summaryrefslogtreecommitdiff
path: root/Installation_Guide/pot/Kolab_Server_Configuration.pot
blob: d2649269fff61bf696fd56d95baf484ebdef8384 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
# 
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
msgid ""
msgstr ""
"Project-Id-Version: 0\n"
"POT-Creation-Date: 2012-09-08T15:19:22\n"
"PO-Revision-Date: 2012-09-08T15:19:22\n"
"Last-Translator: Automatically generated\n"
"Language-Team: None\n"
"MIME-Version: 1.0\n"
"Content-Type: application/x-publican; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Tag: title
#, no-c-format
msgid "Configuration"
msgstr ""

#. Tag: para
#, no-c-format
msgid "To bootstrap a default Kolab installation, with all components installed on a single system, the <command>setup-kolab</command> utility can be used. Run <command>setup-kolab</command> without any arguments to set up all Kolab components."
msgstr ""

#. Tag: para
#, no-c-format
msgid "For non-default or distributed installations, trigger the setup of one or more components using <command>setup-kolab &lt;component&gt;</command>. See <command>setup-kolab help</command> for a list of components for which configuration is available."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The setup utility by default asks for a bare minimum of input, and uses data available from the system, such as the system's fully qualified domain name (hostname and domain name parts, obtained from the reverse DNS entry on the network, <emphasis>not</emphasis> the configured FQDN) to setup the system with."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To use a custom hostname and domain-name, execute <command>setup-kolab</command> with the <literal>--fqdn</literal> option, specifying a fully qualified domain name. Fully qualified domain names are expected to consist of three components, the hostname, domain name and top-level domain, divided by a \".\" (dot) character."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The FQDN used, in any case, should resolve back to the system Kolab is being set up on."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To further customize the installation, please refer to <xref linkend=\"sect-Community_Installation_Guide-Configuration-Customizing_the_Setup_Process\" />."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Customizing the Setup Process"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Specify a configuration file in any other location than the default location of <filename>/etc/kolab/kolab.conf</filename> to customize the setup process. <command>setup-kolab</command> accepts the <literal>--config=<replaceable>/path/to/file</replaceable></literal> command-line option for this purpose."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Setting up Kolab with a Customized Configuration File"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The following is an example of setting up a Kolab Groupware server with the help of a customized configuration file."
msgstr ""

#. Tag: screen
#, no-c-format
msgid "# cp /etc/kolab/kolab.conf /root/mykolab.conf\n"
"# (...edit settings in /root/mykolab.conf...)\n"
"# setup-kolab -c /root/mykolab.conf"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Make sure the configuration file supplied to the setup process is complete and contains all settings in the original configuration file, or the setup process will fail."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Command-line Options for <command>setup-kolab</command>"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Executing <command>setup-kolab --help</command> will display the command-line options that <command>setup-kolab</command> accepts."
msgstr ""

#. Tag: screen
#, no-c-format
msgid "# <userinput>setup-kolab --help</userinput>\n"
"Usage: setup-kolab.py [options]\n"
"\n"
"Options:\n"
"  -h, --help            show this help message and exit\n"
"\n"
"  Runtime Options:\n"
"    -c CONFIG_FILE, --config=CONFIG_FILE\n"
"                        Configuration file to use\n"
"    -d DEBUGLEVEL, --debug=DEBUGLEVEL\n"
"                        Set the debugging verbosity. Maximum is 9, tracing\n"
"                        protocols like LDAP, SQL and IMAP.\n"
"    -l LOGLEVEL        Set the logging level. One of info, warn, error,\n"
"                        critical or debug\n"
"    --logfile=LOGFILE   Log file to use\n"
"    -q, --quiet        Be quiet.\n"
"    -y, --yes        Answer yes to all questions.\n"
"\n"
"  LDAP Options:\n"
"    --fqdn=FQDN        Specify FQDN (overriding defaults).\n"
"    --allow-anonymous   Allow anonymous binds (default: no).\n"
"\n"
"  PHP Options:\n"
"    --timezone=TIMEZONE\n"
"                        Specify the timezone for PHP.\n"
"\n"
"PyKolab is a Kolab Systems product. For more information about Kolab or\n"
"PyKolab, visit http://www.kolabsys.com"
msgstr ""

#. Tag: title
#, no-c-format
msgid "LDAP Component"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The LDAP component of the setup utility configures a 389 Directory Server installation that has not yet been set up to work for a Kolab Groupware deployment, by feeding answers to <command>setup-ds-admin.pl</command> through an answer file, loading the Kolab LDAP Schema extenions, and adding the default set of user accounts Kolab Groupware requires."
msgstr ""

#. Tag: para
#, no-c-format
msgid "At the time of this writing, the setup for the LDAP component expects the setup is performed on a clean system, that has no existing LDAP server or server instance running."
msgstr ""

#. Tag: para
#, no-c-format
msgid "This component also writes out the Kolab configuration file <filename>/etc/kolab/kolab.conf</filename>, which is used by the other components' setup procedures. In case the LDAP component is set up on a separate system, use the resulting <filename>/etc/kolab/kolab.conf</filename> as the setup configuration file for the other components."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The defaults for the LDAP setup include taking the system's Fully Qualified Domain Name, and making the domain name the primary domain, set up 389 DS with a default root DN, in an instance named with the system's hostname."
msgstr ""

#. Tag: para
#, no-c-format
msgid "A server with a FQDN of <literal>kolab01.example.org</literal> will therefore be configured to run <literal>dc=example,dc=org</literal> for primary domain name space <literal>example.org</literal> in a 389 Directory Server instance named <literal>kolab01</literal>. To use a different FQDN, use command-line option <literal>--fqdn <replaceable>&lt;your_fqdn&gt;</replaceable></literal>. The setup will still use the hostname and domain name components, however."
msgstr ""

#. Tag: para
#, no-c-format
msgid "When run against an existing configuration file that is not <filename>/etc/kolab/kolab.conf</filename> (but, for example, <filename>/etc/kolab/kolab-setup.conf</filename>), the setup process will take the existing configuration and set up a 389 Directory Server accordingly. This allows for greater flexibility in, among others, which root DN is used. You may discard the configuration file used for the setup afterwards, it contains no information of value other then for troubleshooting purposes, and it is not written to by the setup process."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Allowing Anonymous Binds"
msgstr ""

#. Tag: para
#, no-c-format
msgid "By default, Kolab Groupware sets up the LDAP server so that no anonymous binds are allowed. This is a security consideration, aiding in preventing certain reconnaissance attack vectors."
msgstr ""

#. Tag: para
#, no-c-format
msgid "This means by default, the LDAP server port(s) could be exposed to the Internet, meaning your \"Road Warrior\" users would be able to use the LDAP address book."
msgstr ""

#. Tag: para
#, no-c-format
msgid "It prevents, however, the graphical 389 Directory Server console application from being used, as it binds anonymously first, to find the LDAP entry used to login with."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Should you need to use the graphical 389 directory server console, and you feel confident other security configuration is sufficient, you can allow anonymous binds from the get-go by specifying the <literal>--allow-anonymous</literal> command-line option to <command>setup-kolab</command>."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Accounts Created"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The LDAP component setup creates 2 accounts in addition to the 2 accounts required to setup 389 Directory Server. The following is a summary of which accounts are set up and/or created, and what their purpose is."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The Administrator Account"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The administrator account is an account required to set up 389 Directory Server, and is used for day-to-day administration through the 389 Graphical Console interface."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Despite the fact Kolab Groupware includes a Web Administration Panel for day-to-day administration, it does not provide an interface to all possible options and features exposed with 389 Directory Server. For example, at the time of this writing, the Kolab Web Administration Panel does not have capabilities allowing the administration on Organizational Units (the Directory Information Tree structure), nor the administration of access control on entries or structures in the tree."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The Directory Manager Account"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The Directory Manager account is an account required to set up 389 Directory Server, and is used for administration tasks beyond day-to-day administration. Such tasks include, for example, managing server databases for LDAP root DNs (separate databases for isolated Directory Information Trees), configuring replication and TLS/SSL."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The Cyrus Administrator Account"
msgstr ""

#. Tag: para
#, no-c-format
msgid "In order to be able to manage mailboxes, Kolab Groupware requires the availability of an account that is a designated Cyrus IMAP administrator account."
msgstr ""

#. Tag: para
#, no-c-format
msgid "As stated in the <filename>/etc/imapd.conf</filename> configuration file, the <emphasis>cyrus-admin</emphasis> user is a Cyrus IMAP administrator. The setup creates the corresponding LDAP user account with the password supplied during setup."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The location of the user account is in <literal>ou=Special Users</literal>, so that the entry does not appear in any Global Address Book on clients including Kontact and Roundcube."
msgstr ""

#. Tag: title
#, no-c-format
msgid "The Kolab Service Account"
msgstr ""

#. Tag: para
#, no-c-format
msgid "The Kolab Service account is a dedicated account that services including Postfix, Roundcube and the Kolab Web Administration Panel use to bind to LDAP."
msgstr ""

#. Tag: para
#, no-c-format
msgid "This enables Kolab Groupware to configure LDAP to not allow anonymous binds. Not allowing anonymous binds is important when the Kolab server is exposed to the internet, which so-called road-warrior users may require it to be."
msgstr ""

#. Tag: para
#, no-c-format
msgid "The Kolab Service account is supposed to have access to search, read and compare entries throughout the entire Directory Information Tree. This includes, for example, a part of the tree that has been made 'invisible' to other users. Please see <xref linkend=\"exam-Community_Installation_Guide-The_Kolab_Service_Account-Restricting_Access_to_Parts_of_the_Directory_Information_Tree\" /> for an example scenario."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Additionally, the Kolab Service account is granted search, read and compare rights on <literal>cn=kolab,cn=config</literal>, the location where domain name spaces serviced by the Kolab Groupware deployment are stored."
msgstr ""

#. Tag: title
#, no-c-format
msgid "Restricting Access to Parts of the Directory Information Tree"
msgstr ""

#. Tag: para
#, no-c-format
msgid "A Kolab Groupware environment set up for development, testing and demonstration purposes allows people to request accounts."
msgstr ""

#. Tag: para
#, no-c-format
msgid "One account is issued to potential customer $x, while another is issued to potential customer $y."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Various Kolab Systems partners already have accounts that allow them to demonstrate Kolab Groupware to potential customers. Additional test accounts are issued to those potential customers as well."
msgstr ""

#. Tag: para
#, no-c-format
msgid "No partner or customer is allowed to browse the global address book and recognize the names of all people that have been issued accounts, as this would disclose trade information and give unfair advantage."
msgstr ""

#. Tag: para
#, no-c-format
msgid "To this end, each organizational entity is issued a private organizational unit, to which access is severly restricted, and accounts for people associated with this organizational entity are created in this part of the directory information tree."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Regardless of who is issued access to said organizational unit, the Kolab services including Postfix, Roundcube and the Kolab Web Administration Panel require access to these parts of the tree in order to;"
msgstr ""

#. Tag: para
#, no-c-format
msgid "Find valid sender and recipient email addresses."
msgstr ""

#. Tag: para
#, no-c-format
msgid "Upon login, search for the user entry corresponding with the login username supplied, so that a bind attempt with the supplied password can be attempted."
msgstr ""