Project

General

Profile

action #33736

Renewing the Kopano configuration files

Added by flacco over 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
2018-03-23
Due date:
% Done:

100%

Estimated time:

Description

This should be done in two steps.

First step is to put our individual settings of the existing files to the new example files of Kopano 8.5.x

This step includes Ticket #27094.

Second step is to switch to the new kopano LDAP schema and then create a new ldap.cfg. With kopano 8.5.x the ldap.cfg is splitted in two parts. Part one is in /etc/kopano. Inside this file the second part (/usr/share/kopano/ldap.active-directory.cfg) is included.

...and we have to think about how to migrate from the old zarafa-schema to the new kopano-schema.

History

#1 Updated by flacco over 4 years ago

  • % Done changed from 0 to 10

We never talked about "enable_sso" in file "server.cfg". The default value is "no". We should have to test it with "yes".

#2 Updated by flacco over 4 years ago

  • % Done changed from 10 to 20

Step one is done and has to be tested.

#3 Updated by flacco over 4 years ago

  • % Done changed from 20 to 30

Kopano runs with the new configuration on my own productive invis-server. Looks good.

#4 Updated by ingogoeppert over 4 years ago

Only the ldap config ist splitted? The rest of the config files exists only in /etc? We leave many options on the default values (port number, socket location...) and each time there are changes in the default values or new options are provided, we have to update our config files... My idea is to create config files (or a patch against the config files) only with our changes. Do you think this is possible?

#5 Updated by flacco over 4 years ago

This is a bit strange. The Kopano daemons didn't have config-files under /etc/kopano anymore. They work with coded default values. (https://documentation.kopano.io/kopano_changelog/kc.html#kopano-core-8-5) Config-files are only necessary if we need individual settings, like using own certificates or an AD as user-backend. Therefor it should be possible to work with small config-files wich contains only our settings.

But... my first test yesterday shows that kopano-monitor refused to start without a config file. I don't now yet if this was an individual problem of my installation or a bug.

#6 Updated by flacco about 4 years ago

  • % Done changed from 30 to 60

Precense daemon has the same problem as the monitor daemon. It refused to start without a config file. I added the config file and changed the session secret from "GEHEIM" to a 32 letter random secret.

#7 Updated by flacco about 4 years ago

  • % Done changed from 60 to 90

We just have to test it a little bit more.

#8 Updated by flacco almost 4 years ago

  • % Done changed from 90 to 80

Kopano does not Support SSLv2 any longer, we have to remove it from the config files.

#9 Updated by flacco almost 4 years ago

Parallel to remove SSLv2 from the Kopano configs I want to block at least TLSv1. Problem is that older Microsoft Products like Windows or Outlook doesn't support TLSv1.1 & 1.2 out of the box. With installing updates it should be possible to enable TLSv1.1 and 1.2 from W7 upwards:

https://support.microsoft.com/de-de/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

#10 Updated by flacco almost 4 years ago

There are some strange things around the kopano-packages inside openSUSE leap 15:

  1. Leap 15 contains Kopano version 8.6.0, which was never released
  2. Packet kopanpo-presence is missing
  3. kopano-search refuses to start with error: NameError: name 'pidlockfile' is not defined

#11 Updated by flacco almost 4 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 80 to 100

Everything works with Kopano 8.6.7 from the Kopano limited repositories.

-> We could open a new ticket for the upcoming Kopano 8.7.x

Also available in: Atom PDF