2 commits - Administrator_Guide/en-US

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Mon Aug 6 13:10:29 CEST 2012


 Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml |  386 ++++++++++
 Administrator_Guide/en-US/Tweaking_Tips_for_Roundcube.xml            |  170 ++++
 2 files changed, 556 insertions(+)

New commits:
commit 9ab305d75d2d245d0b4094efdda027efd66c28b7
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Aug 6 12:10:12 2012 +0100

    Add some verbiage on enabling the VLV / SSS in the Roundcube address book

diff --git a/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml b/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml
index 3c719af..e5eae63 100644
--- a/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml
+++ b/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml
@@ -383,6 +383,14 @@ done</programlisting>
 
         </procedure>
 
+        <section id="sect-Administrator_Guide-Using_Virtual_List_View_Control_for_Larger_Directory_Information_Trees-Making_Use_of_VLV_and_SSS">
+            <title>Making Use of VLV and SSS</title>
+            <para>
+                See <xref linkend="sect-Administrator_Guide-Tweaking_Tips_for_Roundcube-Configuring_the_LDAP_Address_Book_for_Use_of_VLV_and_SSS" /> for instructions on configuring Roundcube to make use of VLV and SSS for its Global Address Book.
+            </para>
+
+        </section>
+
 
     </section>
 
diff --git a/Administrator_Guide/en-US/Tweaking_Tips_for_Roundcube.xml b/Administrator_Guide/en-US/Tweaking_Tips_for_Roundcube.xml
index 5b737b3..89a1f97 100644
--- a/Administrator_Guide/en-US/Tweaking_Tips_for_Roundcube.xml
+++ b/Administrator_Guide/en-US/Tweaking_Tips_for_Roundcube.xml
@@ -8,6 +8,176 @@
     <para>
         para
     </para>
+    <section id="sect-Administrator_Guide-Tweaking_Tips_for_Roundcube-Setting_the_Maximum_Upload_Size">
+        <title>Setting the Maximum Upload Size</title>
+        <para>
+            para
+        </para>
+
+    </section>
+
+    <section id="sect-Administrator_Guide-Tweaking_Tips_for_Roundcube-Using_Memcached_for_Session_Storage">
+        <title>Using Memcached for Session Storage</title>
+        <para>
+            para
+        </para>
+
+    </section>
+
+    <section id="sect-Administrator_Guide-Tweaking_Tips_for_Roundcube-Using_APC_to_Accelerate_PHP">
+        <title>Using APC to Accelerate PHP</title>
+        <para>
+            para
+        </para>
+
+    </section>
+
+    <section id="sect-Administrator_Guide-Tweaking_Tips_for_Roundcube-Configuring_the_LDAP_Address_Book_for_Use_of_VLV_and_SSS">
+        <title>Configuring the LDAP Address Book for Use of VLV and SSS</title>
+        <para>
+            With a large directory information tree (as described in <xref linkend="sect-Administrator_Guide-Tweaking_Tips_for_389_Directory_Server-Using_Virtual_List_View_Control_for_Larger_Directory_Information_Trees" />), having set up VLV and SSS (see <xref linkend="proc-Administrator_Guide-Using_Virtual_List_View_Control_for_Larger_Directory_Information_Trees-Configuring_VLV_and_SSS_on_389_Directory_Server" />), Roundcube must still be configured to make use of the new settings.
+        </para>
+        <procedure id="proc-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_Use_of_VLV_and_SSS-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS">
+            <title>Configuring the LDAP Address Book for VLV and SSS</title>
+            <step>
+                <para>
+                    Relevant settings are contained within the <literal>$rcmail_config['ldap_public']['kolab_addressbook']</literal> setting in <filename>/etc/roundcubemail/main.inc.php</filename>. Working from a default Kolab Groupware installation, we are going to verify and/or change the relevant settings one by one.
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-base_dn">
+                    <title><literal>base_dn</literal></title>
+                    <para>
+                        The <literal>base_dn</literal> configured in the address book should match the Base DN configured for the People VLV Search.
+                    </para>
+
+                </formalpara>
+                <para>
+                    Should you not have modified the configuration deployed by default too much, then the likely appropriate value for this setting is <literal>ou=People,${rootdn}</literal>
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-filter">
+                    <title><literal>filter</literal></title>
+                    <para>
+                        The <literal>filter</literal> configured in the address book should match the search filter configured for the People VLV Search.
+                    </para>
+
+                </formalpara>
+                <para>
+                    By default, all LDAP entries with object class <literal>inetOrgPerson</literal> are included.
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-scope">
+                    <title><literal>scope</literal></title>
+                    <para>
+                        The <literal>scope</literal> configured in the address book should match the search scope configured for the People VLV Search.
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-sort">
+                    <title><literal>sort</literal></title>
+                    <para>
+                        The <literal>sort</literal> setting is an array, that must contain the exact list of elements configured in the vlv sort configured for the People VLV Index.
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-vlv">
+                    <title><literal>vlv</literal></title>
+                    <para>
+                        This setting controls whether VLV is to be used at all. Set it to <literal>true</literal>.
+                    </para>
+
+                </formalpara>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-vlv_search">
+                    <title><literal>vlv_search</literal></title>
+                    <para>
+                        This setting controls whether searches are to use VLV and SSS as well. More specifically, this influences auto-completion such as during the composition of new messages, adding participants to events, and adding ACL entries in folder management.
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-groups_Array_base_dn">
+                    <title><literal>groups</literal> Array <literal>base_dn</literal></title>
+                    <para>
+                        para
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-groups_Array_filter">
+                    <title><literal>groups</literal> Array <literal>filter</literal></title>
+                    <para>
+                        para
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-groups_Array_scope">
+                    <title><literal>groups</literal> Array <literal>scope</literal></title>
+                    <para>
+                        para
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+            <step>
+                <formalpara id="form-Administrator_Guide-Configuring_the_LDAP_Address_Book_for_VLV_and_SSS-groups_Array_sort">
+                    <title><literal>groups</literal> Array <literal>sort</literal></title>
+                    <para>
+                        para
+                    </para>
+
+                </formalpara>
+                <para>
+                    para
+                </para>
+
+            </step>
+
+        </procedure>
+
+
+    </section>
+
 
 </chapter>
 


commit cc67a13f1f1c27c233fcab60141335c9b7c746d3
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Mon Aug 6 11:35:03 2012 +0100

    Add verbiage on VLV and SSS for 389 Directory Server

diff --git a/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml b/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml
index fd86b13..3c719af 100644
--- a/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml
+++ b/Administrator_Guide/en-US/Tweaking_Tips_for_389_Directory_Server.xml
@@ -19,6 +19,384 @@
     <section id="sect-Administrator_Guide-Tweaking_Tips_for_389_Directory_Server-Using_Virtual_List_View_Control_for_Larger_Directory_Information_Trees">
         <title>Using Virtual List View Control for Larger Directory Information Trees</title>
         <para>
+            A default deployment of Kolab Groupware includes a largely unmodified 389 Directory Server with not all too many tweaked settings. When deployments grow the size of their Directory Information Tree, such as would be the case with more than 2000 user, group and/or contact entries, regular bind credentials run out of bounds when querying the tree.
+        </para>
+        <para>
+            Regular bind credentials include look-through, size and time limitations, usually causing a result set to be limited to 2000 entries (usually the first symptom), or causing the query to time out (larger trees, usually a later symptom).
+        </para>
+        <para>
+            Because a variety of User Interfaces depend on listing users, groups and contacts, it may be necessary to seek aid in Virtual List View (VLV) capabilities. VLV consists of additional indexes that can be queried by enabling two server-side controls:
+        </para>
+        <para>
+            <orderedlist>
+                <listitem>
+                    <para>
+                        Virtual List View control, with corresponding Base DN, Filter and Scope
+                    </para>
+
+                </listitem>
+                <listitem>
+                    <para>
+                        Server-Side Sorting control (SSS), with a corresponding list of attributes to use when sorting result entries.
+                    </para>
+
+                </listitem>
+
+            </orderedlist>
+
+        </para>
+        <para>
+            VLV along with SSS enables the pagination of search results, and circumvents the search limits for regular bind credentials.
+        </para>
+        <procedure id="proc-Administrator_Guide-Using_Virtual_List_View_Control_for_Larger_Directory_Information_Trees-Configuring_VLV_and_SSS_on_389_Directory_Server">
+            <title>Configuring VLV and SSS on 389 Directory Server</title>
+            <step>
+                <para>
+                    A version of these scripts can be downloaded from <ulink url="http://hosted.kolabsys.com/~vanmeeuwen/kolab-scripts.tar.gz" />.
+                </para>
+                <para>
+                    Inclusion into the <application>kolab</application> command-line utility is planned, so make sure to check <command>kolab help</command> to see if the commands have been included already.
+                </para>
+
+            </step>
+            <step>
+                <para>
+                    In the following few steps, the scripts refer to the variables outlined below (which are contained in <filename>./settings.sh</filename>).
+                </para>
+
+<programlisting language="Bash">#!/bin/bash
+
+export rootdn="dc=example,dc=org"
+export domain="example.org"
+export domain_db="example_org"
+export ldap_host="localhost"
+export ldap_binddn="cn=Directory Manager"
+export ldap_bindpw="VerySecret"</programlisting>
+
+            </step>
+            <step>
+                <para>
+                    Add the VLV Search definitions:
+                </para>
+
+<programlisting language="Bash">#!/bin/bash
+
+ . ./settings.sh
+
+(
+    echo "dn: cn=People VLV Search,cn=${domain_db}," \
+        "cn=ldbm database,cn=plugins,cn=config"
+
+    echo "objectClass: top"
+    echo "objectClass: vlvSearch"
+    echo "cn: People VLV Search"
+    echo "vlvBase: ou=People,${rootdn}"
+    echo "vlvScope: 2"
+    echo "vlvFilter: (objectclass=inetorgperson)"
+    echo "aci: (targetattr = \"*\") (version 3.0;acl " \
+        "\"Read Access\";allow (read,compare,search)" \
+        "(userdn = \"ldap:///anyone\");)"
+
+    echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+(
+    echo "dn: cn=Groups VLV Search,cn=${domain_db}," \
+        echo "cn=ldbm database,cn=plugins,cn=config"
+
+    echo "objectClass: top"
+    echo "objectClass: vlvSearch"
+    echo "cn: Groups VLV Search"
+    echo "vlvBase: ou=Groups,${rootdn}"
+    echo "vlvScope: 2"
+    echo "vlvFilter: " \
+        "(objectclass=groupofuniquenames)(objectclass=groupofurls))"
+
+    echo "aci: (targetattr = \"*\") (version 3.0;acl " \
+        "\"Read Access\";allow (read,compare,search)" \
+        "(userdn = \"ldap:///anyone\");)"
+
+    echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c</programlisting>
+
+            </step>
+            <step>
+                <para>
+                    Add the VLV Indexes:
+                </para>
+
+<programlisting language="Bash">#!/bin/bash
+
+ . ./settings.sh
+
+(
+    echo "dn: cn=People VLV Index,cn=People VLV Search,cn=${domain_db}," \
+        "cn=ldbm database,cn=plugins,cn=config"
+
+    echo "objectClass: top"
+    echo "objectClass: vlvIndex"
+    echo "cn: People VLV Index"
+    echo "vlvSort: displayname sn givenname cn"
+    echo "aci: (targetattr = \"*\") (version 3.0;acl " \
+        "\"Read Access\";allow (read,compare,search)" \
+        "(userdn = \"ldap:///anyone\");)"
+
+    echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+(
+    echo "dn: cn=Groups VLV Index,cn=Groups VLV Search,cn=${domain_db}," \
+        "cn=ldbm database,cn=plugins,cn=config"
+
+    echo "objectClass: top"
+    echo "objectClass: vlvIndex"
+    echo "cn: Groups VLV Index"
+    echo "vlvSort: cn"
+    echo "aci: (targetattr = \"*\") (version 3.0;acl " \
+        "\"Read Access\";allow (read,compare,search)" \
+        "(userdn = \"ldap:///anyone\");)"
+
+    echo ""
+) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c</programlisting>
+
+            </step>
+            <step>
+                <para>
+                    Execute the indexing tasks:
+                </para>
+
+<programlisting language="Bash">#!/bin/bash
+
+ . ./settings.sh
+
+(
+    echo "dn: cn=${domain_db} People VLV Index," \
+        "cn=index,cn=tasks,cn=config"
+
+    echo "objectclass: top"
+    echo "objectclass: extensibleObject"
+    echo "cn: ${domain_db} People VLV Index"
+    echo "nsinstance: ${domain_db}"
+    echo "nsIndexVLVAttribute: People VLV Index"
+    echo ""
+) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+ldap_complete=0
+
+search_base="cn=${domain_db} People VLV Index,cn=index,cn=tasks,cn=config"
+
+while [ ${ldap_complete} -ne 1 ]; do
+    result=$(
+            ldapsearch \
+                -x \
+                -h ${ldap_host} \
+                -D "${ldap_binddn}" \
+                -w "${ldap_bindpw}" \
+                -c \
+                -LLL \
+                -b "${search_base}" \
+                -s base 2>/dev/null
+        )
+    if [ -z "$result" ]; then
+        ldap_complete=1
+        echo ""
+    else
+        echo -n "."
+        sleep 1
+    fi
+done
+
+(
+    echo "dn: cn=${domain_db} Groups VLV Index,cn=index,cn=tasks,cn=config"
+    echo "objectclass: top"
+    echo "objectclass: extensibleObject"
+    echo "cn: ${domain_db} Groups VLV Index"
+    echo "nsinstance: ${domain_db}"
+    echo "nsIndexVLVAttribute: Groups VLV Index"
+    echo ""
+) | ldapmodify -a -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+ldap_complete=0
+
+search_base="cn=${domain_db} Groups VLV Index,cn=index,cn=tasks,cn=config"
+
+while [ ${ldap_complete} -ne 1 ]; do
+    result=$(
+            ldapsearch \
+                -x \
+                -h ${ldap_host} \
+                -D "${ldap_binddn}" \
+                -w "${ldap_bindpw}" \
+                -c \
+                -LLL \
+                -b "${search_base}" \
+                -s base 2>/dev/null
+        )
+    if [ -z "$result" ]; then
+        ldap_complete=1
+        echo ""
+    else
+        echo -n "."
+        sleep 1
+    fi
+done</programlisting>
+
+            </step>
+            <step>
+                <para>
+                    Test the VLV functioning with this detection and execution script:
+                </para>
+
+<programlisting language="Bash">#!/bin/bash
+
+ . ./settings.sh
+
+(
+    ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -LLL \
+        -b "cn=ldbm database,cn=plugins,cn=config" \
+        "(objectclass=vlvsearch)" \
+        entrydn | \
+            grep ^dn | \
+                cut -d':' -f2-
+
+) | while read vlvsearch; do
+    vlvbasedn=`ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -LLL \
+        -b "${vlvsearch}" \
+        -s base \
+        vlvbase | \
+            grep -i ^vlvbase | \
+                awk 'BEGIN { FS = ": " } ; {print $2}'`
+
+    vlvscope=`ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -LLL \
+        -b "${vlvsearch}" \
+        -s base \
+        vlvscope | \
+            grep -i ^vlvscope | \
+                awk 'BEGIN { FS = ": " } ; {print $2}'`
+
+    vlvfilter=`ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -LLL \
+        -b "${vlvsearch}" \
+        -s base \
+        vlvfilter | \
+            grep -i ^vlvfilter | \
+                awk 'BEGIN { FS = ": " } ; {print $2}'`
+
+    vlvsort=`ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -LLL \
+        -b "${vlvsearch}" \
+        -s sub \
+        "(objectclass=vlvIndex)" \
+        vlvsort | \
+            grep -i ^vlvsort | \
+                awk 'BEGIN { FS = ": " } ; {print $2}'`
+
+    echo "Found a VLV index and search with parameters:"
+    echo " - Base: ${vlvbasedn}"
+    echo -n " - Scope: "
+
+    case ${vlvscope} in
+        0)
+            echo "base"
+            vlvscope="base"
+        ;;
+
+        1)
+            echo "one"
+            vlvscope="one"
+        ;;
+
+        2)
+            echo "sub"
+            vlvscope="sub"
+        ;;
+    esac
+
+    echo " - Filter: ${vlvfilter}"
+    echo " - Sorting by: ${vlvsort}"
+
+    # Use it
+
+    uses_before=`ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -b "cn=ldbm database,cn=plugins,cn=config" \
+        -s sub \
+        "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \
+        -LLL \
+        vlvuses | \
+        grep -i ^vlvuses | awk '{print $2}'`
+
+    echo "after" | ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -b "${vlvbasedn}" \
+        -s ${vlvscope} "${vlvfilter}" \
+        -E '!vlv=5/5/1/10' \
+        -E "!sss=$(echo ${vlvsort} | sed -e 's| |/|g')" >/dev/null 2>&1
+
+    uses_after=`ldapsearch \
+        -x \
+        -h ${ldap_host} \
+        -D "${ldap_binddn}" \
+        -w "${ldap_bindpw}" \
+        -b "cn=ldbm database,cn=plugins,cn=config" \
+        -s sub \
+        "(&(objectclass=vlvindex)(vlvsort=${vlvsort}))" \
+        -LLL \
+        vlvuses | \
+        grep -i ^vlvuses | awk '{print $2}'`
+
+    if [ ${uses_before} -lt ${uses_after} ]; then
+        echo "Works (before: ${uses_before}, after: ${uses_after})"
+    fi
+done</programlisting>
+
+            </step>
+
+        </procedure>
+
+
+    </section>
+
+    <section id="sect-Administrator_Guide-Tweaking_Tips_for_389_Directory_Server-Enforcing_Global_Attribute_Uniqueness">
+        <title>Enforcing (Global) Attribute Uniqueness</title>
+        <para>
+            para
+        </para>
+
+    </section>
+
+    <section id="sect-Administrator_Guide-Tweaking_Tips_for_389_Directory_Server-Enforcing_a_Password_Policy">
+        <title>Enforcing a Password Policy</title>
+        <para>
             para
         </para>
 





More information about the commits mailing list