This is just my personal documentation on the process I use. I had this in a text file and didn't want to lose it so I figured I'd post it here. If it helps someone out, great.
1 - Install OS - Choose SSH and Web Server during tasksel package selection
Make sure to enable the extra repos
2 - Configure networking
nano /etc/network/interfaces
nano /etc/resolv.conf
3 - Install MySQL
apt-get install mysql-server
4 - Create MySQL user
mysql -u root -p
CREATE USER 'zarafa'@'localhost' IDENTIFIED BY 'password';
4 - Test PHP/Apache
echo '<?php echo phpinfo(); ?>' >>/var/www/index.php
* Be sure to delete this file after successfully testing that PHP is working :: rm /var/www/index.php
5 - Install Zarafa Common Package
dpkg -i zarafa-common_7.1.2-39121_amd64.deb
6 - Install Dependencies
apt-get install libboost-system1.42.0 libboost-filesystem1.42.0 libicu44
7 - Install Zarafa Server
./install.sh
8 - Test Zarafa WebAccess
http://<ip address>/webaccess/
9 - Grant priveleges (documentation was wrong)
mysql -u root -p
GRANT alter, alter routine, create, create routine, delete, drop, index, insert, lock tables, select, update ON zarafa.* TO 'zarafa'@'localhost' IDENTIFIED BY 'password';
10 - Restart Zarafa Server
/etc/init.d/zarafa-server restart
13 - Create Public Store
zarafa-admin -s
* If you the message 'The server is not running, or not accessable through file:///var/run/zarafa.' try restarting the Zarafa Server
14 - Verify Public Store was created successfully
zarafa-admin -s
* Should tell you: 'Unable to create store, public already exists'
15 - Create OU in AD for Zarafa users
16 - Install ADS plugin on DC
* Make sure the user is part of the Schema Admins group
* Right click, Run as Administrator
* View the Properties of a user and verify the Zarafa tab is available in AD Users and Computer snap-in
17 - Change user store in server.cfg to use LDAP (Need to work on using LDAPS for LDAP over SSL)
nano /etc/zarafa/server.cfg
user_plugin = ldap
18 - Verify the user plugin path is set correctly for x86_64 systems
plugin_path = /usr/lib64/zarafa
19 - Create AD user that Zarafa will use to bind to the LDAP database (need to figure out the least priveleged permissions for this to work)
Create the user in the same OU or Container that the rest of the Zarafa users will be in
20 - Configure Zarafa to use ADS for user store
nano /etc/zarafa/ldap.active-directory.cfg
21 - Configure AD user for LDAP bind (Must be in LDAP DN format)
nano /etc/zarafa/ldap.active-directory.cfg
ldap_bind_user = cn=Zarafa,ou=ZarafaUsers,dc=domain,dc=local
* Make sure none of the CN's in the DN contain spaces
ldap_bind_passwd = password
22 - Set the LDAP search base
ldap_search_base = ou=ZarafaUsers,dc=domain,dc=local
23 - Rename the LDAP config.
mv /etc/zarafa/ldap.active-directory.cfg /etc/zarafa/ldap.cfg
24 - Restart Zarafa Server
/etc/init.d/zarafa-server restart
25 - Test that you can authenticate to Zarafa webaccess with an AD account
26 - Install Postfix
apt-get install postfix postfix-ldap
* Choose Internet Site during setup
27 - Add MX record to DNS server
28 - Postfix main.cf config
http://doc.zarafa.com/7.1/Administrator_Manual/en-US/html-single/#_MTAIntegration
nano /etc/postfix/main.cf
echo 'virtual_mailbox_domains = domain.local' >> /etc/postfix/main.cf
echo 'virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf' >> /etc/postfix/main.cf
echo 'virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf' >> /etc/postfix/main.cf
echo 'virtual_transport = lmtp:127.0.0.1:2003' >> /etc/postfix/main.cf
29 - Configure Postfix for LDAP authentication
touch /etc/postfix/ldap-users.cf
nano ldap-users.cf
server_host = 192.168.0.100
search_base = ou=Users,dc=example,dc=local
version = 3
bind = yes
bind_dn = cn=zarafa,ou=Users,dc=example,dc=local
bind_pw = secret
scope = sub
query_filter = (&(objectClass=user)(mail=%s))
result_attribute = mail
touch /etc/postfix/ldap-groups.cf
server_host = 192.168.0.100
search_base = ou=groups,dc=example,dc=local
version = 3
bind = yes
bind_dn = cn=zarafa,ou=Users,dc=example,dc=local
bind_pw = secret
query_filter = (&(objectclass=group)(mail=%s))
leaf_result_attribute = mail
special_result_attribute = member
touch /etc/postfix/ldap-aliases.cf
server_host = 192.168.0.100
search_base = ou=Users,dc=example,dc=local
version = 3
bind = yes
bind_dn = cn=zarafa,ou=Users,dc=example,dc=local
bind_pw = secret
scope = sub
query_filter = (&(objectClass=user)(otherMailbox=%s))
result_attribute = mail
30 - Restart services for changes to take effect
/etc/init.d/postfix restart
/etc/init.d/zarafa-dagent restart
31 - Configure the Dagent to start at boot time
update-rc.d zarafa-dagent defaults
## Hardening Zarafa ##
32 - Configure Zarafa to run as non-root
addgroup --system zarafa
adduser --system --home /dev/null --no-create-home \
--ingroup zarafa \
--disabled-password --gecos 'Zarafa services' \
--shell /bin/false zarafa
chown -R zarafa:zarafa /var/log/zarafa
chmod -R 710 /var/log/zarafa/
33 - Setup Certificate CA for SSL
mkdir /etc/zarafa/ssl
chmod -R 700 /etc/zarafa/ssl
cd /etc/zarafa/ssl
sh /usr/share/doc/zarafa/ssl-certificates.sh server
* Organizational Unit names must be different
* No public key is needed
nano /etc/zarafa/server.cfg
* Configure SSL settings
cp /etc/zarafa/ssl/demoCA/cacert.pem /etc/zarafa/ssl
chown -R zarafa:zarafa /etc/zarafa/ssl/
34 - Restart Zarafa
/etc/init.d/zarafa-server restart
