Updating Kolab 3.1 or 3.2 to 3.3

I have recently updated my Kolab Groupware install from version 3.2 to version 3.3, there are not a ton of new features but I wanted to see if this would be a huge process or go fairly quickly.

First of all, take a backup. Really take a backup. You never know what your going to blow up with Kolab updates. Sometime they work great, and they are getting better. Just do it. At the very least backup your IMAP store. If you are like me at all and have your IMAP mounted over NFS, stop the Cyrus service and unmount the IMAP store.

Also, I am using CentOS 6 this guide will be based on that, the fixes at the end might apply though if you are not running CentOS 6.

Here is what I did, also I will list a few things I did to fix some issues.

Backup the server. I use VMWare ESX so I made a snapshot.

Stop the Cyrus Server.


service cyrus-imapd stop

I unmounted the IMAP store since I use NFS.


umount /var/spool/imap

Follow this guide (I will copy it’s content below, possibly with some differences).


https://docs.kolab.org/administrator-guide/upgrading-from-kolab-3.1-to-3.3.html

Update your CentOS Installation


# cd /etc/yum.repos.d/
# rm Kolab*.repo
# wget http://obs.kolabsys.com/repositories/Kolab:/3.3/CentOS_6/Kolab:3.3.repo
# wget http://obs.kolabsys.com/repositories/Kolab:/3.3:/Updates/CentOS_6/Kolab:3.3:Updates.repo
# yum update

FILE TO EDIT: /etc/kolab/kolab.conf
Replace example.org with your LDAP and installation primary domain name.


[ldap]
sharedfolder_acl_entry_attribute = acl
modifytimestamp_format = %Y%m%d%H%M%SZ

[kolab_smtp_access_policy]
delegate_sender_header = True
alias_sender_header = True
sender_header = True
xsender_header = True
cache_uri = 

[wallace]
modules = resources, invitationpolicy, footer
kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL

If you’re planning to make use of wallace please make sure wallace is enabled to start using chkconfig on RHEL/Centos or /etc/default/wallace on debian.


# service kolab-server restart
# service wallace restart

FILE TO EDIT: /etc/kolab-freebusy/config.ini
Instead of editing the configuration by hand it’s easier to just recreate the configuration using the setup-kolab tool. Your choice.
This step did not work for me, but I do not use freebusy!


# cp /etc/kolab-freebusy/config.ini.rpmnew /etc/kolab-freebusy/config.ini
or
# setup-kolab freebusy

FILE TO EDIT: /etc/roundcubemail/config.inc.php
The plugins where correct on my server excepting adding the new ones, kolab_notes and kolab_tags.


Change the plugin load order the follwing way:

    move kolab_auth to the top position
    move kolab_config after kolab_addressbook
    add kolab_notes after kolab_folders
    add kolab_tags after kolab_notes

$config['use_secure_urls'] = true;
$config['assets_path'] = '/roundcubemail/assets/';

FILE TO EDIT: /etc/roundcubemail/password.inc.php
Change the password driver from ldap to ldap_simple.


$config['password_driver'] = 'ldap_simple';

FILE TO EDIT: /etc/roundcubemail/kolab_files.inc.php
Update the kolab_files_url to /chwala/ to be protocol independent.
This would not work for me, I kept my old setup.


$config['kolab_files_url'] = '/chwala/';

FILE TO EDIT: /etc/iRony/dav.inc.php
The iRony configuration doesn’t have anything special configurations. You might want to consider just to take the new default config file or change it based on the differences between the previous version.
For me, nothing changed from 3.2 to 3.3 but you should check.


# cp /etc/iRony/dav.inc.php.rpmnew /etc/iRony/dav.inc.php

FILE TO EDIT: /etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf
To fix the handling of resource invitations you’ve to adjust your existing virtual alias maps, otherwise you end up with non-delivery-reports.
I just had to add the last part.


query_filter = (&(|(mail=%s)(alias=%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail))

FILE TO EDIT: /etc/postfix/master.cf
This will put wallace as the next content-filter after the mail has been returned from amavis to postfix. If you’re don’t want to make use of iTip processing or resource management you can skip this section.


[...]
127.0.0.1:10025     inet        n       -       n       -       100     smtpd
    -o cleanup_service_name=cleanup_internal
    -o content_filter=smtp-wallace:[127.0.0.1]:10026
    -o local_recipient_maps=
[...]

Restart Postfix


# service postfix restart

Update MySQL Database
Connect to MySQL, use the password you use for SQL on that server.


# mysql -u root -p -D kolab

--
-- Table structure for table `ou_types`
--

DROP TABLE IF EXISTS `ou_types`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `ou_types` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `key` text NOT NULL,
  `name` varchar(256) NOT NULL,
  `description` text NOT NULL,
  `attributes` longtext NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `ou_types`
--

LOCK TABLES `ou_types` WRITE;
/*!40000 ALTER TABLE `ou_types` DISABLE KEYS */;
INSERT INTO `ou_types` VALUES (1,'unit','Standard Organizational Unit','A standard organizational unit definition','{\"auto_form_fields\":[],\"fields\":{\"objectclass\":[\"top\",\"organizationalunit\"]},\"form_fields\":{\"ou\":[],\"description\":[],\"aci\":{\"optional\":true,\"type\":\"aci\"}}}');
/*!40000 ALTER TABLE `ou_types` ENABLE KEYS */;
UNLOCK TABLES;


--
-- Table structure for table `sharedfolder_types`
--

DROP TABLE IF EXISTS `sharedfolder_types`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `sharedfolder_types` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `key` text NOT NULL,
  `name` varchar(256) NOT NULL,
  `description` text NOT NULL,
  `attributes` longtext NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1;
/*!40101 SET character_set_client = @saved_cs_client */;

--
-- Dumping data for table `sharedfolder_types`
--

LOCK TABLES `sharedfolder_types` WRITE;
/*!40000 ALTER TABLE `sharedfolder_types` DISABLE KEYS */;
INSERT INTO `sharedfolder_types` VALUES (1,'addressbook','Shared Address Book','A shared address book','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"contact\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(2,'calendar','Shared Calendar','A shared calendar','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"event\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(3,'journal','Shared Journal','A shared journal','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"journal\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(4,'task','Shared Tasks','A shared tasks folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"task\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(5,'note','Shared Notes','A shared Notes folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"note\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(6,'file','Shared Files','A shared Files folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"file\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(7,'mail','Shared Mail Folder','A shared mail folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"mail\"],\"objectclass\":[\"top\",\"kolabsharedfolder\",\"mailrecipient\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[],\"alias\":{\"type\":\"list\",\"optional\":true},\"kolabdelegate\":{\"type\":\"list\",\"autocomplete\":true,\"optional\":true},\"kolaballowsmtprecipient\":{\"type\":\"list\",\"optional\":true},\"kolaballowsmtpsender\":{\"type\":\"list\",\"optional\":true},\"kolabtargetfolder\":[],\"mail\":[]}}');
/*!40000 ALTER TABLE `sharedfolder_types` ENABLE KEYS */;
UNLOCK TABLES;

Go ahead and restart the server now to load stuff, you don’t really have to I suppose.

Stuff I fixed/updated/changed to make stuff work…

The assets will not load, images, css and such on roundcube web interface:

Edit /etc/roundcubemail/config.inc.php and change


$config['assets_path'] = '/roundcubemail/assets/';

to


$config['assets_path'] = '/assets/';

Still no assets, using SSL? No images and stuff? Let’s check your Apache configuration. I had to add an Include line in the ssl.conf

Edit /etc/httpd/conf.d/ssl.conf
I just added the Include line below, your setup may be different as some people use a VHOST some use SSL some use mod_ssl (like me) some use other SSL setups. Some people need to include the roundcubemail.conf and some won’t.


#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

Include conf.d/roundcubemail.conf

#   SSL Engine Options:

Okay, I also use a custom port number with my setup to access the web, it’s SSL but it’s not on port 443. You need to turn off secure_urls and change a PHP variable.
Edit /etc/roundcubemail/config.inc.php


$config['use_secure_urls'] = false;

Edit /usr/share/roundcubemail/program/include/rcmail_output_html.php
Line ~187. You can see I changed the $_SERVER line to be HTTP_HOST this will catch the custom port.


                $base = implode('/', $_base);
            }

            $path = (rcube_utils::https_check() ? 'https' : 'http') . '://'
                . $_SERVER['HTTP_HOST'] . $base . '/' . $path;
        }

        $this->assets_path = $path;
        $this->set_env('assets_path', $path);

Do you use the files portion of Kolab and it’s not working? Lets check our configuration for Chwala.

Edit /usr/share/roundcubemail/config/kolab_files.inc.php
Here is my file, check the top lines, the URL fields. I at one point needed to specify HTTPS, maybe you do. I no longer need to.



Have an android device or other Exchange client that you know supports sub-folders and user created folders and they never show up? Do the emails all clump together in the inbox? Try this.

Edit /usr/share/kolab-syncroton/lib/kolab_sync_data_email.php
Line ~108. Change the windowsoutlook15 to android


    public function __construct(Syncroton_Model_IDevice $device, DateTime $syncTimeStamp)
    {
        parent::__construct($device, $syncTimeStamp);

        $this->storage = rcube::get_instance()->get_storage();

        // Outlook 2013 support multi-folder
        //$this->ext_devices[] = 'windowsoutlook15';
        $this->ext_devices[] = 'android';

        if ($this->asversion >= 14) {
            $this->tag_categories = true;
        }
    }

Make sure you go into roundcube settings, and then folders. Check the new folders are checked. Then settings and ActiveSync and under your device check the new folders as well.

After everything was good, I was still getting some odd errors with the notes portion. I could make a new Noteboot in Roundcube and add notes there, but I could not add or move notes into the primary notebook ‘Notes’ I kept getting an error. My androids could not add or read notes from it either. Very odd. After poking around I figured it’s probably something with the IMAP storage portion. I was right for my issue, and this is what I did.

Login to kolab server using SSH or console as root and then change user to cyrus.


su - cyrus

If you get an error with that command, then you need to probably check the login shell for cyrus. I changed the users login shell to bash.


usermod -s /bin/bash cyrus

Once you are running as Cyrus we need to reconstruct the IMAP mailbox.


cd /usr/lib/cyrus-imapd
./reconstruct -r user/test.user

For me the user/test.user was user/username@domain.net

While here I also ran


./cyr_expire -E 3 -D 3 -X 3

To remove some deleted crap and clear out stuff.

By |December 27th, 2014|Categories: How To|Tags: , , , , |0 Comments

Installing Kolab 3.2 on CentOS

Kolab the open-source groupware collaboration project released version 3.2 on Valentines day. I have been on version 3.0 for some time now and wanted to get away from using ownCloud and some other projects and just use Kolab as it was doing my mail, contacts and calendaring anyway.

The installation process is not all that difficult, here is what I did to install the software.

Lets get some utilities.


# yum install wget
# yum install nano

First we need to prepare the target system. The document http://docs.kolab.org/installation-guide/preparing-the-system.html tells us we need to relax the SELinux policy.


# setenforce 0

Lets also make it persist across reboots.


nano /etc/selinux/config

Change `enforcing` to `permissive`.

At this point (since this is a completely internal install) I wanted to disable the iptables firewall. (We can re-enable later after it’s all working).


# /etc/init.d/iptables stop
# chkconfig iptables off

Kolab has some very strict DNS requirements for how this machine refers to itself, and how people locate this machine.


# hostname -f

This needs to be exactly how you connect to this server via the web interface. If this is not how your external DNS will handle this servers FQDN you need to fix your hosts file.


# nano /etc/hosts

Follow the steps @ http://docs.kolab.org/installation-guide/centos.html

First we need to install EPEL. (At the time of this post, this is the most current RPM you need for EPEL.)


# rpm -Uhv http://mirror.chpc.utah.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Next download some files with wget that add the Repos.


# cd /etc/yum.repos.d/
# wget http://obs.kolabsys.com:82/Kolab:/3.2/CentOS_6/Kolab:3.2.repo
# wget http://obs.kolabsys.com:82/Kolab:/3.2:/Updates/CentOS_6/Kolab:3.2:Updates.repo

Next we can install all the packages Kolab needs.


# yum install kolab

After all these are installed we (at this time, its a bug that needs fixing) need to fix the template script for amavisd.conf


# nano /usr/lib/python2.6/site-packages/pykolab/setup/setup_mta.py

Look around line `386` the small block should look like the following


        if os.path.isdir('/etc/amavisd'):
            fp = open('/etc/amavisd/amavisd.conf', 'w')
        elif os.path.isdir('/etc/amavis'):
            fp = open('/etc/amavis/amavisd.conf', 'w')
            fp.write(t.__str__())
            fp.close()

Take a look under the second line, it opens the file but does not write and then close it. We need it to do this or we will get a zero byte empty amavisd.conf file.

If yours looks like the above make it look like this


        if os.path.isdir('/etc/amavisd'):
            fp = open('/etc/amavisd/amavisd.conf', 'w')
            fp.write(t.__str__())
            fp.close()
        elif os.path.isdir('/etc/amavis'):
            fp = open('/etc/amavis/amavisd.conf', 'w')
            fp.write(t.__str__())
            fp.close()

You see I have added two lines under the second. Save the file and exit.

Now we can continue installing Kolab.


# setup-kolab

During this install you will be asked for many passwords. Write down the defaults or make up your own passwords.

After the install is complete, I reboot the system to make sure all services are started and that everything loads correctly.

We now need to update the database schema. At this time, even on a fresh install the database schema is out of date. I found this out by finding some odd bugs and talking about them in the Kolab IRC channel. After running the update database script they all went away.


# cd /usr/share/roundcubemail/
# ./bin/updatedb.sh --dir plugins/libkolab/SQL --package libkolab
# ./plugins/libkolab/bin/modcache.sh clear -a

I changed my Kolab web services to run off a different port, I had to edit `nss.conf` which is part of Apache.


# nano /etc/httpd/conf.d/nss.conf

Two parts of this file need to be changed if you want to change from the default SSL port that Kolab ships with. The default SSL port is 8443. Find the lines


Listen 8443
VirtualHost _default_:8443

Change the two mentions of 8443 to your own port.

If your going to be using only SSL then we need to make a few more changes in some files.

`config.inc.php`


# nano /usr/share/roundcubemail/config/config.inc.php

I added the following lines under the `$config[‘db_dsnw’] value.


    $config['calendar_caldav_url'] = "https://your.fqdn.tld:8443/iRony/calendars/%u/%i";
    $config['kolab_addressbook_carddav_url'] = 'https://your.fqdn.tld:8443/iRony/addressbooks/%u/%i';

Change the FQDN and the ports to match your setup.

`kolab_files.inc.php`


# nano /usr/share/roundcubemail/config/kolab_files.inc.php

I change the `kolab_files_url` variable by adding an `s` to `http`


$config['kolab_files_url'] = 'https://' . $_SERVER['HTTP_HOST'] . '/chwala/';

There might be more files that need some changing, but I have not found any that need it yet.

This should get you on to the next step http://docs.kolab.org/installation-guide/first-login.html

Using iRony+Chwala as a WebDAV server your URL is:


https://your.fqdn.tld:port/iRony

Issues:
1. If you visit your Address Book and notice nothing shows up, you import and nothing shows. You turn off cache in libkolab.conf and the contacts show up? You need to run the database update script.

2. If you turn cache off and contacts work but the cloud files break you need to run the database update script.

3. If the buttons on the files page are disabled you might need to go through and verify all URLs are correct for HTTP(s). Verify your FQDN, DNS Settings at your provider, and check your hosts file for correct entries. It seems that the files page is very picky and requires that from the page be able to loop back and see itself. So all your hostnames, and FQDNs have to be exactly as they are. If your using SSL be sure to edit the files I mention on this page and change http to https that are hardcoded in the PHP files.

By |February 20th, 2014|Categories: How To|Tags: , , , |12 Comments