SOGo

Arborescence des pages

Comparaison des versions

Ancienne version 12

changes.mady.by.user Vincent Bonamy

Sauvegardée le

comparé à

Nouvelle version Actuel

changes.mady.by.user Vincent Bonamy

Sauvegardée le

Légende

  • Ces lignes ont été ajoutées. Ce mot a été ajouté.
  • Ces lignes ont été supprimées. Ce mot a été supprimé.
  • La mise en forme a été modifiée.
Info

Depuis le 19 Juillet 2016, l'accès aux paquets SOGo est devenu payant : https://sogo.nu/news/2016/article/sogo-package-repositories.html

Sur cette page, on décrit comment mettre en place SOGo sur une CentOS 7.2 rapidement depuis les sources github. Ce qui ne nécessite pas de s'acquitter de licences auprès d'Inverse pour ce faire.

Au vu des pré-requis (version de la librairie Gnustep notamment), il est conseillé de ne pas réaliser cette installation sur une version inférieure à la version 7 de CentOS

...

On installe ici un SOGo v3 avec authentification CAS, base de données PostgreSQL, annuaire LDAP (supann), ...

Sommaire

Installation des paquets nécessaires

Bloc de code
yum install gcc-objc gnustep-base gnustep-make gnustep-base-devel libxml2-devel openssl-devel openldap-devel postgresql-devel libmemcached-devel libcurl-devel 

Installation de SOPE

Bloc de code
cd /usr/local/src
git clone https://github.com/inverse-inc/sope.git
cd sope
git checkout -b SOPE-34.0.2.1 SOPE-34.0.2.1
./configure --with-gnustep --enabledisable-debug --disable-strip 
make 
make install

Installation de SOGO

Bloc de code
cd /usr/local/src
git clone https://github.com/inverse-inc/sogo.git
cd sogo
git checkout -b SOGo-34.0.2.1 SOGo-34.0.2.1
./configure --enabledisable-debug --disable-strip
make
make install

 

Paramétrage système

Création de l'utilisateur sogo

Bloc de code
adduser sogo

Création des répertoires et affectation des droits

Bloc de code
mkdir -p /var/local/spool/sogo && chown -R sogo:sogo /var/local/spool/sogo
mkdir /etc/sogo && chown -R  sogo:sogo /etc/sogo
mkdir -p /var/local/run/sogo && chown -R sogo:sogo /var/local/run/sogo
mkdir /var/log/sogo/ && chown -R  sogo:sogo /var/log/sogo/ 

Fichier systemd 

Bloc de code
title /etc/systemd/system/sogo.service
[Unit]
Description=SOGo is a groupware server
After=network.target
After=postgresql.service
[Service]
Environment="PREFORK=83"
EnvironmentFile=-/etc/sysconfig/sogo
Type=forking
ExecStart=/usr/local/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /var/local/run/sogo/sogo.pid -WOLogFile /var/log/sogo/sogo.log
PIDFile=/var/local/run/sogo/sogo.pid
User=sogo
[Install]
WantedBy=multi-user.target

Fichier d'environnement sysconfig

Bloc de code
title/etc/sysconfig/sogo
# The amount of processes that should be spawned (Default: 3)
PREFORK=8
# The name of the account under which SOGo will be running (Default: sogo)
# USER=sogo
LD_LIBRARY_PATH=/usr/local/lib64/sogo:/usr/local/lib64:$LD_LIBRARY_PATH

Fichier de configuration sogo

xmletcsogoconf
Info
titlesogo-tool

Pour pouvoir lancer sogo-tool (et procéder à des backups, purge utilisateurs, etc.) la redéfinition de LD_LIBRARY_PATH est aussi nécessaire. Aussi vous pouvez ajouter dans le .bashrc de l'utilisateur sogo un

Bloc de code
Bloc de code
language
title/
home/sogo/
.
collapsetrue
bashrc
export LD_LIBRARY_PATH=/usr/local/lib64/sogo:/usr/local/lib64:$LD_LIBRARY_PATH


Fichier de configuration sogo

Bloc de code
languagexml
title/etc/sogo/sogo.conf
collapsetrue
<?xml version="1<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" "http://www.gnustep.org/plist-0_9.xml">
<plist version="0.9">
	<dict>
		<key>NGImap4ConnectionStringSeparator</key>
		<string>/</string>
		<key>NGImap4DisableIMAP4Pooling</key>
		<string>YES</string>
		<key>OCSEMailAlarmsFolderURL</key>
		<string>postgresql://sogo:password@127.0.0.1:5432/sogo/sogo_alarms_folder</string>
		<key>OCSFolderInfoURL</key>
		<string>postgresql://sogo:password@127.0.0.1:5432/sogo/sogo_folder_info</string>
		<key>OCSSessionsFolderURL</key>
		<string>postgresql://sogo:password@127.0.0.1:5432/sogo/sogo_sessions_folder</string>
		<key>SOGoACLsSendEMailNotifications</key>
		<string>YES</string>
		<key>SOGoAppointmentSendEMailNotifications</key>
		<string>YES</string>
		<key>SOGoAuthenticationType</key>
		<string>CAS</string>
		<key>SOGoCASLogoutEnabled</key>
		<string>YES</string>
		<key>SOGoCASServiceURL</key>
		<string>https://cas.univ-rouen.fr</string>
		<key>SOGoDAVAuthenticationType</key>
		<string>CAS</string>
		<key>SOGoDraftsFolderName</key>
		<string>Drafts</string>
		<key>SOGoEnableEMailAlarms</key>
		<string>YES</string>
		<key>SOGoFirstDayOfWeek</key>
		<string>1</string>
		<key>SOGoFirstWeekOfYear</key>
		<string>First4DayWeek</string>
		<key>SOGoFoldersSendEMailNotifications</key>
		<string>NO</string>
		<key>SOGoForwardEnabled</key>
		<string>YES</string>
		<key>SOGoHideSystemEMail</key>
		<string>YES</string>
		<key>SOGoIMAPServer</key>
		<string>imap://imap.univ-rouen.fr</string>
		<key>SOGoLanguage</key>
		<string>French</string>
		<key>SOGoMailAuxiliaryUserAccountsEnabled</key>
		<string>YES</string>
		<key>SOGoMailDomain</key>
		<string>univ-rouen.fr</string>
		<key>SOGoMailMessageCheck</key>
		<string>every_10_minutes</string>
		<key>SOGoMailMessageForwarding</key>
		<string>attached</string>
		<key>SOGoMailShowSubscribedFoldersOnly</key>
		<string>NO</string>
		<key>SOGoMailingMechanism</key>
		<string>smtp</string>
		<key>SOGoMemcachedHost</key>
		<string>127.0.0.1</string>
		<key>SOGoProfileURL</key>
		<string>postgresql://sogo:password@127.0.0.1:5432/sogo/sogo_user_profile</string>
		<key>SOGoSMTPServer</key>
		<string>smtp.univ-rouen.fr</string>
		<key>SOGoSentFolderName</key>
		<string>Sent</string>
		<key>SOGoSieveScriptsEnabled</key>
		<string>YES</string>
		<key>SOGoSieveServer</key>
		<string>sieve://sieve.univ-rouen.fr:2000</string>
		<key>SOGoMailSpoolPath</key>
		<string>/var/local/spool/sogo</string>
		<key>SOGoSuperUsernames</key>
		<array>
			<string>adminlogin</string>
			<string>admi2login</string>
		</array>
		<key>SOGoTimeZone</key>
		<string>Europe/Paris</string>
		<key>SOGoTrashFolderName</key>
		<string>Trash</string>
		<key>SOGoUserSources</key>
		<array>
			<dict>
				<key>CNFieldName</key>
		   		<string>displayName</string>
				<key>IDFieldName</key>
				<string>uid</string>
				<key>UIDFieldName</key>
				<string>uid</string>
				<key>baseDN</key>
				<string>ou=people,dc=univ-rouen,dc=fr</string>
				<key>bindDN</key>
				<string>cn=sogo,dc=univ-rouen,dc=fr</string>
				<key>bindFields</key>
				<array>
				<string>uid</string>
				</array>
				<key>bindPassword</key>
				<string>sogoldappassword</string>
				<key>canAuthenticate</key>
				<string>yes</string>
				<key>displayName</key>
				<string>Adresses partagées</string>
				<key>hostname</key>
				<string>ldap.univ-rouen.fr ldap-spare.univ-rouen.fr</string>
				<key>id</key>
				<string>ldap.univ-rouen.fr</string>
				<key>isAddressBook</key>
				<string>yes</string>
				<key>type</key>
				<string>ldap</string>
			</dict>
		</array>
		<key>SOGoVacationEnabled</key>
		<string>YES</string>
		<key>WOMessageUseUTF8</key>
		<string>YES</string>
		<key>WOParsersUseUTF8</key>
		<string>YES</string>
		<key>WOPort</key>
		<string>20000</string>
		<key>WOWatchDogRequestTimeout</key>
		<string>1</string>
	</dict>
</plist>

...

Concernant le fichier de configuration

...

, on peut aussi utiliser le format non xml de plist.

Le fichier 

...

/etc/

...

sogo/

...

sogo.conf sera alors de cette forme : 

d/SOGo.conf
Bloc de code
{
collapsetrue
<VirtualHost *:80>
  NGImap4ConnectionStringSeparator  ServerName  sogo-rwd.univ-rouen.fr= "/";
  NGImap4DisableIMAP4Pooling  ServerAlias sogo-rwd soual soual.univ-rouen.fr
    ServerAdmin   ent-bugs@unr-runn.fr= "YES";
	............  
	............  
}

Si vous optez pour placer ce fichier dans /home/sogo/GNUstep/Defaults/.GNUstepDefaults il sera cependant sous cette forme : 

Bloc de code
{
    NSGlobalDomain = {
    ServerSignature};
 Off
   sogod = {
 		NGImap4ConnectionStringSeparator = "/";
  		NGImap4DisableIMAP4Pooling = "YES";
		............  
		............  
	};
}
 

 

Fichier de configuration Apache 

Bloc de code
title/etc/httpd/conf.d/SOGo.conf
collapsetrue
<VirtualHost *:80>
    ServerName  ErrorLog /var/log/httpd/sogo.univ-rouen.fr-error.log
    LogLevel warn
    CustomLog /var/log/httpd/sogo.univ-rouen.fr-access.log combined

    RewriteEngine On
    RewriteRule ^/(.*) https://sogo-rwd.univ-rouen.fr/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
    ServerNameServerAlias  sogo-rwd soual soual.univ-rouen.fr
    ServerAlias sogo-rwd 
    ServerAdmin   ent-bugs@unr-runn.fr
    ServerSignature Off
    
    ErrorLog /var/log/httpd/sogo.univ-rouen.fr-error.log
    LogLevel warn
    CustomLog /var/log/httpd/sogo.univ-rouen.fr-access.log combined

    SSLEngineRewriteEngine onOn
    SSLCertificateKeyFileRewriteRule /etc/httpd/ssl^/(.*) https://sogo-rwd.univ-rouen.fr.key/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
    SSLCertificateFileServerName  /etc/httpd/ssl/cert-12345--sogo-rwd.univ-rouen.fr.pem
    SSLCertificateChainFile /etc/httpd/ssl/chain-12345--.univ-rouen.fr.pem

ServerAlias sogo-rwd 
    ServerAdmin   ent-bugs@unr-runn.fr
    DocumentRoot /var/www/
 ServerSignature Off
   <Directory />
    Options FollowSymLinksErrorLog /var/log/httpd/sogo.univ-rouen.fr-error.log
    AllowOverrideLogLevel Nonewarn
    </Directory>
    ErrorDocument 503 /webmail-503/503.htmlCustomLog /var/log/httpd/sogo.univ-rouen.fr-access.log combined

    RewriteEngineSSLEngine Onon
    RewriteRule ^/$ /SOGo [L,R]
SSLCertificateKeyFile /etc/httpd/ssl/sogo-rwd.univ-rouen.fr.key
    SSLCertificateFile ExpiresActive On /etc/httpd/ssl/cert-12345--.univ-rouen.fr.pem
    #ExpiresByType text/css "access plus 3 hours"SSLCertificateChainFile /etc/httpd/ssl/chain-12345--.univ-rouen.fr.pem

    #ExpiresByType text/javascript "access plus 3 hours"DocumentRoot /var/www/
    ExpiresByType<Directory text/css>
  "access plus 3Options hours"FollowSymLinks
    ExpiresByType text/javascript "access plus 3 hours"AllowOverride None
    </Directory>
    ExpiresByType image/gif "access plus 1 day"ErrorDocument 503 /webmail-503/503.html

    RewriteEngine On
    RewriteRule ^/$ /SOGo [L,R]
    ExpiresActive On
    ExpiresByType#ExpiresByType imagetext/pngcss "access plus 13 dayhours"
    ExpiresByType#ExpiresByType imagetext/jpgjavascript "access plus 13 dayhours"
    #CacheEnable mem /SOGo.woa/WebServerResources/
	Alias /SOGo.woa/WebServerResources \
		  /usr/local/lib64/GNUstep/SOGo/WebServerResources
	Alias /SOGo/WebServerResources \
		  /usr/local/lib64/GNUstep/SOGo/WebServerResources
	AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) \
		       /usr/local/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2
	<DirectoryExpiresByType text/css "access plus 3 hours"
    ExpiresByType text/javascript "access plus 3 hours"
    ExpiresByType image/gif "access plus 1 day"
    ExpiresByType image/png "access plus 1 day"
    ExpiresByType image/jpg "access plus 1 day"
    #CacheEnable mem /SOGo.woa/WebServerResources/
	Alias /SOGo.woa/WebServerResources \
		  /usr/local/lib64/GNUstep/SOGo>SOGo/WebServerResources
		AllowOverride NoneAlias /SOGo/WebServerResources \
		Require all granted
	</Directory>
	<LocationMatch "^/SOGo/so//usr/local/lib64/GNUstep/SOGo/WebServerResources
	AliasMatch /SOGo/so/ControlPanel/Products/(.*UI)/Resources/(.*\.(jpg|png|gif|css|js)">
	  SetHandler default-handler \
	</LocationMatch>
	ProxyRequests Off
	SetEnv proxy-nokeepalive 1
	ProxyPreserveHost On
	ProxyPass /SOGo/casProxy !
	ScriptAlias /SOGousr/casProxy local/varlib64/wwwGNUstep/cgi-bin/cas-proxy-validate.py
	<LocationMatch "^/SOGo/casProxy.*">
	 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
	 Order allow,deny
	 Allow from All
	 AddHandler cgi-script .pySOGo/$1.SOGo/Resources/$2
	<Directory /usr/local/lib64/GNUstep/SOGo>
		AllowOverride None
		Require all granted
	</Directory>
	<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
	  SetHandler default-handler
	</LocationMatch>
	ProxyRequests Off
	SetEnv proxy-nokeepalive 1
	ProxyPreserveHost On
	ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

	<Proxy http://127.0.0.1:20000/SOGo>
	  RequestHeader set "x-webobjects-server-port" "443"
	  RequestHeader set "x-webobjects-server-name" "sogo-rwd.univ-rouen.fr"
	  RequestHeader set "x-webobjects-server-url" "https://sogo-rwd.univ-rouen.fr"/casProxy !
	ScriptAlias /SOGo/casProxy /var/www/cgi-bin/cas-proxy-validate.py
	<LocationMatch "^/SOGo/casProxy.*">
	 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
	 Order allow,deny
	 Allow from All
	 AddHandler cgi-script .py
	</LocationMatch>

	ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

	<Proxy http://127.0.0.1:20000/SOGo>
	  RequestHeader set "x-webobjects-server-protocolport" "HTTP/1.0443"
	  RequestHeader set "x-webobjects-remoteserver-host" %{REMOTE_HOST}e env=REMOTE_HOST
	  AddDefaultCharset UTF-8name" "sogo-rwd.univ-rouen.fr"
	  RequestHeader set "x-webobjects-server-url" "https://sogo-rwd.univ-rouen.fr"
	  Order allow,deny
	  Allow from all
	</Proxy>

	# header RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
	  RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
	  AddDefaultCharset UTF-8
	  Order allow,deny
	  Allow from all
	</Proxy>

	# header of emails.
	RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
</VirtualHost>

Fichier CGI cas-proxy-validate.py

Bloc de code
title/var/www/cgi-bin/cas-proxy-validate.py
collapsetrue
#!/usr/bin/python
# -*- coding: utf-8 -*-
# cas-proxy-validate.py - this file is part of SOGo
#
#  Copyright (C) 2010 Inverse inc.
#
# Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING.  If not, write to
# the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# This script provides a CGI to avoid reentrancy issues when using SOGo in CAS
# mode
# debian dep: python-memcache
import cgi
import memcache
import os
import sys
config = { "cas-addr": "10.10.10.2",
           "memcached-addrs": ["127.0.0.1:11211"] }
class CASProxyValidator:
    def run(self):
        if os.environ.has_key("GATEWAY_INTERFACE"):
            self._runAsCGI()
        else:
            self._runAsCmd()
    def _runAsCGI(self):
        if self._cgiChecks():
            form = cgi.FieldStorage()
            if form.has_key("pgtId") and form.has_key("pgtIou"):
                pgtIou = form.getfirst("pgtIou")
                pgtId = form.getfirst("pgtId")
                self._registerPGTIdAndIou(pgtIou, pgtId)
                message = "'%s' set to '%s'" \
                          % ("cas-pgtiou:%s" % pgtIou, pgtId)
                self._printCGIError(message, 200)
            else:
                self._printCGIError("Missing parameter.", 200)
    def _cgiChecks(self):
        rc = False
        if os.environ["REQUEST_METHOD"] == "GET":
            #if os.environ["REMOTE_ADDR"] == config["cas-addr"]:
            #    rc = True
            #else:
            #    self._printCGIError("Who are you? (%s)" % os.environ["REMOTE_ADDR"])
            rc = True
        else:
            self._printCGIError("Only 'GET' is accepted.")
        return rc
    def _printCGIError(self, message, code = 403):
        sys.stderr.write('error %s , message : %s' % (code, message)) 
        print("Status: %d\n"
              "Content-Type: text/plain; charset=utf-8\n\n%s"
              % (code, message))
    def _runAsCmd(self):
        if len(sys.argv) == 3:
            self._registerPGTIdAndIou(sys.argv[1], sys.argv[2])
            print "set '%s' to '%s'" \
                  % ("cas-pgtiou:%s" % sys.argv[1], sys.argv[2])
        else:
            raise Exception, "Missing or too many parameters."
    def _registerPGTIdAndIou(self, pgtIou, pgtId):
        mc = memcache.Client(config["memcached-addrs"])
        mc.set("cas-pgtiou:%s" % pgtIou, pgtId)
if __name__ == "__main__":
    process = CASProxyValidator()
    process.run()

 

Systemctl et Lancement

Bloc de code
 systemctl enable sogo
 systemctl restart sogo

 

...

":
    process = CASProxyValidator()
    process.run()

 

Systemctl et Lancement

Bloc de code
 systemctl enable sogo
 systemctl restart sogo

 

Mises à jour

Arrêt

Bloc de code
systemctl stop sogo

Mise à jour de SOPE

Bloc de code
cd /usr/local/src/sope
git fetch
git checkout -b SOPE-4.0.3 SOPE-4.0.3
make clean
./configure --with-gnustep --disable-debug --disable-strip 
make -j$(grep -c '^processor' /proc/cpuinfo)
make install

Mise à jour de SOGO

Bloc de code
cd /usr/local/src/sogo
git fetch
git checkout -b SOGo-4.0.3 SOGo-4.0.3
make clean
./configure --disable-debug --disable-strip
make -j$(grep -c '^processor' /proc/cpuinfo)
make install

Redémarrage

Bloc de code
systemctl start sogo