diff --git a/source/administrator-guide/kolab-freebusy-reference.rst b/source/administrator-guide/kolab-freebusy-reference.rst index 270b2a33..1b38c263 100644 --- a/source/administrator-guide/kolab-freebusy-reference.rst +++ b/source/administrator-guide/kolab-freebusy-reference.rst @@ -1,454 +1,454 @@ .. _admin_kolab-freebusy-settings: ========================================= Kolab Freebusy Service Settings Reference ========================================= The web service is configured using a single settings file in .ini format located in ``/etc/kolab-freebusy/config.ini``. The configuration is divided into the following static sections and a list **directory** sections defining the list of directories used to search for freebusy for the requested user or resource. The directories are iterated from to to bottom in the order as they appear in the config file. The iteration stops once a directory can provide valid freebusy data. Basic Configuration =================== [httpauth] ---------- Access to the web service can be protected with basic HTTP authentication. This section controls the authentication with the following options: ``type`` ^^^^^^^^ Either one of 'static' or 'ldap'. 'static' provides a simple authentication with a static username/password pair. 'ldap' will perform an LDAP login with the provided username and password. Only users who can authenticate on LDAP will be granted access to the service. ``username`` ^^^^^^^^^^^^ Static username used with type 'static'. ``password`` ^^^^^^^^^^^^ Static password used with type 'static'. ``host`` ^^^^^^^^ Fully qualified URI to the LDAP server, including protocol and port. Example: ``ldap://localhost:389`` ``bind_dn`` ^^^^^^^^^^^ DN for binding to the LDAP service. Should be an unprivileged user with read-only access. Example: ``uid=kolab-service,ou=Special Users,dc=example,dc=org`` ``bind_pw`` ^^^^^^^^^^^ Password for binding to the LDAP service. ``filter`` ^^^^^^^^^^ Optional. Filter used to first resolve the username against LDAP. ``%s`` is replaced by the username. Example: ``(&(|(mail=%s)(alias=%s)(uid=%s))(objectclass=inetorgperson))`` [trustednetworks] ----------------- Allow privileged access from these IPs and skip HTTP authentication in case httpauth is configured. Privileged access means that instead of a dummy freebusy data block, a 404 error is returned if a user or resource could not be resolved. ``allow`` ^^^^^^^^^ A list of IPs, subnets or patterns which are considered trusted. Examples: .. parsed-literal:: allow = 127.0.0.1, 192.168.0.0/16, 10.10.*, ::1 .. _admin_kolab-freebusy-settings-log: [log] ----- Logging configuration. ``driver`` ^^^^^^^^^^ Supported drivers are 'file' and 'syslog' ``path`` ^^^^^^^^ Local filesystem path to a directory where log files will be created. ``name`` ^^^^^^^^ Filename or syslog identifier. ``level`` ^^^^^^^^^ The general log level. Possible values are: * 100 = Debug * 200 = Info * 300 = Warn * 400 = Error * 500 = Critical .. _admin_kolab-freebusy-settings-directories: Directories and Sources ======================= Directories are defined as named sections like .. code-block:: ini [directory "local"] and use the following options depending on the specified type: ``type`` -------- Either one of 'static' or 'ldap'. 'static' denotes a simple directory with an optional ``filter`` option providing a regular expression to matching the requested user name. 'ldap' directories perform an LDAP query to validate the requested user name and to provide additional attributes used for retrieving freebusy data from the linked source. This type uses the following configuration options: * host * bind_dn * bind_pw * base_dn * filter * primary_domain * attributes * attributes_lc (optional) * domain_filter (optional) * domain_base_dn (optional) ``filter`` ---------- Optional. String denoting a regular expression matched against the user name. See `PHP PCRE Manual `_ for the allowed regex syntax. ``host`` -------- Fully qualified URI to the LDAP server, including protocol and port. Example: ``ldap://localhost:389`` ``bind_dn`` ----------- DN for binding to the LDAP service. Should be an unprivileged user with read-only access. Example: ``uid=kolab-service,ou=Special Users,dc=example,dc=org`` ``bind_pw`` ----------- Password for binding to the LDAP service. ``filter`` ---------- Filter used to find the given user in LDAP. ``%s`` is replaced by the full user name, ``%u`` by the local part of the user name. Example: ``"(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%s)(alias=%s)))"`` ``base_dn`` ---------- Base DN used for the user query to LDAP. ``%dc`` is replaced by the DN matching the user name domain. Example: ``"ou=People,%dc"`` ``primary_domain`` ------------------ Fall-back domain name used for queries without fully qualified email addresses. ``attributes`` -------------- List of attributes which should be fetched from the matching LDAP entry. These will then replace placeholders in the ``fbsource`` URI. Example: ``mail, sn`` ``lc_attributes`` ----------------- List of entry attributes which are read form LDAP and are converted into lower-case characters. ``domain_filter`` ----------------- Filter used to resolve the root DN (``%dc``) for the the given user name domain. ``%s`` is replaced by the domain part of the user name. Example: ``"(&(objectclass=domainrelatedobject)(associateddomain=%s))"`` ``domain_base_dn`` ------------------ Base DN used for resolving the domain root DN with LDAP Example: ``"cn=kolab,cn=config"`` ``mail_attributes`` ------------------- List of entry attributes which denote the user's email address(es). Only used in conjunction with an 'imap' source. These attributes are used to determine whether events from shared calendars affect the user's availability. Email addresses from all these attributes are matched against the list of event attendees. ``fbsource`` ------------ This option defines the **Source** where freebusy data for the matching user is fetched from. The value is a fully qualified URI with the protocol identifier denoting the type of the source. Example: ``file:/var/lib/kolab-freebusy/%mail.ifb`` The follwing source types are supported: ``file`` ^^^^^^^^ .. code-block:: ini fbsource = file:/var/lib/kolab-freebusy/%mail.ifb ``%mail`` is a placeholder for the ``mail`` attribute from LDAP. ``http(s)`` ^^^^^^^^^^^ .. code-block:: ini fbsource = https://:@externalhost.com/free-busy/%s.ics ``%s`` is replaced with the user name from the request. ``imap`` ^^^^^^^^ .. code-block:: ini ;; read data from a users calendars (all) using IMAP proxy authentication fbsource = "imap://%mail:@localhost/?proxy_auth=cyrus-admin" ;; read data from a shared IMAP folder with cyrus-admin privileges fbsource = "imap://cyrus-admin:@localhost/%kolabtargetfolder?acl=lrs" ``%mail`` and ``%kolabtargetfolder`` are placeholders for attributes from LDAP. The ``proxy_auth`` URL parameter performs a proxy authentication using the given admin username (parameter value) and the admin password. The ``acl`` URL parameter will set the defined ACLs to the target IMAP folder in order to let the admin user read its contents. ``fbdaemon`` ^^^^^^^^^^^^ .. code-block:: ini ;; trigger kolab-freebusyd daemon to aggregate data from a user's calendars fbsource = "fbdaemon://localhost:?user=%mail" ;; trigger kolab-freebusyd to fetch data from a shared folder (i.e. for resources) fbsource = "fbdaemon://localhost:?folder=%kolabtargetfolder" ``%mail`` and ``%kolabtargetfolder`` are placeholders for attributes from LDAP. The ``user`` URL parameter specifies the command for accessing IMAP on behalf of this user (proxy authentication) and to collect data from all the calendar folders this user has access to. The ``folder`` parameter instructs the daemon to collect event data from the given IMAP mailbox. ``aggregate`` ^^^^^^^^^^^^^ In Kolab, resource collections are basically a group of recources without having calendar data assigned to the group directly. But we nevertheless want to show the availability for a collection and this is where the aggregate source type is used. .. code-block:: ini ;; LDAP filter to find a group record to aggregate data for all its members filter = "(&(objectClass=kolabgroupofuniquenames)(mail=%s))" attributes = uniquemember, mail resolve_dn = uniquemember resolve_attribute = mail ;; the 'aggregate' source takes one parameter denoting the attribute holding all member email addresses fbsource = "aggregate://%uniquemember" ;; consider these directories for getting the member's free/busy data directories = kolab-resources ``resolve_dn`` specifies the attribute of the group record that holds DNs for members that need to be resolved into valid user names/email addresses to then aggregate data for. ``resolve_attribute`` denotes the attribute of the member records that should replace the DN value. Once the members of a collection are resolved, freebusy data for each of them is fetched from the sources specified in ``directories`` and finally aggregated. .. seealso:: * Architecture & Design, Kolab Freebusy Service, :ref:`and_kolab-freebusy-directory-types` ``cacheto`` ----------- An absolute path to the local file system where freebusy data collected from the configured fbsource is cached for future requests. Can contain placeholders for LDAP attributes or ``%s`` for the requested user name. ``expires`` ----------- Defines the cache expiration time. Can contain numeric values with a unit indicator such as ``h``, ``m``, or ``s``. Example: ``10m`` for 10 minutes ``loglevel`` ------------ Log level for this directory. See :ref:`admin_kolab-freebusy-settings-log` for possible values. .. _admin_kolab-freebusy-settings-examples: Examples ======== -The `config.ini.sample `_ +The `config.ini.sample `_ file provides a full overview of possible configuration options. Sample Directory for Kolab Users -------------------------------- .. code-block:: ini [directory "kolab-users"] type = ldap host = ldap://localhost:389 bind_dn = "uid=kolab-service,ou=Special Users,dc=yourdomain,dc=com" bind_pw = "" base_dn = "ou=People,dc=yourdomain,dc=com" filter = "(&(objectClass=kolabInetOrgPerson)(|(uid=%u)(mail=%s)(alias=%s)))" attributes = mail lc_attributes = mail fbsource = file:/var/lib/kolab-freebusy/%mail.ifb Sample Directory for Resources ------------------------------ .. code-block:: ini [directory "kolab-resources"] type = ldap host = ldap://localhost:389 bind_dn = "uid=kolab-service,ou=Special Users,dc=yourdomain,dc=com" bind_pw = "" base_dn = "ou=Resources,dc=yourdomain,dc=com" filter = "(&(objectClass=kolabsharedfolder)(mail=%s))" attributes = mail, kolabtargetfolder fbsource = "fbdaemon://localhost:?folder=%kolabtargetfolder" timeout = 10 ; abort after 10 seconds cacheto = /var/cache/kolab-freebusy/%mail.ifb expires = 10m loglevel = 100 ; Debug Sample Directory for Resource Collections ----------------------------------------- .. code-block:: ini [directory "kolab-resource-collections"] type = ldap host = ldap://localhost:389 bind_dn = "uid=kolab-service,ou=Special Users,dc=yourdomain,dc=com" bind_pw = "" base_dn = "ou=Resources,dc=yourdomain,dc=com" filter = "(&(objectClass=kolabgroupofuniquenames)(mail=%s))" attributes = uniquemember resolve_dn = uniquemember resolve_attribute = mail fbsource = "aggregate://%uniquemember" directories = kolab-resources timeout = 10 ; abort after 10 seconds cacheto = /var/cache/kolab-freebusy/%mail.ifb expires = 10m loglevel = 100 ; Debug diff --git a/source/administrator-guide/upgrading-from-ke13-to-ke14.rst b/source/administrator-guide/upgrading-from-ke13-to-ke14.rst index 329fb83e..66ce85b6 100644 --- a/source/administrator-guide/upgrading-from-ke13-to-ke14.rst +++ b/source/administrator-guide/upgrading-from-ke13-to-ke14.rst @@ -1,373 +1,373 @@ ============================================ Upgrade Guide from Kolab Enterprise 13 to 14 ============================================ This document guides you through the process of upgrading Kolab Enterprise 13 to Kolab Enterprise 14. We recommend to try this upgrade on a test system before upgrading your production installation to ensure that everything will work smoothly with your specific setup. ChangeLog ========= Kolab Enterprise 14 compared to Kolab Enterprise 14 ships the following additional components: #. **Birthday Calender** Users may opt to show the birthdays of their contacts in the Kolab Web Application. #. **Web Application Paths** The folder structure has changed. The web application has moved its public web content into a *public_html/* folder. While it tries to be backwards compatible, you might want to check your virtual host configuration to match the new paths. #. **E-Mail Tagging** The roundcube plugin *kolab_tags* supports tanging of e-mails #. **Notes** The roundcube plugin *kolab_notes* supports writing and sharing notes. Via syncroton these notes can be synchronised via the ActiveSync protocol. You can also create shared Notes folders for groups. #. **Resource Management** While managing resources was already included in the Kolab Webadmin GUI, the roundcube received a new component to search, check and book resources. This part makes use of freebusy information to actually show the available resources. #. **Freebusy** The freebusy web daemon now supports caching of freebusy informations and resources. You might want to update/replace your configuration to support resources, etc. #. **Wallace** The wallace daemon now includes modules for checking iTip invitations and resource booking requests automatically. Wallace is now enabled by default in new installations. If you want to make use of it, you must integrate it in the postfix mail flow. #. **IMAP ACL editor (kolab-webadmin)** You can now create share folders within the kolab-webadmin and manage and enforce initial access control lists for those folders. #. **Organizatioal Unit Editor (kolab-webadmin)** Those installations that make use of bigger LDAP Directories or manage corporate address books within LDAP can now make use of the OU Editor instead of relying on external LDAP Editors. The ou management includes an ACL Editor for LDAP targets. Updating Kolab Enterprise ========================= These procedures are meant as an example to show you how an upgrade could work. They don't differ too much from a basic installation. RHEL 6 & CentOS 6 ----------------- Update the Kolab Enterprise repository to the new location: .. parsed-literal:: # :command:`cd /etc/yum.repos.d/` # :command:`rm Kolab*.repo` # :command:`wget https://ssl.kolabsys.com/kolab-enterprise-14-for-el6.rpm` # :command:`yum localinstall kolab-enterprise-14-for-el6.rpm` Run the upgrade process: .. parsed-literal:: # :command:`yum update` Updating Configuration Files ============================ /etc/kolab/kolab.conf --------------------- These values have been updated. Please change them in your configuration depending on your installation and needs: .. parsed-literal:: [ldap] sharedfolder_acl_entry_attribute = acl modifytimestamp_format = %Y%m%d%H%M%SZ [kolab_smtp_access_policy] delegate_sender_header = True alias_sender_header = True sender_header = True xsender_header = True cache_uri = [wallace] modules = resources, invitationpolicy, footer kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL If you're planning to make use of wallace please make sure wallace is enabled to start using :command:`chkconfig` on RHEL/Centos. Restart the services .. parsed-literal:: # :command:`service kolab-server restart` # :command:`service wallace restart` /etc/kolab-freebusy/config.ini ------------------------------ Instead of editing the configuration by hand, it can be easier to just recreate the configuration using the setup-kolab tool if you have not a specific configuration. For Redhat/CentOS .. parsed-literal:: # :command:`cp /etc/kolab-freebusy/config.ini.rpmnew /etc/kolab-freebusy/config.ini` Recreatae the configuation: .. parsed-literal:: # :command:`setup-kolab freebusy` /etc/roundcubemail/config.inc.php --------------------------------- Change the plugin load order the following way: #. move *kolab_auth* to the top position #. move *kolab_config* after *kolab_addressbook* #. add *kolab_notes* after *kolab_folders* #. add *kolab_tags* after *kolab_notes* If you want to make use of the new secure URLs feature, add 2 more $config entries .. parsed-literal:: $config['use_secure_urls'] = true; $config['assets_path'] = '/roundcubemail/assets/'; And adjust the asset path to where your webserver makes the assets available. .. ATTENTION:: Keep in mind that some of those configuration changes are requiring an updated apache configuration. Kolab Enterprise 14 introduced a seperate public_html/ folder to seperate webroot and application files. Keep this in mind if you've customized your webserver configuration and adjust it accordingly. Please pay special attention to the rewrite rules in place. /etc/roundcubemail/password.inc.php ----------------------------------- Change the password driver from **ldap** to **ldap_simple**. .. parsed-literal:: $config['password_driver'] = 'ldap_simple'; /etc/roundcubemail/kolab_files.inc.php -------------------------------------- Update the kolab_files_url to /chwala/ to be protocol independent. .. parsed-literal:: $config['kolab_files_url'] = '/chwala/'; /etc/roundcubemail/managesieve.inc.php -------------------------------------- If you want to include the dedicated vacation settings, please add this setting: .. parsed-literal:: $config['managesieve_vacation'] = 1; /etc/iRony/dav.inc.php ---------------------- The iRony configuration doesn't have anything special configurations. You might want to consider just to take the new default config file or change it based on the differences between the previous version. For Redhat/CentOS .. parsed-literal:: # :command:`cp /etc/iRony/dav.inc.php.rpmnew /etc/iRony/dav.inc.php` .. NOTE:: You can now expose the global address list via CalDAV by defining $config['kolabdav_ldap_directory'] for your installation. The URL for users to access this address book is https:///iRony/addressbooks//ldap-directory while specifics depend on your web server configuration. /etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf ----------------------------------------------------- To fix the handling of resource invitations you've to adjust your existing virtual alias maps, otherwise you end up with non-delivery-reports. Please update your filter with this new default configuration: .. parsed-literal:: query_filter = (&(|(mail=%s)(alias=%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail)) Restart the postfix daemon .. parsed-literal:: # :command:`service postfix restart` /etc/postfix/master.cf ---------------------- Here, you can optionally enable wallace if you want it to handle resource booking and invitations automatically. This will put wallace as the next content-filter after the mail has been returned from amavis to postfix. If you're don't want to make use of iTip processing or resource management you can skip this section. .. parsed-literal:: [...] 127.0.0.1:10025 inet n - n - 100 smtpd -o cleanup_service_name=cleanup_internal -o content_filter=smtp-wallace:[127.0.0.1]:10026 -o local_recipient_maps= [...] Restart the postfix daemon .. parsed-literal:: # :command:`service postfix restart` The mail flow will be the following: #. postfix receives mail (running on port :25 and port :587) #. postfix sends mail to amavisd (running on port 127.0.0.1:10024) #. amavisd checks mail #. amavisd sends mail to postfix (running on port 127.0.0.1:10025) #. postfix sends mail to wallace (running on port 127.0.0.1:10026) #. wallace checks the message for itip, resources, etc #. wallace sens mail to postfix (running on port 127.0.0.1:10026) #. postfix will start delivering the mail (external or internal) mysql database: kolab --------------------- A couple new features are relying new tables (organizational units). The shared folder have been extended to make use of the **acl** editor. You can find the full sql file here: -#. web: http://git.kolab.org/kolab-wap/tree/doc/kolab_wap.sql?id=kolab-webadmin-3.2.1 +#. web: https://git.kolab.org/diffusion/WAP/browse/master/doc/kolab_wap.sql;kolab-webadmin-3.2.1 #. locally: :file:`/usr/share/doc/kolab-webadmin/kolab_wap.sql` To not mess with your existing configuration, the kolab-webadmin package doesn't provide auto updates or upgrade files for your database. Here's a summary of what has been changed. If you've made changes on the shared folder types you might want to change the types manually in the settings section of kolab-webadmin. Open the mysql cli: .. parsed-literal:: # :command:`mysql -u root -p -D kolab` and apply the following changes: The tables will be deleted and recreated. Don't forget: if you've made changes to shared folder types, please update them manually! .. code-block:: sql -- -- Table structure for table `ou_types` -- DROP TABLE IF EXISTS `ou_types`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `ou_types` ( `id` int(11) NOT NULL AUTO_INCREMENT, `key` text NOT NULL, `name` varchar(256) NOT NULL, `description` text NOT NULL, `attributes` longtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `ou_types` -- LOCK TABLES `ou_types` WRITE; /*!40000 ALTER TABLE `ou_types` DISABLE KEYS */; INSERT INTO `ou_types` VALUES (1,'unit','Standard Organizational Unit','A standard organizational unit definition','{\"auto_form_fields\":[],\"fields\":{\"objectclass\":[\"top\",\"organizationalunit\"]},\"form_fields\":{\"ou\":[],\"description\":[],\"aci\":{\"optional\":true,\"type\":\"aci\"}}}'); /*!40000 ALTER TABLE `ou_types` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `sharedfolder_types` -- DROP TABLE IF EXISTS `sharedfolder_types`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `sharedfolder_types` ( `id` int(11) NOT NULL AUTO_INCREMENT, `key` text NOT NULL, `name` varchar(256) NOT NULL, `description` text NOT NULL, `attributes` longtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `sharedfolder_types` -- LOCK TABLES `sharedfolder_types` WRITE; /*!40000 ALTER TABLE `sharedfolder_types` DISABLE KEYS */; INSERT INTO `sharedfolder_types` VALUES (1,'addressbook','Shared Address Book','A shared address book','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"contact\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(2,'calendar','Shared Calendar','A shared calendar','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"event\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(3,'journal','Shared Journal','A shared journal','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"journal\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(4,'task','Shared Tasks','A shared tasks folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"task\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(5,'note','Shared Notes','A shared Notes folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"note\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(6,'file','Shared Files','A shared Files folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"file\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(7,'mail','Shared Mail Folder','A shared mail folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"mail\"],\"objectclass\":[\"top\",\"kolabsharedfolder\",\"mailrecipient\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[],\"alias\":{\"type\":\"list\",\"optional\":true},\"kolabdelegate\":{\"type\":\"list\",\"autocomplete\":true,\"optional\":true},\"kolaballowsmtprecipient\":{\"type\":\"list\",\"optional\":true},\"kolaballowsmtpsender\":{\"type\":\"list\",\"optional\":true},\"kolabtargetfolder\":[],\"mail\":[]}}'); /*!40000 ALTER TABLE `sharedfolder_types` ENABLE KEYS */; UNLOCK TABLES; After the database update has been applied. Logout from the kolab-webadmin interface and login back in to load the new changes. Congratulations, your Kolab Enterprise 13 installation should now be upgraded sucessfully. If you encounter any problems during the upgrade, please `file a support ticket `__. diff --git a/source/architecture-and-design/kolab-freebusy.rst b/source/architecture-and-design/kolab-freebusy.rst index 7d3a6e2c..4b3328a3 100644 --- a/source/architecture-and-design/kolab-freebusy.rst +++ b/source/architecture-and-design/kolab-freebusy.rst @@ -1,142 +1,142 @@ .. _and_kolab-freebusyd: ===================== Kolab Freebusy Daemon ===================== The Kolab Freebusy Daemon **kolab-freebusyd** is the component that generates Freebusy data for users and resources. **MORE DOCUMENTATION TO BE ADDED HERE** Running kolab-freebusyd as cron job =================================== Undocumented. Running kolab-freebusyd as daemon ================================= Undocumented. .. _and_kolab-freebusy: ====================== Kolab Freebusy Service ====================== The Kolab Freebusy Service is a REST web service serving Freebusy data through HTTP(s) at ``/freebusy/``. Queries for freebusy information for a particular user or resource can sent as GET requests in the following form: ``/freebusy/.ifb`` Example URL: .. parsed-literal:: http://example.org/freebusy/john.doe@example.org.ifb The Kolab Freebusy Service can be configured in various ways to collect freebusy data from different subsystems or services and cache and deliver them to the public. .. _and_kolab-freebusy-directories-sources: Directories and Sources ======================= The service provides different modules to first look up and validate the user or resource freebusy data is being requested and then fetching the actual data from a specific source and optionally convert it. A set of **Directories** is iterated with the current request until one can resolve the user and delivers freebusy data from the linked **Source**. Directories are defined as ``[directory ""]`` blocks in the config.ini file of the web service and link to a specific source using an URI set for ``fbsource``. See :ref:`and_kolab-freebusy-configuration` for details. .. _and_kolab-freebusy-directory-types: Directory Types --------------- ``static`` ^^^^^^^^^^ A simple directory implementation which just checks the given email address with a substring filter and either accepts or rejects the query. ``ldap`` ^^^^^^^^ The LDAP directory resolves the given email address with a configurable query to an LDAP service and provides additional attributes for the matching entry which then can be passed to the linked **Service** to find the right data. Service Types ------------- ``file`` ^^^^^^^^ Provides a path for pre-generated freebusy data stored on the local filesystem. These files are usually generated by the :ref:`and_kolab-freebusyd` running as cron job. ``http`` ^^^^^^^^ Can fetch freebusy data from another service via HTTP(s). ``imap`` ^^^^^^^^ Allows to directly read a user's calendar in IMAP and aggregate the stored event data into an anonymized freebusy block. .. NOTE:: This is note recommended to be used in a productive environment because the web service directly accesses the IMAP backend with admin privileges (proxy authentication) which should be avoided in a publicly accessible web service. ``fbdaemon`` ^^^^^^^^^^^^ With :ref:`and_kolab-freebusyd` running in daemon mode, this source connects to the freebusyd and starts a job to aggregate and deliver freebusy data for a user or a resource. ``aggregate`` ^^^^^^^^^^^^^ Aggregates Freebusy data from all members of a group into one data block that only shows slots as busy if they're unavailable for all members. Formatters ========== When fetching data from a specific source, format conversions can be applied before delivering the data to the requesting client. For example the Kolab Freebusy Service can convert data from an Exchange 2010 service into the iCal Freebusy format. .. _and_kolab-freebusy-configuration: Configuration Options ===================== -The `config.ini.sample `_ +The `config.ini.sample `_ file provides an overview of possible configuration options with several examples. The full documentation of the Kolab Freebusy Service configuration can be found in the :ref:`admin_kolab-freebusy-settings`. diff --git a/source/upgrade-guide/kolab-3.3.rst b/source/upgrade-guide/kolab-3.3.rst index 83dde015..9db0eef5 100644 --- a/source/upgrade-guide/kolab-3.3.rst +++ b/source/upgrade-guide/kolab-3.3.rst @@ -1,440 +1,440 @@ ==================================== Upgrade Notes from Kolab 3.1 to 3.3 ==================================== This chapter contains some upgrade notes for moving forward from Kolab 3.1 to Kolab 3.3. You can use this guide aswell for upgrading from Kolab 3.2 to 3.3. The differences aren't that many. ChangeLog ========= While Kolab 3.2 mostly included backend and groundlaying changes for upcoming realases due to switching to Cyrus IMAPd 2.5, Kolab 3.3 now ships with couple new and updated frontend and admin modules. Kolab 3.3 compared to Kolab 3.1 ships the following additional components: #. **Birthday Calender** This feature was already incuded in Kolab Groupware 3.2 #. **New roundcube release** The folder structure has changed. Roundcube has moved their public web content into a *public_html/* folder. While it tries to be backwards compatible, you might want to check your virtual host configuration if you've actually modified it. #. **E-Mail Tagging** The roundcube plugin *kolab_tags* supports taggging of e-mails #. **Notes** The roundcube plugin *kolab_notes* supports writing and sharing notes. Via syncroton these notes can be managed via the active sync protocol as well. You can also create shared notesfolders for groups. #. **Resource Management** While managing resources was already included in the Kolab Webadmin GUI, the roundcube frontend was missing a component to search, check and book resources. This part makes use of freebusy informations to actually show the availabilities. #. **Freebusy** The freebusy web daemon now supports caching of freebusy informations and resources. You might want to update/replace your configuation to support resources, etc. #. **Wallace** The wallace daemon now includes modules for checking iTip invitations and resource booking requests. Wallace is now enabled by default in new Kolab 3.3 installations. If you want to make use of it, you must integrate it in the postfix mail flow. #. **IMAP ACL editor (kolab-webadmin)** You can now create share folders within the kolab-webadmin and manage and enforce initial access control lists for those folders. #. **Organizatioal Unit Editor (kolab-webadmin)** Those installations that make use of bigger LDAP Directories or manage corporation addressbooks within LDAP can now make use of the OU Editor instead of relying on external LDAP Editors. The ou management includes an ACL Editor for LDAP targets. Updating the system =================== These update procecures are just an example. They don't differ too much from a basic installation. CentOS 6 -------- Update the repo to the new location .. parsed-literal:: # :command:`cd /etc/yum.repos.d/` # :command:`rm Kolab*.repo` # :command:`wget http://obs.kolabsys.com/repositories/Kolab:/3.3/CentOS_6/Kolab:3.3.repo` # :command:`wget http://obs.kolabsys.com/repositories/Kolab:/3.3:/Updates/CentOS_6/Kolab:3.3:Updates.repo` run the upgrade process .. parsed-literal:: # :command:`yum update` Debian 7 -------- Update the repo to the new location .. parsed-literal:: # :command:`echo "deb http://obs.kolabsys.com/repositories/Kolab:/3.3/Debian_7.0/ ./ deb http://obs.kolabsys.com/repositories/Kolab:/3.3:/Updates/Debian_7.0/ ./" > /etc/apt/sources.list.d/kolab.list` Import the new Release Keys .. parsed-literal:: # :command:`wget -qO - http://obs.kolabsys.com/repositories/Kolab:/3.3/Debian_7.0/Release.key | apt-key add -` # :command:`wget -qO - http://obs.kolabsys.com/repositories/Kolab:/3.3:/Updates/Debian_7.0/Release.key | apt-key add -` If you've don't have set a correct apt-pinning, please check the Installation Guide. Update and Upgrade the system .. parsed-literal:: # :command:`apt-get update` # :command:`apt-get dist-upgrade` .. WARNING:: You'll get ask if you want to replace your configuration files! DON'T overwrite them! You'll lose your configuration and credentials and end up with a broken frontend. Update your configuration files =============================== If you want to check want configuration files have changed, the best way is to compare the previous and current version in the GIT repository. You can find most of the configuration file that have changed when you compare the templates of pykolab/setup-kolab. - http://git.kolab.org/pykolab/diff/share/templates/?id=pykolab-0.7.1&id2=pykolab-0.6.10 + http://cgit.kolab.org/pykolab/diff/share/templates/?id=pykolab-0.7.1&id2=pykolab-0.6.10 /etc/kolab/kolab.conf --------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/conf/kolab.conf?id=pykolab-0.7.1&id2=pykolab-0.6.10 + http://cgit.kolab.org/pykolab/diff/conf/kolab.conf?id=pykolab-0.7.1&id2=pykolab-0.6.10 These are the values that have been updated. Please change them in your configuration depending on your installation and needs .. parsed-literal:: [ldap] sharedfolder_acl_entry_attribute = acl modifytimestamp_format = %Y%m%d%H%M%SZ [kolab_smtp_access_policy] delegate_sender_header = True alias_sender_header = True sender_header = True xsender_header = True cache_uri = [wallace] modules = resources, invitationpolicy, footer kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL If you're planning to make use of wallace please make sure wallace is enabled to start using :command:`chkconfig` on RHEL/Centos or :file:`/etc/default/wallace` on debian. Restart the services .. parsed-literal:: # :command:`service kolab-server restart` # :command:`service wallace restart` /etc/kolab-freebusy/config.ini ------------------------------ You can see the configuration differences here: http://git.kolab.org/kolab-freebusy/diff/config/config.ini.sample?id=kolab-freebusy-1.0.5&id2=kolab-freebusy-1.0.3 Instead of editing the configuration by hand it's easier to just recreate the configuration using the setup-kolab tool. For Redhat/CentOS .. parsed-literal:: # :command:`cp /etc/kolab-freebusy/config.ini.rpmnew /etc/kolab-freebusy/config.ini` For Debian .. parsed-literal:: # :command:`cp /etc/kolab-freebusy/config.ini.dpkg-dist /etc/kolab-freebusy/config.ini` Recreatae the configuation: .. parsed-literal:: # :command:`setup-kolab freebusy` /etc/roundcubemail/config.inc.php --------------------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/share/templates/roundcubemail/config.inc.php.tpl?id=pykolab-0.7.1&id2=pykolab-0.6.10 - http://git.kolab.org/pykolab/commit/?id=57a48ed5e5fed38b4bbbb088fc9425a4b407c0b0 + http://cgit.kolab.org/pykolab/diff/share/templates/roundcubemail/config.inc.php.tpl?id=pykolab-0.7.1&id2=pykolab-0.6.10 + http://cgit.kolab.org/pykolab/commit/?id=57a48ed5e5fed38b4bbbb088fc9425a4b407c0b0 Change the plugin load order the follwing way: #. move *kolab_auth* to the top position #. move *kolab_config* after *kolab_addressbook* #. add *kolab_notes* after *kolab_folders* #. add *kolab_tags* after *kolab_notes* add 2 more $config entries .. parsed-literal:: $config['use_secure_urls'] = true; $config['assets_path'] = '/roundcubemail/assets/'; .. ATTENTION:: Keep in mind that some of those configuration changes are requiring an updated apache configuration. Roundcube 1.1 introduced a seperate public_html/ folder to seperate webroot and application files. Keep this in mind i you've customized your webserver configuration. /etc/roundcubemail/password.inc.php ----------------------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/share/templates/roundcubemail/password.inc.php.tpl?id=pykolab-0.7.1&id2=pykolab-0.6.10 + http://cgit.kolab.org/pykolab/diff/share/templates/roundcubemail/password.inc.php.tpl?id=pykolab-0.7.1&id2=pykolab-0.6.10 Change the password driver from **ldap** to **ldap_simple**. .. parsed-literal:: $config['password_driver'] = 'ldap_simple'; /etc/roundcubemail/kolab_files.inc.php -------------------------------------- You can see the configuration change here: - http://git.kolab.org/pykolab/commit/?id=172545ebeba5c73cbb502fcae859b27df7aafed2 + http://cgit.kolab.org/pykolab/commit/?id=172545ebeba5c73cbb502fcae859b27df7aafed2 Update the kolab_files_url to /chwala/ to be protocol independent. .. parsed-literal:: $config['kolab_files_url'] = '/chwala/'; /etc/iRony/dav.inc.php ---------------------- You can see the configuration differences here: - http://git.kolab.org/iRony/diff/config/dav.inc.php.sample?id=54802da29dd4e77ca8c716f6c24c1aabef3a3c1f&id2=iRony-0.2.4 + http://cgit.kolab.org/iRony/diff/config/dav.inc.php.sample?id=54802da29dd4e77ca8c716f6c24c1aabef3a3c1f&id2=iRony-0.2.4 The iRony configuration doesn't have anything special configurations. You might want to consider just to take the new default config file or change it based on the differences between the previous version. For Redhat/CentOS .. parsed-literal:: # :command:`cp /etc/iRony/dav.inc.php.rpmnew /etc/iRony/dav.inc.php` For Debian .. parsed-literal:: # :command:`cp /etc/iRony/dav.inc.php.dpkg-dist /etc/iRony/dav.inc.php` /etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf ----------------------------------------------------- To fix the handling of resource invitations you've to adjust your existing virtual alias maps, otherwise you end up with non-delivery-reports. Please update your filter with this new default configuration: .. parsed-literal:: query_filter = (&(|(mail=%s)(alias=%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail)) Restart the postfix daemon .. parsed-literal:: # :command:`service postfix restart` /etc/postfix/master.cf ---------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/share/templates/master.cf.tpl?id=pykolab-0.7.1&id2=pykolab-0.6.10 + http://cgit.kolab.org/pykolab/diff/share/templates/master.cf.tpl?id=pykolab-0.7.1&id2=pykolab-0.6.10 This will put wallace as the next content-filter after the mail has been returned from amavis to postfix. If you're don't want to make use of iTip processing or resource management you can skip this section. .. parsed-literal:: [...] 127.0.0.1:10025 inet n - n - 100 smtpd -o cleanup_service_name=cleanup_internal -o content_filter=smtp-wallace:[127.0.0.1]:10026 -o local_recipient_maps= [...] Restart the postfix daemon .. parsed-literal:: # :command:`service postfix restart` The mail flow will be the following: #. postfix receives mail (running on port :25 and port :587) #. postfix sends mail to amavisd (running on port 127.0.0.1:10024) #. amavisd checks mail #. amavisd sends mail to postfix (running on port 127.0.0.1:10025) #. postfix sends mail to wallace (running on port 127.0.0.1:10026) #. wallace checks the message for itip, resources, etc #. wallace sens mail to postfix (running on port 127.0.0.1:10026) #. postfix will start delivering the mail (external or internal) mysql database: kolab --------------------- A couple new features are relying new tables (organizational units). The shared folder have been extended to make use of the **acl** editor. You can find the full sql file here: -#. web: http://git.kolab.org/kolab-wap/tree/doc/kolab_wap.sql?id=kolab-webadmin-3.2.1 +#. web: http://cgit.kolab.org/webadmin/tree/doc/kolab_wap.sql?id=kolab-webadmin-3.2.1 #. locally: :file:`/usr/share/doc/kolab-webadmin/kolab_wap.sql` The kolab-webadmin package doesn't provide auto updates or upgrade files for your database. Here's a summary of what has been changed. If you've made changes on the shared folder types you might want to change the types manually in the settings section of kolab-webadmin. Open the mysql cli: .. parsed-literal:: # :command:`mysql -u root -p -D kolab` and apply the followin changes: The tables will be deleted and recreated. Don't forget: if you've made changes to shared folder types, please update them manually! .. code-block:: sql -- -- Table structure for table `ou_types` -- DROP TABLE IF EXISTS `ou_types`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `ou_types` ( `id` int(11) NOT NULL AUTO_INCREMENT, `key` text NOT NULL, `name` varchar(256) NOT NULL, `description` text NOT NULL, `attributes` longtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `ou_types` -- LOCK TABLES `ou_types` WRITE; /*!40000 ALTER TABLE `ou_types` DISABLE KEYS */; INSERT INTO `ou_types` VALUES (1,'unit','Standard Organizational Unit','A standard organizational unit definition','{\"auto_form_fields\":[],\"fields\":{\"objectclass\":[\"top\",\"organizationalunit\"]},\"form_fields\":{\"ou\":[],\"description\":[],\"aci\":{\"optional\":true,\"type\":\"aci\"}}}'); /*!40000 ALTER TABLE `ou_types` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `sharedfolder_types` -- DROP TABLE IF EXISTS `sharedfolder_types`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `sharedfolder_types` ( `id` int(11) NOT NULL AUTO_INCREMENT, `key` text NOT NULL, `name` varchar(256) NOT NULL, `description` text NOT NULL, `attributes` longtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `sharedfolder_types` -- LOCK TABLES `sharedfolder_types` WRITE; /*!40000 ALTER TABLE `sharedfolder_types` DISABLE KEYS */; INSERT INTO `sharedfolder_types` VALUES (1,'addressbook','Shared Address Book','A shared address book','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"contact\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(2,'calendar','Shared Calendar','A shared calendar','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"event\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(3,'journal','Shared Journal','A shared journal','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"journal\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(4,'task','Shared Tasks','A shared tasks folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"task\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(5,'note','Shared Notes','A shared Notes folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"note\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(6,'file','Shared Files','A shared Files folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"file\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(7,'mail','Shared Mail Folder','A shared mail folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"mail\"],\"objectclass\":[\"top\",\"kolabsharedfolder\",\"mailrecipient\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[],\"alias\":{\"type\":\"list\",\"optional\":true},\"kolabdelegate\":{\"type\":\"list\",\"autocomplete\":true,\"optional\":true},\"kolaballowsmtprecipient\":{\"type\":\"list\",\"optional\":true},\"kolaballowsmtpsender\":{\"type\":\"list\",\"optional\":true},\"kolabtargetfolder\":[],\"mail\":[]}}'); /*!40000 ALTER TABLE `sharedfolder_types` ENABLE KEYS */; UNLOCK TABLES; After the database update has been applied. Logout from the kolab-webadmin interface and login back in to load the new changes. diff --git a/source/upgrade-guide/kolab-3.4.rst b/source/upgrade-guide/kolab-3.4.rst index 47099dc7..fd22bace 100644 --- a/source/upgrade-guide/kolab-3.4.rst +++ b/source/upgrade-guide/kolab-3.4.rst @@ -1,440 +1,440 @@ ==================================== Upgrade Notes from Kolab 3.3 to 3.4 ==================================== ChangeLog ========= #. **New skin for Roundcube: Chameleon** **Chameleon** is the new default skin for Kolab Groupware and replaces the default **larry** skin. #. **Freebusy now supports resource collections** If you have a resource collection of multiple resources freebusy can now provide an aggregated view on the data from all its members #. **CSRF is now enabled by default for Debian** In the previous release the CSRF patch was only enabled within the RPM packages. With Kolab 3.4 this security patch has been applied to the Debian packages as well. So make sure your webserver configuration needs to be adjusted in case you modified it. #. **Kolab Webadmin provides a 'Default' Type** You no longer have to switch from 'Contact' to 'Kolab User' when creating a new user. #. **Lots Of Bugfixes** Updating the system =================== These update procecures are just an example. They don't differ too much from a basic installation. CentOS 6 -------- Update the repo to the new location .. parsed-literal:: # :command:`cd /etc/yum.repos.d/` # :command:`rm Kolab*.repo` # :command:`wget http://obs.kolabsys.com/repositories/Kolab:/3.4/CentOS_6/Kolab:3.4.repo` # :command:`wget http://obs.kolabsys.com/repositories/Kolab:/3.4:/Updates/CentOS_6/Kolab:3.4:Updates.repo` run the upgrade process .. parsed-literal:: # :command:`yum update` Debian 7 -------- Update the repo to the new location .. parsed-literal:: # :command:`echo "deb http://obs.kolabsys.com/repositories/Kolab:/3.4/Debian_7.0/ ./ deb http://obs.kolabsys.com/repositories/Kolab:/3.4:/Updates/Debian_7.0/ ./" > /etc/apt/sources.list.d/kolab.list` If you've don't have set a correct apt-pinning or release keys, please check the Installation Guide. Update and Upgrade the system .. parsed-literal:: # :command:`apt-get update` # :command:`apt-get dist-upgrade` .. WARNING:: You'll get ask if you want to replace your configuration files! DON'T overwrite them! You'll lose your configuration and credentials and end up with a broken frontend. Update your configuration files =============================== If you want to check want configuration files have changed, the best way is to compare the previous and current version in the GIT repository. /etc/imapd.conf --------------- With the most recent upstream cyrus-imapd version a few config parameters have changed. - http://git.kolab.org/pykolab/diff/share/templates/imapd.conf.tpl?id=pykolab-0.7.6&id2=pykolab-0.7.1 + http://cgit.kolab.org/pykolab/diff/share/templates/imapd.conf.tpl?id=pykolab-0.7.6&id2=pykolab-0.7.1 The following parameters have been renamed: .. parsed-literal:: tls_cert_file --> tls_server_cert tls_key_file --> tls_server_key tls_ca_file --> tls_server_ca_file || tls_client_ca_file If you don't use server or client certificate validation feel free to remove the ``tls_ca_file`` parameter and/or consult the cyrus-imapd 2.5 documentation for clarification. Additionally we can enable 2 more sieve_extensions (date + index) and remove the flushseenstate option. .. parsed-literal:: sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index # flushseenstate: 1 /etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf ----------------------------------------------------- .. note:: This fix applies to other sharedfolders.cf configuration files as well (in a multidomain environment) Change the result_format to be enclosed by quotes otherwise you can't deliver mail messages to shared mailboxes that contains spaces in the mailbox name. .. parsed-literal:: result_format = "shared+%s" **Background** There's a mailbox that's called ``The A Team`` with a delivery address of ``team@example.org``. The resulting IMAP Folder would/should be ``shared/The A Team@example.org``. If you now send an email to ``team@example.org`` it will get remapped to ``"shared+shared/The A Team@example.org"@example.org``. Without the quotes you get 3 non-delivery-reports because whitespace would be considered a delimiter. /etc/kolab/kolab.conf --------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/conf/kolab.conf?id=pykolab-0.7.6&id2=pykolab-0.7.1 + http://cgit.kolab.org/pykolab/diff/conf/kolab.conf?id=pykolab-0.7.6&id2=pykolab-0.7.1 We only have one new option for wallace, which can be ignored if you don't use wallace for resource management. Restart wallace and kolab-server after upgrading all python modules should be done anyway. .. parsed-literal:: [wallace] resource_calendar_expire_days = 100 Don't forget to restart the wallace service **On Debian** .. parsed-literal:: # :command:`service wallace restart` # :command:`service kolab-server restart` **On CentOS** .. parsed-literal:: # :command:`service wallace restart` # :command:`service kolabd restart` /etc/kolab-freebusy/config.ini ------------------------------ You can see the configuration differences here: http://git.kolab.org/kolab-freebusy/diff/config/config.ini.sample?id=kolab-freebusy-1.0.6&id2=kolab-freebusy-1.0.5 Instead of editing the configuration by hand it's easier to just recreate the configuration using the setup-kolab tool. The :command:`setup-kolab freebusy` command has been fixed to generate a working default configuration right of the box. For Redhat/CentOS .. parsed-literal:: # :command:`cp /etc/kolab-freebusy/config.ini.rpmnew /etc/kolab-freebusy/config.ini` For Debian .. parsed-literal:: # :command:`cp /etc/kolab-freebusy/config.ini.dpkg-dist /etc/kolab-freebusy/config.ini` Recreate the configuation: .. parsed-literal:: # :command:`setup-kolab freebusy` /etc/roundcubemail/config.inc.php --------------------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/share/templates/roundcubemail/config.inc.php.tpl?id=pykolab-0.7.6&id2=pykolab-0.7.1 + http://cgit.kolab.org/pykolab/diff/share/templates/roundcubemail/config.inc.php.tpl?id=pykolab-0.7.6&id2=pykolab-0.7.1 The 'threading_as_default' no longer exists and therfore don't need to be loaded. So you can safely remove it. .. parsed-literal:: $config['plugins'] = array( ... // 'threading_as_default', ... ); add or update the following $config entries .. parsed-literal:: $config['assets_dir'] = '/usr/share/roundcubemail/public_html/assets/'; $config['useragent'] = 'Kolab 3.4/Roundcube ' . RCUBE_VERSION; $config['skin'] = 'chameleon'; With Kolab Groupware having now it's own skin you can savely remove the skin_logo configuration. .. parsed-literal:: // $config['skin_logo'] = 'skins/kolab/images/kolab_logo.png'; .. ATTENTION:: Keep in mind that the CSRF patch has now been applied to the Debian packages as well. Make sure to update your webserver configuration and rewrite rules. Otherwise consider disabling **use_secure_urls**. /etc/roundcubemail/managesieve.inc.php -------------------------------------- You can see the configuration differences here: - http://git.kolab.org/pykolab/diff/share/templates/roundcubemail/managesieve.inc.php.tpl?id=HEAD&id2=pykolab-0.7.1 + http://cgit.kolab.org/pykolab/diff/share/templates/roundcubemail/managesieve.inc.php.tpl?id=HEAD&id2=pykolab-0.7.1 Turn of debugging and add 2 additional entries: .. parsed-literal:: $config['managesieve_debug'] = false; $config['managesieve_filename_extension'] = ''; $config['managesieve_kolab_master'] = true; /etc/roundcubemail/libkolab.inc.php ----------------------------------- You can savely switch to a relative url for freebusy. .. parsed-literal:: $config['kolab_freebusy_server'] = '/freebusy'; /etc/iRony/dav.inc.php ---------------------- You can see the configuration differences here: - http://git.kolab.org/iRony/diff/config/dav.inc.php.sample?id=iRony-0.3.0&id2=iRony-0.2.8 + http://cgit.kolab.org/iRony/diff/config/dav.inc.php.sample?id=iRony-0.3.0&id2=iRony-0.2.8 If you use the global addressbook <> CardDAV gateway you might want to take a look on the changes, otherwise you can just take the default configuration. For Redhat/CentOS .. parsed-literal:: # :command:`cp /etc/iRony/dav.inc.php.rpmnew /etc/iRony/dav.inc.php` For Debian .. parsed-literal:: # :command:`cp /etc/iRony/dav.inc.php.dpkg-dist /etc/iRony/dav.inc.php` Webserver ========= Check for new versions of the apache configuration files (in case you modified) them. **For Centos / RHEL** .. parsed-literal:: # :command:`find /etc/httpd/ -type f -name "*.rpm*"` **For Debian / Ubuntu** .. parsed-literal:: # :command:`find /etc/apache2/ -type f -name "*.dpkg*"` If you're running a different webserver configuration (like nginx) please check the howto or the configuration files for any changes and apply them to your setup accordingly. Database ======== mysql database: kolab --------------------- The admin database got a few minor updates: You can find the full sql file here: -#. web: http://git.kolab.org/kolab-wap/tree/doc/kolab_wap.sql?id=kolab-webadmin-3.2.6 +#. web: http://cgit.kolab.org/webadmin/tree/doc/kolab_wap.sql?id=kolab-webadmin-3.2.6 #. locally: :file:`/usr/share/doc/kolab-webadmin/kolab_wap.sql` The kolab-webadmin package doesn't provide auto updates or upgrade files for your database. Here's a summary of what has been changed. If you've made changes on the shared folder types you might want to change the types manually in the settings section of kolab-webadmin. Open the mysql cli or your favorite database administration frontend. .. parsed-literal:: # :command:`mysql -u root -p -D kolab` and apply the followin changes: The tables will be deleted and recreated. Don't forget: if you've made changes to shared folder types, please update them manually! .. ATTENTION:: Don't forget to make **backups** of your database before applying the changes! Fix the name field length. .. code-block:: sql ALTER TABLE `group_types` CHANGE `name` `name` VARCHAR( 255 ) NOT NULL ; ALTER TABLE `ou_types` CHANGE `name` `name` VARCHAR( 255 ) NOT NULL ; ALTER TABLE `resource_types` CHANGE `name` `name` VARCHAR( 255 ) NOT NULL ; ALTER TABLE `role_types` CHANGE `name` `name` VARCHAR( 255 ) NOT NULL ; ALTER TABLE `sharedfolder_types` CHANGE `name` `name` VARCHAR( 255 ) NOT NULL ; ALTER TABLE `user_types` CHANGE `name` `name` VARCHAR( 255 ) NOT NULL ; The old kolab was still in the latin1 format. We should unify everything into the utf-8 format. .. code-block:: sql ALTER TABLE `group_types` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; ALTER TABLE `ou_types` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; ALTER TABLE `resource_types` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; ALTER TABLE `role_types` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; ALTER TABLE `sharedfolder_types` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; ALTER TABLE `user_types` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci; A new field got introduced to mark the default type (for example 'Kolab User'). .. code-block:: sql ALTER TABLE `group_types` ADD `is_default` tinyint(1) DEFAULT 0; ALTER TABLE `ou_types` ADD `is_default` tinyint(1) DEFAULT 0; ALTER TABLE `resource_types` ADD `is_default` tinyint(1) DEFAULT 0; ALTER TABLE `role_types` ADD `is_default` tinyint(1) DEFAULT 0; ALTER TABLE `sharedfolder_types` ADD `is_default` tinyint(1) DEFAULT 0; ALTER TABLE `user_types` ADD `is_default` tinyint(1) DEFAULT 0; UPDATE `user_types` SET `is_default` = 1 WHERE `key` = 'kolab'; After the database update has been applied. Logout from the kolab-webadmin interface and login back in to load the new changes. mysql database: roundcube ------------------------- The libkolab plugin had some changes. These changes are effecting the ``kolab_cache*`` tables. SQL upgrades are usually run during the package installation. Please verify that we the tables have been upgraded to the lastest version. .. parsed-literal:: # :command:`mysql -u root -p -D roundcube -e 'SELECT * FROM system WHERE name LIKE "libkolab%"'` +------------------+------------+ | name | value | +------------------+------------+ | libkolab-version | 2015020600 | +------------------+------------+ .. note:: The initial Kolab 3.4 roundcubemail-plugins-kolab rpm packages had this upgrade database procedure missing. Under some circumstances it can be possible that his upgrade couldn't be applied as expected. If you experience probems with your mysql database check if the database was updated correctly and apply the pathces using the following command and verify the result: .. parsed-literal:: # :command:`/usr/share/roundcubemail/bin/updatedb.sh --dir /usr/share/roundcubemail/plugins/libkolab/SQL --package libkolab` # :command:`mysql -u root -p -D roundcube -e 'SELECT * FROM system WHERE name LIKE "libkolab%"'` +------------------+------------+ | name | value | +------------------+------------+ | libkolab-version | 2015020600 | +------------------+------------+ If you still have problems or the sql upgrade didn't went through as expected. It is save to recreate the libkolab tables (kolab_folders, kolab_cache_*) as they're only used to cache items from the imap storage. .. parsed-literal:: # :command:`mysql -u root -p -D roundcube < /usr/share/roundcubemail/plugins/libkolab/SQL/mysql.initial.sql`