Zimbra
From Smop.co.uk
Contents |
Basic Zimbra v6.0 install
- install ubuntu-8.04 server (only package required is openssh-server)
- download zcs-NETWORK-6.0.4_GA_2038.UBUNTU8_64.20091214195453.tgz
- untar it
- following http://www.zimbra.com/docs/ne/latest/single_server_install/System%20Requirements.html#1058693
- apt-get install libpcre3 libstdc++5 libgmp3c2 sysstat libperl5.8
- note: Zimbra mistakenly state libstd++, not libstdc++, libxprt1 doesn't exist
- apt-get install libpcre3 libstdc++5 libgmp3c2 sysstat libperl5.8
- edit /etc/hosts and change 127.0.1.1 into the main IP of the box as Zimbra mistakenly complains otherwise
- setup logging:
- edit /etc/default/syslogd and add "-r" to the options
- /etc/init.d/sysklogd restart
- /opt/zimbra/bin/zmsyslogsetup (this edits /etc/syslog.conf)
- run ./install.sh (this does various checks)
- install all the packages except zimbra-archiving
- ensure hostname is in DNS (and has an MX)
- change domainname if required (strip off hostname for example)
- set the unconfigured items:
- 1 -> 5 (Change Timezone) - select London
- r -> 3 -> 4 (Admin Password)
- 23 (License filename)
- r -> a (apply changes)
- save config into a file (/opt/zimbra/config... is the default)
- once setup has finished:
- https://servername (mail)
- https://servername:7071 (admin - or login above and click "domain admin" at the top right)
- Class of service -> default -> preferences - change timezone to London (probably since I missed the timezone step above)
SugarCRM install
I co-hosted this, in order to find out the mysql password:
- su - zimbra
- zmlocalconfig -s | grep mysql | grep password
- mysql --socket=/opt/zimbra/db/mysql.sock -u root -p
- did this temporarily:
- ln -sf /opt/zimbra/db/mysql.sock /var/run/mysqld/mysqld.sock
Download SugarCRM community edition
- apt-get unzip libapache2-mod-php5 php5-mysql
- unzip SugarCE-5.5.0.zip and move it into /usr/share/sugar
- edit /etc/php5/apache2/php.ini:
- set memory_limit = 40M (actually, 150M didn't cut it when importing demo data, 250M was needed!)
- due to co-hosting with zimbra, I changed /etc/apache2/ports.conf to say "Listen 8080"
- /etc/apache2/conf.d/sugar:
- Alias /sugar /usr/share/sugar
- mv /usr/share/sugar/cache /var/cache/sugar
- ln -sf /var/cache/sugar /usr/share/sugar/cache
- mkdir /var/lib/sugar
- mv /usr/share/sugar/data /var/lib/sugar
- ln -sf /var/lib/sugar/data /usr/share/sugar/data
- mv /usr/share/sugar/custom /var/lib/sugar
- ln -sf /var/lib/sugar/custom /usr/share/sugar/custom
- mv /usr/share/sugar/modules /var/lib/sugar
- ln -sf /var/lib/sugar/modules /usr/share/sugar/modules
- mkdir /etc/sugar
- touch /etc/sugar/config.php /etc/sugar/config_override.php
- ln -sf /etc/sugar/config.php /usr/share/sugar/config.php
- ln -sf /etc/sugar/config_override.php /usr/share/sugar/config_override.php
- chown -R www-data /var/cache/sugar /etc/sugar/config.php /var/lib/sugar/data /var/lib/sugar/custom /var/lib/sugar/modules
- chown root /var/cache/sugar/index.html
- GUI chucks up errors unless we do this next bit!
- cd /usr/share/sugar/include/javascript
- chown www-data sugar_grp1.js sugar_grp1_yui.js sugar_grp_yui_widgets.js sugar_grp_yui_widgets.css sugar_grp_overlib.js sugar_grp_yui2.js
- setup the database in mysql:
- create database sugarcrm;
- grant all on sugarcrm.* to 'sugarcrm'@'localhost' identified by '...';
- /etc/init.d/apache2 restart
- visit http://servername(:8080)/sugar/
- accept the agreement
- all checks should pass
- select custom install
- select MySQL database
- database is called "sugarcrm"
- hostname is "localhost"
- select "provide existing user", fill in the details as above
- do not populate DB with demo data
- on the next screen:
- set the URL to "https://servername/sugar/""
- set the system name to "SugarCRM"
- on the next screen:
- deselect "Send Anonymous Usage Statistics"
- deselect Automatic updates
- leave all other options alone (deselected)
- on the locale screen:
- set date format to 2006-12-23
- set time format to 23:00
- set default currency to British pounds
- It suggests an .htaccess file (so this should be converted to /etc/apache2/conf.d/sugar):
Alias /sugar /usr/share/sugar <Location /sugar> RedirectMatch 403 (?i).*\.log$ RedirectMatch 403 (?i)/+not_imported_.*\.txt RedirectMatch 403 (?i)/+(soap|cache|xtemplate|data|examples|include|log4php|metadata|modules)/+.*\.(php|tpl) RedirectMatch 403 (?i)/+emailmandelivery\.php RedirectMatch 403 (?i)/+cache/+upload RedirectMatch 403 (?i)/+files\.md5$ </Location>
Configure email:
- Admin -> Email Settings:
- set From Name to something such as "Example Com Sales"
- set From Address to sales@example.com
- personally I abhor "do_not_reply" addresses - if shouldn't be sending from invalid addresses IMO
- set mail server to "localhost" (or the name of the zimbra server)
Setup email monitoring:
- Admin -> Inbound Email -> Monitor New Mail Account
- Email Name: Example Com Sales
- Mail Server Address: "localhost" (or the name of the zimbra server
- Mail Server Protocol: IMAP
- Username: sales
- Monitored Folders: INBOX
- Trash Folder: Trash
- Sent Folder: Sent
- From Name: Example Com Sales
- From Address: sales@example.com
- Possible Actions: Bounce Handling
- leave the rest at their defaults
- Marketing -> Email Setup
- Next, Next, Save :-)
- This may not be required - SugarCRM was falsely testing configuration by seeing if they said "example.com"! in:
- modules/Campaigns/CampaignDiagnostic.php
- modules/Campaigns/utils.php
Setup mailing lists:
- Marketing -> Create Target List
- Name: customerlist
- Type: default
- Marketing -> Create Target List
- Name: testlist
- Type: test
- Now select Marketing -> Contacts and add customers to customerlist and test user(s) to testlist by selecting them and then selecting "Add to Target List"
Send marketing email:
- Marketing -> Campaign Wizard
- Campaign Header:
- Email campaign
- Name: testcampaign
- End Date: whenever you like
- Next
- Budget:
- Next
- Tracker:
- Next
- Target List:
- Select both target lists (testlist and targetlist)
- Save and continue
- Marketing:
- Name: testemail
- Email account: Example Com Sales
- Status: Active
- Send this message to: select "testlist" to begin with
- Start Date: pick today and a time in the near future
- Email template: Create
- Name: testemailtemplate
- Body: fill this in and save
- Next
- Send Marketing Email As Test
- Wait until the appointed time
- Campaign Header:
Add mailbox:
- Activies -> Email -> Settings
- fill in information as before (for sales account) and select "Save"
- mailbox will now appear in the left hand side
- select an email and "import to sugar"
- both "Assigned to" and "Relates to" fileds auto-search - just start typing and pause for a moment
logging
- mkdir /var/log/sugarcrm
- chown www-data /var/log/sugarcrm
- /etc/sugarcrm/config.php:
- 'log_dir' => '/var/log/sugarcrm/sugarcrm.log',
LDAP integration
- apt-get install php5-ldap
- bounce apache
- if using TLS, add after both "LDAP_OPT_REFERRALS" lines in /usr/share/sugar/modules/Users/authentication/LDAPAuthenticate/LDAPAuthenticateUser.php:
- ldap_start_tls($ldapconn);
- Admin -> Password management -> Enable LDAP
- Server = ldap1.example.com (NB: zimbra ldap doesn't normally listen on localhost)
- Port Number = 389
- User DN = ou=people,dc=example,dc=com
- Bind Attribute = uid (so that it binds using the full DN it found, rather than as "abridgett")
- Login Attribute = uid (hmm - would be nice to restrict this a group somehow)
- Authenticated User = cn=sugarcrm,ou=Services,dc=example,dc=com
- Authenticate Password = ....
Configuring Email Notifications
- Admin -> Email Settings (Email panel)
- Tick "Notifications on?"
- change Mail Transfer Agent from sendmail to SMTP
- set SMTP server to localhost (the SMTP port defaults to 25)
- click Save button at top (or bottom)!
Datasyncsuite
- world's most godawful installer and documentation
- unpack in /opt/suite
- ln -sf /opt/suite /opt/datasync-suite
- cd /opt/datasync-suite
- sudo apt-get install build-essential && sudo make debpackages
- make develop
- cp /opt/suite/etc/nginx.conf.in /opt/suite/etc/nginx.conf
- cd /opt/suite/etc
- edit nginx.conf:
- comment out server_name (if needed)
- change listen address (or remove it)
- app still seems to hardcode returning $hostname (short form too!)
- change zimbra proxy hostname
- check sugar proxy is correct
- chmod 777 /opt/datasync-suite/logs
- temporary until we can figure out what use things run as
- cp suite-services.yml.in suite-services.yml
- cp logging.conf.in logging
- cp messagequeue.yml.in messagequeue.yml
- edit database stanza
- then in mysql according to four databases on the DSS box:
- create database messagequeue;
- grant all on messagequeue to 'messagequeue'@'localhost' identified by '...';
- repeat for dsssugar, dsszimbra, dsspipes
- also create synchronizer (but this is accessed as root see later)
- cp portal.yml.in portal.yml ?
- cp zimbra-waitset.yml.in zimbra-waitset.yml
- edit host to to point to zimbra host
- edit instance_name to "examplecomzimbra"
now start things:
- ./bin/datasyncsuite start (which does:
- /etc/init.d/slapd start (port 389)
- ./bin/mq start (port 8081)
- ignore the "table mesages already exists" warning - it happens even when it didn't exist prior to the start.
- install docs do mention this too
- ./bin/portal start (port 8080)
- ./bin/zimbrawaitset start
- ./bin/suite-services start (random ports)
- /opt/suite/bin/nginx (NB: no "start") (port 80)
- /opt/datasync-suite/bin/user add -e dsadmin@example.com (_not_ admin)
- you will be prompted for first, last name, password and username
- then a list of instances - enable just these ones (with the given names):
- suiteadmin: suiteadmin
- changepassword: changepassword
- apt-get install ldapvi
- edit /etc/ldap/slapd.conf and add to the "access to *" stanza before the read statement:
- by dn.children="ou=admins,cn=suitepy" write
- /etc/init.d/slapd restart
- edit /etc/ldap/slapd.conf and add to the "access to *" stanza before the read statement:
- using the "rootdn/rootpw" credentials from /etc/ldap/slapd.conf:
- ldapvi -D uid=dsmgmt,ou=admins,cn=datasync
- find the "dsadmin" account and add: "userClass: system"
- use "/usr/sbin/slapcat" (as the "dssuite" user) to check
- ldapvi -D uid=dsmgmt,ou=admins,cn=datasync
Login:
- http://servername/ (redirects to $hostname/signon).
- if it says "server error" check that "portal" is listening on :8080
- "instance" needs to be able to create ~/.python-eggs so:
- mkdir /home/dssuite
- cp -a /etc/skel/???* /home/dssuite
- chown -R dssuite /home/dssuite
- /opt/datasync-suite/bin/instance list (as dssuite) should return a short list
- /opt/datasync-suite/bin/instance add
- Extension Name: zimbrauser
- Instance Name: examplecomzimbra
- the next time I tried it asked for:
- Zimbra Admin Username: admin
- MessageQueue WaitSet Channel: zimbrawaitset (worked out from messagequeue.yml)
- Database Username: dsszimbra
- Database Password: dsszimbra
- Sync Folder Path e.g. /Company Contacts:
- MessageQueue Username: zimbra_messenger
- MessageQueue Record Changes Channel: recordchanges
- Instance Name: examplecomzimbra
- MessageQueue Password: zimbra_messenger
- Zimbra Mailbox Host: ubuntu.smop.co.uk
- Database Name: dsszimbra
- Database Host: localhost
- MessageQueue URL: http://localhost:8081
- Ldap URL: ldap://ubuntu.smop.co.uk:389
- Zimbra Admin Port: 7071
- Zimbra Admin Password: ...
- Zimbra Mailbox Port: 80
- Following these instructions:
- ldapvi -D uid=dsmgmt,ou=admins,cn=datasync:
- find cn=examplecomzimbra,cn=instances,cn=suitepy (cn=zimbrauser,cn=extensions,cn=suitepy that it mentions does not exists) and add:
- datasyncExtensionConfig: host=ubuntu
- datasyncExtensionConfig: username=admin
- datasyncExtensionConfig: password=....
- datasyncExtensionConfig: ldap=.... (ldap server name)
- edited etc/suite-services.yml:
- uncommented channel, channel_map
- set "zimbra:" to "instance_name: examplecomzimbra"
Create a test user:
- restart the whole suite
- logout/login to dssuite web interface
- add user
- fill in the details, then select the extensions tab
- add examplecomzimbra instance
- add examplecomsugar instance
- fill in the details, then select the extensions tab
- /opt/datasync-suite/bin/instance add
- Extension Name: sugar
- Instance Name: examplecomsugar
- Sugar Administrator's Username: admin
- Customer Definition (press Enter for examples): account_type=(Customer)
- User path (ex: /example, previously the client path): (blank) (to match WSDL location at bottom of above link)
- Relationship DB Password: ....
- Instance Name: examplecomsugar
- SugarCRM host: sugar.example.com
- Hmm - you then get "invalid URL "ubuntu/sugar/soap.php?wsdl", so use "http://sugar.example.com"
- Relationship DB: dsssugar
- Relationship DB Host: localhost
- Relationship DB User: dsssugar
- Sugar Administrator's Password: ....
- Sugar ldap encryption key: ..... (from instructions above)
Setup message users:
- /opt/datasync-suite/bin/message-user -u pipesfilters_messenger -p <password>
- /opt/datasync-suite/bin/message-user -u zimbra_messenger -p <password> -i examplecomzimbra
- /opt/datasync-suite/bin/message-user -u sugar_messenger -p <password> -i examplecomsugar
Create sync group (fails):
- /opt/datasync-suite/bin/syncgrpmgr create -n syncgroup -i examplecomzimbra,examplecomsugar -d person -t examplecomzimbra:testuser@example.com
- fails with mysql exception for root@localhost
- fixed by editing etc/suite-services.yml and setting passwd to the mysql password, changed database name to synchronizer
- testuser@example.com must be in the examplecomzimbra instance
Current status:
- message queue not working, uid=admin,cn=messages,cn=suitepy has no access
- looks like libdatasync/installer/installer.py should do this with a hardcoded password
- final nail in the coffin really so I'll stop here
nginx.conf ended up as:
user dssuite;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log /opt/datasync-suite/logs/error.log debug;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 128m;
add_header X-UA-Compatible IE=EmulateIE7;
server {
listen 80;
#listen portal.example.org:80;
server_name portal.smop.co.uk;
location / {
rewrite ^/$ /signon/ redirect;
root /opt/datasync-suite/www;
expires epoch;
#if ($uri ~ /static/.*) {
# add_header Cache-Control public;
#}
}
location /libraries/thirdparty.js {
root /opt/datasync-suite/www;
add_header Content-Type text/javascript;
if ($http_user_agent ~ WebKit) {
# Because Safari doesn't understand 'gzip' encoding
add_header Content-Encoding x-gzip;
}
if ($http_user_agent !~ WebKit) {
add_header Content-Encoding gzip;
}
}
location /signon {
rewrite .* /static/portalclient/signon.html;
add_header Cache-Control public;
}
location /suite {
rewrite .* /static/portalclient/client.html;
add_header Cache-Control public;
}
location /extensions {
proxy_pass http://localhost:8080/extensions;
expires epoch;
}
# Proxy configuration for SugarCRM
#
# Sugar must be accessable at /sugar/<userpath> on the upstream
# server
#
location /sugar {
proxy_pass http://ubuntu.smop.co.uk:8080/sugar;
proxy_redirect http://ubuntu.smop.co.uk/ /;
add_header Cache-Control public;
}
# Zimbra proxy configuration
location /zimbra {
proxy_pass http://ubuntu.smop.co.uk/zimbra;
proxy_redirect http://ubuntu.smop.co.uk/ /;
add_header Cache-Control public;
}
location /service {
proxy_pass http://ubuntu.smop.co.uk/service;
proxy_redirect http://ubuntu.smop.co.uk/ /;
}
location /home {
proxy_pass http://ubuntu.smop.co.uk/home;
proxy_redirect http://ubuntu.smop.co.uk/ /;
}
error_page 500 502 503 504 /errors/50x.html;
location = /errors/50x.html {
root /opt/datasync-suite/www;
}
}
}
Install sins:
- needs to run as root
- rebuilds lots of things - nginx, loads of python stuff
- nginx already _has_ a package
- installs slapd, mysql-server
- purges apparmor
- adds dssuite user and group with hardcoded uid and gid of 499
- no init.d for autostart
- most passwords set to "secret"
- most start scripts don't do PID checking properly
Zimbra shared addressbook
- login to the admin interface and create a new distributionlist "everyone"
- login to your zimbra account and create a new address book (the icon in the address book heading) - "Syncbook" we called it
- now right click syncbook, select "share address book"
- internal users or groups
- everyone@example.com
- Viewer only
Notes:
Overall I couldn't recommend datasyncsuite. The configuration and setup is so badly documented and detailed I have very very little faith in it. If you just want to sync contacts, I'd look at Sugar-LDAP-Contacts-Sync instead. zimbra GAL notes
Zimbra migration
Moving from 32-bit to shiny new 64-bit server:
- 32 -> 64 bit
- only gotcha is that you must dump/restore LDAP using zmslapcat
- zimbra migration
- zimbra migration notes
