eGroupWare + authorization in AD + synchronization with Outlook via SyncML
Moved to new job. Puzzled to put the workflow system. I decided to put eGroupWare right away with the future. For a start, I decided to test this whole thing on Denver in corporate Vista Business. What was needed to complete the work? Document management system, authorization in Active Directory and synchronization through Outlook.
Under the cut rake had to face.
So, eGroupWare 1.16.002, Microsoft Outlook 2007, Funambol Outlook Sync Client 8.0.5., PDC - Windows Server 2003.
Domain for definiteness - home.local.
The computer on which we install eGW is main and is available at http at _http: //main.home.local
The user has the right to read the list of users of the domain (theoretically any user) - ADUser. The password for it is ********
1. Install eGW (millions of times this is described - even too lazy to write).
2. Satisfy all dependencies (check this with the installation check script).
3. In the configuration of the headers we prescribe the domain (home.local). (The configuration of the headers is available in _http: //main.home.local/setup)
4. In the domain configuration (home.local) of the domain, we configure authorization through Active Directory. Check that you have the php_ldap module installed and that it is included in php.ini. We continue. There are two ways
Exclusively for Windows
a) Copy the libeay32.dll and ssleay32.dll libraries from the php directory into \ Windows \ System32. Restart Apache
b) Set the settings in the domain configuration (domain in the sense of eGW)
Done!
And they went first rake.
5. Tricks with the administrator
In order to add the first admin
We go to the configuration and prescribe the login of the already logged in person. We put him the same password.
It is written on the Internet that it is possible to set the configuration in the configuration so that the users who log in first are added to Admins, after which they log in again and get administrator rights. THIS DOES NOT WORK! The user will not be added to the Default group and there will be no access even to the first page =)
And the most delicious at the end.
6. SyncML Sync
Funambol Outlook Sync Outlook Client was used (the rest are either paid or I didn’t have the brain to figure them out)
Address to sync _http: //main.home.local/rpc.php
Go on it look at the error. I had it like this.
You need to set mbstring.func_overload to 0 for rpc.php.
You should access this URL only with a SyncML enabled device.
We only know that the SyncML client should follow this url, but this option for php is interesting.
Taking into account that in the root lies .htaccess which clearly
Well, we deceive him, we write it in .htaccess
')
Now we climb into the client Funambol -> Ctrl + T -> Account
Location _http: //main.home.local/rpc.php
Username USER (in this case, the login of the person whose data we want to synchronize is used)
Password ********
Go to sync
EGroupware has been configured so that when the ./sX record type is used, the server data updates the client data, and if there is a ./sifX record type, conflicts are resolved.
We look at the tablet.
Well, set as convenient for yourself.
We also look at the bottom plate by type.
I, for example, put so
Well, it seems like it works. Questions and most importantly, criticism, are welcome.
ps If I need to, I can write an article already about how a working server on Ubuntu, not a test one, was raised.
Under the cut rake had to face.
So, eGroupWare 1.16.002, Microsoft Outlook 2007, Funambol Outlook Sync Client 8.0.5., PDC - Windows Server 2003.
Domain for definiteness - home.local.
The computer on which we install eGW is main and is available at http at _http: //main.home.local
The user has the right to read the list of users of the domain (theoretically any user) - ADUser. The password for it is ********
1. Install eGW (millions of times this is described - even too lazy to write).
2. Satisfy all dependencies (check this with the installation check script).
3. In the configuration of the headers we prescribe the domain (home.local). (The configuration of the headers is available in _http: //main.home.local/setup)
4. In the domain configuration (home.local) of the domain, we configure authorization through Active Directory. Check that you have the php_ldap module installed and that it is included in php.ini. We continue. There are two ways
first way (tooooooooo easy)
Exclusively for Windows
a) Copy the libeay32.dll and ssleay32.dll libraries from the php directory into \ Windows \ System32. Restart Apache
b) Set the settings in the domain configuration (domain in the sense of eGW)
: ADS
/ : SQL
:
....
/IP : IP AD-
: home.local
second way (through thorns to the stars)
/
: LDAP
/ : SQL
:
LDAP:
LDAP: IP AD-
LDAP : OU=, DC=home, DC=local (, , AD, OU=Users)
LDAP, : (& (objectClass=user)(objectCategory=person) (samaccountname=%user))
LDAP: OU=, DC=home, DC=local ()
dn LDAP ( ): ADUser@home.local ( AD, Active Directory LDAP- )
LDAP: ********Done!
And they went first rake.
5. Tricks with the administrator
In order to add the first admin
We go to the configuration and prescribe the login of the already logged in person. We put him the same password.
It is written on the Internet that it is possible to set the configuration in the configuration so that the users who log in first are added to Admins, after which they log in again and get administrator rights. THIS DOES NOT WORK! The user will not be added to the Default group and there will be no access even to the first page =)
And the most delicious at the end.
6. SyncML Sync
Funambol Outlook Sync Outlook Client was used (the rest are either paid or I didn’t have the brain to figure them out)
Address to sync _http: //main.home.local/rpc.php
Go on it look at the error. I had it like this.
You need to set mbstring.func_overload to 0 for rpc.php.
You should access this URL only with a SyncML enabled device.
We only know that the SyncML client should follow this url, but this option for php is interesting.
Taking into account that in the root lies .htaccess which clearly
# multibyte extension: needed for utf-8
php_value mbstring.func_overload 7
Well, we deceive him, we write it in .htaccess
# just for SyncML
<Files rpc.php>
php_value mbstring.func_overload 0
')
Now we climb into the client Funambol -> Ctrl + T -> Account
Location _http: //main.home.local/rpc.php
Username USER (in this case, the login of the person whose data we want to synchronize is used)
Password ********
Go to sync
EGroupware has been configured so that when the ./sX record type is used, the server data updates the client data, and if there is a ./sifX record type, conflicts are resolved.
We look at the tablet.
| Application Type | The server overwrites the client | Conflict resolution |
|---|---|---|
| The address book | ./scard | ./sifcontacts |
| The calendar | ./scal | ./sifcalendar |
| Tasks | ./stask | ./siftasks |
| Notes | ./snote | ./sifnotes |
Well, set as convenient for yourself.
We also look at the bottom plate by type.
| Application Type | Record type | Data type |
|---|---|---|
| The address book | ./contacts ./sifcontacts ./scard | text / vCard text / x-s4j-sifc text / x-s4j-sifc |
| The calendar | ./calendar ./events ./sifcalendar ./scal | text / calendar text / calendar text / x-s4j-sife text / x-s4j-sife |
| Tasks | ./tasks ./siftasks ./stask | text / calendar text / x-s4j-sift text / x-s4j-sift |
| Notes | ./notes ./sifnotes ./snote | text / x-vnote text / x-s4j-sifn text / x-s4j-sifn |
I, for example, put so
| Application Type | Value | Note |
|---|---|---|
| Contacts | ./sifcontacts | |
| Calendar | ./sifcalendar | SIF type leave |
| Tasks | ./siftasks | SIF type leave |
| Notes | ./sifnotes |
Well, it seems like it works. Questions and most importantly, criticism, are welcome.
ps If I need to, I can write an article already about how a working server on Ubuntu, not a test one, was raised.
Source: https://habr.com/ru/post/88146/
All Articles