3 commits - Administrator_Guide/en-US Installation_Guide/en-US
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Sat Aug 11 02:38:40 CEST 2012
Administrator_Guide/en-US/Upgrading_from_Kolab_2_on_OpenPKG.xml | 79 +++++++++-
Administrator_Guide/en-US/part-Kolab_Server.xml | 2
Installation_Guide/en-US/Kolab_Server_First_Login.xml | 53 ++++--
3 files changed, 112 insertions(+), 22 deletions(-)
New commits:
commit eeb03a389e5a3648edaa32f0c79c33556946c99a
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sat Aug 11 01:38:23 2012 +0100
Add the output of the command to run
diff --git a/Installation_Guide/en-US/Kolab_Server_First_Login.xml b/Installation_Guide/en-US/Kolab_Server_First_Login.xml
index a3913f9..c826a91 100644
--- a/Installation_Guide/en-US/Kolab_Server_First_Login.xml
+++ b/Installation_Guide/en-US/Kolab_Server_First_Login.xml
@@ -110,8 +110,10 @@ SELinux is disabled</screen>
</para>
<para>
-<screen># <userinput>su -s /bin/bash - apache -c '/usr/lib64/mozldap/ldapsearch'</userinput>
-# <userinput>ls -l /usr/lib64/mozldap/ldapsearch</userinput></screen>
+<screen># <userinput># su -s /bin/bash - apache -c '/usr/lib64/mozldap/ldapsearch --help >/dev/null 2>&1; echo $?'</userinput>
+89
+# <userinput>ls -l /usr/lib64/mozldap/ldapsearch</userinput>
+-rwxr-xr-x. 1 root root 78920 Apr 12 15:42 /usr/lib64/mozldap/ldapsearch</screen>
</para>
commit f3062e7de117b4adf408d298fa34c19c28d74fc5
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sat Aug 11 01:37:51 2012 +0100
Add verbiage on the need to adjust or disable the recipient policy before adding users.
diff --git a/Administrator_Guide/en-US/Upgrading_from_Kolab_2_on_OpenPKG.xml b/Administrator_Guide/en-US/Upgrading_from_Kolab_2_on_OpenPKG.xml
index 12d2f89..4b342d6 100644
--- a/Administrator_Guide/en-US/Upgrading_from_Kolab_2_on_OpenPKG.xml
+++ b/Administrator_Guide/en-US/Upgrading_from_Kolab_2_on_OpenPKG.xml
@@ -53,6 +53,12 @@
</step>
<step>
<para>
+ Create a backup of the data from <literal>kolab2.example.org</literal>.
+ </para>
+
+ </step>
+ <step>
+ <para>
Shut down the Cyrus IMAP service on <literal>kolab3.example.org</literal>:
</para>
<para>
@@ -64,13 +70,84 @@
</step>
<step>
<para>
- Create a backup of the data from <literal>kolab2.example.org</literal>.
+ Shut down the Kolab daemon on <literal>kolab3.example.org</literal>:
+ </para>
+ <para>
+
+<screen># <userinput>service kolabd stop</userinput></screen>
+
+ </para>
+
+ </step>
+ <step>
+ <para>
+ Update the settings related to the recipient policy in <filename>/etc/kolab/kolab.conf</filename>. The following settings are important:
+ </para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The <literal>primary_mail</literal> setting in the <literal>[<replaceable>$domain</replaceable>]</literal> section.
+ </para>
+ <para>
+ The policy MUST<footnote> <para>
+ the policy enforces consistency in the <literal>mail</literal> attribute values for all users - and therefore mailbox names, and ACL entry subject validity
+ </para>
+ </footnote> either match the former convention used, if any, or not be enabled at all. See <xref linkend="exam-Administrator_Guide-Upgrading_from_Kolab_2_on_OpenPKG-Example_Migration_of_example.org" /> for an example and some more gotchas.
+ </para>
+ <important>
+ <para>
+ In case the recipient policy is not to be applied, consider updating the <literal>user_types</literal> as per the instructions in <xref linkend="sect-Administrator_Guide-Kolab_Web_Administration_Panel-Editing_user_types" />.
+ </para>
+
+ </important>
+
+ </listitem>
+ <listitem>
+ <para>
+ The <literal>secondary_mail</literal> setting in the <literal>[<replaceable>$domain</replaceable>]</literal> section.
+ </para>
+ <para>
+ This part of the policy does not apply should the <literal>primary_mail</literal> setting already have been disabled.
+ </para>
+
+ </listitem>
+
+ </itemizedlist>
+
</para>
</step>
</procedure>
+ <example id="exam-Administrator_Guide-Upgrading_from_Kolab_2_on_OpenPKG-Example_Migration_of_example.org">
+ <title>Example Migration of example.org</title>
+ <para>
+ Our first example has had a running Kolab 2.3 on OpenPKG server, with a general email address convention of "surname"@example.org.
+ </para>
+ <para>
+ By default, a Kolab &PRODUCT_VERSION; Groupware server will apply a recipient policy for the <literal>mail</literal> attribute value of "givenname"."surname"@example.org. The recipient policy must therefore be adjusted.
+ </para>
+ <para>
+ In the <literal>[example.org]</literal> section in <filename>/etc/kolab/kolab.conf</filename>, the <literal>primary_mail</literal> setting must be adjusted to match the "surname"@example.org convention:
+ </para>
+
+<programlisting language="INI Files">(...snip...)
+[example.org]
+primary_mail = %(surname)s@%(domain)s
+(...snip...)</programlisting>
+ <para>
+ Now, users that are created will get a <literal>mail</literal> attribute value of "surname"@example.org assigned.
+ </para>
+ <warning>
+ <para>
+ First adding user John Doe will give him a <literal>mail</literal> attribute value of <emphasis>doe at example.org</emphasis>, but should you have a Jane Doe as well, she would get <emphasis>doe2 at example.org</emphasis>. It is therefore important to add users in order.
+ </para>
+
+ </warning>
+
+ </example>
<procedure id="proc-Administrator_Guide-Upgrading_from_Kolab_2_on_OpenPKG-Migrate_the_Data_Through_Copying">
<title>Migrate the Data Through Copying</title>
<step>
diff --git a/Administrator_Guide/en-US/part-Kolab_Server.xml b/Administrator_Guide/en-US/part-Kolab_Server.xml
index 7f4f9dc..ed2d342 100755
--- a/Administrator_Guide/en-US/part-Kolab_Server.xml
+++ b/Administrator_Guide/en-US/part-Kolab_Server.xml
@@ -9,7 +9,7 @@
<xi:include href="Upgrading_from_Kolab_2_on_OpenPKG.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Upgrading_Accounts_from_Kolab_Format_version_2.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Upgrading_Cyrus_IMAP_from_2.3_to_2.4.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
- // --> <xi:include href="Verifying_the_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ // --> <xi:include href="Verifying_the_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Configuring_the_Kolab_Server.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Detailed_Kolab_Server_Overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Kolab_Web_Administration_Panel.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
commit 160c875ff94e5583c81c45c0da522307b24cbcc8
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Fri Aug 10 20:21:47 2012 +0100
Tune the troubleshooting on First Login
diff --git a/Installation_Guide/en-US/Kolab_Server_First_Login.xml b/Installation_Guide/en-US/Kolab_Server_First_Login.xml
index 7656c61..a3913f9 100644
--- a/Installation_Guide/en-US/Kolab_Server_First_Login.xml
+++ b/Installation_Guide/en-US/Kolab_Server_First_Login.xml
@@ -80,29 +80,38 @@
<title>Troubleshooting</title>
<step>
<para>
- Please verify <filename>/usr/lib64/mozldap/ldapsearch</filename> (or <filename>/usr/lib/mozldap/ldapsearch</filename> on 32-bit systems) is executable under Apache HTTPd.
+ Please verify SELinux is not preventing Apache from executing the necessary binary to get effective rights on a subject. The output of the <command>sestatus</command> command should look as follows:
</para>
<para>
-<screen># <userinput>su -s /bin/bash - apache -c '/usr/lib64/mozldap/ldapsearch'</userinput>
-# <userinput>ls -l /usr/lib64/mozldap/ldapsearch</userinput></screen>
+<screen># <userinput>sestatus</userinput>
+SELinux status: enabled
+SELinuxfs mount: /selinux
+Current mode: permissive
+Mode from config file: permissive
+Policy version: 24
+Policy from config file: targeted</screen>
</para>
<para>
- Please also verify SELinux is not preventing Apache from executing the aforementioned binary:
+ or:
</para>
<para>
<screen># <userinput>sestatus</userinput>
-SELinux status: enabled
-SELinuxfs mount: /sys/fs/selinux
-SELinux root directory: /etc/selinux
-Loaded policy name: targeted
-Current mode: permissive
-Mode from config file: enforcing
-Policy MLS status: enabled
-Policy deny_unknown status: allowed
-Max kernel policy version: 26</screen>
+SELinux is disabled</screen>
+
+ </para>
+
+ </step>
+ <step>
+ <para>
+ Please verify <filename>/usr/lib64/mozldap/ldapsearch</filename> (or <filename>/usr/lib/mozldap/ldapsearch</filename> on 32-bit systems) is executable under Apache HTTPd.
+ </para>
+ <para>
+
+<screen># <userinput>su -s /bin/bash - apache -c '/usr/lib64/mozldap/ldapsearch'</userinput>
+# <userinput>ls -l /usr/lib64/mozldap/ldapsearch</userinput></screen>
</para>
@@ -115,13 +124,15 @@ Max kernel policy version: 26</screen>
<screen># <userinput>mysql -u root -p kolab -e 'SHOW TABLES;'</userinput>
Enter password:
-+-------------------+
-| Tables_in_kolab |
-+-------------------+
-| group_types |
-| options |
-| user_types |
-+-------------------+</screen>
++-----------------+
+| Tables_in_kolab |
++-----------------+
+| group_types |
+| options |
+| resource_types |
+| role_types |
+| user_types |
++-----------------+</screen>
</para>
More information about the commits
mailing list