Hi!
I've just uploaded the final release of Kolab Server 2.1.0,
more than one year after the first beta was published.
Many thanks to all the people who helped with this!
Documentation and OpenPKG source packages will be available
in the
directory server/release/kolab-server-2.1.0/ of the mirrors
listed
on http://kolab.org/mirror
s.html soon:
http://www.erfrakon.de/mirrors/ft
p.kolab.org/server/release/kolab-server-2.1.0/
http://ftp.belnet.be/packages/kolab/server
/release/kolab-server-2.1.0/
ftp://ftp.belnet.be/packages/kolab/server/release/kolab-serv
er-2.1.0/
Use the gpg signed MD5SUMS file to verify your download:
$ gpg --verify MD5SUMS
$ md5sum -c MD5SUMS
Binary packages for Debian GNU/Linux (sarge/oldstable) on
x86 platforms
can be found in the ix86-debian3.1 directory next to the
sources.
Please look at 1st.README for install and upgrade
instructions and for
a list of known problems and workarounds. The file
release-notes.txt
lists the changes in this release.
UPGRADING.20-21 contains instructions for upgrading from
Kolab
server 2.0 to 2.1, with new details since 2.1rc2.
Please report failed and successful upgrades to the mailing
list.
The three text files are attached for your convenience.
Regards,
Thomas Arendsen Hein
--
thomas intevation.de - http://intevation.de/~t
homas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Osnabrück - Registereintrag: Amtsgericht
Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr.
Jan-Oliver Wagner
Kolab2 Server Release Notes
===========================
(Version 20070510, Kolab Server 2.1.0)
For upgrading and installation instructions, please refer
to
the 1st.README file in the package directory. Upgrading
from
Kolab 2.0 servers is documented in the file UPGRADING.20-21
Differences between Kolab 2.0 and 2.1:
- Simple multi-domain support
The Kolab server can now accept mail for multiple email
domains.
There is also a new class of maintainers which are only
allowed
to manage settings for a subset of the mail domains of the
kolab
server.
- Hashed IMAP spool
The default imapd configuration has been changed to enable
the
hashimapspool option, which allows the Cyrus IMAP server to
run
more efficiently especially when you have many mailboxes.
- Improvements, bugfixes and upgraded software
components
The 2.1 release received many improvements and bugfixes for
issues
found in the 2.0 versions and during the long beta and rc
phase.
Additionally many software components have been upgraded to
new
upstream versions.
Changes between 2.1-rc-2 and 2.1.0:
- Documentation
Documented workaround for libdb3 conflict in README.1st
Added instructions for automatically upgrading the
free/busy cache.
- amavisd-2.3.3-2.5.0_kolab
kolab/issue1447 (Virus Scanning: Inserted note when
partially scanned ugly)
- kolabd-2.1.0-20070510
kolab/issue974 (Localize the text for rewritten From:
headers)
kolab/issue1560 (postfix modifies message/rfc822 MIME
parts)
kolab/issue1608 (A patch for kolabd to include the horde
LDAP schema)
- kolab-resource-handlers-2.1.0-20070510
Generate a single To: header listing all recipients when
forwarding
encapsulated iCal messages.
kolab/issue974 (Localize the text for rewritten From:
headers)
kolab/issue1422 (Dummy freebusy info)
- kolab-webadmin-2.1.0-20070510
kolab/issue1616 (Use different cursor for <label>
tags)
kolab/issue1617 (fix small inconsistency in german
translation)
Changes between 2.1-rc-1 and 2.1-rc-2:
- apache-1.3.33-2.5.6_kolab2
kolab/issue1607 (need to replace gdbm for pfbcache, because
of license clash gdbm vs php)
- clamav-0.90.2-20070413_kolab
New upstream version, fixes various security issues.
- file-4.15-2.5.0_kolab2
Fix for security issue described in CVE-2007-1536:
buffer overflow, remotely exploitable due to the usage of
file in amavisd-new
- fsl-1.7.0-20070303
New upstream version.
kolab/issue1172 (Cyrus Imapd dies when logfile exceeds 2
GiB)
- php-4.4.0-2.5.2_kolab2
kolab/issue1607 (need to replace gdbm for pfbcache, because
of license clash gdbm vs php)
- spamassassin-3.1.0-2.5.1_kolab
Fix for security issue described in CVE-2007-0451:
possible DoS due to incredibly long URIs found in the
message content
Disabled external DNS and URI blacklists, because some of
these
services require payment if used for many mailboxes.
Ignore headers inserted on the receiving side for bayes
filtering.
- perl-kolab-5.8.7-20070420
Added debug option for verbose logging to stderr.
- kolabd-2.1.0-20070420
Fix the path to the freebusy directory for non-OpenPKG
installations.
Fix usage of tar and modification of rc.conf during slave
setup for
non-OpenPKG installations.
Don't pass notifications and quarantined mails through
amavisd-new.
Updated configuration templates for ClamAV 0.90
Updated openldap monitor configuration.
Updated cyrus imapd configuration to use cyr_expire.
kolab/issue954 (kolab server rejects mails that should be
marked untrusted)
kolab/issue1538 (outlook invitation forwarding broken in
Kolab server 2.1)
kolab/issue1607 (need to replace gdbm for pfbcache, because
of license clash gdbm vs php)
kolab/issue1609 ("kolab --help" tries to execute
*all* commands)
kolab/issue1638 (kolabconf generates broken resmgr.conf)
kolab/issue1680 (/kolab/bin/kolab fix)
- kolab-horde-fbview-2.1.0-20070420
Updated version number, no other changes since 2.1rc1
- kolab-resource-handlers-2.1.0-20070420
Improved logging for opening pfbcache.db
kolab/issue954 (kolab server rejects mails that should be
marked untrusted)
kolab/issue1538 (outlook invitation forwarding broken in
Kolab server 2.1)
kolab/issue1607 (need to replace gdbm for pfbcache, because
of license clash gdbm vs php)
kolab/issue1659 (Freebusy assumes that all day events last
exactly one day)
- kolab-webadmin-2.1.0-20070420
Updated Dutch and German translations.
kolab/issue1457 (updated French translation)
kolab/issue1612 (modify user ignores account type)
kolab/issue1614 (ldap_add() - Constraint violation on
change user account type)
kolab/issue1630 (Domain maintainer can see distribution
lists from other domains)
kolab/issue1652 (Import users from ldif and LDAP Constraint
violation)
kolab/issue1654 (New LDAP overlay prevents modification of
distribution lists)
kolab/issue1663 (It is possible to create domain
maintainers without domains)
kolab/issue1670 (Renaming a domain maintainer twice within
the same form fails)
Changes between 2.1-beta-4 and 2.1-rc-1:
- kolabd-2.0.99-20070205
kolab/issue1335 (pfbcache.db locking problems)
kolab/issue1507 (Public viewable phpinfo() and more in
Server default installation)
kolab/issue1550 (Masquerade problem, corrected template)
kolab/issue1563 (freebusy.conf template doesn't match
freebusy.conf from package)
kolab/issue1575 (Openldap enhanced data integrity)
- kolab-webadmin-2.0.99-20070205
Disabled Spanish language selection from web admin
interface, because
of missing translation.
kolab/issue1479 ("Type" of shared folder can only
be modified in 2nd try)
kolab/issue1486 ("About Kolab" in Webinterface
needs work over)
kolab/issue1539 (extension to the opening text, when the
manager logs in for the 1st time)
kolab/issue1559 (Domain Maintainer cannot delete
"his" users)
kolab/issue1586 ("Required field" not translated
to German in web admin)
kolab/issue1592 (LANGUAGE variable overrides web admin
language selection)
Changes between 2.1-beta-3 and 2.1-beta-4:
- clamav-0.88.7-20061211
bypass virus detection (CVE-2006-6406),
denial of service, remotely exploitable (CVE-2006-6481)
(
http://kolab.org/security/kolab-vendor-notice-14.txt)
- kolabd-2.0.99-20070117
Updated proftpd.conf template: LDAPHomedirOnDemand(Prefix)
is
now named LDAPGenerateHomedir(Prefix).
Set imapidlepoll to 5 seconds in imapd.conf.template.in.
kolab/issue1433 (Some files in /kolab/etc/postfix have
wrong ownership)
kolab/issue1484 (Warnings using openldap =
2.3.27-2.20061018_kolab)
kolab/issue1487 (amavisd.conf mynetworks incomplete)
kolab/issue1531 (amavisd.conf local_domains only contains
primary domain)
kolab/issue1532 (Set "duplicatesuppression: 0" in
imapd.conf.template?)
- kolab-horde-fbview-2.0.99-20070112
Improvements to the week view (part of kolab/issue666)
Removed dangerous php scripts (part of kolab/issue1507)
- kolab-resource-handlers-2.0.99-20070117
kolab/issue1490 (freebusy cache written to
/kolab/kolab/...)
kolab/issue1512 (No FB information for resource accounts)
kolab/issue1558 (kolab-webadmin and php 5.2.0)
- kolab-webadmin-2.0.99-20070117
kolab/issue1013 (user passwords sha1 encoded without salt)
kolab/issue1262 (Setting quota to 4096+ MB breaks message
delivery)
kolab/issue1418 (fields visible even when attribute_access
is "hidden" in session_vars.php)
kolab/issue1540 (Typo on kolab/admin/service page)
kolab/issue1555 (Login screen shows error msg for no good
reason)
- openldap-2.3.29-2.20061110_kolab
New upstream version, fixes CVE-2006-5779 (Bugtraq ID
20939)
- perl-kolab-5.8.7-20070117
Only print warning about missing configuration variable if
relevant.
kolab/issue1550 (Masquerade problem)
Changes between 2.1-beta-2 and 2.1-beta-3:
- openpkg-2.5.4-2.5.4
New upstream version.
- apache-1.3.33-2.5.6
denial of service and possibly arbitrary code execution via
crafted
URLs that are not properly handled using certain rewrite
rules.
http://www.openpkg.org/security/adviso
ries/OpenPKG-SA-2006.015-apache.html
- gzip-1.3.5-2.5.1
denial of service, arbitrary code execution
http://www.openpkg.org/security/advisori
es/OpenPKG-SA-2006.020-gzip.html
- curl-7.15.0-2.5.2
buffer overflow
http://www.openpkg.org/security/advisori
es/OpenPKG-SA-2006.012-curl.html
- openssl-0.9.8a-2.5.4
denial of service, may allow execution of arbitrary code
(
http://kolab.org/security/kolab-vendor-notice-12.txt)
- clamav-0.88.5-2.20061018
buffer overflow, remotely exploitable (CVE-2006-4018)
(
http://kolab.org/security/kolab-vendor-notice-10.txt)
heap overflow, remotely exploitable (CVE-2006-4182),
denial of service, remotely exploitable (CVE-2006-5295)
(
http://kolab.org/security/kolab-vendor-notice-13.txt)
- file-4.15-2.5.0_kolab
kolab/issue1458 (Password protected .sxw files can be
banned by
amavisd, as a result of the file command)
- openldap-2.3.27-2.20061018_kolab
New upstream version, fixes CVE-2006-4600 (Bugtraq ID
19832)
and other problems.
kolab/issue1229 (Master openldap's slurpd fails to start
after
adding slave)
kolab/issue1431 (Slave cannot access master ldap server via
SSL)
- imapd-2.2.12-2.5.0_kolab2
Fix folder structure for foldernames with non-alphanumeric
characters,
when using skiplist as the database backend for
mailboxes.db.
- perl-kolab-5.8.7-20061110
kolab/issue1194 (serious performance problem on high number
of users)
- kolabd-2.0.99-20061110
Added missing relay service for postfix.
Changed main.cf masquerading defaults so email to
usermachine.example.org is actually delivered.
Use mailbox_transport instead of local_transport for
kolabmailboxfilter to work around issue825.
Removed doubled attribute cyrus-autocreatequota.
Added indexes for delegate and delete.
Updated freebusy.conf template for freebusy IMAP caching.
Changed imapd.conf template to use berkeley db instead of
skiplist for annotations.db and mailboxes.db as a
workaround
for kolab/issue840 (Annotations needs to be more robust).
kolab/issue824 (kolabmailboxfilter run once for each
recipient)
kolab/issue1264 (Add support for sieve based
notifications)
kolab/issue1273 (Sending as delegate broken in Kolab server
2.1)
kolab/issue1428 (Fixed locking issue)
kolab/issue1433 (Some files in /kolab/etc/postfix have
wrong ownership)
- kolab-webadmin-2.0.99-20061110
Fixes for setting folder type of shared folders.
Guard against large number of users.
kolab/issue1457 (updated French translation)
- kolab-resource-handlers-2.0.99-20061110
Improvements and fixes for freebusy IMAP caching.
kolab/issue815 (invitation replies vanish in resmgr)
kolab/issue957 (All-day events from Outlook don't show up
in freebusy)
kolab/issue974 (Localize the text for rewritten From:
headers)
kolab/issue1042 (empty lines at the end of mails delivered
via LMTP)
kolab/issue1352 (resmgr can create wrong range dates)
kolab/issue1387 (resmgr replies to replies creating mail
loop)
kolab/issue1422 (Dummy freebusy info)
Changes between 2.1-beta-1 and 2.1-beta-2:
OpenPKG updates:
openpkg-2.5.2-2.5.2
openpkg-registry-0.2.7-20060223
libxslt-1.1.15-2.5.1
php-smarty-2.6.10-20051003
clamav-0.88.2-20060524
binutils-2.16.1-2.5.1
http://www.openpkg.org/security/advi
sories/OpenPKG-SA-2006.009-binutils.html
openldap-2.3.11-2.5.1
http://www.openpkg.org/security/advi
sories/OpenPKG-SA-2006.008-openldap.html
Kolab updates:
More distconf changes by Richard Bos and Markus Hüwe.
- perl-kolab-5.8.7-20060619
Resolved:
Issue1194 (kolabd quota performance)
Issue1220 (postfix permissions)
issue1237 (Handling of var in Conf.pm (Gunnar
Wrobel))
- kolabd-2.0.99-20060619
* The default imapd configuration has been changed to
enable the
hashimapspool option. This affects the upgrade
procedure.
See 1st.README for upgrade instructions.
* amavis now logs to /kolab/var/amavisd/amavisd.log. This
is
part of the fix for Issue1015
Resolved:
Issue1015 (fixing logging and logrotate for amavisd)
Issue1089 (enable hashimapspool for imapd to cope with
many users)
Issue1101 (allowapop: no; disable apop access to imapd
by default)
Issue1105 (fix compilation of kolabd on FreeBSD)
Issue1257 (wrong attribute name for imap quota)
- kolab-webadmin-2.0.99-20060619
* patch from Tobias König in order to support setting of
foldertype for public folders
Resolved:
Issue848 (Modifying address book entry may break
distribution list)
Issue1106 (email validation in webgui)
Issue1214 (number of days for vacation messages on
webinterface)
Issue1263 (Bug in the shared folders folder-type code)
[Wrobel]
- kolab-resource-handlers-2.0.99-20060619
* create empty pfbcache.db if missing
Resolved:
Issue973 (quoting and rewriting From header)
Issue966 (Wrong CN for resource accounts)
Issue1042 (server modifies email content)
Issue1195 (error message in bounce)
Issue1243 (rewriting fails when "From:"
contains quoted printable)
Issue1245 (rewriting problems on folded Header
"From:"-line)
$Id: release-notes.txt,v 1.112 2007/05/10 09:36:55 thomas
Exp $
Kolab2 Server Install and Upgrade Information
=============================================
See http://kolab.org/ for
general information about Kolab,
or look at http://wiki.kolab.org/ for
specific topics.
It is recommended to subscribe to the announcement mailing
list at
http
://kolab.org/mailman/listinfo/kolab-announce
to receive security advisories and release announcements.
Quick install instructions
--------------------------
For a fresh install /kolab needs to be an empty directory
with at least 1GB of
free disk space. You can use a symlink, but do _not_ use an
NFS mounted drive.
If the directory does not yet exist, it will automatically
be created.
Make sure that the following names are not in /etc/passwd or
/etc/groups,
as openpkg will want to create them: "kolab"
"kolab-r" "kolab-n"
Check http://www.open
pkg.org/documentation/ for additional documentation
for the OpenPKG packaging system.
To install the Kolab2 server, you need to download the files
from the
directory containing this file (1st.README) to some local
directory.
You can check the integrity of the downloaded files with:
$ gpg --verify MD5SUMS
$ md5sum -c MD5SUMS
Then as root, cd into that local directory and run
# sh obmtool kolab 2>&1 | tee kolab-build.log
to build and install packages in /kolab.
By default, the Kolab Server will now be started at
boottime.
After the build/install is complete, please run
# /kolab/etc/kolab/kolab_bootstrap -b
and follow the instructions.
General update instructions
---------------------------
Usually an update of the Kolab 2 server works as described
here. In
some cases you will need to deviate from these instructions
a bit. All
such cases are documented below, so read the release
specific update
instructions for all releases newer than the one you already
have before
you start the update.
In any case you should completely read *all* relevant
update
instruction *before* starting the upgrade procedure. All
ways make
sure you have a recent backup of your /kolab directory
before you
attempt to upgrade Kolab.
The installation of the new packages works just as for the
initial
installation. Download the files as described above and
run
# sh obmtool kolab 2>&1 | tee kolab-update.log
obmtool will usually automatically determine which packages
need to be
built. If you have made changes to configuration files or
an updated
package includes configuration files which are usually
regenerated from
files in /kolab/etc/kolab/templates/ the old configuration
file will be
saved with the extension .rpmsave. For files generated from
templates
you just have to remove the rpmsave file, because services
will refuse
to start if there still is an rpmsave file, e.g.:
# rm /kolab/etc/clamav/*.conf.rpmsave
For other changed files (e.g. the template files themselves)
you may
want to transfer your changes from the .rpmsave backup to
the new files.
Then regenerate the configuration and restart Kolab with:
# /kolab/sbin/kolabconf
# /kolab/bin/openpkg rc all restart
Upgrading from earlier versions
-------------------------------
Direct upgrade from Kolab1 is not recommendable at this
point. We
suggest that you back up your IMAP store, install Kolab2 and
manually
recreate user accounts and then restore the IMAP data from
the backup.
After an upgrade, always run /kolab/sbin/kolabconf to make
sure the
configuration files are regenerated from your templates.
Upgrade from Kolab server 2.0 to 2.1
------------------------------------
Upgrading from Kolab 2.0.x to 2.1 is described in detail in
the file
UPGRADING.20-21 in this directory.
The latest version of the upgrading instruction can be found
in the
Kolab.org raw-howtos CVS:
ht
tp://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/doc/raw-
howtos/kolab_2.0_to_2.1_upgrade_instructions.txt
Please read carefully all the following update instructions
in this
file, while some of the information will be redundant there
might
be additional notes which are essential for an successful
update.
Upgrade from pre-2.1-snapshot-20051130
--------------------------------------
This upgrade is somewhat tricky, because of a new db package
and a new
OpenLDAP version. To make sure that no data is lost, you
are strongly
advised to stop the server and make a backup before you
start the
update. Some files are removed during the upgrade described
below.
1. Before installing the new RPMs
Before installing the new packages, copy the contents of the
openldap
database (use a different output filename if you want):
/kolab/sbin/slapcat > ~/kolab-slapcat-data
The db update also affects the imap server.
cd /kolab/var/imapd/db
/kolab/bin/db_recover
rm /kolab/var/imapd/db/*
2. After installing the new RPMs
You need to make two small changes are required for the
openldap
configuration file /kolab/etc/openldap/slapd.conf:
- comment out the line
require none
- Move the line with the suffix setting to just after the
"database
bdb" line.
These changes have already been done in the new
slapd.conf.template, so
it can be used for guidance.
Then restore the openldap data:
rm /kolab/var/openldap/openldap-data/*
/kolab/sbin/slapadd -l ~/kolab-slapcat-data
The IMAP server should work without further changes.
Upgrade from pre-2.1-snapshot-20051215
--------------------------------------
Nothing special has to be done for this upgrade.
Upgrade from 2.1-beta-1
-----------------------
1. imapd hashimapspool setting
The default imapd configuration has been changed to enable
the
hashimapspool option. This means that in 2.1-beta-2 the
directory
layout of the imapd spool (/kolab/var/imapd/spool/) is
different from
the one in beta-1. When you upgrade from beta-1 it's best
to keep using
the old structure, so remove or comment out the
corresponding line in
/kolab/etc/kolab/templates/imapd.conf.template *before*
running
kolabconf.
For new installations the new default setting is recommended
because
it's more efficient especially when you have many
mailboxes.
For some background information about this see the dicussion
at
https:/
/intevation.de/roundup/kolab/issue1089
2. distribution lists
There was a bug in earlier versions regarding the
distribution lists for
administrative emails aliases like postmaster<domain>. They were
created without the domain part. This has been fixed so
that they are
created with the correct domains in their names, but admin
distribution
lists created by an earlier Kolab server version will not be
updated
automatically. The easiest way to do this is by deleting
them all and
then to create them again with the services page of the
web-interface.
For more details about the bug, see
https:/
/intevation.de/roundup/kolab/issue1100
Upgrade from 2.1-beta-2
-----------------------
1. postfix: ownership of virtual and transport:
The owner of two config files has to be root, otherwise
postfix will
change to an unprivileged user for creating the
corresponding .db files,
isn't able to write them after the upgrade and fails to
create further
database files which don't get generated from kolab
templates.
To correct the file owner, execute the following commands as
root:
cd /kolab/etc/postfix
chown root transport virtual
make
See kolab/issue1433 for details about this topic.
2. imapd: database format for annotations.db and
mailboxes.db
The default database format for
/kolab/var/imapd/annotations.db and
/kolab/var/imapd/mailboxes.db has changed from skiplist to
berkeley db.
If you want to keep the old format, comment out or remove
the lines
"annotation_db: berkeley" and "mboxlist_db:
berkeley" in the file
"/kolab/etc/kolab/templates/imapd.conf.template"
and make sure the file
"/kolab/etc/imapd/imapd.conf" reflects this, too,
by either running
/kolab/sbin/kolabconf or changing it manually there, too.
To convert the databases to berkeley db format, execute as
root:
/kolab/bin/openpkg rc imapd stop
su - kolab-r
cd /kolab/var/imapd/
mv annotations.db annotations.db-skiplist
cvt_cyrusdb /kolab/var/imapd/annotations.db-skiplist
skiplist
/kolab/var/imapd/annotations.db berkeley
mv mailboxes.db mailboxes.db-skiplist
cvt_cyrusdb /kolab/var/imapd/mailboxes.db-skiplist
skiplist
/kolab/var/imapd/mailboxes.db berkeley
exit
/kolab/bin/openpkg rc imapd start
See http://wiki.kolab.org/index.php/Kolab2_IMAPD
_annotations.db_Problems
for details about this topic.
Upgrade from 2.1-beta-3
-----------------------
1. Symlink from /kolab/kolab to /kolab no longer needed:
Due to kolab/issue1490 a symbolic link was needed to fix a
packaging
problem which otherwise disturbed free/busy cache
generation.
It is no longer needed and may optionally be removed:
rm /kolab/kolab
2. imapd: emails with identical message-id header:
In all previous releases the imap server discarded emails
with identical
message-ids received within three days. This caused multiple
problems
mentioned in kolab/issue1532.
This change may cause duplicate messages in mailboxes due to
cross postings,
distribution lists or possible bugs in imap clients. If you
want to revert
to the old behaviour, please comment out or remove the line
"duplicatesuppression: 0" in
/kolab/etc/kolab/templates/imapd.conf.template
or set the value to 1.
Upgrade from 2.1-beta-4
-----------------------
Nothing special has to be done for this upgrade.
Upgrade from 2.1-rc-1
---------------------
The database backend for the free/busy cache was changed to
solve licensing
issues between php4+ and gdbm. See kolab/issue1607 for
details.
Follow the steps to regenerate the free/busy cache shown in
the section
"Final Steps" in the file UPGRADING.20-21
Upgrade from 2.1-rc-2
---------------------
Nothing special has to be done for this upgrade.
Known problems and workarounds
------------------------------
- Your system (C library) has to support all languages
you want to have
available in the web admin interface and fbview. For
most languages you
have to use the non-UTF-8 and non-euro locales, i.e.
de_DE, fr_FR,
it_IT, nl_NL instead of e.g. de_DEeuro. For
fbview some languages need
a UTF-8 locale, e.g. ja_JP.UTF-8 for Japanese.
See kolab/issue881 and kolab/issue1585 for details.
- If login on https://yourser
ver.example.com/fbview and triggering
free/busy regeneration does not work, try as user
kolab:
/kolab/bin/php -r
'imap_open("{localhost:143/notls}", ""
,"");'
If it yields "Segmentation fault (core
dumped)", then there probably is
a conflict between a dynamically loaded libdb3 from
your system and a
statically linked libdb4 from the OpenpPKG php
package. If it yields a
"PHP Warning: ...", this part of the system
works correctly.
One reason for such a conflict could be the mere
presence of
/lib/libnss_db.so.*, which is installed on some
distributions by
default. On Debian systems it is contained in the
package "libnss-db".
If you really need this library, you could work around
the loading of
libdb3 by placing a symbolic link with the correct
name in /kolab/lib,
e.g.:
ldd /lib/libnss_db.so.2
libnss_files.so.2 =>
/lib/tls/libnss_files.so.2 (0xb7f16000)
---> libdb3.so.3 => /usr/lib/libdb3.so.3
(0xb7e6b000)
libc.so.6 => /lib/tls/libc.so.6
(0xb7d36000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2
(0x80000000)
ln -s /dev/null /kolab/lib/libdb3.so.3
See kolab/issue1607 (need to replace gdbm for
pfbcache, because of
license clash gdbm vs php) for details.
- Under some circumstance the Kolab server may not
create or delete
users or update the configuration after changes have
been made in
the web interface. This happens most often
immediately after the
bootstrap. In that case restart the kolabd:
/kolab/bin/openpkg rc kolabd restart
If user accounts are still not created or deleted, you
can try removing
the file /kolab/var/kolab/mailbox-uidcache.db and
restarting kolabd.
See kolab/issue1068 (Mailboxes are not created until
kolabd restart)
and kolab/issue1098 (Changes in the service tab are
not accepted after
bootstrap) for details.
- If modifying or deleting of address book entries
doesn't work,
restarting openldap can help, see kolab/issue854 for
details.
- There is a report that the manager can only see users
in the primary
domain, see kolab/issue1485. We can't reproduce this
problem, please
tell us if you can.
- Calendar folders for group/resource accounts can't be
created for
domains which were added after bootstrap, i.e. via the
web admin
interface. See kolab/issue1313 for details.
- When deleting domains via the web admin interface, the
corresponding
LDAP data and IMAP spool stay on the server and have
to be deleted
manually. See kolab/issue1571 and kolab/issue1576 for
details.
$Id: README.1st,v 1.57 2007/05/10 10:17:37 thomas Exp $
Upgrade Kolab Server from 2.0.x to 2.1
======================================
Instructions for upgrading Kolab Server 2.0.4 to 2.1.0
NOTE: Before attempting the upgrade, make sure you have a
current and working backup of your data.
Preparation for the Upgrade
---------------------------
1. Stop the Kolab Server and related cronjobs:
Comment out all OpenPKG entries in /etc/crontab, then
run:
# /kolab/bin/openpkg rc all stop
2. Backup the old installation:
You could use rsync on the running server and then rsync
again
to transfer only changed files to keep the downtime
short.
3. Extract ldap data:
Copy the contents of the openldap database, use a
different output
filename if you want. You should make sure that no other
users can
read the sensitive data contained in the ldif file, e.g.
with umask:
# umask 077
# /kolab/sbin/slapcat > ~/kolab-2.0.ldif
4. Prepare for berkeley db update
# cd /kolab/var/imapd/db
# /kolab/bin/db_recover
# rm /kolab/var/imapd/db/*
Installation
------------
The installation of the new packages is done in the normal
way. See the
file 1st.README accompanying the 2.1 server for details. Do
not do
anything after the installation yet. In particular, do not
start any
part of the server again or run kolabconf.
Configuration
-------------
1. Check custom configuration
If you have custom configurations in your templates, the
installation
process renames your templates and leaves them in files with
the
extension .rpmsave. Copy any modifications from your
templates to the
new one if they are still needed.
After that the files with the extension .rpmsave must be
removed or
renamed. There might be more files with the .rpmsave ending
in
/kolab/etc, you can find them for example using the find
command:
# find /kolab/etc -name '*.rpmsave'
Any files found must be checked and moved out of the way, in
most
cases they can just be deleted.
2. Cyrus IMAPd
The default imapd configuration has been changed to enable
the
hashimapspool option. This means that in 2.1 the default
directory
layout of the imapd spool (/kolab/var/imapd/spool/) is
different from
the one in 2.0. When you upgrade from 2.0 it's best to keep
using the
old structure, so remove or comment out the line
"hashimapspool: yes"
in /kolab/etc/kolab/templates/imapd.conf.template *before*
running
kolabconf.
For new installations the new default setting is recommended
because
it's more efficient especially when you have many
mailboxes.
For some background information about this see the dicussion
at
https:/
/intevation.de/roundup/kolab/issue1089
The default database format for
/kolab/var/imapd/annotations.db and
/kolab/var/imapd/mailboxes.db has changed from skiplist to
berkeley db.
If you want to keep the old format, comment out or remove
the lines
"annotation_db: berkeley" and "mboxlist_db:
berkeley" in the file
"/kolab/etc/kolab/templates/imapd.conf.template"
and make sure the file
"/kolab/etc/imapd/imapd.conf" reflects this, too.
To convert the databases to berkeley db format, execute as
root:
# su - kolab-r
$ cd /kolab/var/imapd/
$ mv annotations.db annotations.db-skiplist
$ cvt_cyrusdb /kolab/var/imapd/annotations.db-skiplist
skiplist
/kolab/var/imapd/annotations.db berkeley
$ mv mailboxes.db mailboxes.db-skiplist
$ cvt_cyrusdb /kolab/var/imapd/mailboxes.db-skiplist
skiplist
/kolab/var/imapd/mailboxes.db berkeley
$ exit
See http://wiki.kolab.org/index.php/Kolab2_IMAPD
_annotations.db_Problems
for details about this topic.
3. LDAP
You need to make two small changes to the configuration
file
/kolab/etc/openldap/slapd.conf:
- comment out the line
require none
- Move the line with the suffix setting to just after the
"database
bdb" line.
These changes have already been made in the new
slapd.conf.template, so
that could be used for guidance.
Convert the openldap data. The LDAP data-structures have
changed
between 2.0 and 2.1 as described in Kolab2 Architecture
Draft:
ht
tp://kolab.org/doc/concept-draft-cvs20060921.pdf
There's a Python script that can do the transformation. The
script is
utils/admin/convert-ldif-21.py in Kolab CVS and requires
python >= 2.1
and python-ldap >= 2.0, you can download the current
version from:
http://kolab.org/cgi-bin/vie
wcvs-kolab.cgi/*checkout*/utils/admin/convert-ldif-21.py
The script works on the ldif data that was exported with
slapcat earlier,
it requires python-ldap:
# umask 077
# python convert-ldif-21.py ~/kolab-2.0.ldif
~/kolab-2.1.ldif
Then restore the openldap data using the output from
convert-ldif-21.py:
# rm /kolab/var/openldap/openldap-data/*
# /kolab/sbin/slapadd -l ~/kolab-2.1.ldif
This will issue some warnings which can be safely ignored.
4. kolabconf
Now start the openldap server and run kolabconf
# /kolab/bin/openpkg rc openldap start
# /kolab/sbin/kolabconf
Kolabconf might complain about be some files ending .rpmnew
under
/kolab/etc. Check those files and move them out of the way.
It's
likely that you can simply remove them.
Start the Server
----------------
Now you should be able to start the server again:
# /kolab/bin/openpkg rc all start
Resource Accounts
-----------------
With server version 2.1 the way in which the kolab resource
manager
accesses the calender folders of resources has changed. To
make old
resource accounts work after the upgrade, you have to grant
access to
the resources imap folders to the so called calender user.
First you have to identify the existing resource accounts,
this can be
done using the convert-ldif-21.py script, which was
introduced in the
section on converting the LDAP data.
# python convert-ldif-21.py --list-resources
~/kolab-2.0.ldif
lists the UIDs (normally the email addresses) of all
resource accounts.
Now you have to add ACLs to the mailboxes of the resources,
which
allow the calendar user to access them. Per default the
calendar user
is calendarYOUR_DOMAIN:
Connect with cyradm to the Kolab imap server as user
manager:
# /kolab/bin/cyradm -u manager localhost
Then use the `setaclmailbox' command (sam) to set the
necessary
permissions. You can generate a list of commands which
should do the
right thing on most standard installations with:
# python convert-ldif-21.py --list-resources
~/kolab-2.0.ldif |
sed 's-(.*)(.*)-sam */1*2 calendar2 all-'
Final Steps
-----------
1. The internal format of the ldap records for the list of
privileged
networks has changed, to updated these recods go to the
kolab web
interface an log in as administrative user. Open the
"Services"
page and search for the "Privileged Networks"
section. Click the
update button for the networks list.
2. Kolab 2.1 doesn't need some of the OpenPKG packages which
were
installed for 2.0, these can be removed:
# /kolab/bin/openpkg rpm -e dcron vim pth
Especially the dcron package should be removed in any
case,
otherwise deprecated cronjobs will be run and generate
mails with
error messages to the kolab administrator.
3. Activate the entries for OpenPKG in /etc/crontab again.
4. The database backend for the free/busy cache was changed
to solve licensing
issues between php4+ and gdbm. See kolab/issue1607 for
details.
Additionally the directory layout has changed from 2.0 to
2.1.
To convert the free/busy cache database and directory you
can use the
Python script "convert-gdbm-dbload"
downloadable from Kolab CVS:
http://kolab.org/cgi-bin/vi
ewcvs-kolab.cgi/*checkout*/utils/admin/convert-gdbm-dbload
It prints usage instructions if called without
arguments:
$ python convert-gdbm-dbload
Alternative (manual) method of recreating the free/busy
cache:
If you have very few calendar folders, you can remove the
cache manually
and recreate its contents by triggering calendar
folders:
# rm /kolab/var/kolab/www/freebusy/cache/pfbcache.db
Then updating the free/busy cache has to be triggered for
all calendar
folders of all accounts:
- Users need to create or update an appointment in their
folders.
- Resources can be invited to a new appointment or send
them an update
to an existing appointment.
$Id: kolab_2.0_to_2.1_upgrade_instructions.txt,v 1.13
2007/05/10 12:56:11 thomas Exp $
_______________________________________________
Kolab-announce mailing list
Kolab-announcekolab.org
htt
ps://kolab.org/mailman/listinfo/kolab-announce
|