Talk:Zarafa

From SME Server
Revision as of 04:20, 27 November 2008 by Snoble (talk | contribs) (note to contributors)
Jump to navigationJump to search

note to contributors

Please put you suggestions on the main page, we don't want to create a parallel page of instructions. If in doubt, add a pointer to the Talk page and expand

If you can advise on standard configuration, make it a bug so it is added to the rpm


Bugs

Search all bugs for smeserver-zarafa at bugs.contribs.org for history


Mobile synchronisation

Warning.png Warning:
I DON'T KNOW WHAT I'M DOING!!

PLEASE CHECK THE CODE FOR ERRORS AND SECURITY ISSUES!!

HAVE NOT FIGURED OUT HOW TO -ONLY- USE SSL YET!!



To enable synchronization of your mobile phone through ActiveSync with Zarafa, Z-push needs to be installed.

You can find the original Z-push installation documentation here: http://download.zarafa.com/zarafa/release/docs/z-push_installation_manual.en.pdf


Download the latest Z-push version (see: http://z-push.sourceforge.net). 

# wget http://download2.berlios.de/z-push/z-push-1.2.tar.gz

Extract the files: 

# tar -zxvf z-push-1.2.tar.gz -C /var/www/html

'State'-dir needs to be writable for apache: 

# cd /var/www/html/z-push/
# chmod 755 state
# chown www:www state

Make a new template fragment: 

# mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
# pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86Z-PushAlias

Edit the fragment and add: 

Alias /Microsoft-Server-ActiveSync /var/www/html/z-push/index.php
<Directory /var/www/html/z-push/>
   Options -Indexes
   AllowOverride None
   order allow,deny
   allow from all
   AddType application/x-httpd-php .php
   php_flag magic_quotes_gpc off
   php_flag register_globals off
   php_flag magic_quotes_runtime off
   php_flag short_open_tag on
</Directory>

Expand the template: 

# expand-template /etc/httpd/conf/httpd.conf

Restart httpd (the currently for Zarafa only save way): 

# sv restart httpd-e-smith

Synchronise using SSL

Incomplete.png Incomplete:
This article or section needs to be expanded. Please help to fill the gaps or discuss the issue on the talk page



Know working hardware

Tested and working with WinMobile 6.1 on a HTC TyTN II over a NON SSL connection (mail-push not yet tested).

Additional Notes

Darrell, I have installed Zarafa manually using custom-templates/db settings and have most everything working flawlessly including the Outlook plugin, and z-push to a WM6 device and I am EXTREMELY impressed. I have a desktop, laptop and my Samsung i760 in perfect sync. The z-push actually "pushes" and emails, calendar, contact changes happen almost instantaneously.

I have a couple of pointers if you are still working on this project.

I notice you use the "db" setting for your users. I found the unix plugin a superb tool. It automatically adds all system users and keeps them in sync including password changes and user additions/deletions. It works on the fly. The only drawback is the fact SME uses weird user/group numbering so you have to include users from 5000 up and then exclude all groups by configuring uniz.cfg to a high range like 10001-10001. I also did not include admin as one of the users due to the limitations on how the unix plugin handles users/groups.

1- I also placed a rewrite rule to force https. 

RewriteRule ^/Microsoft-Server-ActiveSync(/.*|$)    https://%{HTTP_HOST}/Microsoft-Server-ActiveSync$1 [L,R]

2- You can sort junk email to zarafa and have it automatically placed in the Junk E-mail folder. This works in the .qmail-junkmail template. Note the -qj switch. This tells zarafa-dagent to place the email in the Junk E-mail folder. 

http://bugs.contribs.org/show_bug.cgi?id=4705

Some other notes: I totally disabled horde (no big loss there) and pop and imap and my implementation either uses horde OR zarafa but not both. I run zarafa on the standard ports and transitioned 15 users last night. Some using Outlook (pop) and they didn't notice anything. A few use webmail and I left the alias alone and those users all logged in this morning to a big surprise and they were all extremely happy.

For this to work, you need to configure zarafa to use the certs already generated in SME. Hope this helps.

Paul 

Hi Paul, please submit separate bug reports detailing all your customization notes. Darrell

SSL

I've been trying to get SSL working for both IMAP and the Outlook configuration. For IMAP, I edited the gateway.cfg template to point to the SME Server certificate and key files:

File with RSA key for SSL:

ssl_private_key_file = /home/e-smith/ssl.key/host.domain.com.key

File with certificate for SSL:

ssl_certificate_file = /home/e-smith/ssl.crt/host.domain.com.crt

On restart of the daemon, I was successfully able to connect. In looking further at the Outlook side, SSL support for the server is configured in server.cfg, where it requires a path to CA certificates. Using the steps outlined in the zarafa-server man page, I created a CA and certificate which I then specified in server.cfg. I was then able to configure the Outlook profile to use port 237 and connect successfully.

N.B. There is a typo in the man page - the shell script should be /usr/share/zarafa/ssl-certificates.sh - the man page is missing the "s" in certificates.

NOTE: There is no need to create any additional certificates, the SME self signed certificates work just fine for Outlook SSL connections. In server.cfg in the SSL section (on or about line 104) you need to point to the correct certs and paths like this:

server_ssl_key_file = /home/e-smith/ssl.pem/host.domain.com.pem

server_ssl_ca_file = /home/e-smith/ssl.crt/host.domain.com.crt

server_ssl_ca_path = /home/e-smith/ssl.crt/

sslkeys_path = /home/e-smith/ssl.pem/

Retrieved from "https://wiki.koozali.org/index.php?title=Talk:Zarafa&oldid=11673"