Horde Groupware

This is really interesting - I though Horde was simple a webmail, at par with roundcube (already installed in NS7 if I’m correct). I know roundcube has quite a number of addons that can make it into a full fledged groupware but Horde 5 seems to have it all enabled out-of-the-box. I’ve just looked around the demo they have on the website and it does look very similar to the SOGo, specially caldav and cardav support which is my main interest.
It would be great to hear from someone regarding performance of the horde package within Nethserver. It does look like an interesting option to explore.

3 Likes

Definitively yes, Horde is a huge groupware, with the epel advantage, rpms are quite recent 5.2.13 (instead of 5.2.17), released arount the december 20 2016

If someone want to start something, the game could interests me.

1 Like

**

ATTENTION!

You can find a newer version of the howto in the next message

**

Sorry you have to wait for the howto, but at this time I have installed horde and created a database but can’t work with it. Here are my first steps I’ve done:
What I’ve done till now:

first we install webmail

# yum install php-horde-imp -y

the package php-horde-horde is installed automaticaly with php-horde-imp

to reach the configuration you have to to make some changes to the php-horde-horde.conf (my favorite to do it is nano, which you can install with yum install nano -y)
open it with

# nano /etc/httpd/conf.d/php-horde-horde.conf

change Require ip to your IP and add an Allow from with your IP as shown below:

 <IfModule mod_authz_core.c>
      # Apache 2.4
      Require ip X.X.X.X
    </IfModule>
    <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order Deny,Allow
      Deny from All
      Allow from 127.0.0.1
      Allow from ::1
      Allow from X.X.X.X
    </IfModule>

Restart your webserver

#systemctl reload httpd.service

MySQL Database

Login to mysql

# mysql

Create Database

mysql> create database horde5;

Output:

Query OK, 1 row affected (0.00 sec)

Create database user

mysql> CREATE USER ‘horde_admin_user’@‘FQDN of Server’ IDENTIFIED BY ‘YourPassword’;

Output:

Query OK, 0 rows affected (0.00 sec)

Give Privileges to user

mysql> GRANT ALL PRIVILEGES ON horde5.* TO ‘horde_admin_user’@‘FQDN of Server’ IDENTIFIED BY ‘YourPassword’ WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;

Output:

Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;

Output:

Query OK, 0 rows affected (0.00 sec)

Now we can test our new user

# mysql -D horde5 -h FQDN of Server -u horde_admin_user -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 217265
Server version: 5.1.73 Source distribution

Copyright © 2000, 2014, Oracle, Monty Program Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MySQL [horde5]>

The connection is ok, now we list the tables

MySQL [horde5]> show databases;
±-------------------+
| Database |
±-------------------+
| information_schema |
| horde5 |
±-------------------+
2 rows in set (0.01 sec)

MySQL [horde5]>
If you can see this tables everything went right.
Now you can quit MySQL

MySQL [horde5]> quit

Output:

Bye

I used the documentation of the following site to do my steps:

Djangos WIKI

4 Likes

Installation of Horde at Nethserver 7

Edit: Added Samba authentication

For my steps I looked at the following documentations (and google):

https://dokuwiki.tachtler.net/doku.php?id=tachtler:horde5_-_framework
https://dokuwiki.nausch.org/doku.php/centos:mail_c7:horde_1

first we have to install the following packages:

  1. php-horde-horde (Basic Horde Installation)
  2. php-pecl-imagick (Manipulating graphics)
  3. aspell-en (english spell-checking, for other languages, you possibily have to install other repositories)

# yum install php-horde-horde php-pecl-imagick aspell-en

Also You have to install MariaDB and Mailserver from Nethserver-Softwarecenter

now we have to change values in the php.ini file (my favorite to do it is nano, which you can install with yum install nano)

# nano /etc/php.ini

Attachment sice for sending mail:

; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
; default: post_max_size = 8M
post_max_size = 100M
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =

; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
; default: upload_max_filesize = 2M
upload_max_filesize = 20M

; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20

Say Garbage Collection to work not so often for better performance:

; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://php.net/session.gc-divisor
; default: session.gc_divisor = 1000
session.gc_divisor = 10000

Give users less informations about php-version and horde-groupware and forbid them to change global data:

;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
; default: expose_php = On
expose_php = Off

Configure timezone:

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

[CLI Server]
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
; default: ;date.timezone =
date.timezone = 'Europe/Berlin'

to reach the configuration you have to to make some changes to the php-horde-horde.conf
open it with:
# nano /etc/httpd/conf.d/php-horde-horde.conf

Add Require ip IP to IfModule mod_authz_core.c section and add an Allow from IP to IfModule !mod_authz_core.c section as shown below:
IP = IP of the device which should connect to the server to administrate it

 <IfModule mod_authz_core.c>
     # Apache 2.4
     Require ip X.X.X.X
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from X.X.X.X
   </IfModule>
After that reload your webserver

# systemctl reload httpd.service

Now we have to create a database

# mysql

mysql> create database horde5;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER 'hordeuser'@'FQDN of your Horde-Server' IDENTIFIED BY 'Your Password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON horde5.* TO 'hordeuser'@'FQDN of your Horde-Server' IDENTIFIED BY 'Your Password' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
Query OK, 0 rows affected (0.00 sec)

 mysql> FLUSH PRIVILEGES;
 Query OK, 0 rows affected (0.00 sec)

mysql>quit
bye

Now we can test our new user
# mysql -D horde5 -h FQDN of your Horde-Server -u hordeuser -p

Enter password:  Your Password
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 217265
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [horde5]>
The connection is ok, now we list the databases

MySQL [horde5]> show databases; 
+--------------------+
| Database           |
+--------------------+
| information_schema |
| horde5             |
+--------------------+
2 rows in set (0.01 sec)

 
MySQL [horde5]> quit
 Bye

after that you can open your webbrowser and navigate to X.X.X.X/horde/admin/config
click on gear-wheel, administration and configuration
click on Horde link at the table
click on preferences tab and change the following

* $conf[prefs][maxsize] 65535 
* $conf[prefs][driver] PHP Session 
* $conf[prefs][params][driverconfig] Horde Defaults 
* $conf[prefs][params][table] 

* $conf[sql][phptype] MySQL (mysqli)
* $conf[sql][username] hordeuser 
* $conf[sql][password] Your Password
* $conf[sql][protocol] TCP/IP 
* $conf[sql][hostspec] FQDN of your Horde Server 
* $conf[sql][port] 3306
* $conf[sql][database] horde5 
* $conf[sql][charset] utf-8 
* $conf[sql][ssl] [ ] 
* $conf[sql][ca] 
* $conf[sql][splitread] Disabled

press the button ‘create horde configuration’
Don’t be afraid, there could come a lot of problem reports, but after the next step everything would work great.

back to terminal you can create the database tables with an existant script

# ./usr/bin/horde-db-migrate

after that go back to the configuration at your browser. It should look like this:


Now you can change back the value at preferences tab from PHP Session to SQL Database

At this time we have installed the the basic system of horde, other instaructions will follow.

Binding to Nethservers Samba Account Provider

Documentations in the Internet I found at:

https://www.skelleton.net/2013/05/12/installing-horde-5-and-configuring-it-for-active-directory-and-dovecot/
http://www.cymea.net/active-directory-horde-5-1-x-ubuntu-14-04/

Thank you as well to @flatspin and @dnutan for their help to find the correct configuration

For binding Horde to our Samba Active Directory we have to add and change some values at the configuration. Most of the values you get at Domain Accounts at your webinterface and at the terminal with:

account-provider-test dump

For configuration navigate to X.X.X.X/horde/admin/config where X.X.X.X is the IP-Adress of your server
click on gear-wheel, administration and configuration
click on Horde link at the table
click on ldab tab and change the following:

$conf[ldap][useldap] yes
$conf[ldap][hostspec] IP of Samba Container
$conf[ldap][port] 389
$conf[ldap][tls] false
$conf[ldap][timeout] 5
$conf[ldap][version] 3
$conf[ldap][bindas] Bind with administrative/system credentials
$conf[ldap][binddn] your bindDN
$conf[ldap][bindpw] your bindPassword
$conf[ldap][user][basedn] cn=users,your baseDN
$conf[ldap][user][uid] samaccountname
$conf[ldap][user][filter_type] LDAP filter string
$conf[ldap][user][filter] (objectClass=user)

Now we have to go to the Authentication tab and do the following settings:

$conf[auth][admins] admin
$conf[auth][checkip] true
$conf[auth][checkbrowser] true
$conf[auth][resetpassword] yes
$conf[auth][resetpassword_from] leave it blank
$conf[auth][alternate_login] false
$conf[auth][redirect_on_logout] false
$conf[auth][list_users] show a dropdown list
$conf[auth][driver] LDAP authentication
$conf[auth][params][driverconfig] Horde defaults
$conf[auth][params][basedn] cn=users,your BaseDN
$conf[auth][params][scope] Subtree search
$conf[auth][params][sizelimit] leave it blank
$conf[auth][params][ad] true
$conf[auth][params][uid] samaccountname
$conf[auth][params][encryption] ssha
$conf[auth][params][newuser_objectclass] shadowAccount, inetOrgPerson
$conf[auth][params][filter] (objectclass=Person)
$conf[auth][params][password_expiration] no
$conf[auth][params][count_bad_logins] false
$conf[auth][params][login_block] false
$conf[auth][params][login_block_count] 5
$conf[auth][params][login_block_time] 5

At last we go to the Groups tab and enter the following values:

$conf[group][driver] LDAP
$conf[group][params][driverconfig] Horde defaults
$conf[group][params][basedn] cn=users,your BaseDN
$conf[group][params][scope] Subtree search
$conf[group][params][gid] cn
$conf[group][params][memberuid] memberuid
$conf[group][params][attrisdn] yes
$conf[group][params][user][basedn] cn=users,your BaseDN
$conf[group][params][user][uid] samaccountname
$conf[group][params][user][filter_type] LDAP filter string
$conf[group][params][user][filter] (objectCategory=group)(objectClass=user)
$conf[group][params][newgroup_objectclass] posixGroup, hordeGroup
$conf[group][params][writedn] your bindDN
$conf[group][params][writepw] your bindPassword
$conf[group][params][search][filter_type] A complete LDAP filter expression
$conf[group][params][search][filter] (objectClass=group)

Now press the the button to create the Horde configuration.
From now on you can login with your Samba users.
To check if everything works fine login with admin user and go to configuration again. At the left side you can switch between User and groups, have a look if you see your users and groups here.

7 Likes

Good work. Love it. Will try to follow your instructions ASAP. Thanks for that. :+1:

4 Likes

Thanks for that, it looks amazing! We should follow always the same path:

  • validate the howto
  • improve it
  • move it on our wiki.
1 Like

Horde has a long and STABLE history as well as active. Certainly more going on there than sogo if my observations are correct.

1 Like

I followed your instruction and now I think I’ve installed the basic system of horde. Great how to!! :+1:

If you don’t mind I will give some remarks:

Before the mysql-commands I had to install MariaDB from softwarecenter :blush:
TYPO: in the line with the GRANT ALL PRIVs… there should be ; not ]
before the testcommand for the DB we must exit mysql
in the php-horde-horde.conf the ‘your IP’ is not the server IP (I missunderstood this)
after the first ‘create horde configuration’ you get a lot of failures: A hint about don’t worry about it would be great. After the database script is done, every thing works fine.

Back to the panel I got this:

Is this correct??

3 Likes

Hi Ralf,
thanks for your tests and your feedback, I’ve reworked my howto with your steps. Can you have a look at it please?

I can’t find it

Yes I think so, because we only have the basic system now. But please have a look at the settings, if the databases are loaded like in my added image.

In my next step I’ll try to bind to my samba AD…

2 Likes

Now we are getting somewhere! Great effort @m.traeumner and @flatspin!

I maent this:

but it was my bad. I’ve overseen that there comes more on the right side. Sorry.

1 Like

Please scroll to the right, what you see is an I of IDENTIFIED, it’s not the end of the line

Now I haven’t seen your sentence :joy:

@davidep sorry to disturb you, but can you give me a hint how to get the correct BinDN and Password?
BindDN is the same as distinguishedName I think, but how do I get the password?
Thanks in advance.

Got it: /usr/sbin/account-provider-test dump

1 Like

Install nethserver-phpldapadmin then all your ldap clues are available, login is the user admin with its password

If you need to get credential to bind a user in ldap, for example to allow the ldap login, then go to the line 300 in the file /etc/phpldapadmin/config.php, you will find an example of what your search

3 Likes

Thanks for that, I searched it too

So, how about Kopano? Has the benefit that it just has been included with openSUSE, for example see here: https://kopano.com/kopano-opensuse-yes-open/ - With Kopano it’s not just the option for the groupware part, but also mobile device sync (Z-Push), a desktop application (DeskApp), Web Meetings and more … ?

Kopano is a fork of zarafa
It wants it’s own services, no way

That’s right, it is a fork from the open source parts of Zarafa which has received a vast amount of changes since then and is 100% open source - Why do you see that an issue it provides it’s own (MAPI) stack? I mean taking the comparison with others (including downstream distributions): They don’t have a problem with that - Why should Nethserver? Not ranting I just try to understand your point here?

Please don’t get me wrong, but we had some discussions about groupware like kopano, webtop, sogo, zarafa, citadel and so on. Here we are trying to get Horde working. If we discuss about other solutions here we will loose the overview. Would you mind to open a new thread? Thanks in advance. :slight_smile:

4 Likes