[Kolab-announce] Kolab Server 2.1.0 Final Release
Thomas Arendsen Hein
thomas at intevation.de
Thu May 10 16:09:28 CEST 2007
Hi!
I've just uploaded the final release of Kolab Server 2.1.0,
more than one year after the first beta was published.
Many thanks to all the people who helped with this!
Documentation and OpenPKG source packages will be available in the
directory server/release/kolab-server-2.1.0/ of the mirrors listed
on http://kolab.org/mirrors.html soon:
http://www.erfrakon.de/mirrors/ftp.kolab.org/server/release/kolab-server-2.1.0/
http://ftp.belnet.be/packages/kolab/server/release/kolab-server-2.1.0/
ftp://ftp.belnet.be/packages/kolab/server/release/kolab-server-2.1.0/
Use the gpg signed MD5SUMS file to verify your download:
$ gpg --verify MD5SUMS
$ md5sum -c MD5SUMS
Binary packages for Debian GNU/Linux (sarge/oldstable) on x86 platforms
can be found in the ix86-debian3.1 directory next to the sources.
Please look at 1st.README for install and upgrade instructions and for
a list of known problems and workarounds. The file release-notes.txt
lists the changes in this release.
UPGRADING.20-21 contains instructions for upgrading from Kolab
server 2.0 to 2.1, with new details since 2.1rc2.
Please report failed and successful upgrades to the mailing list.
The three text files are attached for your convenience.
Regards,
Thomas Arendsen Hein
--
thomas at intevation.de - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrück - Registereintrag: Amtsgericht Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
Kolab2 Server Release Notes
===========================
(Version 20070510, Kolab Server 2.1.0)
For upgrading and installation instructions, please refer to
the 1st.README file in the package directory. Upgrading from
Kolab 2.0 servers is documented in the file UPGRADING.20-21
Differences between Kolab 2.0 and 2.1:
- Simple multi-domain support
The Kolab server can now accept mail for multiple email domains.
There is also a new class of maintainers which are only allowed
to manage settings for a subset of the mail domains of the kolab
server.
- Hashed IMAP spool
The default imapd configuration has been changed to enable the
hashimapspool option, which allows the Cyrus IMAP server to run
more efficiently especially when you have many mailboxes.
- Improvements, bugfixes and upgraded software components
The 2.1 release received many improvements and bugfixes for issues
found in the 2.0 versions and during the long beta and rc phase.
Additionally many software components have been upgraded to new
upstream versions.
Changes between 2.1-rc-2 and 2.1.0:
- Documentation
Documented workaround for libdb3 conflict in README.1st
Added instructions for automatically upgrading the free/busy cache.
- amavisd-2.3.3-2.5.0_kolab
kolab/issue1447 (Virus Scanning: Inserted note when partially scanned ugly)
- kolabd-2.1.0-20070510
kolab/issue974 (Localize the text for rewritten From: headers)
kolab/issue1560 (postfix modifies message/rfc822 MIME parts)
kolab/issue1608 (A patch for kolabd to include the horde LDAP schema)
- kolab-resource-handlers-2.1.0-20070510
Generate a single To: header listing all recipients when forwarding
encapsulated iCal messages.
kolab/issue974 (Localize the text for rewritten From: headers)
kolab/issue1422 (Dummy freebusy info)
- kolab-webadmin-2.1.0-20070510
kolab/issue1616 (Use different cursor for <label> tags)
kolab/issue1617 (fix small inconsistency in german translation)
Changes between 2.1-rc-1 and 2.1-rc-2:
- apache-1.3.33-2.5.6_kolab2
kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php)
- clamav-0.90.2-20070413_kolab
New upstream version, fixes various security issues.
- file-4.15-2.5.0_kolab2
Fix for security issue described in CVE-2007-1536:
buffer overflow, remotely exploitable due to the usage of file in amavisd-new
- fsl-1.7.0-20070303
New upstream version.
kolab/issue1172 (Cyrus Imapd dies when logfile exceeds 2 GiB)
- php-4.4.0-2.5.2_kolab2
kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php)
- spamassassin-3.1.0-2.5.1_kolab
Fix for security issue described in CVE-2007-0451:
possible DoS due to incredibly long URIs found in the message content
Disabled external DNS and URI blacklists, because some of these
services require payment if used for many mailboxes.
Ignore headers inserted on the receiving side for bayes filtering.
- perl-kolab-5.8.7-20070420
Added debug option for verbose logging to stderr.
- kolabd-2.1.0-20070420
Fix the path to the freebusy directory for non-OpenPKG installations.
Fix usage of tar and modification of rc.conf during slave setup for
non-OpenPKG installations.
Don't pass notifications and quarantined mails through amavisd-new.
Updated configuration templates for ClamAV 0.90
Updated openldap monitor configuration.
Updated cyrus imapd configuration to use cyr_expire.
kolab/issue954 (kolab server rejects mails that should be marked untrusted)
kolab/issue1538 (outlook invitation forwarding broken in Kolab server 2.1)
kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php)
kolab/issue1609 ("kolab --help" tries to execute *all* commands)
kolab/issue1638 (kolabconf generates broken resmgr.conf)
kolab/issue1680 (/kolab/bin/kolab fix)
- kolab-horde-fbview-2.1.0-20070420
Updated version number, no other changes since 2.1rc1
- kolab-resource-handlers-2.1.0-20070420
Improved logging for opening pfbcache.db
kolab/issue954 (kolab server rejects mails that should be marked untrusted)
kolab/issue1538 (outlook invitation forwarding broken in Kolab server 2.1)
kolab/issue1607 (need to replace gdbm for pfbcache, because of license clash gdbm vs php)
kolab/issue1659 (Freebusy assumes that all day events last exactly one day)
- kolab-webadmin-2.1.0-20070420
Updated Dutch and German translations.
kolab/issue1457 (updated French translation)
kolab/issue1612 (modify user ignores account type)
kolab/issue1614 (ldap_add() - Constraint violation on change user account type)
kolab/issue1630 (Domain maintainer can see distribution lists from other domains)
kolab/issue1652 (Import users from ldif and LDAP Constraint violation)
kolab/issue1654 (New LDAP overlay prevents modification of distribution lists)
kolab/issue1663 (It is possible to create domain maintainers without domains)
kolab/issue1670 (Renaming a domain maintainer twice within the same form fails)
Changes between 2.1-beta-4 and 2.1-rc-1:
- kolabd-2.0.99-20070205
kolab/issue1335 (pfbcache.db locking problems)
kolab/issue1507 (Public viewable phpinfo() and more in Server default installation)
kolab/issue1550 (Masquerade problem, corrected template)
kolab/issue1563 (freebusy.conf template doesn't match freebusy.conf from package)
kolab/issue1575 (Openldap enhanced data integrity)
- kolab-webadmin-2.0.99-20070205
Disabled Spanish language selection from web admin interface, because
of missing translation.
kolab/issue1479 ("Type" of shared folder can only be modified in 2nd try)
kolab/issue1486 ("About Kolab" in Webinterface needs work over)
kolab/issue1539 (extension to the opening text, when the manager logs in for the 1st time)
kolab/issue1559 (Domain Maintainer cannot delete "his" users)
kolab/issue1586 ("Required field" not translated to German in web admin)
kolab/issue1592 (LANGUAGE variable overrides web admin language selection)
Changes between 2.1-beta-3 and 2.1-beta-4:
- clamav-0.88.7-20061211
bypass virus detection (CVE-2006-6406),
denial of service, remotely exploitable (CVE-2006-6481)
(http://kolab.org/security/kolab-vendor-notice-14.txt)
- kolabd-2.0.99-20070117
Updated proftpd.conf template: LDAPHomedirOnDemand(Prefix) is
now named LDAPGenerateHomedir(Prefix).
Set imapidlepoll to 5 seconds in imapd.conf.template.in.
kolab/issue1433 (Some files in /kolab/etc/postfix have wrong ownership)
kolab/issue1484 (Warnings using openldap = 2.3.27-2.20061018_kolab)
kolab/issue1487 (amavisd.conf mynetworks incomplete)
kolab/issue1531 (amavisd.conf local_domains only contains primary domain)
kolab/issue1532 (Set "duplicatesuppression: 0" in imapd.conf.template?)
- kolab-horde-fbview-2.0.99-20070112
Improvements to the week view (part of kolab/issue666)
Removed dangerous php scripts (part of kolab/issue1507)
- kolab-resource-handlers-2.0.99-20070117
kolab/issue1490 (freebusy cache written to /kolab/kolab/...)
kolab/issue1512 (No FB information for resource accounts)
kolab/issue1558 (kolab-webadmin and php 5.2.0)
- kolab-webadmin-2.0.99-20070117
kolab/issue1013 (user passwords sha1 encoded without salt)
kolab/issue1262 (Setting quota to 4096+ MB breaks message delivery)
kolab/issue1418 (fields visible even when attribute_access is "hidden" in session_vars.php)
kolab/issue1540 (Typo on kolab/admin/service page)
kolab/issue1555 (Login screen shows error msg for no good reason)
- openldap-2.3.29-2.20061110_kolab
New upstream version, fixes CVE-2006-5779 (Bugtraq ID 20939)
- perl-kolab-5.8.7-20070117
Only print warning about missing configuration variable if relevant.
kolab/issue1550 (Masquerade problem)
Changes between 2.1-beta-2 and 2.1-beta-3:
- openpkg-2.5.4-2.5.4
New upstream version.
- apache-1.3.33-2.5.6
denial of service and possibly arbitrary code execution via crafted
URLs that are not properly handled using certain rewrite rules.
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html
- gzip-1.3.5-2.5.1
denial of service, arbitrary code execution
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html
- curl-7.15.0-2.5.2
buffer overflow
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.012-curl.html
- openssl-0.9.8a-2.5.4
denial of service, may allow execution of arbitrary code
(http://kolab.org/security/kolab-vendor-notice-12.txt)
- clamav-0.88.5-2.20061018
buffer overflow, remotely exploitable (CVE-2006-4018)
(http://kolab.org/security/kolab-vendor-notice-10.txt)
heap overflow, remotely exploitable (CVE-2006-4182),
denial of service, remotely exploitable (CVE-2006-5295)
(http://kolab.org/security/kolab-vendor-notice-13.txt)
- file-4.15-2.5.0_kolab
kolab/issue1458 (Password protected .sxw files can be banned by
amavisd, as a result of the file command)
- openldap-2.3.27-2.20061018_kolab
New upstream version, fixes CVE-2006-4600 (Bugtraq ID 19832)
and other problems.
kolab/issue1229 (Master openldap's slurpd fails to start after
adding slave)
kolab/issue1431 (Slave cannot access master ldap server via SSL)
- imapd-2.2.12-2.5.0_kolab2
Fix folder structure for foldernames with non-alphanumeric characters,
when using skiplist as the database backend for mailboxes.db.
- perl-kolab-5.8.7-20061110
kolab/issue1194 (serious performance problem on high number of users)
- kolabd-2.0.99-20061110
Added missing relay service for postfix.
Changed main.cf masquerading defaults so email to
user at machine.example.org is actually delivered.
Use mailbox_transport instead of local_transport for
kolabmailboxfilter to work around issue825.
Removed doubled attribute cyrus-autocreatequota.
Added indexes for delegate and delete.
Updated freebusy.conf template for freebusy IMAP caching.
Changed imapd.conf template to use berkeley db instead of
skiplist for annotations.db and mailboxes.db as a workaround
for kolab/issue840 (Annotations needs to be more robust).
kolab/issue824 (kolabmailboxfilter run once for each recipient)
kolab/issue1264 (Add support for sieve based notifications)
kolab/issue1273 (Sending as delegate broken in Kolab server 2.1)
kolab/issue1428 (Fixed locking issue)
kolab/issue1433 (Some files in /kolab/etc/postfix have wrong ownership)
- kolab-webadmin-2.0.99-20061110
Fixes for setting folder type of shared folders.
Guard against large number of users.
kolab/issue1457 (updated French translation)
- kolab-resource-handlers-2.0.99-20061110
Improvements and fixes for freebusy IMAP caching.
kolab/issue815 (invitation replies vanish in resmgr)
kolab/issue957 (All-day events from Outlook don't show up in freebusy)
kolab/issue974 (Localize the text for rewritten From: headers)
kolab/issue1042 (empty lines at the end of mails delivered via LMTP)
kolab/issue1352 (resmgr can create wrong range dates)
kolab/issue1387 (resmgr replies to replies creating mail loop)
kolab/issue1422 (Dummy freebusy info)
Changes between 2.1-beta-1 and 2.1-beta-2:
OpenPKG updates:
openpkg-2.5.2-2.5.2
openpkg-registry-0.2.7-20060223
libxslt-1.1.15-2.5.1
php-smarty-2.6.10-20051003
clamav-0.88.2-20060524
binutils-2.16.1-2.5.1
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.009-binutils.html
openldap-2.3.11-2.5.1
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.008-openldap.html
Kolab updates:
More distconf changes by Richard Bos and Markus Hüwe.
- perl-kolab-5.8.7-20060619
Resolved:
Issue1194 (kolabd quota performance)
Issue1220 (postfix permissions)
issue1237 (Handling of @@@var@@@ in Conf.pm (Gunnar Wrobel))
- kolabd-2.0.99-20060619
* The default imapd configuration has been changed to enable the
hashimapspool option. This affects the upgrade procedure.
See 1st.README for upgrade instructions.
* amavis now logs to /kolab/var/amavisd/amavisd.log. This is
part of the fix for Issue1015
Resolved:
Issue1015 (fixing logging and logrotate for amavisd)
Issue1089 (enable hashimapspool for imapd to cope with many users)
Issue1101 (allowapop: no; disable apop access to imapd by default)
Issue1105 (fix compilation of kolabd on FreeBSD)
Issue1257 (wrong attribute name for imap quota)
- kolab-webadmin-2.0.99-20060619
* patch from Tobias König in order to support setting of
foldertype for public folders
Resolved:
Issue848 (Modifying address book entry may break distribution list)
Issue1106 (email validation in webgui)
Issue1214 (number of days for vacation messages on webinterface)
Issue1263 (Bug in the shared folders folder-type code) [Wrobel]
- kolab-resource-handlers-2.0.99-20060619
* create empty pfbcache.db if missing
Resolved:
Issue973 (quoting and rewriting From header)
Issue966 (Wrong CN for resource accounts)
Issue1042 (server modifies email content)
Issue1195 (error message in bounce)
Issue1243 (rewriting fails when "From:" contains quoted printable)
Issue1245 (rewriting problems on folded Header "From:"-line)
$Id: release-notes.txt,v 1.112 2007/05/10 09:36:55 thomas Exp $
-------------- next part --------------
Kolab2 Server Install and Upgrade Information
=============================================
See http://kolab.org/ for general information about Kolab,
or look at http://wiki.kolab.org/ for specific topics.
It is recommended to subscribe to the announcement mailing list at
http://kolab.org/mailman/listinfo/kolab-announce
to receive security advisories and release announcements.
Quick install instructions
--------------------------
For a fresh install /kolab needs to be an empty directory with at least 1GB of
free disk space. You can use a symlink, but do _not_ use an NFS mounted drive.
If the directory does not yet exist, it will automatically be created.
Make sure that the following names are not in /etc/passwd or /etc/groups,
as openpkg will want to create them: "kolab" "kolab-r" "kolab-n"
Check http://www.openpkg.org/documentation/ for additional documentation
for the OpenPKG packaging system.
To install the Kolab2 server, you need to download the files from the
directory containing this file (1st.README) to some local directory.
You can check the integrity of the downloaded files with:
$ gpg --verify MD5SUMS
$ md5sum -c MD5SUMS
Then as root, cd into that local directory and run
# sh obmtool kolab 2>&1 | tee kolab-build.log
to build and install packages in /kolab.
By default, the Kolab Server will now be started at boottime.
After the build/install is complete, please run
# /kolab/etc/kolab/kolab_bootstrap -b
and follow the instructions.
General update instructions
---------------------------
Usually an update of the Kolab 2 server works as described here. In
some cases you will need to deviate from these instructions a bit. All
such cases are documented below, so read the release specific update
instructions for all releases newer than the one you already have before
you start the update.
In any case you should completely read *all* relevant update
instruction *before* starting the upgrade procedure. All ways make
sure you have a recent backup of your /kolab directory before you
attempt to upgrade Kolab.
The installation of the new packages works just as for the initial
installation. Download the files as described above and run
# sh obmtool kolab 2>&1 | tee kolab-update.log
obmtool will usually automatically determine which packages need to be
built. If you have made changes to configuration files or an updated
package includes configuration files which are usually regenerated from
files in /kolab/etc/kolab/templates/ the old configuration file will be
saved with the extension .rpmsave. For files generated from templates
you just have to remove the rpmsave file, because services will refuse
to start if there still is an rpmsave file, e.g.:
# rm /kolab/etc/clamav/*.conf.rpmsave
For other changed files (e.g. the template files themselves) you may
want to transfer your changes from the .rpmsave backup to the new files.
Then regenerate the configuration and restart Kolab with:
# /kolab/sbin/kolabconf
# /kolab/bin/openpkg rc all restart
Upgrading from earlier versions
-------------------------------
Direct upgrade from Kolab1 is not recommendable at this point. We
suggest that you back up your IMAP store, install Kolab2 and manually
recreate user accounts and then restore the IMAP data from the backup.
After an upgrade, always run /kolab/sbin/kolabconf to make sure the
configuration files are regenerated from your templates.
Upgrade from Kolab server 2.0 to 2.1
------------------------------------
Upgrading from Kolab 2.0.x to 2.1 is described in detail in the file
UPGRADING.20-21 in this directory.
The latest version of the upgrading instruction can be found in the
Kolab.org raw-howtos CVS:
http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/doc/raw-howtos/kolab_2.0_to_2.1_upgrade_instructions.txt
Please read carefully all the following update instructions in this
file, while some of the information will be redundant there might
be additional notes which are essential for an successful update.
Upgrade from pre-2.1-snapshot-20051130
--------------------------------------
This upgrade is somewhat tricky, because of a new db package and a new
OpenLDAP version. To make sure that no data is lost, you are strongly
advised to stop the server and make a backup before you start the
update. Some files are removed during the upgrade described below.
1. Before installing the new RPMs
Before installing the new packages, copy the contents of the openldap
database (use a different output filename if you want):
/kolab/sbin/slapcat > ~/kolab-slapcat-data
The db update also affects the imap server.
cd /kolab/var/imapd/db
/kolab/bin/db_recover
rm /kolab/var/imapd/db/*
2. After installing the new RPMs
You need to make two small changes are required for the openldap
configuration file /kolab/etc/openldap/slapd.conf:
- comment out the line
require none
- Move the line with the suffix setting to just after the "database
bdb" line.
These changes have already been done in the new slapd.conf.template, so
it can be used for guidance.
Then restore the openldap data:
rm /kolab/var/openldap/openldap-data/*
/kolab/sbin/slapadd -l ~/kolab-slapcat-data
The IMAP server should work without further changes.
Upgrade from pre-2.1-snapshot-20051215
--------------------------------------
Nothing special has to be done for this upgrade.
Upgrade from 2.1-beta-1
-----------------------
1. imapd hashimapspool setting
The default imapd configuration has been changed to enable the
hashimapspool option. This means that in 2.1-beta-2 the directory
layout of the imapd spool (/kolab/var/imapd/spool/) is different from
the one in beta-1. When you upgrade from beta-1 it's best to keep using
the old structure, so remove or comment out the corresponding line in
/kolab/etc/kolab/templates/imapd.conf.template *before* running
kolabconf.
For new installations the new default setting is recommended because
it's more efficient especially when you have many mailboxes.
For some background information about this see the dicussion at
https://intevation.de/roundup/kolab/issue1089
2. distribution lists
There was a bug in earlier versions regarding the distribution lists for
administrative emails aliases like postmaster@<domain>. They were
created without the domain part. This has been fixed so that they are
created with the correct domains in their names, but admin distribution
lists created by an earlier Kolab server version will not be updated
automatically. The easiest way to do this is by deleting them all and
then to create them again with the services page of the web-interface.
For more details about the bug, see
https://intevation.de/roundup/kolab/issue1100
Upgrade from 2.1-beta-2
-----------------------
1. postfix: ownership of virtual and transport:
The owner of two config files has to be root, otherwise postfix will
change to an unprivileged user for creating the corresponding .db files,
isn't able to write them after the upgrade and fails to create further
database files which don't get generated from kolab templates.
To correct the file owner, execute the following commands as root:
cd /kolab/etc/postfix
chown root transport virtual
make
See kolab/issue1433 for details about this topic.
2. imapd: database format for annotations.db and mailboxes.db
The default database format for /kolab/var/imapd/annotations.db and
/kolab/var/imapd/mailboxes.db has changed from skiplist to berkeley db.
If you want to keep the old format, comment out or remove the lines
"annotation_db: berkeley" and "mboxlist_db: berkeley" in the file
"/kolab/etc/kolab/templates/imapd.conf.template" and make sure the file
"/kolab/etc/imapd/imapd.conf" reflects this, too, by either running
/kolab/sbin/kolabconf or changing it manually there, too.
To convert the databases to berkeley db format, execute as root:
/kolab/bin/openpkg rc imapd stop
su - kolab-r
cd /kolab/var/imapd/
mv annotations.db annotations.db-skiplist
cvt_cyrusdb /kolab/var/imapd/annotations.db-skiplist skiplist \
/kolab/var/imapd/annotations.db berkeley
mv mailboxes.db mailboxes.db-skiplist
cvt_cyrusdb /kolab/var/imapd/mailboxes.db-skiplist skiplist \
/kolab/var/imapd/mailboxes.db berkeley
exit
/kolab/bin/openpkg rc imapd start
See http://wiki.kolab.org/index.php/Kolab2_IMAPD_annotations.db_Problems
for details about this topic.
Upgrade from 2.1-beta-3
-----------------------
1. Symlink from /kolab/kolab to /kolab no longer needed:
Due to kolab/issue1490 a symbolic link was needed to fix a packaging
problem which otherwise disturbed free/busy cache generation.
It is no longer needed and may optionally be removed:
rm /kolab/kolab
2. imapd: emails with identical message-id header:
In all previous releases the imap server discarded emails with identical
message-ids received within three days. This caused multiple problems
mentioned in kolab/issue1532.
This change may cause duplicate messages in mailboxes due to cross postings,
distribution lists or possible bugs in imap clients. If you want to revert
to the old behaviour, please comment out or remove the line
"duplicatesuppression: 0" in /kolab/etc/kolab/templates/imapd.conf.template
or set the value to 1.
Upgrade from 2.1-beta-4
-----------------------
Nothing special has to be done for this upgrade.
Upgrade from 2.1-rc-1
---------------------
The database backend for the free/busy cache was changed to solve licensing
issues between php4+ and gdbm. See kolab/issue1607 for details.
Follow the steps to regenerate the free/busy cache shown in the section
"Final Steps" in the file UPGRADING.20-21
Upgrade from 2.1-rc-2
---------------------
Nothing special has to be done for this upgrade.
Known problems and workarounds
------------------------------
- Your system (C library) has to support all languages you want to have
available in the web admin interface and fbview. For most languages you
have to use the non-UTF-8 and non-euro locales, i.e. de_DE, fr_FR,
it_IT, nl_NL instead of e.g. de_DE at euro. For fbview some languages need
a UTF-8 locale, e.g. ja_JP.UTF-8 for Japanese.
See kolab/issue881 and kolab/issue1585 for details.
- If login on https://yourserver.example.com/fbview and triggering
free/busy regeneration does not work, try as user kolab:
/kolab/bin/php -r 'imap_open("{localhost:143/notls}", "" ,"");'
If it yields "Segmentation fault (core dumped)", then there probably is
a conflict between a dynamically loaded libdb3 from your system and a
statically linked libdb4 from the OpenpPKG php package. If it yields a
"PHP Warning: ...", this part of the system works correctly.
One reason for such a conflict could be the mere presence of
/lib/libnss_db.so.*, which is installed on some distributions by
default. On Debian systems it is contained in the package "libnss-db".
If you really need this library, you could work around the loading of
libdb3 by placing a symbolic link with the correct name in /kolab/lib,
e.g.:
ldd /lib/libnss_db.so.2
libnss_files.so.2 => /lib/tls/libnss_files.so.2 (0xb7f16000)
---> libdb3.so.3 => /usr/lib/libdb3.so.3 (0xb7e6b000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7d36000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
ln -s /dev/null /kolab/lib/libdb3.so.3
See kolab/issue1607 (need to replace gdbm for pfbcache, because of
license clash gdbm vs php) for details.
- Under some circumstance the Kolab server may not create or delete
users or update the configuration after changes have been made in
the web interface. This happens most often immediately after the
bootstrap. In that case restart the kolabd:
/kolab/bin/openpkg rc kolabd restart
If user accounts are still not created or deleted, you can try removing
the file /kolab/var/kolab/mailbox-uidcache.db and restarting kolabd.
See kolab/issue1068 (Mailboxes are not created until kolabd restart)
and kolab/issue1098 (Changes in the service tab are not accepted after
bootstrap) for details.
- If modifying or deleting of address book entries doesn't work,
restarting openldap can help, see kolab/issue854 for details.
- There is a report that the manager can only see users in the primary
domain, see kolab/issue1485. We can't reproduce this problem, please
tell us if you can.
- Calendar folders for group/resource accounts can't be created for
domains which were added after bootstrap, i.e. via the web admin
interface. See kolab/issue1313 for details.
- When deleting domains via the web admin interface, the corresponding
LDAP data and IMAP spool stay on the server and have to be deleted
manually. See kolab/issue1571 and kolab/issue1576 for details.
$Id: README.1st,v 1.57 2007/05/10 10:17:37 thomas Exp $
-------------- next part --------------
Upgrade Kolab Server from 2.0.x to 2.1
======================================
Instructions for upgrading Kolab Server 2.0.4 to 2.1.0
NOTE: Before attempting the upgrade, make sure you have a
current and working backup of your data.
Preparation for the Upgrade
---------------------------
1. Stop the Kolab Server and related cronjobs:
Comment out all OpenPKG entries in /etc/crontab, then run:
# /kolab/bin/openpkg rc all stop
2. Backup the old installation:
You could use rsync on the running server and then rsync again
to transfer only changed files to keep the downtime short.
3. Extract ldap data:
Copy the contents of the openldap database, use a different output
filename if you want. You should make sure that no other users can
read the sensitive data contained in the ldif file, e.g. with umask:
# umask 077
# /kolab/sbin/slapcat > ~/kolab-2.0.ldif
4. Prepare for berkeley db update
# cd /kolab/var/imapd/db
# /kolab/bin/db_recover
# rm /kolab/var/imapd/db/*
Installation
------------
The installation of the new packages is done in the normal way. See the
file 1st.README accompanying the 2.1 server for details. Do not do
anything after the installation yet. In particular, do not start any
part of the server again or run kolabconf.
Configuration
-------------
1. Check custom configuration
If you have custom configurations in your templates, the installation
process renames your templates and leaves them in files with the
extension .rpmsave. Copy any modifications from your templates to the
new one if they are still needed.
After that the files with the extension .rpmsave must be removed or
renamed. There might be more files with the .rpmsave ending in
/kolab/etc, you can find them for example using the find command:
# find /kolab/etc -name '*.rpmsave'
Any files found must be checked and moved out of the way, in most
cases they can just be deleted.
2. Cyrus IMAPd
The default imapd configuration has been changed to enable the
hashimapspool option. This means that in 2.1 the default directory
layout of the imapd spool (/kolab/var/imapd/spool/) is different from
the one in 2.0. When you upgrade from 2.0 it's best to keep using the
old structure, so remove or comment out the line "hashimapspool: yes"
in /kolab/etc/kolab/templates/imapd.conf.template *before* running
kolabconf.
For new installations the new default setting is recommended because
it's more efficient especially when you have many mailboxes.
For some background information about this see the dicussion at
https://intevation.de/roundup/kolab/issue1089
The default database format for /kolab/var/imapd/annotations.db and
/kolab/var/imapd/mailboxes.db has changed from skiplist to berkeley db.
If you want to keep the old format, comment out or remove the lines
"annotation_db: berkeley" and "mboxlist_db: berkeley" in the file
"/kolab/etc/kolab/templates/imapd.conf.template" and make sure the file
"/kolab/etc/imapd/imapd.conf" reflects this, too.
To convert the databases to berkeley db format, execute as root:
# su - kolab-r
$ cd /kolab/var/imapd/
$ mv annotations.db annotations.db-skiplist
$ cvt_cyrusdb /kolab/var/imapd/annotations.db-skiplist skiplist \
/kolab/var/imapd/annotations.db berkeley
$ mv mailboxes.db mailboxes.db-skiplist
$ cvt_cyrusdb /kolab/var/imapd/mailboxes.db-skiplist skiplist \
/kolab/var/imapd/mailboxes.db berkeley
$ exit
See http://wiki.kolab.org/index.php/Kolab2_IMAPD_annotations.db_Problems
for details about this topic.
3. LDAP
You need to make two small changes to the configuration file
/kolab/etc/openldap/slapd.conf:
- comment out the line
require none
- Move the line with the suffix setting to just after the "database
bdb" line.
These changes have already been made in the new slapd.conf.template, so
that could be used for guidance.
Convert the openldap data. The LDAP data-structures have changed
between 2.0 and 2.1 as described in Kolab2 Architecture Draft:
http://kolab.org/doc/concept-draft-cvs20060921.pdf
There's a Python script that can do the transformation. The script is
utils/admin/convert-ldif-21.py in Kolab CVS and requires python >= 2.1
and python-ldap >= 2.0, you can download the current version from:
http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/utils/admin/convert-ldif-21.py
The script works on the ldif data that was exported with slapcat earlier,
it requires python-ldap:
# umask 077
# python convert-ldif-21.py ~/kolab-2.0.ldif ~/kolab-2.1.ldif
Then restore the openldap data using the output from convert-ldif-21.py:
# rm /kolab/var/openldap/openldap-data/*
# /kolab/sbin/slapadd -l ~/kolab-2.1.ldif
This will issue some warnings which can be safely ignored.
4. kolabconf
Now start the openldap server and run kolabconf
# /kolab/bin/openpkg rc openldap start
# /kolab/sbin/kolabconf
Kolabconf might complain about be some files ending .rpmnew under
/kolab/etc. Check those files and move them out of the way. It's
likely that you can simply remove them.
Start the Server
----------------
Now you should be able to start the server again:
# /kolab/bin/openpkg rc all start
Resource Accounts
-----------------
With server version 2.1 the way in which the kolab resource manager
accesses the calender folders of resources has changed. To make old
resource accounts work after the upgrade, you have to grant access to
the resources imap folders to the so called calender user.
First you have to identify the existing resource accounts, this can be
done using the convert-ldif-21.py script, which was introduced in the
section on converting the LDAP data.
# python convert-ldif-21.py --list-resources ~/kolab-2.0.ldif
lists the UIDs (normally the email addresses) of all resource accounts.
Now you have to add ACLs to the mailboxes of the resources, which
allow the calendar user to access them. Per default the calendar user
is calendar at YOUR_DOMAIN:
Connect with cyradm to the Kolab imap server as user manager:
# /kolab/bin/cyradm -u manager localhost
Then use the `setaclmailbox' command (sam) to set the necessary
permissions. You can generate a list of commands which should do the
right thing on most standard installations with:
# python convert-ldif-21.py --list-resources ~/kolab-2.0.ldif | \
sed 's-\(.*\)\(@.*\)-sam */\1*\2 calendar\2 all-'
Final Steps
-----------
1. The internal format of the ldap records for the list of privileged
networks has changed, to updated these recods go to the kolab web
interface an log in as administrative user. Open the "Services"
page and search for the "Privileged Networks" section. Click the
update button for the networks list.
2. Kolab 2.1 doesn't need some of the OpenPKG packages which were
installed for 2.0, these can be removed:
# /kolab/bin/openpkg rpm -e dcron vim pth
Especially the dcron package should be removed in any case,
otherwise deprecated cronjobs will be run and generate mails with
error messages to the kolab administrator.
3. Activate the entries for OpenPKG in /etc/crontab again.
4. The database backend for the free/busy cache was changed to solve licensing
issues between php4+ and gdbm. See kolab/issue1607 for details.
Additionally the directory layout has changed from 2.0 to 2.1.
To convert the free/busy cache database and directory you can use the
Python script "convert-gdbm-dbload" downloadable from Kolab CVS:
http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/utils/admin/convert-gdbm-dbload
It prints usage instructions if called without arguments:
$ python convert-gdbm-dbload
Alternative (manual) method of recreating the free/busy cache:
If you have very few calendar folders, you can remove the cache manually
and recreate its contents by triggering calendar folders:
# rm /kolab/var/kolab/www/freebusy/cache/pfbcache.db
Then updating the free/busy cache has to be triggered for all calendar
folders of all accounts:
- Users need to create or update an appointment in their folders.
- Resources can be invited to a new appointment or send them an update
to an existing appointment.
$Id: kolab_2.0_to_2.1_upgrade_instructions.txt,v 1.13 2007/05/10 12:56:11 thomas Exp $
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/announce/attachments/20070510/02dbde7e/attachment.sig>
More information about the announce
mailing list