summaryrefslogtreecommitdiff
path: root/Installation_Guide/en-US/Kolab_Server_First_Login.xml
blob: a3913f9a6f05ecae5dc108025542118b01fb16af (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "Community_Installation_Guide.ent">
%BOOK_ENTITIES;
]>
<chapter id="chap-Community_Installation_Guide-First_Login">
    <title>First Login</title>
    <para>
        Once you have successfully set up the Kolab Groupware server, it is time to add some users.
    </para>
    <para>
        Navigate to the /kolab-webadmin URL on your webserver using HTTP. For example, a server set up on localhost would be at http://127.0.0.1/kolab-webadmin.
    </para>
    <para>
        Login using the username <literal>cn=Directory Manager</literal> and the password you supplied during the setup process.
    </para>
    <important>
        <para>
            It is important that the preparations listed in <xref linkend="sect-Community_Installation_Guide-Preparing_the_System-SELinux" /> and <xref linkend="sect-Community_Installation_Guide-Preparing_the_System-System_Firewall" /> are implemented at this point.
        </para>
        <para>
            Without the adjustments to the SELinux configuration, any user, including the administrator user, that logs in to the web administration panel will effectively have no permissions and can not add, edit or delete any users, groups, resources, shared folders, domains or other object types.
        </para>
        <para>
            Without the adjustments to the firewall configuration, you will not be able to connect to the /kolab-webadmin URL at all.
        </para>

    </important>
    <section id="sect-Community_Installation_Guide-First_Login-Creating_a_User">
        <title>Creating a User</title>
        <para>
            Create a first user, and verify the account is created successfully using <command>ldapsearch</command> from a terminal.
        </para>
        <para>
            A mailbox should now also have been created. Examine the output of <command>/usr/lib/cyrus-imapd/ctl_mboxlist -d</command>, or, alternatively, run <command>kolab list-mailboxes</command>.
        </para>
        <section id="sect-Community_Installation_Guide-Creating_a_User-Troubleshooting">
            <title>Troubleshooting</title>
            <formalpara id="form-Community_Installation_Guide-Troubleshooting-LDAP_Entry_Created_but_No_Mailbox">
                <title>LDAP Entry Created, but No Mailbox</title>
                <para>
                    This is a common error should no recipient policy be in place. Please see the Administrator Guide for more details on the recipient policy.
                </para>

            </formalpara>
            <formalpara id="form-Community_Installation_Guide-Troubleshooting-Cannot_Supply_Mail_andor_Alternative_Mail_Addresses_for_the_User">
                <title>Cannot Supply Mail and/or Alternative Mail Addresses for the User</title>
                <para>
                    The quick and easy way out is to set <literal>admin_auto_fields_rw</literal> to <literal>True</literal> in section <literal>[kolab_wap]</literal> in <filename>/etc/kolab/kolab.conf</filename> and log out and back in to the Kolab Web Administration Panel.
                </para>

            </formalpara>
            <para>
                This course of action implies you are not seeking to employ a recipient policy to the Kolab user accounts.
            </para>
            <para>
                For a more sustainable approach, and greater flexibility, please consider the approach outlined in <xref linkend="form-Community_Installation_Guide-Troubleshooting-Edit_user_types" />.
            </para>
            <formalpara id="form-Community_Installation_Guide-Troubleshooting-Edit_user_types">
                <title>Edit <literal>user_types</literal></title>
                <para>
                    The <literal>user_types</literal> table in the MySQL <literal>kolab</literal> database contains the settings to create the form fields for the <emphasis>Add User</emphasis> dialog.
                </para>

            </formalpara>
            <para>
                At the time of this writing, editing those form fields is a manual process executed from the console. An enhancemnt for the Kolab Web Administration Panel and API is pending, see <ulink url="https://bugzilla.kolabsys.com/show_bug.cgi?id=697">bug #697</ulink> and <ulink url="https://bugzilla.kolabsys.com/show_bug.cgi?id=678">bug #678</ulink>
            </para>
            <para>
                For the procedure to edit the <literal>user_types</literal>, please refer to <ulink url="http://docs.kolab.org/en-US/Kolab_Groupware/3.0/html/Administrator_Guide/chap-Administrator_Guide-Kolab_Web_Administration_Panel.html#proc-Administrator_Guide-Editing_user_types-Manually_Changing_the_user_types_Available">this procedure</ulink> Administrator Guide.
            </para>
            <formalpara id="form-Community_Installation_Guide-Troubleshooting-Cannot_Add_Users">
                <title>Cannot Add Users</title>
                <para>
                    If you cannot add users in the Kolab Web Administration, because no link exists, please verify the following;
                </para>

            </formalpara>
            <procedure id="proc-Community_Installation_Guide-Troubleshooting-Troubleshooting">
                <title>Troubleshooting</title>
                <step>
                    <para>
                        Please verify SELinux is not preventing Apache from executing the necessary binary to get effective rights on a subject. The output of the <command>sestatus</command> command should look as follows:
                    </para>
                    <para>

<screen># <userinput>sestatus</userinput>
SELinux status:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;enabled
SELinuxfs mount:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/selinux
Current mode:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;permissive
Mode from config file:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;permissive
Policy version:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;24
Policy from config file:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;targeted</screen>

                    </para>
                    <para>
                        or:
                    </para>
                    <para>

<screen># <userinput>sestatus</userinput>
SELinux is disabled</screen>

                    </para>

                </step>
                <step>
                    <para>
                        Please verify <filename>/usr/lib64/mozldap/ldapsearch</filename> (or <filename>/usr/lib/mozldap/ldapsearch</filename> on 32-bit systems) is executable under Apache HTTPd.
                    </para>
                    <para>

<screen># <userinput>su -s /bin/bash - apache -c '/usr/lib64/mozldap/ldapsearch'</userinput>
# <userinput>ls -l /usr/lib64/mozldap/ldapsearch</userinput></screen>

                    </para>

                </step>
                <step>
                    <para>
                        Please verify the MySQL database has been properly initialized:
                    </para>
                    <para>

<screen># <userinput>mysql -u root -p kolab -e 'SHOW TABLES;'</userinput>
Enter password:
+-----------------+
|&nbsp;Tables_in_kolab&nbsp;|
+-----------------+
|&nbsp;group_types&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|
|&nbsp;options&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|
|&nbsp;resource_types&nbsp;&nbsp;|
|&nbsp;role_types&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|
|&nbsp;user_types&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|
+-----------------+</screen>

                    </para>

                </step>

            </procedure>


        </section>


    </section>

    <section id="sect-Community_Installation_Guide-First_Login-Creating_a_Kolab_Administrator">
        <title>Creating a Kolab Administrator</title>
        <para>
            It is very important to realize the <literal>cn=Directory Manager</literal> is virtually the "root" user on the LDAP directory server. You should not need to use the account for day-to-day operations.
        </para>
        <para>
            The default Kolab Groupware deployment has added a so-called <emphasis>role</emphasis> to the directory tree that allows accounts that have such role to edit, add and remove entries from the directory tree.
        </para>
        <para>
            Create a new account or choose an existing account and navigate to the <emphasis>System</emphasis> tab. In the <emphasis>Role(s)</emphasis>, enter <userinput>kolab</userinput> and select the <emphasis>kolab-admin</emphasis> entry. Click <emphasis>Submit</emphasis> to save the changes.
        </para>

    </section>

    <section id="sect-Community_Installation_Guide-First_Login-Logging_in_to_Roundcube">
        <title>Logging in to Roundcube</title>
        <para>
            With the new user, you can now log in to the Kolab Groupware webmail client Roundcube.
        </para>
        <para>
            You can find the webmail interface at the /roundcubemail URL on your webserver using HTTP. For example, a server set up on 192.168.122.2 would have the webmail interface at http://192.168.122.2/roundcubemail.
        </para>
        <para>
            The username can be any of the <literal>uid</literal>, <literal>mail</literal> or <literal>alias</literal> attribute values.
        </para>

    </section>


</chapter>