pre-requisites:

• required PHP version 4.3+ (recommended 5+)
• php.ini: safe_mode = Off
• php.ini: magic_quotes_runtime = Off
• php.ini: register_globals = Off
• php.ini: memory_limit >= 16M
• php.ini: max_execution_time >= 30
• php.ini: file_uploads = On
• php.ini: include_path ='.:/usr/share/php5/PEAR:/usr/share/php5'
• php.ini: mbstring.func_overload = 7
• php.ini: magic_quotes_gpc = Off
• extension mysql is loaded or loadable: True
• extension pgsql is loaded or loadable: False

The pgsql extension is needed, if you plan to use a pgSQL database.

• extension odbc is loaded or loadable: False

The odbc extension is needed, if you plan to use a MaxDB, MsSQL or Oracle database.

• extension oci8 is loaded or loadable: False

The oci extension is needed, if you plan to use a Oracle database.

• extension mbstring is loaded or loadable: True
• extension session is loaded or loadable: True
• extension imap is loaded or loadable: True
• PEAR is installed: 1.4.11
• PEAR::Net_Socket is installed: 999.egw-pear
• PEAR::Auth_SASL is installed: False

PEAR::Auth_SASL is needed by: EMailAdmin, felamimail. openSUSE 10.2's php5-pear-auth_sasl-1.0.2-29.rpm is missing an important file: installing /usr/share/php5/PEAR/.registry/auth_sasl.reg thus the PEAR-extension isn't recognized by eGroupWare! So I built my own php5-pear-auth_sasl-1.0.2.rpm

• PEAR::Net_IMAP is installed: 999.egw-pear
• PEAR::Net_Sieve is installed: 999.egw-pear
• PEAR::HTTP_WebDAV_Server is installed: 999.egw-pear
• PEAR::Log is installed: 999.egw-pear
• GD support…: True
• file-permissions of . for not world writable: wwwrun/www drwxr-xr-x
• session.save_path='/var/lib/egroupware/sessions' is writable by the webserver

• cd /srv/www/htdocs/
• svn -co http://svn.egroupware.org/egroupware/branches/1.4/
• mkdir /var/lib/egroupware
• mkdir /var/lib/egroupware/default
• mkdir /var/lib/egroupware/default/backup
• mkdir /var/lib/egroupware/default/files
• mkdir /var/lib/egroupware/sessions
• chown -R wwwrun /var/lib/egroupware
• cp /srv/www/htdocs/egroupware/header.inc.php.template to /var/lib/egroupware/header.inc.template
• Because of a bug in egw 1.4.001 (no pages are displayed):

chown root.root /var/lib/egroupware/header.inc.php

• http://station7.example.com/egroupware/setup/

- Install-check
Header-Admin:

• Language: english
• Server Root Path: /srv/www/htdocs/egroupware
• Include root: /srv/www/htdocs/egroupware
• Header Username: egw-admin
• Header Password: secretpassword
• Limit access: station7.example.com,localhost
• Persistent connections: yes
• Sessions Type: PHP plus restore
• Enable MCrypt: yes
• MCrypt version: 2.6.4
• MCrypt initialization vector: ghfdbbewfznxgeiuoium
• Domain select box on login: no
• Database instance (eGW domain): default
• DB Type: MySQL
• DB Host: localhost
• DB Port: 3306
• DB Name: egroupware
• DB User: egwdbuser
• DB Password: secretpassword
• Configuration User: egw-admin
• Configuration Password: secretpassword

Setup/Config Admin Login:
Step 1 - Simple Application Management

• charset to use: utf-8

Your Database is not working!: Access denied for user 'egwdbuser'@'localhost' (using password: YES)
Instructions for creating the database in MySql:
Login to mysql -
[user@server user]# mysql -u root -p
Create the empty database and grant user permissions -
mysql> CREATE DATABASE egroupware;
mysql> GRANT ALL ON egroupware.* TO egwdbuser@localhost IDENTIFIED BY 'secretpassword';
 
Or we can attempt to create the database for you:
DB root username: root
DB root password: secretpassword

Create Database

At your request, this script is going to attempt to create the database and assign the db user rights to it\\ 
Status
If you did not receive any errors, your applications have been created

Your database is working, but you dont have any applications installed
charset to use: utf-8
Install all applications

Creating Tables
At your request, this script is going to attempt to install the core tables and the admin and preferences  
applications for you.
Status
If you did not receive any errors, your applications have been installed

Your eGroupWare API is current

Step 2 - Configuration Path information:

• full path for temporary files: /tmp
• full path for users and group files. (This has to be outside the webservers document-root!!!): /var/lib/egroupware/default/files
• full path to the backup directory. (This has to be outside the webservers document-root!!!): /var/lib/egroupware/default/backup
• location of eGroupWare's URL (No trailing slash!): /egroupware
• Image type selection order: PNG→JPG→GIF

Host information:

• hostname of the machine on which this server is running: station7.example.com
• default FTP server: - leave empty! -
• Attempt to use correct mimetype for FTP instead of default 'application/octet-stream': no
• HTTP proxy server: vw01.xample.com
• HTTP proxy server port: 8585
• HTTP proxy server username: - leave empty! -
• HTTP proxy server password: - leave empty! -

• Standard mailserver settings (used for Mail authentication too):
• POP/IMAP mail server hostname or IP address: station7.example.com
• Mail server protocol: IMAP
• Mail server login type: standard (login-name identical to egroupWare user-name)
• Mail domain (for Virtual mail manager): example.com
• SMTP server hostname or IP address: station7.example.com
• SMTP server port: 25 (=⇒> 465 for SSL???)
• User for SMTP-authentication (leave it empty if no auth required): - leave empty! -
• Password for SMTP-authentication: - leave empty! -

Authentication / Accounts

• Select which type of authentication you are using: LDAP
• Select where you want to store/retrieve user accounts: LDAP
• SQL encryption type for passwords (default - md5): MD5
• Activate safe password check: no
• Allow authentication via cookie: no
• Auto login anonymous user: no
• Allow password migration: no
• Allowed migration types (comma-separated): - leave empty! -
• Minimum account id (e.g. 500 or 100, etc.): - leave empty! -
• Maximum account id (e.g. 65535 or 1000000): - leave empty! -
• User account prefix: - leave empty! -
• Usernames are casesensitive: no
• Auto create account records for authenticated users: no
• Auto-created user accounts expire: one week
• Add auto-created users to this group ('Default' will be attempted if this is empty.): - leave empty! -
• If no ACL records for user or any group the user is a member of: Deny Access

If using LDAP:

• LDAP host: station7.example.com
• LDAP accounts context: ou=people,dc=example,dc=com
• LDAP search filter for accounts, default: „(uid=%user)“, %domain=eGW-domain: - leave empty! -
• LDAP groups context: ou=groups,dc=example,dc=com
• LDAP rootdn (searching accounts and changing passwords): cn=ldapadmin,dc=example,dc=com
• LDAP root password: secretpassword
• LDAP encryption type: MD5
• Do you want to manage homedirectory and loginshell attributes?: no
• LDAP Default homedirectory prefix (e.g. /home for /home/username): - leave empty! -
• LDAP Default shell (e.g. /bin/bash): - leave empty! -

Mcrypt Settings (requires mcrypt PHP extension)

• Enter some random text for app session encryption: secretrandomtext
• Mcrypt algorithm (default TRIPLEDES): TRIPLEDES
• Mcrypt mode (default CBC): CBC

Additional settings

• Select where you want to store/retrieve filesystem information: (file type, size, version, etc.): SQL (recommended default)
• Select where you want to store/retrieve file contents: (Recommended: Filesystem): Filesystem

Step 3 - Admin Account

• Accounts existing → LDAP

first you have to create a admin user!
A group „Admins“ for egroupware-admins and a group „Default“ for egroupware-users is created in LDAP. Since GOsa cannot work with uppercase groups, you have to rename both groups to lowercase in egroupware!
„Admins“ → „egroupware-admins“
„Default“ → „egroupware-user“
I didn't manage to find out, where the both groups are in egroupware configured …

Step 4 - Language Management

• Multi-Language support setup

This program will help you upgrade or install different languages for eGroupWare
Select which languages you would like to use
Deutsch
English
→ Currently installed languages: Deutsch, English

Step 5 - Advanced Application Management This stage is completed

Step 6 - DB backup and restore scheduled backups

year  	month  	day  	day of week 	hour (0-24) 	minute 	next run
        		(0-6, 0=sunday)
* 	        * 	* 	0-6 		19 		30 	2007-07-24 19:30 	

and: backup now

The group ACL requires that the used groups have the groupOfNames objectclass with member attributes containing the dn's of all members! The memberUid attribute of posixGroup is NOT enough. If you use a distribution other then SuSE, you can NOT use both objectclasses together, as both are structural objects. You have to use the alternative rfc2307bis.schema instead of the stock nis.schema to do so.
The README in phpgwapi/doc/ldap describs how to change your ldap accordingly!

/* $Id: README 22275 2006-08-17 20:27:21Z ralfbecker $ */

eGroupWare needs no more special LDAP schemas since version 1.3.007:
- valid eGroupWare users have a posixAccount and shadowAccount object class.
- valid Groups have a posixGroup object class and store there members in the memberuid attribute.

If you want to use group-addressbooks in LDAP, the ACL requires that groups get expanded by the LDAP server.
To do so, we need to use groupOfNames together with posixGroup (groupOfNames stores the dn in the member
attribute, posixGroup only the uid in the memberUid attribute).
If your LDAP uses the original nis.schema, posixGroup is a structural object and can NOT be used together!
Newer SuSE distributions use a rfc2307bis schema, which can be used on other distributions too
(instead of the nis.schema, NOT together). The schema is in the same directory as this README.

To change to the rfc2307bis.schema (not needed with newer SuSE distros!):
1. create an ldif from your ldap: slapcat > my.ldif
2. run: ./nis2rfc2307bis.php my.ldif > new.ldif
or alternativly edit my.ldif by hand:
- add objectclass groupOfNames to every group (only the groups!)
- change every occurence of "structuralObjectClass: posixGroup" to "structuralObjectClass: groupOfNames"
- add the required (by groupOfNames) member attributes, by using the information from memberUid,
eg. memberUid: hugo --> member: uid=hugo,ou=account,o=egw,dc=domain,dc=com
--> easier: use the provided script
3. edit your slapd.conf:
+ remove the include of the nis.schema
+ include the rfc2307bis.schema in this dir
4. stoping ldap
5. empty the ldap database (eg. by removing the content of /var/lib/ldap)
6. add the edited ldif file: slapadd -l new.ldif
7. start ldap again

Please note:
You can use nis2rfc2307bis.php on newer SuSE distros too, to get groupOfNames and the member
attributes set, without editing & saving each group in Admin >> Manage groups. 


eGroupWare detects if it can use groupOfNames together with posixGroup and fills the member attribute,
if you edit the group or changes the members.

To create a dedicated LDAP account for eGroupWare, you can use the following sample LDIF:
cn=eGroupWare,dc=domain,dc=com
cn: eGroupWare
objectClass: person
sn: eGroupWare
userPassword: SOME_LONG_RANDOM_PASSWORD

To give eGroupWare permission to manage the groups, you can use the following ACL:
	access to dn.subtree="ou=groups,dc=domain,dc=com"
		by dn="cn=eGroupWare,dc=domain,dc=com" write

Ralf

The new Addressbook requires only the inetOrgPerson schema.

If you want to use extra attributes availible in the SQL addressbook
like eg. the home-address you need to use some other supported schema:
- evolutionOrgPerson	used by evolution
- mozillaAbPersonAlpha	used by thunderbird & sunbird 1.5+
- mozillaOrgPerson	older mozilla schema (depricated, but mostly compatible to mozillaAbPersonAlpha)

Please note: 
You can or should install the evolutionPerson schema together with ONE
of the mozilla schemas. You can NOT install both mozilla schema!

If the addressbook detects a schema, it fills the extra fields of that schema.

LDAP layout used for the eGroupWare addressbook
dc=domain,dc=com    base DN of your LDAP server
|
+-o=default         base DN for the addressbook of eGroupWare domain / DB instance "default"
| |                 (specified in Admin >> Addressbook >> Site config)
| |
| +-ou=accounts     base DN for accounts (specified in Setup >> Configuration)
| | +-uid=ralf      entry for user ralf
| | +-uid=lars      entry for user lars
| | +-uid=...       other users
| |
| +-ou=groups       base DN for groups (specified in Setup >> Configuration)
| | +-cn=Default    entry for the group Default
| | +-cn=...        other groups
| |
| +ou=contacts
|   |
|   +-ou=shared     shared addressbooks of the groups
|   | +-cn=default  addressbook of group Default
|   | +-cn=...
|   |
|   +-ou=personal   personal addressbooks of the users
|     +-cn=ralf     addressbook of user ralf
|     +-cn=lars     addressbook of user lars
|     +-cn=...
|
+-o=other           other eGroupWare domain / DB instance
  +-...

The contact base DN must include the accounts and groups base DN, otherwise they will not be 
searched AND the ACL given below does NOT work!
 
The example acl_addressbook.conf allow:
- only the user to read, edit or delete in his personal addressbook
- group-members to read, edit or delete in their group addressbook(s)

Please note: 
- The group ACL requires that the used groups have the groupOfNames objectclass with
  member attributes containing the dn's of all members! The memberUid attribute of
  posixGroup is NOT enough. If you use a distribution other then SuSE, you can NOT
  use both objectclasses together, as both are structural objects. You have to use
  the alternative rfc2307bis.schema instead of the stock nis.schema to do so.
  The README in phpgwapi/doc/ldap describs how to change your ldap accordingly!
- You need to copy our example acl_addressbook.conf into your openldap conf dir.
- You need to change all dc=domain,dc=com with the base DN your LDAP uses!!!
- If you want to use the old mozillaOrgPerson schema, you need to change it here too!
- You need to include "your" acl_addressbook.conf BEFORE the last acl entry (access to *) 
  in your slapd.conf and restart the LDAP server. 
 
This is how the default ACL's in /etc/openldap/slapd.conf of my (SuSE 10.1) looks and 
where I included it:

access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,userPKCS12
        by self write
        by * auth

access to attrs=shadowLastChange
        by self write
        by * read

include /etc/openldap/acl_addressbook.conf

access to *
        by * read

**acl_addressbook.conf:**

# Access to users personal addressbooks
# allow read of addressbook by owner and egwadmin account
access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
	attrs=entry
 	by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" read
	by dn.regex="cn=egwadmin,o=$2,dc=domain,dc=com" write
	by users none

# allow user to create entries in own addressbook; no-one else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
	attrs=children
	by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" write
	by users none

# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
	attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
	by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" write
	by users none

# Access to groups addressbooks

# allow read of addressbook by members and egwadmin account
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
	attrs=entry
	by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" read
	by dn.regex="cn=egwadmin,o=$2,dc=domain,dc=com" write
	by users none

# allow members to create entries in there group addressbooks; no-one else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
	attrs=children
	by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" write
	by users none

# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
	attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
	by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" write
	by users none

eGW-example LDIF:

#
# ldapadd -f <file.ldif> -x -D "cn=Manager,dc=enterprise,dc=subnet" -w <password>
#
# Example
# --- English version ---
dn: dc=enterprise,dc=loc
objectClass: top
objectClass: organization
l: City
st: States
o: enterprise

# People, edge-it, subnet
dn: ou=People,dc=enterprise,dc=loc
objectClass: top
objectClass: organizationalUnit
ou: People

# Groups, edge-it, subnet
dn: ou=Groups,dc=enterprise,dc=loc
objectClass: top
objectClass: organizationalUnit
ou: Groups

• Get JPGraph at http://www.aditus.nu/jpgraph/jpdownload.php and install it to /srv/www/htdocs/jpgraph
• Install the TrueTypeFont-packages of openSUSE 10.2
• Get the MS core fonts at http://sf.net/projects/corefonts
• build an rpm-file. Instructions from: http://volker.dnsalias.net/linux/msttcorefonts.html
• Configure /srv/www/htdocs/jpgraph/src/jpg-config.inc.php:

/usr/share/fonts/truetype/

• Documentation is here: https://station7.example.com/jpgraph/docs/

install crontab job for user wwwrun:

• /5 * * * * /usr/bin/php5 -qC /srv/www/htdocs/egroupware/phpgwapi/cron/asyncservices.php default

← index