Page tree
Skip to end of metadata
Go to start of metadata

The following howto explains the needed steps to setup the Kopano Multiserver functionality (multiple Kopano nodes acting as one unified system). The following steps are not necessary if you want to run Kopano on a setup consisting of multiple Univention Servers (e.g. a Domain Master and Slave setup). These steps are also not neccesary if you want to run Kopano WebApp on a different Univenstion server, than the Kopano Core app.

Prerequisites

  • Multiple UCS in one domain
  • Have current Kopano Core App Center version installed
  • Kopano Enterprise Subscription to receive support from Kopano
  • ideally these steps should be executed before creating users

Setup

  • Install Kopano Core via App Center
  • On each: univention-install kopano4ucs-multiserver
  • On each: univention-run-join-scripts
  • On UCS Master UMC: In 'Computers' module, select one Kopano server. On the 'Kopano' tab, check 'Contains Public Store', save

  • On UCS Master: Create client certificate for Kopano services
univention-certificate new -name kopano-client
cd /etc/univention/ssl/kopano-client
cat private.key cert.pem > kopano-client.pem
openssl rsa -in private.key -pubout > kopano-client-public.pem
  • As root, copy certificates to each Kopano host:
scp kopano-client.pem <kopano-host>:/etc/kopano/ssl/
scp kopano-client-public.pem <kopano-host>:/etc/kopano/sslkeys/

TODO idea to generate and copy certificates for all servers in the setup

for host in $(univention-ldapsearch -xLLL univentionService=Kopano dn | awk '{ print $2 }' | cut -d, -f1 | cut -b4-); do
	echo "/etc/univention/ssl/$host/"
done

 

  • On each kopano server:
ucr set kopano/cfg/admin/sslkey_file=/etc/kopano/ssl/kopano-client.pem \
kopano/cfg/admin/server_socket=https://$(hostname -f):237/kopano \
kopano/cfg/dagent/sslkey_file=/etc/kopano/ssl/kopano-client.pem \
kopano/cfg/dagent/server_socket=https://$(hostname -f):237/kopano \
kopano/cfg/search/sslkey_file=/etc/kopano/ssl/kopano-client.pem \
kopano/cfg/search/server_socket=https://$(hostname -f):237/kopano \
kopano/cfg/monitor/sslkey_file=/etc/kopano/ssl/kopano-client.pem \
kopano/cfg/monitor/server_socket=https://$(hostname -f):237/kopano \
kopano/cfg/spooler/sslkey_file=/etc/kopano/ssl/kopano-client.pem \
kopano/cfg/spooler/server_socket=https://$(hostname -f):237/kopano \
kopano/cfg/server/user_plugin=ldapms \
kopano/cfg/server/enable_distributed_kopano=true \
kopano/cfg/server/user_plugin_config=/etc/kopano/ldapms.cfg

for s in kopano-server kopano-dagent kopano-search kopano-spooler; do invoke-rc.d $s restart; done

Usage

  • Computer objects have a new tab 'Kopano' for server specific settings. They are set automatically by the kopano-multiserver joinscript
  • Users have new attributes on the Kopano tab: home server and home archive server. A home server has to be set before the user can login.

 

  • No labels