1. Introduction
2. Installing Packages
3. Configure Java
   1. Download JAR files not shipped with SLES
      1. mail.jar
      2. activation.jar
      3. xerces.jar
      4. jdom.jar
4. Install Open-Xchange
   1. Download and compile Open-Xchange
   2. Post installation
5. Configure Tomcat
   1. Install Open-Xchange servlets
   2. Access the Web Application Manager
6. Configure Apache
7. Configure PostgreSQL
   1. Create a PostgreSQL user for Open-Xchange
   2. Create a Database for Open-Xchange
   3. Set PostgreSQL to allow all local users to connect
8. Configure OpenLDAP
   1. Basic Configuration
   2. Advanced configuration
   3. Importing the intial data
   4. OpenXchange Configuration
   5. Configuration for clients
9. Create an Open-Xchange user
10. Enable WebDAV

Introduction

This page describes the steps required to setup OpenXchange on SUSE Linux Enterprise Server 9.

Note that Open-Xchange has many dependencies. Many things could go wrong during its installation or afterwards. During the installation we'll:

• Install a lot of required packages.
• Configure your Java installation, which will require us to download additional (not always free/open source) software.
• Build Open-Xchange.
• Configure Tomcat so it sees the servlets from Open-Xchange.
• Setup Apache. We'll load the jk module and configure it to connect with Tomcat.
• Setup PostgreSQL, create an user and a database with some initial information.
• Setup OpenLDAP. We'll modify the set of schemas used and import some data.

Installing Packages

You'll need to install the following packages, provided as part of SLES:

• apache2-jakarta-tomcat-connectors
• java2
• jakarta-tomcat
• java2-jre
• postgresql
• postgresql-libs
• postgresql-jdbc
• postgresql-server
• make
• gcc
• sudo
• perl-IO-Socket-SSL
• perl-ldap
• perl-Net_SSLeay
• perl-Convert-ASN1
• perl-libwww-perl
• perl-XML-Parser
• apache-ant
• unzip

The following is software which I think might be necessary that is not provided as part of SLES. I'll confirm whether they are indeed necessary or not. Lets hope not.

• perl-Authen-SASL
• perl-CGI-Application
• perl-XML-LibXML
• perl-xml-libxml
• jikes

Configure Java

For some strange reason, SUSE has decided to make their java2 package install everything in /usr/lib/SunJava2-1.4.2. Weird, yes. It means you'll probably want to make your PATH variable contain /usr/lib/SunJava2-1.4.2/bin, so you can execute javac and other programs that you'll need.

Download JAR files not shipped with SLES

There are many JAR files that Open-Xchange requires which you'll need to download. They provide functionality required by Open-Xchange.

Sadly, many of them are not free software. As a consequence, it might be a long time before we have simple to install packages (with dependencies) to install Open-Xchange easily.

mail.jar

You need to download the implementation for the JavaMail API, not included in SLES.

Download the latest version from Sun's site. Uncompress it in /opt (so everything is stored in /opt/javamail-X.Y.Z.

activation.jar

You'll also need the JavaBeans(TM) Activation Framework. Download the latest version from Sun's site and uncompress it in /opt (so everything is stored in /opt/jaf-X.Y.Z).

xerces.jar

Download the latest version of the Xerces-J package from Apache's website. You'll need the Xerces-J-bin file. Again, uncompress it in /opt (so everything is stored in /opt/xerces-X_Y_Z).

jdom.jar

OX also requires the latest version of the JDom package. You can download it from their website. As usual, uncompress it in /opt (so everything is stored in /opt/jdom-X_Y_Z).

Install Open-Xchange

Download and compile Open-Xchange

Download the Open-Xchange tarball from their website and uncompress it to a local directory (probably one in /tmp).

In that directory, run the following command, where X.Y.Z are the version numbers of your installation:

./configure --prefix /opt/open-xchange-X.Y.Z \
    --with-mailjar=/opt/javamail-X.Y.Z/mail.jar \
    --with-activationjar=/opt/jaf-X.Y.Z/activation.jar \
    --with-jdomjar=/opt/jdom-X.Y/build/jdom.jar \
    --with-xercesjar=/opt/xerces-X_Y_Z/xercesImpl.jar \
    --with-jsdkjar=/usr/share/tomcat/common/lib/servlet-api.jar \
    --with-jdbcjar=/usr/share/pgsql/pg73b1jdbc3.jar \
    --with-dbpass=PASSWORD --enable-webdav \
    --with-runuid=wwwrun --with-rungid=www

You might have to replace pg73b1jdbc3.jar with an existing jar (which depends on the version of postgresql-jdbc you installed).

You will need to replace the value of parameter –with-dbpass (PASSWORD in the example above) with a password that your Open-Xchange user will use to connect to the database.

If all went well, you should now be able to build things with the following command:

make

If it built correctly, install the package:

su -c "make install"

Post installation

Now copy /opt/open-xchange-*/share/perl/login.p[lm] to your server's cgi-bin directory. In the case of SLES, this is /srv/www/cgi-bin/ (though you may have moved it elsewhere or you may want to use a different location, depending on your virtual hosts).

cp /opt/open-xchange-*/share/perl/login.p[lm] /svr/www/cgi-bin

Once you've done this, surf to http://localhost/cgi-bin/login.pl and make sure you get a login page. If you get errors (unusual), you'll need to check Apache's error log and perhaps modify its configuration.

Configure Tomcat

Install Open-Xchange servlets

In Tomcat's base directory, ~tomcat, create the directories /webapps/servlet/WEB-INF/{clases,lib} and copy /opt/open-xchange-*/share/servlets/* to the first and /opt/open-xchange-*/lib/*.jar, /opt/jdom-*/build/jdom.jar and /usr/share/pgsql/pg73b1jdbc3.jar (the numbers in this file might change depending on the version of postgresql-jdbc in your system) to the second:

mkdir -p ~tomcat/webapps/servlet/WEB-INF/{classes,lib}
cp /opt/open-xchange-*/share/servlets/* \
   ~tomcat/webapps/servlet/WEB-INF/classes
cp /opt/open-xchange-*/lib/*jar \
   /opt/jdom-*/build/jdom.jar \
   /usr/share/pgsql/pg73b1jdbc3.jar \
   ~tomcat/webapps/servlet/WEB-INF/lib

I suppose you could also get away with symbolic links, which would make better sense than copying the files, but I fear Apache might not like that.

Create a ~tomcat/webapps/servlet/WEB-INF/web.xml file with the following contents, in order for Tomcat to see the servlets you just copied:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
<display-name>Servlet OpenXchange</display-name>
<description>
Servlet OpenXchange X.Y.'Z''
</description>

<servlet>
<servlet-name>intranet</servlet-name>
<servlet-class>intranet</servlet-class>
</servlet>

<servlet>
<servlet-name>webmail</servlet-name>
<servlet-class>webmail</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>intranet</servlet-name>
<url-pattern>/intranet</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>webmail</servlet-name>
<url-pattern>/webmail</url-pattern>
</servlet-mapping>

</web-app>

Access the Web Application Manager

Tomcat has a management console, available at http://localhost:8080/manager/html. However, in order to use it, you'll need to add a line such as the following to ~tomcat/conf/tomcat-users.xml:

<user username="admin" password="password" roles="manager"/>

If you connect to the manager, you should see a /servlet entry in the Applications listing. Also, connecting to http://localhost:8080/servlet/intranet should show you a No running Server found error, which is okay.

Configure Apache

You'll need to setup Apache so it works with Tomcat. This section assumes you're using Apache2, but similar steps would apply for Apache1.

Add the following lines to /etc/apache2/httpd.conf.local (creating it if it doesn't exist):

# mod_jk
JkWorkersFile /etc/tomcat/base/workers.properties

# Where to put jk logs
JkLogFile /var/log/apache2/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

JkMount /servlet/* ajp13
JkMount /servlet/webdav.contacts* ajp13

To make Apache include that file, you'll need to add it to APACHE_CONF_INCLUDE_FILES in /etc/sysconfig/apache2. It should look as follows (perhaps with other files):

APACHE_CONF_INCLUDE_FILES="/etc/apache2/httpd.conf.local"

Now, to make Apache load the Jakarta-Tomcat connectors, add jk to the APACHE_MODULES directive in /etc/sysconfig/apache2. This will cause it to load the module at /usr/lib/apache2/mod_jk.so.

Edit /etc/tomcat/base/workers.properties and set workers.tomcat_home to the base location where your Tomcat installation lives (~tomcat) and workers.java_home to the location where you have your Java SDK:

workers.tomcat_home=/usr/share/tomcat
workers.java_home=/usr/lib/SunJava2-1.4.2

At this point restart Apache and make sure it doesn't find any problems.

rcapache2 restart

Now try loading http://localhost/servlet/intranet. It should give you the same page with the No running server found error that you obtained while configuring Tomcat.

If you get a 500 Internal Server Error, you'll need to review Apache's logs, at /var/log/apache2. Something that might help is to set JkLogLevel to debug (in /etc/apache2/httpd.conf.local): the Tomcat-Apache connector will now log a lot of information to /var/log/apache2/mod_jk.log. Don't forget to set it back to info once you're done (or else you'll log a lot of information for every request).

Configure PostgreSQL

Setup PostgreSQL. Review /etc/sysconfig/postgresql. Again, chances are you won't need to change anything.

Make sure PostgreSQL is run:

insserv postgresql && rcpostgresql start

Create a PostgreSQL user for Open-Xchange

As the user postgres (su - postgres), run:

createuser --pwprompt --createdb --no-adduser openexchange

It will prompt you for the password that the new user, openexchange, will use to connect to the PostgreSQL daemon. Evidently, you'll want to specify the same one you used when you built Open-Xchange (in the –with-dbpass option to the configure script).

Since PostgreSQL, by default, uses ident to find out what user is connecting to the database, create an openexchange UNIX user:

useradd -m openexchange

Create a Database for Open-Xchange

Still as the postgres user, run the following command, to create Open-Xchange's database:

createdb -O openexchange -E UNICODE openexchange

Now initialize the database running the following command as the openexchange UNIX user:

psql openexchange </opt/open-xchange-X.Y-Z/share/init_database.sql

Finally, run psql openexchange and execute the following query:

INSERT INTO sys_gen_rights_template values
 ('now','admin','now','','default_template','y','y','y','y',
  'y','y','y','y','y','y','y','y','y','y','y','y','y','y','y',
  'y','y','y','y','y','y','y','y','y','y','y','y','y','y','y',
  'y','y','y','y','y','y','y','y','y','y','y','y','y');

Set PostgreSQL to allow all local users to connect

This is a very ugly part: you'll need to setup PostgreSQL to trust all local connections. In the future I might investigate workarounds (I'm short of time right now!). :(

Edit /var/lib/pgsql/data/pg_hba.conf and comment out the following lines:

# All other connections by UNIX sockets
local all all trust
#
# All IPv4 connections from localhost
host all all 127.0.0.1/32 trust

You can now comment out the local ... ident sameuser line.

Edit /etc/sysconfig/postgresql and add the -i option to the POSTGRES_OPTIONS variable. This will cause PostgreSQL to listen for incoming TCP/IP connection (as opposed to only accepting local connections).

Don't forget to restart PostgreSQL after these changes.

Configure OpenLDAP

You'll need to configure OpenLDAP.

Basic Configuration

Review the configuration in /etc/sysconfig/openldap. Chances are you won't need to change anything, but it is good to be sure. Don't forget to run SuSEconfig if you make any changes.

You will likely need to modify /etc/openldap/slapd.conf. In particular, you'll want to set the options suffix, rootdn and rootpw. Use something such as:

suffix "dc=ammonite,dc=bachue,dc=com"
rootdn "cn=Administrator,dc=ammonite,dc=bachue,dc=com"
rootpw "password"

To make sure the server is always run, insserv ldap.

Advanced configuration

You'll also need to:

• Include the schema used by Open-Xchange.
• Include the schema at nis.schema instead of the one at rfc2307bis.schema. The rfc2307bis.schema defines the posixGroup class as auxiliary while the nis.schema schema defines it as structural. If you don't do this, you'll get errors when importing the initial data (which attempts to create an object with classes top and posixGroup). An alternative to this would be to modify your initial data LDIF (see bellow) to make sure all the objects it adds have structural classes. However, I am not sure OX will work then (I suppose it might attemt to add objects by itself, assuming that posixGroup is a structural class). Another alternative would be to modify the rfc2307 schema, but then other things could break. You're on your own if you chose to follow any of these alternative paths.
• Maintain indices by certain attributes. Add the following lines to /etc/openldap/slapd.conf:

#include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/nis.schema
include /opt/open-xchange-*/share/openxchange.schema
index uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination eq,sub

Restart OpenLDAP to apply these changes.

Importing the intial data

Now generate a password:

openssl passwd secret

Anoter way to generate your password would be to run the following command and remove the {crypt} portion from the output:

slappasswd -h {crypt} -s secret

Edit /opt/open-xchange-*/share/init_ldap.ldif and find the userPassword: line. Replace its value with your crypted password. It should look similar to:

userPassword: {CRYPT}C2qWTApOsBKWM

Also, modify the distinguished name there (dc=example,dc=org) to one that matches yours. You'll also want to find other occurences of example and replace them with appropriate values (for example, the dc of your base organization object). You might also want to review the properties of uid=mailadmin,ou=Users,ou=OxObjects,dc=.... Once you are done modifing this, store the data from the LDIF file into the OpenLDAP database:

slapadd -l /opt/open-xchange-*/share/init_ldap.ldif

If you already have data in your LDAP database, you might run into problems. In this case you'll need to make further modifications to your init_ldap.ldif file. Should this be the case, it might help you to remember that you can erase the old database with the following command (beware, you'll lose all your existing data!):

rcldap stop && rm /var/lib/ldap/* && rcldap start

Once you've managed to add your entire data without problems, (re)start the service:

rcldap restart

OpenXchange Configuration

Edit admintools.conf and set the following options:

• ORGA
• BINDDN
• BINDPW

Configuration for clients

Now edit /etc/ldap/ldap.conf so LDAP clients will know how to connect to the server. You'll need to set the BASE and HOST (or URI) directives with the appropriate values. It should look similar to:

BASE dc=example,dc=org
HOST 127.0.0.1

You'll need to create a symbolic link to it in /opt/open-xchange-*/etc/groupware/ldap.conf.

...

1. cd /var/www
2. mkdir cfintranet
3. mkdir cfintranet/webmail
4. cd /usr/local/openxchange/share/groupware/data
5. cp -R images css javascript /var/www/cfintranet
6. cd /usr/local/openxchange/share/webmail/data
7. cp -R images css javascript /var/www/cfintranet/webmail