecking and I can get you settings etc. from work tomorrow...

That would be great :D It does not look like I am going to have time to mess with it this week..


Quote:
I don't know if this has been covered, but here goes.

The problem with the /usr/local/open-xchange/etc/init.d/openexchange startup script lies in the first 7 lines of the script. Sessiond is started OK, but the lines with the paths for webmail and groupware have an extra / near the end. This causes those individual scripts to not be run.

The next thing that needs to be done to use the openexchange script is to modify each of the other 3 scripts in the same folder. Look for the line beginning with su and you will see a commented line beginning with sudo. Uncomment the sudo line and comment the su line, and things will work properly.

After doing this, I did ln -s /usr/local/open-xchange/etc/init.d/openexchange /etc/init.d/openexchange
then, rc-update add openexchange default and voila, it starts properly.


Very cool man. I will test this out and let you know how it works.
_________________
write quit bang
Back to top
View user's profile Send private message
jkomar
Apprentice
Apprentice


Joined: 24 Sep 2004
Posts: 192
Location: Calgary, Canada

PostPosted: Thu Nov 18, 2004 8:14 pm    Post subject: Reply with quote

init-zero wrote:
Very cool man. I will test this out and let you know how it works.


I jumped the gun a little. It didn't start automatically, but can be started after the other modifications with /etc/init.d/openexchange. I'm no expert on startup scripts, so if anyone else has any further ideas, at least this brought it one step closer.

Jason
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Thu Nov 18, 2004 10:17 pm    Post subject: Reply with quote

playworker wrote:

Am I right in thinking I just have to set apache up to use SSL and that's it done or is there more to it than that?

Also I had email spellchecking working on my previous install (0.7.3) I'm guessing it's pretty similar with this version, just had to mess with the webmail config file I think, although I'm not at work so I can't check for you now :)

Let me know if you need any info about the spellchecking and I can get you settings etc. from work tomorrow...


Yeah, the spellchecking seems simple but i could never get it going.. but then again I gave it a very low priority.

If all you're doing is the web interface, using SSL would be a good first step. If not, you should use SSL on SMTP and IMAP as well. Putting the system behind a firewall and only allowing the required ports is another good thing to do..
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Fri Nov 19, 2004 8:14 pm    Post subject: Reply with quote

Any Spellcheck info yet playworker :D
_________________
write quit bang
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Sat Nov 20, 2004 12:29 am    Post subject: YAY! Reply with quote

0.7.5 has been released.

As well, I'm retesting my HOWTO on a fresh install of 2004.3 using NPTL. Look for that soon.. some new sections too.

----- CHANGES (the stuff in bold is from this forum or people on this forum) -----

Changes with OPEN-XCHANGE 0.7.5 - 2004-11-19

*) Fixed several minor bugs in week- and month view
if the duration was less then 24 hours and one week
calculation issue that is maybe fixed now. Also some
modifications for sequences added. The storage has
changed. Consolidated some methods for easier coding.

*) Changed complete day view so that the start and end
times and also the interval can be changed. This will
affects later on some user settings. Calculation
optimized.

*) Added the very first version of folder permissions.

*) Fixed bug #102. Login with capitals inside is now
possible and will not result in missing permissions.


*) Fixed bug #112. Resource group query works now.

*) Changed the sequence end date format in the database
for an easier handling in the future, part of a long list
of upcoming changes.

[Martin.Kauss]

*) The 'login.pm' now stores the last selected language at
a cookie and reselect it at the next login.

*) Fixed bug #87. Not able to forward an existing email in
OX WebMail when the subject line on the original email is
empty.

*) Fixed bug #10. The default folder names are now be
configurable in PREFIX/etc/webmail/imap.properties. The
admin can also deactivate the auto creation of not existing
default folders.

*) Fixed bug #85. Added missing 'nowrap' tag to the portal
page.

*) Fixed bug #88. Fixed a problem that the ignore quota on
deleting messages didn't work.

*) Fixed a problem that only "localhost" was used to send
groupware messages like (notifications, reminder) and not
the given smtp server.

*) Fixed bug #108. Fixed a problem that you can't accept/deny
groupware confirmations for tasks and appointments at the
OX WebMail confirmation popup.


*) Finished integration of distribution lists at the OX WebMail
address book. Due to this integration we have done a redesign
of the address book webinterface. Note: The old OX WebMail
mailling lists are no longer available.

*) Fixed bug #90. Fixed a small typo at 'FolderSettings.java'.
Thanks to Henrik Holmboe who provided this patch.

*) Fixed a problem for language 'DE' that when you replied to
a message the parameter "$date" and "$from" weren't replaced.

*) Added a new Interface 'IMAPConnection' which handles all imap
connections made through OX WebMail. This makes it easier for
changes. For example, if you have different username/password as
the given login data.

*) Fixed a problem that OX WebMail doesn't check personal
mailsettings in ldap ('maildomain' attribute) and always uses
the maildomain of the user 'mailadmin' instead. Also fixed a
problem that the user default email address ('mail' attribute)
was not available at the selection field under preferences.

*) Fixed bug #103. Fixed a problem that the page 'top.htm'
points to 'javascript/flags.css' when it should point to
'css/flags.css'.


*) Fixed bug #97. Fixed a login problem at the 'login.pm' when
using a username which contains more than 30 characters.

[Stefan.Preuss]

*) Fix for resolving the problem with "make" and with the
creating of the "war" file.

*) Fixed bug #31, problems with recurring appointments and ical.

*) Fixed bug #67, problem insert und update appointment via sunbird.

*) Fixed bug #84, problem with chmod -R in /var.

*) Fixed bug #96, logging the password in sessiond.log is now depending
of the loglevel.

*) Fixed bug #83, htdocs-, serlvet and cgi-bin options are now available
in the configure.

*) Fixed problem with importing ICal appointments.

*) Add MIME types to webmail.jar.

*) Changed methods for parsing XML content in a PROPFIND request.

*) Add the OXGroupuser class to the API.

*) Implemented the new API in the groupuser servlet.

*) Implemented the first version of the java API that can be used from
external programs.

*) API Javadoc implemented.

[Sebastian.Kauss]

*) Partially implemented WebDAV LOCK for documents. Not fully working yet.

*) Compiles now also with JDOM 1.0 (Bug 58)

*) List view in documents doesn't become print style anymore after showing the print page. (Bug 46)

*) Convert all usernames to lowercase after fetching it from sessiond. (Bug 41)

[Marcus Klein]

*) Fixed bug in sessiond startup script.

[Sebastian.Kotyrba]
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Sat Nov 20, 2004 1:53 am    Post subject: Reply with quote

Wow, that looks really promising.. Sounds like I-cal works to. May push this version out to production.. bitwh0re I will be testing this release on Monday so I will be around to help / test / whatever...

Weeeeeehawwwwwwww
_________________
write quit bang
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Sat Nov 20, 2004 2:46 pm    Post subject: Reply with quote

init-zero wrote:
Wow, that looks really promising.. Sounds like I-cal works to. May push this version out to production.. bitwh0re I will be testing this release on Monday so I will be around to help / test / whatever...

Weeeeeehawwwwwwww


I'm going to try and do this over the weekend.. it's 9:45AM Saturday and I'm just now doing the 'emerge system' step.. so it'll be a bit still.
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Sun Nov 21, 2004 2:18 am    Post subject: Reply with quote

Just working through a fresh install of 0.7.5 here.. quite a few things have changed. If you've gone through the HOWTO already, or are about to, read it carefully.. some things have changed that you may not notice have changed.

I have a question for everyone. When sun-j2sdk is emerged, it emerges xorg as well. xorg is listed as an RDEPEND for sun-j2sdk. Is XORG really required to make sun-j2sdk work?! If not how do you stop it from being emerged? XORG is declared as x11/virtual.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 7, 8, 9 ... 37, 38, 39  Next
Page 8 of 39

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum