Instalar Kolab en Ubuntu 8.0.4

1.- Permitir en /tmp permisos de ejecución:

vi /etc/fstab
# Quitar de /tmp noexec

mount -a

2.- Descargar paquetes necesarios para compilar Kolab: (me tardó unas 5 horas!!)

apt-get install bison flex make automake build-essential g++

mkdir -p /usr/local/src/kolab/hotfix
cd /usr/local/src/kolab/hotfix
wget http://ftp.belnet.be/packages/kolab/server/release/kolab-server-2.2.0/hotfix-20090116/hotfix-20090116.txt
wget http://ftp.belnet.be/packages/kolab/server/release/kolab-server-2.2.0/hotfix-20090116/iCalendar.php
wget http://ftp.belnet.be/packages/kolab/server/release/kolab-server-2.2.0/hotfix-20090116/kolab-issue3074.patch
cd /usr/local/src/kolab
wget -r -l1 -nd --no-parent --retr-symlinks ftp://ftp.rent-it.net.ua/pub/linux/kolab/server/release/kolab-server-2.2.0/sources/

3.- Verificar integridad de las descargas:

md5sum -c MD5SUMS

4.- Configurar reglas de shorewall:

cp /etc/shorewall/rules /root/etc/shorewall/rules.`date +%d%m%g`
vi /etc/shorewall/rules

#
#       Accept Mail Server protocols
#
ACCEPT      eth0                $FW             tcp             smtp
ACCEPT      eth0                $FW             tcp             smtps
ACCEPT      eth0              $FW             tcp             pop3
ACCEPT      eth0                $FW             tcp             pop3s
ACCEPT      eth0                $FW             tcp             imap2
ACCEPT      eth0                $FW             tcp             imaps
ACCEPT      eth0                $FW             tcp             sieve

#
#       Accept LDAP protocol only from specific sources
#
ACCEPT      eth0:89.130.59.12   $FW             tcp             ldap
ACCEPT      eth0:89.130.59.12   $FW             tcp             ldaps

#
#       Accept DCC Server protocols
#
ACCEPT      eth0                $FW             tcp             6277

#
#       Accept Razor outbound
#
#ACCEPT      $FW                 eth0            tcp             2703

#
#       Accept Apache Inbound
#
ACCEPT     eth0                 $FW             tcp             https

/etc/init.d/shorewall restart

5.- Instalar kolab:

sh install-kolab.sh 2>&1 | tee /root/kolab-install.log

6.- Aplicar parches:

cd /usr/local/src/kolab/hotfix
cp iCalendar.php /kolab/lib/php/Horde/
patch -s -p0 -d /kolab/lib/php < kolab-issue3074.patch

7.- Arrancar Kolab: (configurar LDAP)

/kolab/etc/kolab/kolab_bootstrap -b

KOLAB BOOTSTRAP

Check for running http webserver on port 80
Check for running https webserver on port 443
Check for running imap server on port 143
Check for running imaps server on port 993
Check for running pop3 server on port 110
Check for running pop3s server on port 995
Check for running smtp server on port 25
Check for running smtps server on port 465
Check for running amavis server on port 10024
Check for running postfix reinjection from kolabfilter on port 10025
Check for running postfix reinjection from amavis on port 10026
Check for running kolab daemon on port 9999
Check for running ldap server on port 389
Check for running ldaps server on port 636
Check for running sieve server on port 2000
Check for running lmtp server on port 2003
Excellent all required Ports are available!
### 
### Si estuviera en uso algún puerto necesario, 
### daría error indicando que se cerrara el servicio que lo usa:
###
### Error: Found smtp server running on Port 25
### Check your installation!
### You must stop the service smtp server before running Kolab
### You may try to execute "/kolab/bin/openpkg rc all stop" initially
### 
### /etc/init.d/exim4 stop
### 
LDAP repository is empty - assuming fresh install
Please enter Hostname including Domain Name (e.g. thishost.domain.tld) [nodvm02]: ldap.luismido.com
Proceeding with Hostname ldap.luismido.com
Do you want to set up (1) a master Kolab server or (2) a slave [1] (1/2): 1
Proceeding with master server setup

Please enter your Maildomain - if you do not know your mail domain use the fqdn from above [luismido.com]: luismido.com
proceeding with Maildomain luismido.com
Kolab primary email addresses will be of the type user@luismido.com
Generating default configuration:
Top level DN for Kolab [dc=luismido,dc=com]:
 base_dn : dc=luismido,dc=com
 bind_dn : cn=manager,cn=internal,dc=luismido,dc=com
Please choose a manager password [EH+Mj6w3tEJwEx1U]: VerySecret
 bind_pw : VerySecret
done modifying /kolab/etc/kolab/kolab.conf

IMPORTANT NOTE:
use login=manager and passwd=VerySecret when you log into the webinterface!

Enter fully qualified hostname of slave kolab server e.g. thishost.domain.tld [empty when done]: ldap2.luismido.com
Enter fully qualified hostname of slave kolab server e.g. thishost.domain.tld [empty when done]:
prepare LDAP database...
temporarily starting slapd
Waiting for OpenLDAP to start
no dc=luismido,dc=com object found, creating one
mynetworkinterfaces: 127.0.0.0/8
LDAP setup finished

Create initial config files for postfix, apache, cyrus imap, saslauthd
running /kolab/sbin/kolabconf -n
OpenPKG: restart: amavisd.

kill temporary slapd

OpenPKG: stop: openldap.
Kolab can create and manage a certificate authority that can be
used to create SSL certificates for use within the Kolab environment.
You can choose to skip this section if you already have certificates
for the Kolab server.
Do you want to create CA and certificates [y] (y/n): y
Now we need to create a cerificate authority (CA) for Kolab and a server
certificate. You will be prompted for a passphrase for the CA.
################################################################################
/kolab/etc/kolab/kolab_ca.sh -newca ldap.luismido.com
Enter organization name [Kolab]: LUISMIDO
Enter organizational unit [Test-CA]: LUISMIDO
Using subject O=LUISMIDO,OU=LUISMIDO,CN=ldap.luismido.com
Using dn
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
.++++++
.++++++
writing new private key to '/kolab/etc/kolab/ca/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
/kolab/etc/kolab
/kolab/etc/kolab/kolab_ca.sh -newkey ldap.luismido.com /kolab/etc/kolab/key.pem
Using dn
Generating RSA private key, 1024 bit long modulus
.........++++++
..........++++++
e is 65537 (0x10001)
writing RSA key
/kolab/etc/kolab
/kolab/etc/kolab/kolab_ca.sh -newreq ldap.luismido.com /kolab/etc/kolab/key.pem /kolab/etc/kolab/newreq.pem
Using dn
Request is in /kolab/etc/kolab/newreq.pem and private key is in /kolab/etc/kolab/key.pem

/kolab/etc/kolab
/kolab/etc/kolab/kolab_ca.sh -sign /kolab/etc/kolab/newreq.pem /kolab/etc/kolab/cert.pem
Using dn
Using configuration from /kolab/etc/kolab/kolab-ssl.cnf
Enter pass phrase for /kolab/etc/kolab/ca/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jan 16 22:19:23 2010 GMT
            Not After : Jan 14 22:19:23 2020 GMT
        Subject:
            commonName                = ldap.luismido.com
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                F2:BB:CB:72:5F:7A:9E:F8:26:5A:1A:83:20:2F:E5:26:36:D3:F2:BA
            X509v3 Authority Key Identifier:
                DirName:/O=LUISMIDO/OU=LUISMIDO/CN=ldap.luismido.com
                serial:D4:2C:07:2E:E0:73:F1:53

Certificate is to be certified until Jan 14 22:19:23 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]Y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in /kolab/etc/kolab/cert.pem
/kolab/etc/kolab
chgrp kolab-r /kolab/etc/kolab/key.pem;
chmod 0640 /kolab/etc/kolab/key.pem;
chgrp kolab-r /kolab/etc/kolab/cert.pem;
chmod 0640 /kolab/etc/kolab/cert.pem;
################################################################################

CA and certificate creation complete.

You can install /kolab/etc/kolab/ca/cacert.pem on your clients to allow them
to verify the validity of your server certificates.

kolab is now ready to run!
please run '/kolab/bin/openpkg rc all start'

Use login=manager and passwd=VerySecret when you log into

the webinterface https://ldap.luismido.com/admin !

8.- Volver a denegar permisos de ejecución en /tmp:

vi /etc/fstab
# Agregar en /tmp noexec

mount -a

9.- Al reiniciar, en mi caso, openPKG levanta todos los servicios necesarios excepto apache,
debido a que ya había sido levantado por su propio fichero de arranque. Solución:

/etc/init.d/apache2 stop

/kolab/bin/openpkg rc all start
OpenPKG: start: openpkg, openldap, sasl, spamassassin, amavisd, apache, clamav
OpenPKG: start: imapd, postfix, kolabd.

« Linux | Kolab

Si no se indica lo contrario, el contenido de esta página se ofrece bajo Creative Commons Attribution-ShareAlike 3.0 License