InstallationandConfigurationGuide. forversion2.3.0

Size: px
Start display at page:

Download "InstallationandConfigurationGuide. forversion2.3.0"

Transcription

1 InstallationandConfigurationGuide forversion2.3.0

2 InstallationandConfigurationGuide Version2.3.0-June2015 Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version 1.2oranylaterversionpublishedbytheFreeSoftwareFoundation;withnoInvariantSections,noFront-CoverTexts,andnoBack-Cover Texts.Acopyofthelicenseisincludedinthesectionentitled"GNUFreeDocumentationLicense". ThefontsusedinthisguidearelicensedundertheSILOpenFontLicense,Version1.1.ThislicenseisavailablewithaFAQat:http:// scripts.sil.org/ofl Copyright ŁukaszDziedzic,http://www.latofonts.com,withReservedFontName:"Lato". Copyright RaphLevien,http://levien.com/,withReservedFontName:"Inconsolata".

3 TableofContents AboutthisGuide... 1 Introduction... 2 ArchitectureandCompatibility... 3 SystemRequirements... 5 Assumptions...5 MinimumHardwareRequirements... 6 OperatingSystemRequirements... 6 Installation... 8 SoftwareDownloads... 8 SoftwareInstallation... 8 Configuration GNUstepEnvironmentOverview PreferencesHierarchy GeneralPreferences AuthenticationusingLDAP LDAPAttributesIndexing LDAPAttributesMapping AuthenticatingusingC.A.S AuthenticatingusingSAML DatabaseConfiguration AuthenticationusingSQL SMTPServerConfiguration IMAPServerConfiguration WebInterfaceConfiguration...36 SOGoConfigurationSummary Multi-domainsConfiguration ApacheConfiguration...45 StartingServices Cronjob reminders Cronjob Vacationmessagesexpiration ManagingUserAccounts CreatingtheSOGoAdministrativeAccount CreatingaUserAccount MicrosoftEnterpriseActiveSync MicrosoftEnterpriseActiveSyncTuning UsingSOGo SOGoWebInterface MozillaThunderbirdandLightning...55 AppleiCal AppleAddressBook MicrosoftActiveSync/MobileDevices Upgrading AdditionalInformation CommercialSupportandContactInformation iii

4 Chapter1 AboutthisGuide ThisguidewillwalkyouthroughtheinstallationandconfigurationoftheSOGosolution.Italso coverstheinstallationandconfigurationofsogoactivesyncsupport thesolutionusedtosynchronizemobiledeviceswithsogo. Theinstructionsarebasedonversion2.3.0ofSOGo. Thelatestversionofthisguideisavailableathttp://www.sogo.nu/downloads/documentation.html. AboutthisGuide 1

5 Chapter2 Introduction SOGoisafreeandmodernscalablegroupwareserver.Itofferssharedcalendars,addressbooks,and sthroughyourfavouritewebbrowserandbyusinganativeclientsuchasmozillathunderbird andlightning. SOGoisstandard-compliant.ItsupportsCalDAV,CardDAV,GroupDAV,iMIPandiTIPandreuses existingimap,smtpanddatabaseservers-makingthesolutioneasytodeployandinteroperable withmanyapplications. SOGofeatures: Scalablearchitecturesuitablefordeploymentsfromdozenstomanythousandsofusers Rich Web-based interface that shares the look and feel, the features and the data of Mozilla ThunderbirdandLightning ImprovedintegrationwithMozillaThunderbirdandLightningbyusingtheSOGoConnectorand thesogointegrator NativecompatibilityforMicrosoftOutlook2003,2007,2010,and2013 Two-way synchronization support with any Microsoft ActiveSync-capable device, or Outlook 2013 SOGoisdevelopedbyacommunityofdeveloperslocatedmainlyinNorthAmericaandEurope. Moreinformationcanbefoundathttp://www.sogo.nu/ Introduction 2

6 Chapter2 ArchitectureandCompatibility Introduction 3

7 Chapter2 StandardprotocolssuchasCalDAV,CardDAV,GroupDAV,HTTP,IMAPandSMTPareusedtocommunicatewiththeSOGoplatformoritssub-components.MobiledevicessupportingtheMicrosoft ActiveSyncprotocolarealsosupported. ToinstallandconfigurethenativeMicrosoftOutlookcompatibilitylayer,pleaserefertotheSOGo NativeMicrosoftOutlookConfigurationGuide. Introduction 4

8 Chapter3 SystemRequirements Assumptions SOGoreusesmanycomponentsinaninfrastructure.Thus,itrequiresthefollowing: Databaseserver(MySQL,PostgreSQLorOracle) LDAPserver(OpenLDAP,NovelleDirectory,MicrosoftActiveDirectoryandothers) SMTPserver(Postfix,Sendmailandothers) IMAPserver(Courier,CyrusIMAPServer,Dovecotandothers) IfyouplantouseActiveSync,anIMAPserversupportingtheACL,UIDPLUS,QRESYNC,ANNO- TATE(orX-GUID)IMAPextensionsisrequired,suchasCyrusIMAPversion2.4orlater,orDovecot version2.1orlater.ifyourcurrentimapserverdoesnotsupporttheseextensions,youcanuse Dovecot sproxyingcapabilities. Inthisguide,weassumethatallthosecomponentsarerunningonthesameserver(i.e.,localhost or )thatsogowillbeinstalledon. GoodunderstandingofthoseunderlyingcomponentsandGNU/LinuxisrequiredtoinstallSOGo. Ifyoumisssomeofthoserequiredcomponents,pleaserefertotheappropriatedocumentation andproceedwiththeinstallationandconfigurationoftheserequirementsbeforecontinuingwith thisguide. Thefollowingtableprovidesrecommendationsfortherequiredcomponents,togetherwithversion numbers: Databaseserver LDAPserver SMTPserver IMAPserver PostgreSQL7.4orlater OpenLDAP2.3.xorlater Postfix2.x CyrusIMAPServer2.3.xorlater Morerecentversionsofthesoftwarementionedabovecanalsobeused. SystemRequirements 5

9 Chapter3 MinimumHardwareRequirements Server Evaluationandtesting Intel,AMD,orPowerPCCPU1GHz 512MBofRAM 1GBofdiskspace Production Desktop Intel,AMDorPowerPCCPU3GHz 2048MBofRAM 10GBofdiskspace(excludingth store) General Intel,AMD,orPowerPCCPU1.5GHz 1024x768monitorresolution 512MBofRAM 128Kbpsorhighernetworkconnection MicrosoftWindows MicrosoftWindowsXPSP2orVista AppleMacOSX AppleMacOSX10.2orlater Linux MobileDevice YourfavouriteGNU/Linuxdistribution Thefollowingtableprovideshardwarerecommendationsfortheserver,desktopsandmobiledevices: AnymobiledevicewhichsupportsCalDAV,CardDAVorMicrosoftActiveSync. OperatingSystemRequirements Thefollowing32-bitand64-bitoperatingsystemsarecurrentlysupportedbySOGo: RedHatEnterpriseLinux(RHEL)Server5,6and7 CommunityENTerpriseOperatingSystem(CentOS)5,6and7 DebianGNU/Linux6.0(Squeeze)to8.0(Jessie) SystemRequirements 6

10 Chapter3 Ubuntu10.04(Lucid)to14.04(Trusty) Makesuretherequiredcomponentsarestartedautomaticallyatboottimeandthattheyarerunning before proceeding with the SOGo configuration. Also make sure that you can install additional packagesfromyourstandarddistribution.forexample,ifyouareusingredhatenterpriselinux 5,youhavetobesubscribedtotheRedHatNetworkbeforecontinuingwiththeSOGosoftware installation. ThisdocumentcoverstheinstallationofSOGounderRHEL6. ForinstallationinstructionsonDebianandUbuntu,pleasereferdirectlytotheSOGowebsiteat Under the downloads section, you will find links for installation steps for DebianandUbuntu. NotethatoncetheSOGopackagesareinstalledunderDebianandUbuntu,thisguidecanbefollowedinordertofullyconfigureSOGo. SystemRequirements 7

11 Chapter4 Installation ThissectionwillguideyouthroughtheinstallationofSOGotogetherwithitsdependencies.The stepsdescribedhereapplytoanrpm-basedinstallationforaredhatorcentos6distribution. Mostofthesestepsshouldapplytoallsupportedoperatingsystems. SoftwareDownloads SOGo can be installed using the yum utility. To do so, first create the /etc/yum.repos.d/ inverse.repoconfigurationfilewiththefollowingcontent: [SOGo] name=inverse SOGo Repository baseurl=http://inverse.ca/downloads/sogo/rhel6/$basearch gpgcheck=0 SomeofthesoftwaresonwhichSOGodependsareavailablefromtherepositoryofRepoForge (previouslyknownasrpmforge).toaddrepoforgetoyourpackagessources,downloadandinstall theappropriaterpmpackagefromhttp://packages.sw.be/rpmforge-release/.alsomakesureyou enabledthe"rpmforge-extras"repository. FormoreinformationonusingRepoForge,visithttp://repoforge.org/use/. SoftwareInstallation Oncetheyumconfigurationfilehasbeencreated,youarenowreadytoinstallSOGoanditsdependencies.Todoso,proceedwiththefollowingcommand: yum install sogo ThiswillinstallSOGoanditsdependenciessuchasGNUstep,theSOPEpackagesandmemcached. Oncethebasepackagesareinstalled,youneedtoinstalltheproperdatabaseconnectorsuitable foryourenvironment.youneedtoinstallsope49-gdl1-postgresqlforthepostgresqldatabase system,sope49-gdl1-mysqlformysqlorsope49-gdl1-oraclefororacle.theinstallationcommandwillthuslooklikethis: Installation 8

12 Chapter4 yum install sope49-gdl1-postgresql Oncecompleted,SOGowillbefullyinstalledonyourserver.Youarenowreadytoconfigureit. Installation 9

13 Configuration Inthissection,you lllearnhowtoconfiguresogotouseyourexistingldap,smtpanddatabase servers.aspreviouslymentioned,weassumethatthosecomponentsrunonthesameserveron whichsogoisbeinginstalled.ifthisisnotthecase,pleaseadjusttheconfigurationparameters toreflectthosechanges. GNUstepEnvironmentOverview SOGomakesuseoftheGNUstepenvironment.GNUstepisafreesoftwareimplementationofthe OpenStepspecificationwhichprovidesmanyfacilitiesforbuildingalltypesofserveranddesktop applications.amongthosefacilities,thereisaconfigurationapisimilartothe"registry"paradigm inmicrosoftwindows.inopenstep,gnustepandmacosx,thesearecalledthe"userdefaults". In SOGo, the user s applications settings are stored in/etc/sogo/sogo.conf. You can use your favouritetexteditortomodifythefile. Thesogo.conffileisaserializedpropertylist.Thissimpleformatencapsulatesfourbasicdatatypes: arrays, dictionaries(or hashes), strings and numbers. Numbers are represented as-is, except for booleanswhichcantaketheunquotedvaluesyesandno.stringsarenotmandatorilyquoted,but doingsowillavoidyoumanyproblems.adictionaryisasequenceofkeyandvaluepairsseparated intheirmiddlewitha=sign.itstartswitha{andendswithacorresponding}.eachvaluedefinition inadictionaryendswithasemicolon.anarrayisachainofvaluesstartingwith(andendingwith ),wherethevaluesareseparatedwitha,.also,thefilegenerallyfollowsac-styleindentationfor claritybutthisindentationisnotrequired,onlyrecommended.blockcommentsaredelimitedby/ *and*/andcanspanmultiplelineswhilelinecommentsmuststartwith//. Theconfigurationmustbecontainedinarootdictionary,thusbecompletelywrappedwithincurly brackets{ [configuration] }.IfSOGorefusestostartduetosyntaxerrorsinitsconfiguration file,plparseishelpfulforfindingthese,asitindicatesthelinecontainingtheproblem. PreferencesHierarchy SOGosupportsdomainnamessegregation,meaningthatyoucanseparatemultiplegroupsofusers withinoneinstallationofsogo.auserassociatedtoadomainislimitedtoaccessonlytheusers datafromthesamedomain.consequently,theconfigurationparametersofsogoaredefinedon threelevels: Configuration 10

14 Eachlevelinheritsthepreferencesoftheparentlevel.Therefore,domainpreferencesdefinethedefaultsvaluesoftheuserpreferences,andthesystempreferencesdefinethedefaultvaluesofalldomainspreferences.Bothsystemanddomainspreferencesaredefinedinthe/etc/sogo/sogo.conf, whiletheuserspreferencesareconfigurablebytheuserandstoredinsogo sdatabase. Toidentifythelevelinwhicheachparametercanbedefined,weusethefollowingabbreviations inthetablesofthisdocument: S Parameterexclusivetothesystemandnotconfigurableperdomain D Parameterexclusivetoadomainandnotconfigurableperuser U Parameterconfigurablebytheuser Rememberthatthehierarchyparadigmallowthedefaultvalueofaparametertobedefinedata parentlevel. GeneralPreferences Thefollowingtabledescribesthegeneralparametersthatcanbeset: S WOWorkersCount TheamountofinstancesofSOGothatwillbe spawnedtohandlemultiplerequestssimultaneously.whenstartedfromtheinitscript,that amountisoverridenbythepreforkvaluein/ etc/sysconfig/sogoor/etc/default/sogo. Avalueof3isareasonabledefaultforlowusage.ThemaximumvaluedependsontheCPU Configuration 11

15 andiopowerprovidedbyyourmachine:avaluesettoohighwillactuallydecreaseperformancesunderhighload. S WOListenQueueSize S WOPort S WOLogFile S WOPidFile S WOWatchDogRequestTimeout Defaultsto1whenunset. Defaultsto5whenunset. TheTCPlisteningaddressandportusedbythe SOGodaemon.Theformatisipaddress:port. Defaultsto :20000whenunset. Defaultsto/var/log/sogo/sogo.log. Thefilepathwheretheparentprocessidwill bewritten. Defaultsto/var/run/sogo/sogo.pid. Thisparameterspecifiesthenumberofminutes afterwhichabusychildprocesswillbekilled bytheparentprocess. Defaultsto10(minutes). S SxVMemLimit S SOGoMemcachedHost Thisparametercontrolsthebacklogsizeofthe socketlistenqueue.forlarge-scaledeployments,thisvaluemustbeadjustedincaseall workersarebusyandtheparentprocessesreceiveslotsofincomingconnections. Thefilepathwheretologmessages.Specifytologtotheconsole. Donotsetthistoolowaschildprocessesreplyingtoclientsonaslowinternetconnection couldbekilledprematurely. Defaultsto384. Apathcanalsobeusediftheservermustbe reachedviaaunixsocket. Defaultstolocalhost. S SOGoCacheCleanupInterval Seememcached_servers_parse(3)fordetails onthesyntax. Parameterusedtosetthemaximumamount ofmemory(inmegabytes)thatachildcanuse. Reachingthatvaluewillforcechildrenprocessestorestart,inordertopreservesystemmemory. Parameterusedtosetthehostnameandoptionallytheportofthememcachedserver. Parameterusedtosettheexpiration(inseconds)ofeachobjectinthecache. Configuration 12

16 S SOGoAuthenticationType S SOGoTrustProxyAuthentication S SOGoEncryptionKey S SOGoCASServiceURL S SOGoCASLogoutEnabled S SOGoAddressBookDAVAccessEnabled S SOGoCalendarDAVAccessEnabled Defaultsto300. Parameterusedtodefinethewaybywhich userswillbeauthenticated.forc.a.s.,specifycas.forsaml2,specifysaml2.foranything else,leavethatvalueempty. ParameterusedtosetwhetherHTTPusernameshouldbetrusted. DefaultstoNOwhenunset. Parameterusedtodefineakeytoencryptthe passwordsofremotewebcalendarswhenso- GoTrustProxyAuthenticationisenabled. WhenusingC.A.S.authentication,thisspecifiesthebaseurlforreachingtheC.A.S.service. ThiswillbeusedbySOGotodeducetheproperloginpageaswellastheotherC.A.S.servicesthatSOGowilluse. Booleanvalueindicatingwhetherthe"Logout" linkisenabledwhenusingc.a.s.asauthenticationmechanism. The"Logout"linkwillendupcallingSOGo- CASServiceURL/logouttoterminatetheclient s singlesign-onc.a.s.session. ParametercontrollingWebDAVaccesstothe Contactscollections.ThiscanbeusedtodenyaccesstotheseresourcesfromLightningfor example. DefaultstoYESwhenunset. ParametercontrollingWebDAVaccesstothe Calendarcollections. ThiscanbeusedtodenyaccesstotheseresourcesfromLightningforexample. S SOGoSAML2PrivateKeyLocation S SOGoSAML2CertiticateLocation S SOGoSAML2IdpMetadataLocation DefaultstoYESwhenunset. ThelocationoftheSSLprivatekeyfileonthe filesystemthatisusedbysogotosignandencryptcommunicationswiththesaml2identity provider.thisfilemustbegeneratedforeach runningsogoservice(ratherthanhost).make surethisfileisreadablebythesogouser. ThelocationoftheSSLcertificatefile.Thisfile mustbegeneratedforeachrunningsogoser- vice.makesurethisfileisreadablebytheso- Gouser. ThelocationofthemetadatafilethatdescribestheservicesavailableontheSAML2 identifyprovider.thecontentofthisfileis usuallygenerateddirectlybyyoursaml Configuration 13

17 S SOGoSAML2IdpPublicKeyLocation S SOGoSAML2IdpCertificateLocation S SOGoSAML2LoginAttribute S SOGoSAML2LogoutEnabled S SOGoSAML2LogoutURL D SOGoTimeZone D SOGoMailDomain 2.0IdPsolution.Forexample,usingSimpleSAMLphp,youcangetthemetadatadirectlyfromhttps://MYSERVER/simplesaml/saml2/ idp/metadata.phpmakesurethisfileisreadablebythesogouser. ThelocationoftheSSLpublickeyfileonthe filesystemthatisusedbysogotosignandencryptcommunicationswiththesaml2identityprovider.thisfileshouldbepartofthesetup ofyouridentityprovider.makesurethisfileis readablebythesogouser. ThelocationoftheSSLcertificatefile.Thisfile shouldbepartofthesetupofyouridentity provider.makesurethisfileisreadablebythe SOGouser. TheattributeprovidedbytheIdPtoidentify theuserinsogo. Booleanvalueindicatedwhetherthe"Logout" linkisenabledwhenusingsaml2asauthenticationmechanism.whenusingthisfeature, SOGowillinvoketheIdPtoproceedwiththe logoutprocedure.whentheuserclicksonthe logoutbutton,aredirectionwillbemadetothe IdPtotriggerthelogout. TheURLtowhichredirecttheuser afterthe"logout"linkisclicked. SOGoSAML2LogoutEnabledmustbesetto YES.Ifunset,theuserwillberedirectedtoa blankpage. Parameterusedtosetadefaulttimezonefor users.thedefaulttimezoneissettoutc.the Olsondatabaseisastandarddatabasethat takesallthetimezonesaroundtheworldinto accountandrepresentsthemalongwiththeir history.ongnu/linuxsystems,timezonedefinitionfilesareavailableunder/usr/share/ zoneinfo.listingtheavailablefileswillgive youthenameoftheavailabletimezones.this couldbeamerica/new_york,europe/berlin, Asia/TokyoorAfrica/Lubumbashi. Inourexample,wesetthetimezonetoAmerica/Montreal. Parameterusedtosetthedefaultdomainname usedbysogo.sogousesthisparameterto buildthelistofvalid addressesforusers. Inourexample,wesetthedefaultdomainto acme.com. Configuration 14

18 D SOGoAppointmentSend Notifications ParameterusedtosetwhetherSOGosendsor not notificationstomeetingparticipants. Possiblevaluesare: YES tosendnotifications NO tonotsendnotifications D SOGoFoldersSend Notifications D SOGoACLsSend Notifications D SOGoCalendarDefaultRoles DefaultstoNOwhenunset. Sameasabove,butthenotificationsaretriggeredonthecreationofacalendaroranaddressbook. Sameasabove,butthenotificationsaresent totheinvolvedusersofacalendaroraddress book sacls. Parameterusedtodefinethedefaultroles whengivingpermissionstoausertoaccessa calendar.defaultsrolesareignoredforpublic accesses.mustbeanarrayofuptofivestrings. Eachstringdefiningaroleforaneventcategorymustbeginwithoneofthosevalues: Public Confidential Private Andeachstringmustendwithoneofthose values: Viewer DAndTViewer Modifier Responder Thearraycanalsocontainoneormanyofthe followingstrings: ObjectCreator ObjectEraser Example:SOGoCalendarDefaultRoles = ("ObjectCreator", "PublicViewer"); D SOGoContactsDefaultRoles Defaultstonorolewhenunset.Recommend- edvaluesarepublicviewerandconfidential- DAndTViewer. Parameterusedtodefinethedefaultroles whengivingpermissionstoausertoaccess anaddressbook.defaultsrolesareignoredfor publicaccesses.mustbeanarrayofoneor manyofthefollowingstrings: ObjectViewer ObjectEditor Configuration 15

19 ObjectCreator ObjectEraser Example:SOGoContactsDefaultRoles = ("ObjectEditor"); D SOGoSuperUsernames U SOGoLanguage D SOGoNotifyOnPersonalModifications Defaultstonorolewhenunset. Parameterusedtosetwhichusernamesrequire administrativeprivilegesoveralltheuserstables.forexample,thiscouldbeusedtopost eventsintheuserscalendarwithoutrequiringtheusertoconfigurehis/heracls.inthis caseyouwillneedtospecifythosesuperuser s usernameslikethis:sogosuperusernames = (<username1>[, <username2>,...]); Parameterusedtosetthedefaultlanguage usedinthewebinterfaceforsogo.possible valuesare: Arabic Basque BrazilianPortuguese Catalan Czech Danish Dutch English Finnish French German Hungarian Icelandic Italian NorwegianBokmal NorwegianNynorsk Polish Russian Slovak SpanishSpain SpanishArgentina Swedish Ukrainian Welsh ParameterusedtosetwhetherSOGosendsor not receiptswhensomeonechangeshis/ herowncalendar.possiblevaluesare: YES tosendnotifications NO tonotsendnotifications DefaultstoNOwhenunset.Usercanoverwrite thisfromthecalendarpropertieswindow. Configuration 16

20 D SOGoNotifyOnExternalModifications ParameterusedtosetwhetherSOGosendsor not receiptswhenamodificationisbeing donetohis/herowncalendarbysomeoneelse. Possiblevaluesare: YES tosendnotifications NO tonotsendnotifications D SOGoLDAPContactInfoAttribute D SOGoiPhoneForceAllDayTransparency S SOGoEnablePublicAccess DefaultstoNOwhenunset.Usercanoverwrite thisfromthecalendarpropertieswindow. ParameterusedtospecifyanLDAPattribute thatshouldbedisplayedwhenauto-completing usersearches. WhensettoYES,thiswillforceall-dayevents sentoverbyiphoneosbaseddevicestobe transparent.thismeansthattheall-dayevents willnotbeconsideredduringfreebusylookups. DefaultstoNOwhenunset. Parameterusedtoallowornotyourusersto sharepublicly(ie.,requiringnotauthentication) theircalendarsandaddressbooks. Possiblevaluesare: YES toallowthem NO topreventthemfromdoingso S SOGoPasswordChangeEnabled DefaultstoNOwhenunset. Parameterusedtoallowornotuserstochange theirpasswordsfromsogo. Possiblevaluesare: YES toallowthem NO topreventthemfromdoingso DefaultstoNOwhenunset. S SOGoSupportedLanguages ForthisfeaturetoworkproperlywhenauthenticatingagainstADorSamba4,theLDAPconnectionmustuseSSL/TLS.Serversiderestrictionscanalsocausethepasswordchangeto fail,inwhichcasesogowillonlylogaconstraintviolation(0x13)error.theserestrictions includepasswordtooyoung,complexityconstraintsnotsatisfied,usercannotchangepassword,etc AlsonotethatSambahasaminimumpasswordageof1daybydefault. Parameterusedtoconfigurewhichlanguages areavailablefromsogo swebinterface.availablelanguagesarespecifiedasanarrayof string. Configuration 17

21 D SOGoHideSystem D SOGoSearchMinimumWordLength S SOGoMaximumFailedLoginCount S SOGoMaximumFailedLoginInterval S SOGoFailedLoginBlockInterval S SOGoMaximumMessageSubmissionCount S SOGoMaximumRecipientCount S SOGoMaximumSubmissionInterval S SOGoMessageSubmissionBlockInterval Thedefaultvalueis:( "Arabic", "Basque", "Catalan", "Czech", "Dutch", "Danish", "Welsh", "English", "SpanishSpain", "SpanishArgentina", "Finnish", "French", "German", "Icelandic", "Italian", "Hungarian", "BrazilianPortuguese", "NorwegianBokmal", "NorwegianNynorsk", "Polish", "Russian", "Slovak", "Ukrainian", "Swedish" ) ParameterusedtocontrolifSOGoshould hideornotthesystem address currentlylimitedtocaldav(calendar-user-address-set). DefaultstoNOwhenunset. Parameterusedtocontroltheminimumlength tobeusedforthesearchstring(attendeecompletion,addressbooksearch,etc.)priortriggeringtheserver-sidesearchoperation. Defaultsto2whenunset whichmeansa searchoperationwillbetriggeredonthe3rd typedcharacter. Parameterusedtocontrolthenumberoffailed loginattemptsrequiredduringsogomaximum- FailedLoginIntervalsecondsormore.Ifconditionsaremet,theaccountwillbeblockedfor SOGoFailedLoginBlockIntervalsecondssincethe firstfailedloginattempt. Defaultvalueis0,ordisabled. Numberofseconds,defaultsto10. Numberofseconds,defaultsto300(or5minutes).NotethatSOGoCacheCleanupInterval mustbesettoavalueequalorhigherthanso- GoFailedLoginBlockInterval. Defaultvalueis0,ordisabled. Maximumnumberofrecipients.Defaultvalue is0,ordisabled. Numberofseconds,defaultsto30. Parameterusedtocontrolthenumberof messagesausercansendfromsogo swebmailinterface,tosogomaximumrecipientcount, insogomaximumsubmissionintervalsecondsor more.ifconditionsaremetorexceeded,the userwon tbeabletosendmailsforsogomessagesubmissionblockintervalseconds. Numberofseconds,defaultto300(or5minutes).NotethatSOGoCacheCleanupInterval Configuration 18

22 mustbesettoavalueequalorhigherthanso- GoFailedLoginBlockInterval. AuthenticationusingLDAP SOGocanuseaLDAPservertoauthenticateusersand,ifdesired,toprovideglobaladdressbooks. SOGocanalsouseanSQLbackendforthispurpose(seethesection_AuthenticationusingSQL_ laterinthisdocument).insertthefollowingtextintoyourconfigurationfiletoconfigureanauthenticationandglobaladdressbookusinganldapdirectoryserver: SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; IMAPHostFieldName = mailhost; basedn = "ou=users,dc=acme,dc=com"; binddn = "uid=sogo,ou=users,dc=acme,dc=com"; bindpassword = qwerty; canauthenticate = YES; displayname = "Shared Addresses"; hostname = "ldap:// :389"; id = public; isaddressbook = YES; } ); Inourexample,weuseaLDAPserverrunningonthesamehostwhereSOGoisbeinginstalled. Youcanalso,usingthefilterattribute,restricttheresultstomatchvariouscriteria.Forexample,you coulddefine,inyour.gnustepdefaultsfile,thefollowingfiltertoreturnonlyentriesbelongingto theorganizationinversewithamailaddressandnotinactive: filter = "(o='inverse' AND mail='*' AND status <> 'inactive')"; SinceLDAPsourcescanserveasuserrepositoriesforauthenticationaswellasaddressbooks,you canspecifythefollowingforeachsourcetomakethemappearintheaddressbookmodule: displayname = "<human identification name of the address book>"; isaddressbook = YES; ForcertainLDAPsources,SOGoalsosupportsindirectbindsforuserauthentication.Hereisan example: Configuration 19

23 SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = samaccountname; basedn = "cn=users,dc=acme,dc=com"; binddn = "cn=sogo,cn=users,dc=acme,dc=com"; bindfields = (samaccountname); bindpassword = qwerty; canauthenticate = YES; displayname = "Active Directory"; hostname = ldap:// :389; id = directory; isaddressbook = YES; } ); Inthisexample,SOGowilluseanindirectbindbyfirstdeterminingtheuserDN.Thatvalueisfound bydoingasearchonthefieldsspecifiedinbindfields.mostofthetime,therewillbeonlyone fieldbutitispossibletospecifymoreintheformofanarray(forexample,bindfields = (samaccountname, cn)).whenusingmultiplefields,onlyoneofthefieldsneedstomatchtheloginname. Intheaboveexample,whenauserlogsin,theloginwillbecheckedagainstthesAMAccountName entryinalltheusercards,andoncethiscardisfound,theuserdnofthiscardwillbeusedfor checkingtheuser spassword. Finally,SOGosupportsLDAP-basedgroups.Groupsmustbedefinedlikeanyotherauthentication sources(ie.,canauthenticatemustbesettoyesandagroupmusthaveavalid address).in orderforsogotodetermineifaspecificldapentryisagroup,sogowilllookforoneofthe followingobjectclassattributes: group groupofnames groupofuniquenames posixgroup You can set ACLs based on group membership and invite a group to a meeting(and the group willbedecomposedtoitslistofmembersuponsavebysogo).youcanalsocontrolthevisibility ofthegroupfromthelistofsharedaddressbooksorduringmailautocompletionbysettingthe isaddressbookparametertoyesorno.thefollowingldapentryshowshowatypicalgroupis defined: Configuration 20

24 dn: cn=inverse,ou=groups,dc=inverse,dc=ca objectclass: groupofuniquenames objectclass: top objectclass: extensibleobject uniquemember: uid=alice,ou=users,dc=inverse,dc=ca uniquemember: uid=bernard,ou=users,dc=inverse,dc=ca uniquemember: uid=bob,ou=users,dc=inverse,dc=ca cn: inverse structuralobjectclass: groupofuniquenames mail: ThecorrespondingSOGoUserSourcesentrytohandlegroupslikethisonewouldbe: { } type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = cn; basedn = "ou=groups,dc=inverse,dc=ca ; binddn = "cn=sogo,ou=services,dc=inverse,dc=ca"; bindpassword = zot; canauthenticate = YES; displayname = Inverse Groups ; hostname = ldap:// :389; id = inverse_groups; isaddressbook = YES; ThefollowingtabledescribesthepossibleparametersrelatedtoaLDAPsource: D SOGoUserSources ParameterusedtosettheLDAPand/orSQL sourcesusedforauthenticationandglobaladdressbooks.multiplesourcescanbespecified asanarrayofdictionaries.adictionarythatdefinesanldapsourcecancontainthefollowing values: type Thetypeofthisusersource,settoldap`foran LDAPsource. id TheidentificationnameoftheLDAPrepository.Thismustbeunique evenwhenusing multipledomains. CNFieldName Thefieldthatreturnsthecompletename. IDFieldName ThefieldthatstartsauserDNifbindFieldsis notused.thisfieldmustbeuniqueacrossthe entiresogodomain. UIDFieldName Thefieldthatreturnstheloginnameofauser. Thereturnedvaluemustbeuniqueacrossthe wholesogoinstallationsinceitisusedto identifytheuserinthefolder_infodatabase table. Configuration 21

25 MailFieldNames Anarrayoffieldsthatreturnstheuser s addresses(defaultstomailwhenunset). SearchFieldNames Anarrayoffieldstotomatchagainstthe searchstringwhenfilteringusers(defaultsto sn,displayname,andtelephonenumberwhen unset). IMAPHostFieldName(optional) ThefieldthatreturnseitheranURItothe IMAPserverasdescribedforSOGoIMAPServer,orasimpleserverhostnamethatwouldbe usedasareplacementforthehostnamepartin theuriprovidedbythesogoimapserverparameter. IMAPLoginFieldName(optional) ThefieldthatreturnstheIMAPloginnamefor theuser(defaultstothevalueofuidfieldname whenunset). SieveHostFieldName(optional) ThefieldthatreturnseitheranURItothe SIEVEserverasdescribedforSOGoSieveServer,orasimpleserverhostnamethatwouldbe usedasareplacementforthehostnamepartin theuriprovidedbythesogosieveserverparameter. basedn ThebaseDNofyouruserentries. KindFieldName(optional) Ifset,SOGowilltrytodetermineifthevalue ofthefieldcorrespondstoeither"group","location"or"thing".ifthat sthecase,sogowill considerthereturnedentrytobearesource. ForLDAP-basedsources,SOGocanalsoautomaticallydetermineifit saresourceiftheentry hasthecalendarresourceobjectclassset. MultipleBookingsFieldName(optional) Thevalueofthisattributeisthemaximum numberofconcurrenteventstowhicharesourcecanbepartofatanypointintime. Ifthisissetto0,oriftheattributeismissing,it meansnolimit.ifsetto-1,nolimitisimposed buttheresourcewillbemarkedasbusythe firsttimeitisbooked. filter(optional) ThefiltertouseforLDAPqueries,itshouldbe definedasaneoqualifier.thefollowingoperatorsaresupported: <> inequalityoperator = equalityoperator MultiplequalifierscanbejoinedbyusingOR andand,theycanalsobegroupedtogetherby usingparenthesis.attributevaluesshouldbe quotedtoavoidunexpectedbehaviour. Configuration 22

26 Forexample:filter = "(objectclass='mailuser' OR objectclass='mailgroup') AND accountstatus='active' AND uid <> 'alice'"; scope(optional) EitherBASE,ONEorSUB. binddn TheDNoftheloginnametouseforbindingto yourserver. bindpassword Itspassword. bindascurrentuser IfsettoYES,SOGowillalwayskeepbindingto theldapserverusingthednofthecurrently authenticateduser.ifbindfieldsisset,binddn andbindpasswordwillstillberequiredtofind theproperdnoftheuser. bindfields(optional) Anarrayoffieldstousewhendoingindirect binds. hostname Aspace-delimitedlistofLDAPURLsorLDAP hostnames. LDAPURLsarespecifiedinRFC4516and havethefollowinggeneralformat: scheme://host:port/dn?attributes?scope? filter?extensions NotethatSOGodoesn tcurrentlysupportdn, attributes,scopeandfilterinsuchurls.using themmayhaveundefinedsideeffects. URLsexamples: ldap:// :3389 ldaps:// ldap:// /????!starttls port(deprecated) PortnumberoftheLDAPserver. Anon-defaultportshouldbepartoftheldap URLinthehostnameparameter. encryption(deprecated) EitherSSLorSTARTTLS SSLshouldbespecifiedasldaps://inthe LDAPURL.STARTTLSshouldbespecified asaldapextensionintheldapurl(e.g. ldap:// /????!starttls) userpasswordalgorithm Thealgorithmusedforpasswordencryption whenchangingpasswordswithoutpassword Policiesenabled. Possiblevaluesare:none,plain,crypt,md5, md5-crypt,smd5,cram-md5andsha,sha256, sha512anditsssha(e.g.sshaorssha256)vari- Configuration 23

27 ants(plussettingoftheencodingwith.b64or.hex). Foramoredetaileddescriptionseehttp:// wiki.dovecot.org/authentication/passwordschemes. Notethatcram-md5isnotactuallyusingcrammd5(duetothelackofchallenge-response mechanism),itsjustsavingtheintermediate MD5contextasDovecotstoresinitsdatabase. canauthenticate IfsettoYES,thisLDAPsourceisusedforauthentication passwordpolicy IfsettoYES,SOGowillusetheextendedLDAP PasswordPoliciesattributes.IfyouLDAPserverdoesnotsupportthoseandyouactivatethis feature,everyldaprequestswillfail.notethat someldapserversrequireldap/sslforpasswordpoliciestowork.thisisthecaseforexamplewith389directoryserver. updatesambantlmpasswords IfsettoYES,SOGowillautomaticallyupdate thesambantpasswordandsambalmpassword attributeswhenchangingpasswords.theattributesmustbecalledsambantpasswordand sambalmpassword.youmustalsomakesure thecorrectaclissetinyourldapserverto allowuserstochangetheirownsambantpasswordandsambalmpasswordpasswordattributes.defaultstonowhenunset. isaddressbook IfsettoYES,thisLDAPsourceisusedasa sharedaddressbook(withread-onlyaccess). NotethatifsettoNO,autocompletionwillnot workforentriesinthissourceandthus,freebusylookups. displayname(optional) Ifsetasanaddressbook,thehumanidentificationnameoftheLDAPrepository ModulesConstraints(optional) LimitstheaccessofanymodulethroughaconstraintbasedonanLDAPattribute;mustbea dictionarywithkeysmail,and/orcalendar,for example: ModulesConstraints = { Calendar = { ou = employees; }; }; mapping Adictionarythatmapscontactattributesused bysogototheldapattributesusedbythe schemaoftheldapsource.eachentrymust haveanattributenameaskeyandanarrayof Configuration 24

InstallationandConfigurationGuide. forversion3.0.1

InstallationandConfigurationGuide. forversion3.0.1 InstallationandConfigurationGuide forversion3.0.1 InstallationandConfigurationGuide Version3.0.1-February2016 Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version

More information

NativeMicrosoftOutlookConfiguration Guide. forversion2.3.1

NativeMicrosoftOutlookConfiguration Guide. forversion2.3.1 NativeMicrosoftOutlookConfiguration Guide forversion2.3.1 NativeMicrosoftOutlookConfigurationGuide Version2.3.1-July2015 Permissionisgrantedtocopy,distributeand/ormodifythisdocumentunderthetermsoftheGNUFreeDocumentationLicense,Version

More information

Version 2.0.0rc5. Native Microsoft Outlook Configuration Guide

Version 2.0.0rc5. Native Microsoft Outlook Configuration Guide Version 2.0.0rc5 Native Microsoft Outlook Configuration Guide Copyright 2009-2012 Inverse inc. (http://inverse.ca) Permission is granted to copy, distribute and/or modify this document under the terms

More information

Ciphermail Gateway Web LDAP Authentication Guide

Ciphermail Gateway Web LDAP Authentication Guide CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Web LDAP Authentication Guide June 19, 2014, Rev: 5454 Copyright 2008-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 3 2 Create an LDAP configuration

More information

EMC NetWorker. Security Configuration Guide. Version 9.0 302-001-775 REV 02

EMC NetWorker. Security Configuration Guide. Version 9.0 302-001-775 REV 02 EMC NetWorker Version 9.0 Security Configuration Guide 302-001-775 REV 02 Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published November, 2015 EMC believes the information

More information

LDAP and Active Directory Guide

LDAP and Active Directory Guide LDAP and Active Directory Guide Contents LDAP and Active Directory Guide...2 Overview...2 Configuring for LDAP During Setup...2 Deciding How to Use Data from LDAP... 2 Starting the Setup Tool... 3 Configuring

More information

Adeptia Suite LDAP Integration Guide

Adeptia Suite LDAP Integration Guide Adeptia Suite LDAP Integration Guide Version 6.2 Release Date February 24, 2015 343 West Erie, Suite 440 Chicago, IL 60654, USA Phone: (312) 229-1727 x111 Fax: (312) 229-1736 DOCUMENT INFORMATION Adeptia

More information

Configuring idrac6 for Directory Services

Configuring idrac6 for Directory Services Configuring idrac6 for Directory Services Instructions for Setting Up idrac6 with Active Directory, Novell, Fedora, OpenDS and OpenLDAP Directory Services. A Dell Technical White Paper Dell Product Group

More information

LDAP Directory Integration with Cisco Unity Connection

LDAP Directory Integration with Cisco Unity Connection CHAPTER 6 LDAP Directory Integration with Cisco Unity Connection The Lightweight Directory Access Protocol (LDAP) provides applications like Cisco Unity Connection with a standard method for accessing

More information

Active Directory LDAP Quota and Admin account authentication and management

Active Directory LDAP Quota and Admin account authentication and management Active Directory LDAP Quota and Admin account authentication and management Version 4.1 Updated July 2014 GoPrint Systems 2014 GoPrint Systems, Inc, All rights reserved. One Annabel Lane, Suite 105 San

More information

Migrating application users and passwords with Password Manager

Migrating application users and passwords with Password Manager Migrating application users and passwords with Password Manager 2015 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Migrating Users 1 3 Initializing Passwords 2 4 Maintaining

More information

User Management Resource Administrator. Managing LDAP directory services with UMRA

User Management Resource Administrator. Managing LDAP directory services with UMRA User Management Resource Administrator Managing LDAP directory services with UMRA Copyright 2005, Tools4Ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted

More information

KACE Appliance LDAP Reference Guide V1.4

KACE Appliance LDAP Reference Guide V1.4 KACE Appliance LDAP Reference Guide V1.4 Brandon Whitman Page 1 The purpose of this guide is to help you with both common and advanced LDAP issues related to the KACE appliances. This guide will give you

More information

Configuration Guide BES12. Version 12.1

Configuration Guide BES12. Version 12.1 Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...

More information

FirstClass Directory Services 10 (Build 11)

FirstClass Directory Services 10 (Build 11) FirstClass Directory Services 10 (Build 11) Description FCDS only runs on Windows machines. The FirstClass server can be running on any operating system. If your organization uses an LDAP server to maintain

More information

Configuration Guide BES12. Version 12.2

Configuration Guide BES12. Version 12.2 Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining

More information

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor Adobe Enterprise & Developer Support Knowledge Article ID: c4715 bc Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor In addition to manually creating users and user permissions,

More information

KMIP installation Guide. DataSecure and KeySecure Version 6.1.2. 2012 SafeNet, Inc. 007-012120-001

KMIP installation Guide. DataSecure and KeySecure Version 6.1.2. 2012 SafeNet, Inc. 007-012120-001 KMIP installation Guide DataSecure and KeySecure Version 6.1.2 2012 SafeNet, Inc. 007-012120-001 Introduction This guide provides you with the information necessary to configure the KMIP server on the

More information

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory May 21, 2014 This edition of this document applies to Piston OpenStack 3.0. To send us your comments about this document, e-mail documentation@pistoncloud.com.

More information

Cloudwork Dashboard User Manual

Cloudwork Dashboard User Manual STUDENTNET Cloudwork Dashboard User Manual Make the Cloud Yours! Studentnet Technical Support 10/28/2015 User manual for the Cloudwork Dashboard introduced in January 2015 and updated in October 2015 with

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.3 Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing

More information

PINsafe Manual. PINsafe Reference Manual Version 3.8

PINsafe Manual. PINsafe Reference Manual Version 3.8 PINsafe Reference Manual Last Revision: Page 1 of 94 September 2010 Contents Table of Contents Introduction... 5 Getting Started with PINsafe 3.7... 6 Setting the PINsafe Database... 6 Setting the Internal

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

LDAP User Guide PowerSchool Premier 5.1 Student Information System

LDAP User Guide PowerSchool Premier 5.1 Student Information System PowerSchool Premier 5.1 Student Information System Document Properties Copyright Owner Copyright 2007 Pearson Education, Inc. or its affiliates. All rights reserved. This document is the property of Pearson

More information

Mozilla Thunderbird: Setup & Configuration Learning Guide

Mozilla Thunderbird: Setup & Configuration Learning Guide Mozilla Thunderbird: Setup & Configuration Learning Guide Exchange Email at Tufts Below you will find some nomenclature to help familiarize you with the Tufts email system. Term UTLN Email Address Exchange

More information

http://cnmonitor.sourceforge.net CN=Monitor Installation and Configuration v2.0

http://cnmonitor.sourceforge.net CN=Monitor Installation and Configuration v2.0 1 Installation and Configuration v2.0 2 Installation...3 Prerequisites...3 RPM Installation...3 Manual *nix Installation...4 Setup monitoring...5 Upgrade...6 Backup configuration files...6 Disable Monitoring

More information

Cyclope Internet Filtering Proxy. - User Guide -

Cyclope Internet Filtering Proxy. - User Guide - Cyclope Internet Filtering Proxy - User Guide - 1. Overview 3 2. Cyclope Internet Filtering Proxy User Interface 4 2.1 Login 4 2.2 Logout 4 3. Administration 5 3.1 IP Management 5 3.2 Proxy Forwarding

More information

Security Provider Integration LDAP Server

Security Provider Integration LDAP Server Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

Synchronization Agent Configuration Guide

Synchronization Agent Configuration Guide SafeNet Authentication Service Synchronization Agent Configuration Guide 1 Document Information Document Part Number 007-012476-001, Revision A Release Date July 2014 Trademarks All intellectual property

More information

Configure Directory Integration

Configure Directory Integration Client Configuration for Directory Integration, page 1 Client Configuration for Directory Integration You can configure directory integration through service profiles using Cisco Unified Communications

More information

ShoreTel Active Directory Import Application

ShoreTel Active Directory Import Application INSTALLATION & USER GUIDE ShoreTel Active Directory Import Application ShoreTel Professional Services Introduction The ShoreTel Active Directory Import Application allows customers to centralize and streamline

More information

prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to

prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to If you are looking for more control of your public key infrastructure, try the powerful Dogtag certificate system. BY THORSTEN SCHERF symmetric cryptography provides a powerful and convenient means for

More information

Configuring MailArchiva with Insight Server

Configuring MailArchiva with Insight Server Copyright 2009 Bynari Inc., All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any

More information

Copyright 2016 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International, Inc., registered in the U.S. and/or other countries.

Copyright 2016 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International, Inc., registered in the U.S. and/or other countries. Best Practice LDAP Copyright 016 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International, Inc., registered in the U.S. and/or other countries. All other trademarks are the property

More information

Remote Desktop Services Guide

Remote Desktop Services Guide Remote Desktop Services Guide Mac OS X V 1.1 27/03/2014 i Contents Introduction... 1 Install and connect with Mac... 1 1. Download and install Citrix Receiver... 2 2. Installing Citrix Receiver... 4 3.

More information

ShoreTel Active Directory Import Application

ShoreTel Active Directory Import Application INSTALLATION & USER GUIDE ShoreTel Active Directory Import Application ShoreTel Professional Services Introduction The ShoreTel Active Directory Import application creates, updates, and removes System

More information

EMC SourceOne. Products Compatibility Guide 300-008-041 REV 54

EMC SourceOne. Products Compatibility Guide 300-008-041 REV 54 EMC SourceOne Products Compatibility Guide 300-008-041 REV 54 Copyright 2005-2016 EMC Corporation. All rights reserved. Published in the USA. Published February 23, 2016 EMC believes the information in

More information

Integrating EJBCA and OpenSSO

Integrating EJBCA and OpenSSO Integrating EJBCA and OpenSSO EJBCA is an Enterprise PKI Certificate Authority issuing certificates to users, servers and devices. In an organization certificate can be used for strong authentication.

More information

Active Directory Service. Integration Parameters and Implementation

Active Directory Service. Integration Parameters and Implementation Active Directory Service Integration s and Implementation Revised January, 2014 Table of Contents Overview... 3 Getting Started... 3 Migrating Your Users... 7 Manually Adding or Editing Users with the

More information

Technical Overview. Active Directory Synchronization

Technical Overview. Active Directory Synchronization Technical Overview Document Revision: March 15, 2010 AD Sync Technical Overview Page 2 of 7 Description of (AD Sync) is a utility that performs a one way synchronization from a customer s Active Directory

More information

Configuring Thunderbird with UEA Exchange 2007:

Configuring Thunderbird with UEA Exchange 2007: Configuring Thunderbird with UEA Exchange 2007: This document covers Thunderbird v10.0.2 please contact it.linux@uea.ac.uk if you require an upgrade. Mail Account Setup. Step 1: Open Thunderbird, you should

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide BlackBerry Resource Kit for BlackBerry Enterprise Service 10 Version 10.2 Published: 2015-11-12 SWD-20151112124827386 Contents Overview: BlackBerry Enterprise Service

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Step- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory

Step- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory Step- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory Integrator (ex TDI) on Red- Hat (part 3) Summary STEP-

More information

Integrate with Directory Sources

Integrate with Directory Sources Cisco Jabber integrates with directory sources in on-premises deployments to query for and resolve contact information. Learn why you should enable synchronization and authentication between your directory

More information

Configuring and Using the TMM with LDAP / Active Directory

Configuring and Using the TMM with LDAP / Active Directory Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring

More information

Email Client configuration and migration Guide Setting up Thunderbird 3.1

Email Client configuration and migration Guide Setting up Thunderbird 3.1 Email Client configuration and migration Guide Setting up Thunderbird 3.1 1. Open Mozilla Thunderbird. : 1. On the Edit menu, click Account Settings. 2. On the Account Settings page, under Account Actions,

More information

Unified Access for Enterprise Users

Unified Access for Enterprise Users Unified Access for Enterprise Users Informational webinar Chinmay Meghani Liferay Portal Specialist Fulcrum Worldwide, Inc. Mehria Askaryar Business Development Manager Fulcrum Worldwide, Inc. Agenda Introduction

More information

EVERYTHING LDAP. Gabriella Davis gabriella@turtlepartnership.com

EVERYTHING LDAP. Gabriella Davis gabriella@turtlepartnership.com EVERYTHING LDAP Gabriella Davis gabriella@turtlepartnership.com Agenda What is LDAP? LDAP structure and behavior Domino and LDAP LDAP tools Notes as an LDAP client IBM Lotus Sametime, Quickr, Connections,

More information

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2 Flexible Identity Bronze LDAP Synchronization Agent guide version 1.2 publication history Date Description Revision 2014.06.27 initial release 1.0 2014.11.24 rebranding 1.1 2015.04.16 LDAP synchronization

More information

Steps to setup authentication and enrolment through LDAP protocol

Steps to setup authentication and enrolment through LDAP protocol Steps to setup authentication and enrolment through LDAP protocol Step 1: Authentication The web user try to get inside Moodle. Moodle will recognize him/her only if his credentials are found inside Accounts

More information

Identity Management in Quercus. CampusIT_QUERCUS

Identity Management in Quercus. CampusIT_QUERCUS Identity Management in Quercus Student Interaction. Simplified CampusIT_QUERCUS Document information Document version 1.0 Document title Identity Management in Quercus Copyright All rights reserved. No

More information

HOWTO. Configure Nginx for SSL with DoD CAC Authentication on CentOS 6.3. Joshua Penton Geocent, LLC joshua.penton@geocent.com.

HOWTO. Configure Nginx for SSL with DoD CAC Authentication on CentOS 6.3. Joshua Penton Geocent, LLC joshua.penton@geocent.com. HOWTO Configure Nginx for SSL with DoD CAC Authentication on CentOS 6.3 Joshua Penton Geocent, LLC joshua.penton@geocent.com March 2013 Table of Contents Overview... 1 Prerequisites... 2 Install OpenSSL...

More information

Active Directory Integration Notes. Introduction. Overview

Active Directory Integration Notes. Introduction. Overview Active Directory Integration Notes Created July 2006 Revised October 2007 Table of Contents Active Directory Integration Notes... 1 Introduction... 1 Overview... 1 Prerequisites... 2 Installation... 2

More information

Live Office. Personal Archive User Guide

Live Office. Personal Archive User Guide Live Office Personal Archive User Guide Document Revision: 14 Feb 2012 Personal Archive User Guide Personal Archive gives you an unlimited mailbox and helps you quickly and easily access your archived

More information

Teradata Viewpoint. Configuration Guide

Teradata Viewpoint. Configuration Guide Teradata Viewpoint Configuration Guide Release 13.0.1 B035-2207-059A May 2009 The product or products described in this book are licensed products of Teradata Corporation or its affiliates. Teradata, BYNET,

More information

www.novell.com/documentation Administration Guide Messenger 2.2 July 30, 2013

www.novell.com/documentation Administration Guide Messenger 2.2 July 30, 2013 www.novell.com/documentation Administration Guide Messenger 2.2 July 30, 2013 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,

More information

Migration guide. Business Email

Migration guide. Business Email Migration guide Business Email June 2013 Contents Introduction 3 Administrator Migration What You Need to Get Started 1. Importing PST Files 2. Exporting PST Files 3 3 4 5 End User Migration Using Outlook

More information

Version 9. Active Directory Integration in Progeny 9

Version 9. Active Directory Integration in Progeny 9 Version 9 Active Directory Integration in Progeny 9 1 Active Directory Integration in Progeny 9 Directory-based authentication via LDAP protocols Copyright Limit of Liability Trademarks Customer Support

More information

Active Directory Sync (AD) How it Works in WhosOnLocation

Active Directory Sync (AD) How it Works in WhosOnLocation Active Directory Sync (AD) How it Works in WhosOnLocation 1 P a g e Contents Overview... 3 About AD in WhosOnLocation... 3 The Way It Works... 3 Requirements... 3 How to Setup Active Directory Sync...

More information

Personal Archive User Guide

Personal Archive User Guide Personal Archive User Guide Personal Archive gives you an unlimited mailbox and helps you quickly and easily access your archived email directly from Microsoft Outlook or Lotus Notes. Since Personal Archive

More information

Active Directory Sync (AD) How to Setup

Active Directory Sync (AD) How to Setup Active Directory Sync (AD) How to Setup 1 P a g e Contents How to Setup Active Directory Sync... 3 Download your AD Script... 3 Configuration... 5 Active Directory Sync F.A.Q... 6 2 P a g e How to Setup

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference Using SSL Certificates in Web Help Desk Introduction... 1 How WHD Uses SSL... 1 Setting WHD to use HTTPS... 1 Enabling HTTPS and Initializing the Java Keystore... 1 Keys

More information

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Table of Contents Purpose LDAP Requirements Using LDAP with Sentry Firmware (GUI) Initiate a Sentry GUI Session Configuring LDAP for Active

More information

Feature and Technical

Feature and Technical BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Feature and Technical Overview Published: 2013-11-07 SWD-20131107160132924 Contents 1 Document revision history...6 2 What's

More information

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0 Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...

More information

Introduction... 1. Installing and Configuring the LDAP Server... 3. Configuring Yealink IP Phones... 30. Using LDAP Phonebook...

Introduction... 1. Installing and Configuring the LDAP Server... 3. Configuring Yealink IP Phones... 30. Using LDAP Phonebook... Introduction... 1 Installing and Configuring the LDAP Server... 3 OpenLDAP... 3 Installing the OpenLDAP Server... 3 Configuring the OpenLDAP Server... 4 Configuring the LDAPExploreTool2... 8 Microsoft

More information

PGP Desktop LDAP Enterprise Enrollment

PGP Desktop LDAP Enterprise Enrollment PGP Desktop LDAP Enterprise Enrollment This document provides a technical, experiential, and chronological overview of PGP Desktop s LDAP enterprise enrollment process. Each step of the enrollment process

More information

Active Directory Synchronization Tool Architecture and Design

Active Directory Synchronization Tool Architecture and Design Active Directory Synchronization Tool Architecture and Design Revised on: March 31, 2015 Version: 1.01 Hosting Controller www.hostingcontroller.com Contents Proprietary Notice... 1 1. Introduction... 2

More information

GALSYNC V4.3. Manual NETSEC. 18. March 2013. NETsec GmbH & Co.KG Schillingsstrasse 117 DE - 52355 Düren

GALSYNC V4.3. Manual NETSEC. 18. March 2013. NETsec GmbH & Co.KG Schillingsstrasse 117 DE - 52355 Düren GALSYNC V4.3 Manual NETSEC 18. March 2013 NETsec GmbH & Co.KG Schillingsstrasse 117 DE - 52355 Düren THE ADVANTAGES OF GALSYNC... 6 EASY TO USE... 6 NO SECURITY RISKS IN YOUR FIREWALL... 6 VALUES FOR YOUR

More information

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3 White Paper Fabasoft Folio 2015 Update Rollup 3 Copyright Fabasoft R&D GmbH, Linz, Austria, 2016. All rights reserved. All hardware and software names used are registered trade names and/or registered

More information

The following gives an overview of LDAP from a user's perspective.

The following gives an overview of LDAP from a user's perspective. LDAP stands for Lightweight Directory Access Protocol, which is a client-server protocol for accessing a directory service. LDAP is a directory service protocol that runs over TCP/IP. The nitty-gritty

More information

WebApp S/MIME Manual. Release 7.2.1. Zarafa BV

WebApp S/MIME Manual. Release 7.2.1. Zarafa BV WebApp S/MIME Manual Release 7.2.1 Zarafa BV January 06, 2016 Contents 1 Introduction 2 2 Installation 3 2.1 RPM based distributions............................................. 3 2.2 DEB based distributions.............................................

More information

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Here, we will discuss step-by-step procedure for enabling LDAP Authentication. LDAP Authenticated Web Administration : MailScan 5.x is powered with LDAP Authenticated Web Administration. This gives security enhancement to authenticate users, to check their quarantined and ham emails.

More information

The Integration of LDAP into the Messaging Infrastructure at CERN

The Integration of LDAP into the Messaging Infrastructure at CERN The Integration of LDAP into the Messaging Infrastructure at CERN Ray Jackson CERN / IT-IS Group 29 Nov 2000 16:00 CERN IT Auditorium, bldg. 31, 3-005 A bit about me Technical Student Sep 1997-1998 in

More information

Configuring TLS Security for Cloudera Manager

Configuring TLS Security for Cloudera Manager Configuring TLS Security for Cloudera Manager Cloudera, Inc. 220 Portage Avenue Palo Alto, CA 94306 info@cloudera.com US: 1-888-789-1488 Intl: 1-650-362-0488 www.cloudera.com Notice 2010-2012 Cloudera,

More information

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior

More information

EMC NetWorker. Security Configuration Guide. Version 8.2 SP1 302-001-577 REV 02

EMC NetWorker. Security Configuration Guide. Version 8.2 SP1 302-001-577 REV 02 EMC NetWorker Version 8.2 SP1 Security Configuration Guide 302-001-577 REV 02 Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published February, 2015 EMC believes the information

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service

SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT

More information

www.novell.com/documentation Administration Guide Messenger 3.0 February 2015

www.novell.com/documentation Administration Guide Messenger 3.0 February 2015 www.novell.com/documentation Administration Guide Messenger 3.0 February 2015 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,

More information

New Features SMART Sync 2009. Collaboration Feature Improvements

New Features SMART Sync 2009. Collaboration Feature Improvements P L E A S E T H I N K B E F O R E Y O U P R I N T New Features SMART Sync 2009 SMART Sync (formerly SynchronEyes ) is easy-to-use classroom management software that allows teachers to monitor and control

More information

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3 CA SiteMinder Federation Security Services Release Notes r12.0 SP3 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational

More information

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory

More information

Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper

Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper Issue 1.0 25 th July 2011 2011 Avaya Inc. All rights reserved. Contents 1. Introduction... 3 2. LDAP Sync Description... 3 3. LDAP

More information

Exchange 2010. Outlook Profile/POP/IMAP/SMTP Setup Guide

Exchange 2010. Outlook Profile/POP/IMAP/SMTP Setup Guide Exchange 2010 Outlook Profile/POP/IMAP/SMTP Setup Guide September, 2013 Exchange 2010 Outlook Profile/POP/IMAP/SMTP Setup Guide i Contents Exchange 2010 Outlook Profile Configuration... 1 Outlook Profile

More information

MFT Command Center/Internet Server LDAP Integration Guide. Ver sio n 7.1.1

MFT Command Center/Internet Server LDAP Integration Guide. Ver sio n 7.1.1 MFT Command Center/Internet Server LDAP Integration Guide Ver sio n 7.1.1 September 7, 2011 Documentation Information MFT LDAP Integration Guide Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES

More information

Acano Solution 1.1. Multi-tenancy Considerations. Acano. April 2014 76-1024-02-B

Acano Solution 1.1. Multi-tenancy Considerations. Acano. April 2014 76-1024-02-B Acano Solution 1.1 Multi-tenancy Considerations Acano April 2014 76-1024-02-B Contents Contents 1 Introduction 3 1.1 Multi-tenancy Basics... 3 2 Suggested Procedure 5 Appendix A Acano Multi-tenancy Configuration

More information

MyArbonne Email Account Settings

MyArbonne Email Account Settings MyArbonne Email Account Settings Page 1 of 6 In the example settings below, a U.S. based.com account is displayed for Betty@myarbonne.com. a) If you have a Canadian account, make sure to replace the.com

More information

Installation manual SAP BusinessObjects BI4.0

Installation manual SAP BusinessObjects BI4.0 Installation manual SAP BusinessObjects BI4.0 (inclusive connection between SAP BW and SAP BO) (inclusive mobile configuration for ipad) on a Microsoft Windows 7 64 bit machine Creator: Twitter: Blog:

More information

Datasharp Optimum Connect Toolbar

Datasharp Optimum Connect Toolbar Datasharp Optimum Connect Toolbar User Guide Release 17 Document Version 1 WWW.DATASHARP.CO.UK Table of Contents 1 About This Guide...6 1.1 Open Datasharp Optimum Connect Toolbar... 6 1.2 First Time Login...

More information

Citrix EasyCall Gateway Pre-Installation Checklist

Citrix EasyCall Gateway Pre-Installation Checklist Citrix EasyCall Gateway Pre-Installation Checklist This checklist is for EasyCall Gateway administrators. Information for telephony system integrators is provided in the EasyCall Gateway Telephony System

More information

DB2 - LDAP. To start with configuration of transparent LDAP, you need to configure the LDAP server.

DB2 - LDAP. To start with configuration of transparent LDAP, you need to configure the LDAP server. http://www.tutorialspoint.com/db2/db2_ldap.htm DB2 - LDAP Copyright tutorialspoint.com Introduction LDAP is Lightweight Directory Access Protocol. LDAP is a global directory service, industry-standard

More information

Emerge Assistant Toolbar Guide

Emerge Assistant Toolbar Guide Emerge Assistant Toolbar Guide 031114/FT/13v1/EX Page 0 Table of Contents Table of Contents... Error! Bookmark not defined. Table of Figures... 5 Questions?... 8 1 Introduction... 9 1.1 About Emerge Assistant

More information

Infor M3 Report Manager. Solution Consultant

Infor M3 Report Manager. Solution Consultant Infor M3 Report Manager Per Osmar Solution Consultant per.osmar@infor.com Carl Bengtsson CTO carl.bengtsson@accure.se 1 Agenda Challenges What is Report Manager Features Key Messages Demo Pilot Pre-req

More information

Set up Outlook for your new student e mail with IMAP/POP3 settings

Set up Outlook for your new student e mail with IMAP/POP3 settings Set up Outlook for your new student e mail with IMAP/POP3 settings 1. Open Outlook. The Account Settings dialog box will open the first time you open Outlook. If the Account Settings dialog box doesn't

More information

Novell Identity Manager

Novell Identity Manager AUTHORIZED DOCUMENTATION Driver for LDAP Implementation Guide Novell Identity Manager 3.6.1 December 04, 2009 www.novell.com Legal Notices Novell, Inc. makes no representations or warranties with respect

More information