Installation and Configuration Guide (2024)

In this section, you’ll learn how to configure SOGo to use your existingLDAP, SMTP and database servers. As previously mentioned, we assume thatthose components run on the same server on which SOGo is beinginstalled. If this is not the case, please adjust the configurationparameters to reflect those changes.

5.1. GNUstep Environment Overview

SOGo makes use of the GNUstep environment. GNUstep is a free softwareimplementation of the OpenStep specification which provides manyfacilities for building all types of server and desktop applications.Among those facilities, there is a configuration API similar to the"Registry" paradigm in Microsoft Windows. In OpenSTEP, GNUstep and MacOSX, these are called the "user defaults".

In SOGo, the user’s applications settings are storedin /etc/sogo/sogo.conf. You can use your favourite text editor tomodify the file.

The sogo.conf file is a serialized property list. This simple formatencapsulates four basic data types: arrays, dictionaries (or hashes),strings and numbers. Numbers are represented as-is, except for booleanswhich can take the unquoted values YES and NO. Strings are notmandatorily quoted, but doing so will avoid you many problems. Adictionary is a sequence of key and value pairs separated in theirmiddle with a = sign. It starts with a { and ends with acorresponding }. Each value definition in a dictionary ends with asemicolon. An array is a chain of values starting with ( and endingwith ), where the values are separated with a ,. Also, the filegenerally follows a C-style indentation for clarity but this indentationis not required, only recommended. Block comments are delimited by /*and */ and can span multiple lines while line comments must start with//.

The configuration must be contained in a root dictionary, thus be completelywrapped within curly brackets { [configuration] }. If SOGo refuses tostart due to syntax errors in its configuration file, plparse is helpfulfor finding these, as it indicates the line containing the problem.

5.2. Preferences Hierarchy

SOGo supports domain names segregation, meaning that you can separatemultiple groups of users within one installation of SOGo. A userassociated to a domain is limited to access only the users data from thesame domain. Consequently, the configuration parameters of SOGo aredefined on three levels:

Each level inherits the preferences of the parent level. Therefore,domain preferences define the defaults values of the user preferences,and the system preferences define the default values of all domainspreferences. Both system and domains preferences are defined inthe /etc/sogo/sogo.conf, while the users preferences are configurableby the user and stored in SOGo’s database.

To identify the level in which each parameter can be defined, we use thefollowing abbreviations in the tables of this document:

S	Parameter exclusive to the system and not configurable per domain
D	Parameter exclusive to a domain and not configurable per user
U	Parameter configurable by the user

Remember that the hierarchy paradigm allow the default value of aparameter to be defined at a parent level.

5.3. General Preferences

The following table describes the general parameters that can be set:

S	WOWorkersCount	The amount of instances of SOGo that will be spawnedto handle multiple requests simultaneously. When started from the initscript, that amount is overridden by the `PREFORK` valuein `/etc/sysconfig/sogo` or `/etc/default/sogo`. A value of 3 is areasonable default for low usage. The maximum value depends on the CPUand IO power provided by your machine: a value set too high willactually decrease performances under high load. Defaults to 1 when unset.
S	WOListenQueueSize	This parameter controls the backlog size of thesocket listen queue. For large-scale deployments, this value must beadjusted in case all workers are busy and the parent processes receiveslots of incoming connections. Defaults to 5 when unset.
S	WOPort	The TCP listening address and port used by the SOGodaemon. The format is `ipaddress:port`. To bind to an IPv6 address, use`[ipv6address]:port`, e.g. `[::1]:20000`. Defaults to `127.0.0.1:20000` when unset.
S	WOLogFile	The file path where to log messages. Specify `-` to log tothe console. Defaults to `/var/log/sogo/sogo.log`.
S	WOPidFile	The file path where the parent process id will be written. Defaults to `/var/run/sogo/sogo.pid`.
S	WOWatchDogRequestTimeout	This parameter specifies the number of minutes after which a busy childprocess will be killed by the parent process. Defaults to 10 (minutes). Do not set this too low as child processes replying to clients on a slowinternet connection could be killed prematurely.
S	WOMaxUploadSize	Parameter used to set the maximum allowed size for content beingsent to SOGo using a PUT or a POST call. This can also limit the fileattachment size being uploaded to SOGo when composing a mail. Thevalue is in kilobytes. By default, the value is 0, or disabled so nolimit will be set.
S	SOGoMaximumMessageSizeLimit	Parameter used to set the maximum allowed email message size whencomposing a mail. The value is in kilobytes. By default, the value is 0,or disabled so no limit will be set.
S	SxVMemLimit	Parameter used to set the maximum amount of memory (inmegabytes) that a child can use. Reaching that value will force childrenprocesses to restart, in order to preserve system memory. Defaults to `384`.
S	SOGoMemcachedHost	Parameter used to set the hostname and optionally the port of thememcached server. A path can also be used if the server must be reached via a Unix socket. Defaults to `localhost`. See `memcached_servers_parse(3)` for details on the syntax.
S	SOGoCacheCleanupInterval	Parameter used to set the expiration (in seconds) of each object in thecache. Defaults to `300`.
S	SOGoAuthenticationType	Parameter used to define the way by which users will be authenticated.For C.A.S., specify `cas`. For SAML2, specify `saml2`. For anythingelse, leave that value empty.
S	SOGoTrustProxyAuthentication	Parameter used to set whether HTTP username should be trusted. Defaults to `NO` when unset.
S	SOGoEncryptionKey	Parameter used to define a key to encrypt the passwords of remote Webcalendars when SOGoTrustProxyAuthentication is enabled.
S	SOGoCASServiceURL	When using C.A.S. authentication, this specifies the base url forreaching the C.A.S. service. This will be used by SOGo to deduce theproper login page as well as the other C.A.S. services that SOGo willuse.
S	SOGoCASLogoutEnabled	Boolean value indicating whether the "Logout" link is enabled whenusing C.A.S. as authentication mechanism. The "Logout" link will end up calling SOGoCASServiceURL/logout toterminate the client’s single sign-on C.A.S. session.
S	SOGoAddressBookDAVAccessEnabled	Parameter controlling WebDAV access to the Contacts collections.This can be used to deny access to these resources from Lightning forexample. Defaults to `YES` when unset.
S	SOGoCalendarDAVAccessEnabled	Parameter controlling WebDAV access to the Calendar collections. This can be used to deny access to these resources from Lightning forexample. Defaults to `YES` when unset.
S	SOGoSAML2PrivateKeyLocation	The location of the SSL private key file on the filesystem that is usedby SOGo to sign and encrypt communications with the SAML2 identityprovider. This file must be generated for each running SOGo service(rather than host). Make sure this file is readable by the SOGo user.
S	SOGoSAML2CertificateLocation	The location of the SSL certificate file. This file must be generatedfor each running SOGo service. Make sure this file is readable by the SOGo user.
S	SOGoSAML2IdpMetadataLocation	The location of the metadata file that describes the services availableon the SAML2 identify provider. The content of this file is usually generateddirectly by your SAML 2.0 IdP solution. For example, using SimpleSAMLphp, youcan get the metadata directly from https://MYSERVER/simplesaml/saml2/idp/metadata.phpMake sure this file is readable by the SOGo user.
S	SOGoSAML2IdpPublicKeyLocation	The location of the SSL public key file on the filesystem that is usedby SOGo to sign and encrypt communications with the SAML2 identityprovider. This file should be part of the setup of your identityprovider. Make sure this file is readable by the SOGo user.
S	SOGoSAML2IdpCertificateLocation	The location of the SSL certificate file. This file should be part ofthe setup of your identity provider. Make sure this file is readable by the SOGo user.
S	SOGoSAML2LoginAttribute	The attribute provided by the IdP to identify the user in SOGo.
S	SOGoSAML2LogoutEnabled	Boolean value indicated whether the "Logout" link is enabled when usingSAML2 as authentication mechanism. When using this feature, SOGo will invokethe IdP to proceed with the logout procedure. When the user clicks on the logoutbutton, a redirection will be made to the IdP to trigger the logout.
S	SOGoSAML2LogoutURL	The URL to which redirect the user after the "Logout" link is clicked.SOGoSAML2LogoutEnabled must be set to YES. If unset, the user will beredirected to a blank page.
D	SOGoTimeZone	Mandatory parameter used to set a default time zone for users. The defaulttimezone is set to UTC. The Olson database is a standard database thattakes all the time zones around the world into account and representsthem along with their history. On GNU/Linux systems, time zonedefinition files are available under `/usr/share/zoneinfo`. Listing theavailable files will give you the name of the available time zones.This could be `America/New_York`, `Europe/Berlin`, `Asia/Tokyo` or`Africa/Lubumbashi`. In our example, we set the time zone to `America/Montreal`.
D	SOGoMailDomain	Parameter used to set the default domain name used by SOGo. SOGo usesthis parameter to build the list of valid email addresses for users. In our example, we set the default domain to `acme.com`.
D	SOGoAppointmentSendEMailNotifications	Parameter used to set whether SOGo sends or not email notifications tomeeting participants. Possible values are: `YES` - to send notifications `NO` - to not send notifications Defaults to `NO` when unset.
D	SOGoFoldersSendEMailNotifications	Same as above, but the notifications are triggered on the creation of acalendar or an address book.
D	SOGoACLsSendEMailNotifications	Same as above, but the notifications are sent to the involved users ofa calendar or address book’s ACLs.
D	SOGoCalendarDefaultRoles	Parameter used to define the default roles when giving permissions to auser to access a calendar. Defaults roles are ignored for publicaccesses. Must be an array of up to five strings. Each string defining arole for an event category must begin with one of those values: `Public` `Confidential` `Private` And each string must end with one of those values: `Viewer` `DAndTViewer` `Modifier` `Responder` The array can also contain one or many of the following strings: `ObjectCreator` `ObjectEraser` Example: `SOGoCalendarDefaultRoles = ("ObjectCreator", "PublicViewer");` Defaults to no role when unset. Recommended values are `PublicViewer`and `ConfidentialDAndTViewer`.
D	SOGoContactsDefaultRoles	Parameter used to define the default roles when giving permissions to auser to access an address book. Defaults roles are ignored for publicaccesses. Must be an array of one or many of the following strings: ObjectViewer ObjectEditor ObjectCreator ObjectEraser Example: `SOGoContactsDefaultRoles = ("ObjectEditor");` Defaults to no role when unset.
D	SOGoSuperUsernames	Parameter used to set which usernames require administrative privilegesover all the users tables. For example, this could be used to postevents in the users calendar without requiring the user to configurehis/her ACLs. In this case you will need to specify those superuser’susernames like this: `SOGoSuperUsernames = (<username1>[, <username2>, ...]);`
U	SOGoLanguage	Parameter used to set the default language used in the Web interfacefor SOGo. Possible values are: `Arabic` `Basque` `BrazilianPortuguese` `Catalan` `ChineseTaiwan` `Croatian` `Czech` `Danish` `Dutch` `English` `Finnish` `French` `Galician` `German` `Hungarian` `Icelandic` `Italian` `Lithuanian` `Macedonian` `NorwegianBokmal` `NorwegianNynorsk` `Polish` `Portuguese` `Russian` `Slovak` `Slovenian` `SpanishArgentina` `SpanishSpain` `Swedish` `TurkishTurkey` `Ukrainian` `Welsh`
D	SOGoNotifyOnPersonalModifications	Parameter used to set whether SOGo sends or not email receipts whensomeone changes his/her own calendar. Possible values are: `YES` - to send notifications `NO` - to not send notifications Defaults to `NO` when unset. User can overwrite this from the calendarproperties window.
D	SOGoNotifyOnExternalModifications	Parameter used to set whether SOGo sends or not email receipts when amodification is being done to his/her own calendar by someone else.Possible values are: `YES` - to send notifications `NO` - to not send notifications Defaults to `NO` when unset. User can overwrite this from the calendarproperties window.
D	SOGoLDAPContactInfoAttribute	Parameter used to specify an LDAP attribute that should be displayedwhen auto-completing user searches.
D	SOGoiPhoneForceAllDayTransparency	When set to `YES`, this will force all-day events sent over by iPhoneOS based devices to be transparent. This means that the all-day eventswill not be considered during freebusy lookups. Defaults to `NO` when unset.
S	SOGoEnablePublicAccess	Parameter used to allow or not your users to share publicly (ie.,requiring not authentication) their calendars and address books. Possible values are: `YES` - to allow them `NO` - to prevent them from doing so Defaults to `NO` when unset.
S	SOGoDisableSharing	List of modules where sharing should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (sharing enabled for everybody).
S	SOGoDisableSharingAnyAuthUser	List of modules where sharing with any authenticated user option should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (sharing enabled for everybody).
S	SOGoDisableExport	List of modules where export should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (export enabled for everybody).
S	SOGoPasswordChangeEnabled	Parameter used to allow or not users to change their passwords fromSOGo. Possible values are: `YES` - to allow them `NO` - to prevent them from doing so Defaults to `NO` when unset. For this feature to work properly when authenticating against AD orSamba4, the LDAP connection must use SSL/TLS. Server side restrictionscan also cause the password change to fail, in which case SOGo will onlylog a Constraint violation (0x13) error. These restrictions includepassword too young, complexity constraints not satisfied, user cannotchange password, etc… Also note that Samba has a minimum password ageof 1 day by default.
S	SOGoSupportedLanguages	Parameter used to configure which languages are available from SOGo’sWeb interface. Available languages are specified as an array of string. The default value is: `( "Arabic", "Basque", "Catalan", "Czech", "Dutch", "Danish", "Welsh", "English", "SpanishSpain", "SpanishArgentina", "Finnish", "French", "Galician", "German", "Icelandic", "Italian", "Hungarian", "BrazilianPortuguese", "NorwegianBokmal", "NorwegianNynorsk", "Polish", "Russian", "Slovak", "Ukrainian", "Swedish" )`
D	SOGoHideSystemEMail	Parameter used to control if SOGo should hide or not the system emailaddress (UIDFieldName@SOGoMailDomain). This is currently limited toCalDAV (calendar-user-address-set). Defaults to `NO` when unset.
D	SOGoSearchMinimumWordLength	Parameter used to control the minimum length to be used for the searchstring (attendee completion, address book search, etc.) prior triggeringthe server-side search operation. Defaults to `2` when unset - which means a search operation will betriggered on the 3rd typed character.
S	SOGoMaximumFailedLoginCount	Parameter used to control the number of failed login attempts requiredduring SOGoMaximumFailedLoginInterval seconds or more. If conditionsare met, the account will be blocked for SOGoFailedLoginBlockIntervalseconds since the first failed login attempt. Default value is `0`, or disabled.
S	SOGoMaximumFailedLoginInterval	Number of seconds, defaults to `10`.
S	SOGoFailedLoginBlockInterval	Number of seconds, defaults to `300` (or 5 minutes). Note thatSOGoCacheCleanupInterval must be set to a value equal or higher thanSOGoFailedLoginBlockInterval.
S	SOGoMaximumMessageSubmissionCount	Parameter used to control the number of email messages a user can sendfrom SOGo’s webmail interface, to SOGoMaximumRecipientCount, inSOGoMaximumSubmissionInterval seconds or more. If conditions are metor exceeded, the user won’t be able to send mails forSOGoMessageSubmissionBlockInterval seconds. Default value is `0`, or disabled.
S	SOGoMaximumRecipientCount	Maximum number of recipients. Default value is `0`, or disabled.
S	SOGoMaximumSubmissionInterval	Number of seconds, defaults to `30`.
S	SOGoMessageSubmissionBlockInterval	Number of seconds, default to `300` (or 5 minutes). Note thatSOGoMessageSubmissionBlockInterval must be set to a value equal or lower thanSOGoCacheCleanupInterval.
S	SOGoMaximumRequestCount	Parameter used to control the number of requests a user can send to the SOGoserver in SOGoMaximumRequestInterval seconds or more. If conditions are metor exceeded, the user will not be able to perform requests on the SOGo serverfor SOGoRequestBlockInterval seconds and will receive 429 HTTP responses forany requests being made. Default value is 0, or disabled
S	SOGoMaximumRequestInterval	Number of seconds, defaults to `30`.
S	SOGoRequestBlockInterval	Number of seconds, defaults to 300 (or 5 minutes). Note that SOGoCacheCleanupIntervalmust be set to a value equal or higher than SOGoRequestBlockInterval.
S	SOGoXSRFValidationEnabled	Parameter used to enable or not XSRF (Cross-site request forgery, also known as CSRF) protection in SOGo. Make sure your Web server configuration doesn’t add the `HttpOnly` flag to the `Set-Cookie` header as the CSRF token cookie is intended to be read by the JavaScript by design.Default value is `YES`, or enabled.
D	SOGoUserSources	Parameter used to set the LDAP and/or SQL sources used forauthentication and global address books. Multiple sources can bespecified as an array of dictionaries.
S	SOGoPasswordRecoveryEnabled	Boolean enable password recovery with secret question or secondary e-mail. Default value is `NO`.
S	SOGoPasswordRecoveryDomains	List of domains where password recovery is enabled, for example `(example.org, example.net)`. If empty array `()`, disabled for all domains. If not set, enabled for all domains.
D	SOGoPasswordRecoveryFrom	From email when `SOGoPasswordRecoverySecondaryEmail` is set and no user domain is defined - otherwise it will use noreply@foo.bar where foo.bar is the selected user domain. Default value is `noreply@domain.com`.
U	SOGoPasswordRecoveryMode	User password recovery mode. Values can be `Disabled`, `SecretQuestion` or `SecondaryEmail`.
U	SOGoPasswordRecoveryQuestion	User password recovery secret question. Values can be `SecretQuestion1`, `SecretQuestion2` or `SecretQuestion3`.
U	SOGoPasswordRecoveryQuestionAnswer	User password recovery secret question answer when mode is `SecretQuestion`.
U	SOGoPasswordRecoverySecondaryEmail	User password recovery e-mail when mode is `SecondaryEmail`.
S	SOGoJWTSecret	JWT secret according to RFC-7519. Default value is `SOGo`.
D	SOGoCreateIdentitiesDisabled	Disable identity creation for users in preferences. If `YES`, users won’t be able to add new identities and will allow to change only full name, signature and default identity. Default value is `NO`. Note : If this settings is set to `YES`, it will not be possible to crete auxiliary mail accounts.
S	SOGoURLEncryptionEnabled	Enable URL encryption to make SOGo GDPR compatible. Setting this parameter to `YES` will encrypt username in URL. The encryption data are cached to avoid high cpu usage, ig the value of thie parameter is changed, memcached server needs to be restarted. If the encryption is enabled, the DAV url will change. Default value is `NO`.
S	SOGoURLEncryptionPassphrase	Passphrase for `SOGoURLEncryptionEnabled`. The string must be 128 bits (16 characters). If this settings change, the cache server must be restarted, and the DAV url will change. Default value is `SOGoSuperSecret0`.
S	SOGoGlobalAddressBookFirstEntries	Display first entries in Global Address Book. Default value is `NO`. If source is LDAP, the LDAP overlay `sssvlv` must be enabled on the system for server side sorting.
S	SOGoGlobalAddressBookFirstEntriesCount	Number of entries displayed when `SOGoGlobalAddressBookFirstEntries` is enabled. Default value is `100`.

5.4. Secret for sensitive data

Since 5.10

SOGo can store sensitive data in its database. In default behavior, SOGo will not do anything and store them in plain text.Starting with 5.10, you can now set a secret for SOGo to encrypt this data in database.The encryption method is AES-GCM with a 256 bits key.

Two parameters in your sogo.conf are needed to do that

S	SOGoSecretType	Parameter to define what kind is the secret: plain to directly put the secret in SOGoSecretValue, envto put the name of a environment variable in SOGoSecretValue or none to not use any secret.For now, it is only used to encrypt/decrypt auxiliary account’s password. the secret must be256 bits long i.e. 32 utf8 chars string. Defaults to none when unset
S	SOGoSecretValue	Parameter used whenever SOGo need a secret to encrypt/decrypt. For now,only for password of auxiliary accounts. If SOGoSecretType is plain,directly put the secret here. if SOGoSecretType is env, put the nameof the environment variable here. Must be set with SOGoSecretType.If SOGoSecretType is not none, sogo won’t start is the value is unfetchable or incorrect There is no default value

If you want to use an environment variable, set:

SOGoSecretType = "env";SOGoSecretValue = "SOGO_SECRET";

SOGO_SECRET must be an environment variable containing a 32 chars (256 bits) string. Note that SOGO_SECRET must be accessibleto the unix user sogo. If you use sogo with systemd or init.d, be sure your process have access to that environment variable.

If you want to directly put the secret in your sogo.conf:

SOGoSecretType = "plain";SOGoSecretValue = "secret_is_a_32_characters_string";

Note that if SOGoSecretType is set to something different than none, sogo will check the secret and won’t start if it is not ok.The reason will be given in the log (size, can’t found the env…)

If you want to use a secret for the first time or change the secret. There is a a sogo-tool command to encrypt allyour sensitive data. Check the doc of sogo-tool update-secret

How to use a secret for the first time?

Stop sogo
Modify your sogo.conf to add your secret
Use the sogo-tool command to encrypt all sensitive data that are already in your database

 sogo-tool update-secret -n myNewSecret

Restart sogo

How to change the value of the secret?

Stop sogo
Modify your sogo.conf to modify your secret
Use the sogo-tool command to encrypt all sensitive data with the new secret, you will need to pass your current secret too.

 sogo-tool update-secret -n myNewSecret -p myCurrentSecret

Restart sogo

I can’t stop sogo in my environement

In that case, simply modify the sogo.conf and use the sogo-tool. If you’re unluncky, a user would have madea request that will encrypt its data without the correct secret at the same time you run sogo-tool.If that’s the case, the wrong behavior and their solution are listed below.

Unexpected behavior

Be aware that it must have a synchronisation between the secret in your sogo.conf and the sensitive data in your database. Meaning if thedata is not encrypted with the correct secret, some wrong behavior can happens. There are listed here as well as their solution.

As for now, it only affects the IMAP’s passwords of auxiliary accounts and here the unexpected behavior in case of mismatch of secret are:

The auxiliary account of the user is correctly set but it can’t see any mail folders: The user will have to go to preferences → mail → imap accounts.Then it simply has to edit its account, put its password again and save the preferences. The password will be correctly encrypted then.
the user has errors and blank pages: Should not happen, please open a ticket. But, if it does, do this to unstuck the user:

sogo-tool user-preferences unset default <user> AuxiliaryMailAccounts

user being the full mail address or just the username if domainless. After that, the user will have to set its auxiliary accounts again.

5.5. Authentication using LDAP

SOGo can use a LDAP server to authenticate users and, if desired, toprovide global address books. SOGo can also use an SQL backend for thispurpose (see the section Authentication using SQL later in thisdocument). Insert the following text into your configuration file toconfigure an authentication and global address book using an LDAPdirectory server:

SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; IMAPHostFieldName = mailHost; baseDN = "ou=users,dc=acme,dc=com"; bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = "ldap://127.0.0.1:389"; id = public; isAddressBook = YES; });

5.6. LDAP Attributes Indexing

To ensure proper performance of the SOGo application, the following LDAPattributes must be fully indexed:

givenName
cn
mail
sn
attributes of MailFieldNames if defined
attributes of SearchFieldNames if defined

Please refer to the documentation of the software you use in order toindex those attributes.

5.7. LDAP Attributes Mapping

Some LDAP attributes are mapped to contacts attributes in the SOGo UI.The table below list most of them. It is possible to override these byusing the mapping configuration parameter.

For example, if the LDAP schema uses the fax attribute to store thefax number, one could map it to the facsimiletelephonenumber attributelike this:

mapping = {facsimiletelephonenumber = ("fax", "facsimiletelephonenumber");};

Name
First	givenname
Last	sn
DisplayName	displayname or cn or givenname + sn
Nickname	mozillanickname
Internet
Email	mail
Secondary email	mozillasecondemail
ScreenName	nsaimid
Phones
Work	telephonenumber
Home	homephone
Mobile	mobile
Fax	facsimiletelephonenumber
Pager	pager
Home
Address	mozillahomestreet + mozillahomestreet2
City	mozillahomelocalityname
State/Province	mozillahomestate
Zip/Postal Code	mozillahomepostalcode
Country	mozillahomecountryname
Web page	mozillahomeurl
Work
Title	title
Department	ou
Organization	o
Address	street +mozillaworkstreet2
City	l
State/Province	st
Zip/Postal code	postalcode
Country	c
Web page	mozillaworkurl
Other
Birthday	birthyear-birthmonth-birthday
Note	description
Photo	photo

5.8. Authenticating using C.A.S.

SOGo natively supports C.A.S. authentication. For activating C.A.S.authentication you need first to make sure that theSOGoAuthenticationType setting is set to cas,SOGoXSRFValidationEnabled is set to NO and that theSOGoCASServiceURL setting is configured appropriately.

The tricky part shows up when using SOGo as a frontend interface to anIMAP server as this imposes constraints needed by the C.A.S. protocol toensure secure communication between the different services. Failing totake those precautions will prevent users from accessing their mails,while still granting basic authentication to SOGo itself.

The first constraint is that the amount of workers that SOGo uses mustbe higher than 1 in order to enable the C.A.S. service to perform somevalidation requests during IMAP authentication. A single worker alonewould not, by definition, be able to respond to the C.A.S. requestswhile treating the user request that required the triggering of thoserequests. You must therefore configure the WOWorkersCount settingappropriately.

The second constraint is that the SOGo service must be accessible andaccessed via https. Moreover, the certificate used by the SOGo serverhas to be recognized and trusted by the C.A.S. service. In the case of acertificate issued by a third-party authority, there should be nothingto worry about. In the case of a self-signed certificate, thecertificate must be registered in the trusted keystore of the C.A.S.application. The procedure to achieve this can be summarized asimporting the certificate in the proper "keystore" usingthe keytool utility and specifying the path for that keystore to theTomcat instance which provides the C.A.S. service. This is done bytweaking the javax.net.ssl.trustStore setting, either in thecatalina.properties file or in the command-line parameters. On debian,the SOGo certificate can also be added to the truststore as follows:

openssl x509 -in /etc/ssl/certs/sogo-cert.pem -outform DER \ -out /tmp/sogo-cert.derkeytool -import -keystore /etc/ssl/certs/java/cacerts \ -file /tmp/sogo-cert.der -alias sogo-cert# The keystore password is 'changeit'# tomcat must be restarted after this operation

The certificate used by the CAS server must also be trusted by SOGo.In case of a self-signed certificate, this means exporting tomcat’scertificate using the keytool utility, converting it to PEM format andappending it to the ca-certificates.crt file (the name and location ofthat file differs between distributions). Basically:

# export tomcat's cert to openssl formatkeytool -keystore /etc/tomcat7/keystore -exportcert -alias tomcat | \ openssl x509 -inform der >tomcat.pemEnter keystore password: tomcat# add the pem to the trusted certscp tomcat.pem /etc/ssl/certscat tomcat.pem >>/etc/ssl/certs/ca-certificates

If any of those constraints is not satisfied, the webmail interface ofSOGo will display an empty email account. Unfortunately, SOGo has nopossibility to detect which one is the cause of the problem. The onlyindicators are log messages that at least pinpoint the symptoms:

"failure to obtain a PGT from the C.A.S. service"

Such an error will show up during authentication of the user to SOGo. Ithappens when the authentication service has accepted the userauthentication ticket but has not returned a "Proxy Granting Ticket".

"a CAS failure occurred during operation…."

This error indicate that an attempt was made to retrieve anauthentication ticket for a third-party service such as IMAP or sieve.Most of the time, this happens as a consequence to the problem describedabove. To troubleshoot these issues, one should be tailing cas.log,pam logs and sogo logs.

Currently, SOGo will ask for a CAS ticket using the same CAS servicename for both IMAP and Sieve. When CASifying sieve, this means that the-s parameter of pam_cas should be the same for both IMAP and Sieve,otherwise the CAS server will complain:

ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - ServiceTicket[ST-31740-hoV1brhhwMNfnBkSMVUw-ocas] with service [imap://myimapserverdoes not match supplied service [sieve://mysieveserver:4190]

Finally, when using imapproxy to speed up the imap accesses, theSOGoIMAPCASServiceName should be set to the actual imap service nameexpected by pam_cas, otherwise it will fail to authenticate incomingconnection properly.

5.9. Authenticating using SAML2

SOGo natively supports SAML2 authentication. Please refer to the documentation of your identityprovider and the SAML2 configuration keys that are listed above for proper setup. Once a SOGoinstance is configured properly, the metadata for that instance can be retrieved fromhttp://<hostname>/SOGo/saml2-metadata for registration with the identity provider. SOGo willdynamically generate the metadata based on the SOGoSAML2CertificateLocation’s content and the SOGoserver name.

When using SimpleSAMLphp, make sure theconvert OID to names by modifying yourmetadata/saml20-idp-hosted.php to contain something like this:

 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'authproc' => array( 100 => array('class' => 'core:AttributeMap', 'oid2name'), ),

If you want to test the IdP-initiated logout using SimpleSAMLphp, you can do so by openingthe following URL:

https://idp.example.org/simplesaml/saml2/idp/SingleLogoutService.php?ReturnTo=sogo.nu

In order to relay authentication information to your IMAP server and ifyou make use of the CrudeSAML SASL plugin, you need to make sure thatNGImap4AuthMechanism is configured to use the SAML mechanism. If youmake use of the CrudeSAML PAM plugin, this value may be left empty.

5.10. Database Configuration

SOGo requires a relational database system in order to storeappointments, tasks and contacts information. It also uses the databasesystem to store personal preferences of SOGo users. In this guide, weassume you use PostgreSQL so commands provided the create the databaseare related to this application. However, other database servers aresupported, such as MySQL and Oracle.

First, make sure that your PostgreSQL server has TCP/IP connectionssupport enabled.

Tip

SOGo stores the database hostname together with table references insideseveral database tables. To prevent possible future issues when movingthe database to another host, it is best practice to add a local alias name toyour /etc/hosts file, and using this in /etc/sogo/sogo.conf instead of theactual name of your server or localhost. When the database host name changes,you can now simply change the hosts file instead of updating several tablecolumns replacing the old hostname. An example entry for /etc/hosts whenrunning the database on the same host, registering 127.0.0.1 not only forlocalhost, but also the db-alias alias:

127.0.0.1localhost db-alias

In the SOGo configuration, use the alias name instead of the real IP address orhost name, for example

SOGoProfileURL = "postgresql://sogo:sogo@db-alias:5432/sogo/sogo_user_profile";

Create the database user and schema using the following commands:

su - postgrescreateuser --no-superuser --no-createdb --no-createrole \--encrypted --pwprompt sogo(specify “sogo” as password)createdb -O sogo sogo

You should then adjust the access rights to the database. To do so,modify the configuration file /var/lib/pgsql/data/pg_hba.conf in orderto add the following line at the very beginning of the file:

host sogo sogo 127.0.0.1/32 md5

Once added, restart the PostgreSQL database service. Then, modify theSOGo configuration file (/etc/sogo/sogo.conf) to reflect your databasesettings:

SOGoProfileURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_user_profile";OCSFolderInfoURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_folder_info";OCSSessionsFolderURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_sessions_folder";

The following table describes the parameters that were set:

S	SOGoProfileURL	Parameter used to set the database URL so that SOGo can retrieve userprofiles. For MySQL, set the database URL to something like:`mysql://sogo:sogo@127.0.0.1:3306/sogo/sogo_user_profile`.
S	OCSFolderInfoURL	Parameter used to set the database URL so that SOGo can retrieve thelocation of user folders (address books and calendars). For Oracle, set the database URL to something like:`oracle://sogo:sogo@127.0.0.1:1526/sogo/sogo_folder_info`.
S	OCSSessionsFolderURL	Parameter used to set the database URL so that SOGo can store andretrieve secured user sessions information. For PostgreSQL, the databaseURL could be set to something like:`postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_sessions_folder`.
S	OCSEMailAlarmsFolderURL	Parameter used to set the database URL for email-based alarms (that canbe set on events and tasks). This parameter is relevant only ifSOGoEnableEMailAlarms is set to `YES`. For PostgreSQL, the databaseURL could be set to something like:`postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_alarms_folder` See the "EMail reminders" section in this document for more information.
S	SOGoDisableOrganizerEventCheck	Parameter used to disable organizer’s calendar event check
S	OCSStoreURL	Parameter used to set the database URL so that SOGo can use to storeall content data. You must also set `OCSAclURL` and `OCSCacheFolderURL`if you set this parameter. Using these parameters will allow SOGo to usea total of nine database tables - and prevent SOGo from creating threedatabase tables per collection. For PostgresSQL, set the database URL to something like:`postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_store`.
S	OCSAclURL	Parameter used to set the database URL so that SOGo can use to storeall ACL data. You must also set `OCSStoreURL` and `OCSCacheFolderURL`if you set this parameter. For PostgresSQL, set the database URL to something like:`postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_acl`.
S	OCSCacheFolderURL	Parameter used to set the database URL so that SOGo can use to storeall cache data. You must also set `OCSStoreURL` and `OCSAclURL`if you set this parameter. For PostgresSQL, set the database URL to something like:`postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_cache_folder`.
S	OCSAdminURL	Parameter used to set the database URL so that SOGo can use to storeall administration elements. For PostgresSQL, set the database URL to something like:`postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_admin`.

Note	Any non-URL safe characters in username/password must be URL-encoded.For example, if your SOGo database password is `so%go`, you must setthe value in your preferences to `so%25go` - where `%` is encodedto `%25`.

In addition to the seven tables described above, two other tables getcreated in the database: sogo_quick_appointment and sogo_quick_contactwhich store calendar and contact information.

If you’re using MySQL, make sure in your my.cnf file you have:

[mysqld]...character_set_server=utf8character_set_client=utf8[client]default-character-set=utf8[mysql]default-character-set=utf8

5.10.1. MySQL complete Unicode compliance

By default MySQL only supports a subset of UTF-8, meaning that characters suchas emoji are not handled properly. Some extra steps at installation can beundertaken to leverage full Unicode support under MySQL.

Important

Switching to complete Unicode compliance on an already-deployed SOGois out of scope of this document, as it would typically involve delicate manualoperations on the database system.

Requirements:

MySQL >= 5.5
SOGo >= 3.1.0

Strongly suggested MySQL configuration settings (innodb* parameters aremandatory only for versions lower than 8.0):

[client]default-character-set = utf8mb4[mysql]default-character-set = utf8mb4[mysqld]character-set-client-handshake = FALSEcharacter-set-server = utf8mb4collation-server = utf8mb4_unicode_ciinnodb_file_per_table = TRUE # MySQL < 8.0 onlyinnodb_file_format = barracuda # MySQL < 8.0 onlyinnodb_large_prefix = TRUE # MySQL < 8.0 only

Caution

Changing InnoDB parameters on an already deployed database server cancause severe data loss. Do not blindly edit MySQL parameters without readingand understanding the implication of such changes.

A parameter must be added to sogo.conf to turn on complete Unicodecompliance:

MySQL4Encoding = "utf8mb4";

SOGo automatically creates missing database tables on start but slightlydifferent table creation parameters are needed for complete Unicode compliance;meaning that before SOGo runs for the first time, all database tables mustalready exist. A MySQL script to achieve just that is provided in the SOGodistribution under Scripts/mysql-utf8mb4.sql and you can deploy it witha command such as:

mysql -hHOST -uUSER -p -D SOGO < Scripts/mysql-utf8mb4.sql

Where HOST, USER and SOGO are your MySQL host, username and database namerespectively.

Once SOGo is running, you can test correctness by creating an event such as“Lunch with 🍕 and fries” and seeing it properly displayed in the SOGocalendar.

Ensure the computer used for the test has emoji fonts installed.

5.11. Authentication using SQL

SOGo can use a SQL-based database server for authentication. Theconfiguration is very similar to LDAP-based authentication.

The following table describes the possible parameters related to a SQLsource defined as a dictionary entry of the SOGoUserSources parameter:

type	The type of this user source, set to `sql` for a SQL source.
id	The identification name of the SQL repository. This must be unique -even when using multiple domains.
viewURL	Database URL of the view used by SOGo. The view expects columns to bepresent. Required columns are: `c_uid`: will be used for authentication - it’s a username orusername@domain.tld `c_name`: will be used to uniquely identify entries - which can beidentical to `c_uid` `c_password`: password of the user, plain text, crypt, md5 or shaencoded `c_cn`: the user’s common name `mail`: the user’s email address Other columns can exist and will actually be mapped automatically ifthey have the same name as popular LDAP attributes (such as `givenName`,`sn`, `department`, `title`, `telephoneNumber`, etc.).
userPasswordPolicy	An array of dictionaries that define regular expressions used to determine whether a new password is valid. Each dictionary must contain the key "regex" associated to a string representing a regularexpression. It can also contain the key "label" to briefly describe the constraint to the user. Example: userPasswordPolicy = ( { label = "Minimum of 1 lowercase letter"; regex = "[a-z]"; }, { label = "Minimum of 1 uppercase letter"; regex = "[A-Z]"; }, { label = "Minimum of 1 digit"; regex = "[0-9]"; }, { label = "Minimum of 2 special symbols"; regex = "([%$&(){}!?\@#].){2,}"; }, { label = "Minimum length of 8 characters"; regex = ".{8,}"; }); Pre-defined constants can also be used : userPasswordPolicy = ( { label = "POLICY_MIN_LOWERCASE_LETTER"; value = 1; }, { label = "POLICY_MIN_UPPERCASE_LETTER"; value = 1; }, { label = "POLICY_MIN_DIGIT"; value = 2; }, { label = "POLICY_MIN_SPECIAL_SYMBOLS"; value = 1; }, { label = "POLICY_MIN_LENGTH"; value = 8; });
userPasswordAlgorithm	The default algorithm used for password encryption when changingpasswords. Possible values are: `none`, `plain`, `crypt`, `md5`,`md5-crypt`, `smd5`, `cram-md5`, `ldap-md5`, and `sha`, `sha256`,`sha256-crypt`, `sha512`, `sha512-crypt`, its ssha (e.g. `ssha` or`ssha256`) variants, `blf-crypt`, `PBKDF2`, and `sym-aes-128-cbc`.The `argon2i` and `argon2id` password hashing algorithms are supportedif SOGo is compiled with `libsodium`. `argon2` is a synonym for `argon2i`.Passwords can have the scheme prepended in the form`{scheme}encryptedPass`. If no scheme is given, userPasswordAlgorithm is used instead. Theschemes listed above follow the algorithms described inhttps://doc.dovecot.org/configuration_manual/authentication/password_schemes/. Note that `cram-md5` is not actually using cram-md5 (due to the lack ofchallenge-response mechanism), its just saving the intermediate MD5context as Dovecot stores in its database.
prependPasswordScheme	The default behaviour is to store newly set passwords without thescheme (default: `NO`). This can be overridden by setting to `YES` andwill result in passwords stored as `{scheme}encryptedPass`. For`sym-aes-128-cbc`, always set this to `NO`.
keyPath	For `sym-aes-128-cbc`, a global key file is required. This valuemust be set to the full path where the key file is. The key filemust also be readable by the `sogo` user.
canAuthenticate	If set to `YES`, this SQL source is used for authentication.
isAddressBook	If set to `YES`, this SQL source is used as a shared address book(with read-only access). Note that if set to `NO`, autocompletion willnot work for entries in this source and thus, freebusy lookups.
authenticationFilter (optional)	A filter that limits which users can authenticate from this source.
displayName (optional)	If set as an address book, the human identification name of the SQLrepository.
LoginFieldNames (optional)	An array of fields that specifies the column names that contain validauthentication usernames (defaults to `c_uid` when unset).
MailFieldNames (optional)	An array of fields that specifies the column names that holdadditional email addresses (beside the `mail` column) for each user.Values must be unique and not appear in more than one column.Space-separated values allowed in all additional columns (besides in `mail`).
SearchFieldNames (optional)	An array of fields to match against the search string when filteringusers (defaults to `c_cn` and `mail` when unset).
IMAPHostFieldName (optional)	The field that returns the IMAP hostname for the user.
IMAPLoginFieldName (optional)	The field that returns the IMAP login name for the user (defaults to`c_uid` when unset).
SieveHostFieldName (optional)	The field that returns the Sieve hostname for the user.
KindFieldName (optional)	If set, SOGo will try to determine if the value of the fieldcorresponds to either "group", "location" or "thing". If that’s thecase, SOGo will consider the returned entry to be a resource.
MultipleBookingsFieldName (optional)	The value of this field is the maximum number of concurrent events towhich a resource can be part of at any point in time. If this is set to `0`, or if the attribute is missing, it means nolimit and the resource will always be marked as free. If set to `-1`,no limit is imposed but the resource will be marked as busy the firsttime it is booked. If greater than 0, the resource will get marked asbusy once it reaches the value.
DomainFieldName (optional)	If set, SOGo will use the value of that field as the domain associatedto the user. See the Multi-domains Configuration section in this document for moreinformation.
listRequiresDot (optional)	If set to `YES`, listing of this SQL source is only possible when performing a search (respecting the SOGoSearchMinimumWordLength parameter) or when explicitly typing a single dot.Defaults to `YES` when unset.
ModulesConstraints (optional)	Limits the access of any module through a constraint based on a SQLcolumn whose value is a string (e.g. `char` or `varchar` column type);must be a dictionary with keys `Mail`, and/or `Calendar`,and/or `ActiveSync` for example: ModulesConstraints = {Calendar = {c_ou = employees;};};

Here is an example of an SQL-based authentication and address booksource:

SOGoUserSources =( { type = sql; id = directory; viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view"; canAuthenticate = YES; isAddressBook = YES; userPasswordAlgorithm = md5; });

Certain database columns must be present in the view/table, such as:

c_uid - will be used for authentication -it’s the usernameor username@domain.tld
c_name - which can be identical to c_uid -will be used touniquely identify entries
c_password - password of the user, plain-text, md5 or sha encodedfor now
c_cn - the user’s common name - such as "John Doe"
mail -the user’s mail address

Note that groups are currently not supported for SQL-basedauthentication sources.

5.12. SMTP Server Configuration

SOGo makes use of a SMTP server to send emails from the Web interface,iMIP/iTIP messages and various notifications.

The following table describes the related parameters.

D	SOGoMailingMechanism	Parameter used to set how SOGo sends mail messages. Possible valuesare: `sendmail` - to use the sendmail binary `smtp` - to use the SMTP protocol
D	SOGoSMTPServer	The DNS name or IP address of the SMTP server used whenSOGoMailingMechanism is set to `smtp`.Supported formats are: `smtp://domain:port`, `smtps://domain`,`domain:port`, `smtp://domain:port/?tls=YES`. Using the option`tls=YES` will enforce using STARTTLS SMTP connections. Thus,`smtp://localhost:587/?tls=YES` would use the default MUA porton localhost with STARTTLS enforced.To disable TLS verification for localhost domains, add`tlsVerifyMode=allowInsecureLocalhost` to such connections:`smtp://localhost:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost`.
D	SOGoSMTPAuthenticationType	Activate SMTP authentication and specifies which type is in use.Current, only `PLAIN` is supported and other values will causethe authentication to fail.
D	SOGoSMTPMasterUserEnabled	Enable specific SMTP user account for system e-mails (notifications, reminders, …). Default is `NO`.
D	SOGoSMTPMasterUserUsername	SMTP account username for master account (`SOGoSMTPMasterUserEnabled` enabled).
D	SOGoSMTPMasterUserPassword	SMTP account password for master account (`SOGoSMTPMasterUserEnabled` enabled).
S	WOSendMail	The path of the sendmail binary. Defaults to `/usr/lib/sendmail`.
D	SOGoForceExternalLoginWithEmail	Parameter used to specify if, when logging in to the SMTP server, theprimary email address of the user will be used instead of the username.Possible values are: `YES` `NO` Defaults to `NO` when unset.

5.13. IMAP Server Configuration

SOGo requires an IMAP server in order to let users consult their emailmessages, manage theirfolders and more.

The following table describes the related parameters.

U	SOGoDraftsFolderName	Parameter used to set the IMAP folder name used to store draftsmessages. Defaults to `Drafts` when unset. Use a `/` as a hierarchy separator if referring to an IMAP subfolder.For example: `INBOX/Drafts`. You must use a `/` even if your realIMAP separator is a `.`.
U	SOGoSentFolderName	Parameter used to set the IMAP folder name used to store sent messages. Defaults to `Sent` when unset. Use a `/` as a hierarchy separator if referring to an IMAP subfolder.For example: `INBOX/Sent`. You must use a `/` even if your realIMAP separator is a `.`.
U	SOGoTrashFolderName	Parameter used to set the IMAP folder name used to store deletedmessages. Defaults to `Trash` when unset. Use a `/` as a hierarchy separator if referring to an IMAP subfolder.For example: `INBOX/Trash`. You must use a `/` even if your realIMAP separator is a `.`.
U	SOGoJunkFolderName	Parameter used to set the IMAP folder name used to store junkmessages. Defaults to `Junk` when unset. Use a `/` as a hierarchy separator if referring to an IMAP subfolder.For example: `INBOX/Junk`. You must use a `/` even if your realIMAP separator is a `.`. Also see the SOGoMailJunkSettings formore options regarding junk/not-junk actions.
D	SOGoIMAPCASServiceName	Parameter used to set the CAS service name (URL) of the imap service.This is useful if SOGo is connecting to the IMAP service through aproxy. When using `pam_cas`, this parameter should be set to the samevalue as the `-s` argument of the imap pam service.
D	SOGoIMAPServer	Parameter used to set the DNS name or IP address of the IMAP serverused by SOGo. You can also use SSL or TLS by providing a value using aURL with a fully qualified domain name, such as: `imaps://mail.acme.com:993` `imap://mail.acme.com:143/?tls=YES` `imap://127.0.0.1:143/?tls=YES&tlsVerifyMode=allowInsecureLocalhost`
D	SOGoSieveServer	Parameter used to set the DNS name or IP address of the Sieve(managesieve) server used by SOGo. You must use an URL such as: `sieve://127.0.0.1` `sieve://127.0.0.1:4190` You can also use TLS by providing a value using a URL with a fullyqualified domain name, such as: `sieve://mail.acme.com:4190/?tls=YES` `sieve://127.0.0.14190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost` Note that TLS is supported but SSL is not.
D	SOGoSieveFolderEncoding	Parameter used to specify which encoding is used for IMAP folder namesin Sieve filters. Defaults to `UTF-7`. The other possible value is`UTF-8`.
U	SOGoMailShowSubscribedFoldersOnly	Parameter used to specify if the Web interface should only showsubscribed IMAP folders. Possible values are: `YES` `NO` Defaults to `NO` when unset.
D	SOGoIMAPAclStyle	Parameter used to specify which RFC the IMAP server implements withrespect to ACLs. Possible values are: `rfc2086` `rfc4314` Defaults to `rfc4314` when unset.
D	SOGoIMAPAclConformsToIMAPExt	Parameter used to specify if the IMAP server implements the InternetMessage Access Protocol Extension. Possible values are: `YES` `NO` Defaults to `NO` when unset.
D	SOGoForceExternalLoginWithEmail	Parameter used to specify if, when logging in to the IMAP server, theprimary email address of the user will be used instead of the username.Possible values are: `YES` `NO` Defaults to `NO` when unset.
D	SOGoMailSpoolPath	Parameter used to set the path where temporary email drafts arewritten. If you change this value, you must also modify the dailycronjob `sogo-tmpwatch`. Defaults to `/var/spool/sogo`.
S	NGMimeBuildMimeTempDirectory	Parameter used to set the path where temporary files will be storedby SOPE when dealing with MIME messages. Defaults to `/tmp`.
S	NGImap4DisableIMAP4Pooling	Disables IMAP pooling when set to `YES`. Enable pooling by setting to`NO` or using a caching proxy like imapproxy. The default value is `YES`.
S	NGImap4AuthMechanism	Trigger the use of the IMAP `AUTHENTICATE` command with the specifiedSASL mechanism. Using `AUTHENTICATE` instead of `LOGIN` is also necessaryto enable UTF-8 characters in users' passwords. To enable simple use of`AUTHENTICATE` for this purpose, set this setting to `plain`. Please notethat this feature might be limited at this time.
D	NGImap4ConnectionGroupIdPrefix	Prefix to prepend to names in IMAP ACL transactions, to indicate thename is a group name, not a user name. RFC4314 gives examples where group names are prefixed with `$`. Dovecot,for one, follows this scheme, and will, for example, apply permissionsfor `$admins` to all users in group `admins` in the absence of specificpermissions for the individual user. The default prefix is `$`.

5.14. Web Interface Configuration

The following additional parameters only affect the Web interfacebehaviour of SOGo.

S	SOGoPageTitle	Parameter used to define the Web page title. Defaults to `SOGo` when unset.
S	SOGoHelpURL	Parameter used to define the URL to online help for SOGo. When set,an additional icon will appear near the logout button in SOGo’sweb interface. The URL will always be open in a separate page.
U	SOGoLoginModule	Parameter used to specify which module to show after login. Possiblevalues are: `Calendar` `Mail` `Contacts` Defaults to `Mail` when unset.
S	SOGoFaviconRelativeURL	Parameter used to specify the relative URL of the site favion. When unset, defaults to the file `sogo.ico` under the default webresources directory.
S	SOGoZipPath	Parameter used to specify the path of the zip binary used to archivemessages. Defaults to `/usr/bin/zip` when unset.
D	SOGoSoftQuotaRatio	Parameter used to change the quota returned by the IMAP server bymultiplying it by the specified ratio. Acts as a soft quota. Example:`0.8`.
U	SOGoMailUseOutlookStyleReplies (not currently editable in Web interface)	Parameter used to set if email replies should use Outlook’s style. Defaults to `NO` when unset.
U	SOGoMailListViewColumnsOrder (not currently editable in Webinterface)	Parameter used to specify the default order of the columns from theSOGo webmail interface. The parameter is an array, for example: `SOGoMailListViewColumnsOrder = (Flagged, Attachment, Priority, From, Subject, Unread, Date, Size);`
U	SOGoMailAddOutgoingAddresses	Parameter used to enable automatic insertion of unknown mail recipientsin an address book. The destination address book is defined by theparameter SOGoSelectedAddressBook. Defaults to `NO` when unset.
D	SOGoMailCertificateEnabled	Parameter used to enable S/MIME certificate management from the account editor of thepreferences window. Defaults to `YES` when unset.
U	SOGoSelectedAddressBook	Parameter used to specify the address book in which to add unknown mailrecipients if SOGoMailAddOutgoingAddresses is enabled. Defauls to `collected` when unset.
D	SOGoExternalAvatarsEnabled	Parameter used to enable fetching of avatars from remote services. Defaults to `YES` when unset.
U	SOGoGravatarEnabled	Parameter used to activate fetching of avatars from Gravatar. Defaults to `YES` when unset.
D	SOGoVacationEnabled	Parameter used to activate the edition from the preferences window of avacation message. Requires Sieve script support on the IMAP host. Defaults to `NO` when unset.
D	SOGoVacationPeriodEnabled	When enabling this parameter, one may have to also enable the associatedcronjob in `/etc/cron.d/sogo` in order to activate automatic vacationmessage activation and expiration if your Sieve server does not supportthe date extension. See the Cronjob — Vacation messages activation and expiration sectionbelow for details. Defaults to `YES` when unset.
D	SOGoVacationDefaultSubject	Parameter used to define a default vacation subject if user don’t specify acustom subject. Defaults to the characters "Auto: " followed by the original subject when unset,as stated by RFC 5230.
D	SOGoVacationHeaderTemplateFile	Parameter used to specify the path of a text file whose content must beprepended to the user’s vacation message. For example: `SOGoVacationHeaderTemplateFile = /etc/sogo/autoresponder.header.txt;` The following template variables can appear in the content: `%{username}` `%{daysBetweenResponse}`
D	SOGoVacationFooterTemplateFile	Parameter used to specify the path of a text file whose content must beappended to the user’s vacation message. For example: `SOGoVacationFooterTemplateFile = /etc/sogo/autoresponder.footer.txt;` See `SOGoVacationHeaderTemplateFile` for available template variables.
D	SOGoForwardEnabled	Parameter used to activate the edition from the preferences window of aforwarding email address. Requires Sieve script support on the IMAPhost. Defaults to `NO` when unset.
D	SOGoForwardConstraints	Parameter used to set constraints on possible addresses used whenautomatically forwarding mails. When set to `0` (default), no constraintis enforced. When set to `1`, only internal domains can be used.When set to `2`, only external domains defined in `SOGoForwardConstraintsDomains`can be used. When set to `3`, internal domains and other domains definedin `SOGoForwardConstraintsDomains` can be used.
D	SOGoForwardConstraintsDomains	Parameter used to set which external domains are allowedwhen SOGoForwardConstraints is set to `2` or `3`. For example, setting: SOGoForwardConstraintsDomains = ("gmail.com", "googlemail.com"); will allow users to forward emails to only `gmail.com` and `googlemail.com` domains.When empty or undefined, no constraints are imposed.
D	SOGoNotificationEnabled	Parameter used to activate the edition from the preferences window ofnotifications for emails. Requires Sieve script support on the IMAPhost. Defaults to `NO` when unset.
D	SOGoSieveScriptsEnabled	Parameter used to activate the edition from the preferences windows ofserver-side mail filters. Requires Sieve script support on the IMAPhost. Defaults to `NO` when unset.
D	SOGoSieveScriptHeaderTemplateFile	Parameter used to set the full path of the Sieve script that will beautomatically prepended to any Sieve scripts a user might define. The filemust be encoded in UTF-8 and it must also respect the RFC5228 syntax.
D	SOGoSieveScriptFooterTemplateFile	Parameter used to set the full path of the Sieve script that will beautomatically appended to any Sieve scripts a user might define. The filemust be encoded in UTF-8 and it must also respect the RFC5228 syntax.
U	SOGoSieveFilters	Parameter used to define initial Sieve scripts for users. The usercan still modify the scripts and the initial values will be writtento the Sieve server upon first login.
D	SOGoRefreshViewIntervals	Parameter used to define the polling intervals (in minutes)available to the user. The parameter is an array that can contain thefollowing numbers: `1` `2` `5` `10` `20` `30` `60` Defaults to the list above when unset.
U	SOGoRefreshViewCheck	Parameter used to define the polling interval at which the Webinterface queries the server for new data. Possible values are: `manually` `every_minute` `every_2_minutes` `every_5_minutes` `every_10_minutes` `every_20_minutes` `every_30_minutes` `once_per_hour` Defaults to `manually` when unset.
D	SOGoMailAuxiliaryUserAccountsEnabled	Parameter used to activate the auxiliary IMAP accounts in SOGo. Whenset to `YES`, users can add other IMAP accounts that will be visiblefrom the SOGo Webmail interface. Defaults to `NO` when unset.
U	SOGoDefaultCalendar	Parameter used to specify which calendar is used when creating an eventor a task. Possible values are: `selected` `personal` `first` Defaults to `selected` when unset.
U	SOGoDayStartTime	The hour at which the day starts (`0` through `12`). Defaults to `8` when unset.
U	SOGoDayEndTime	The hour at which the day ends (`12` through `23`). Defaults to `18` when unset.
U	SOGoFirstDayOfWeek	The day at which the week starts in the week and month views (`0`through `6`). `0` indicates Sunday. Defaults to `0` when unset.
U	SOGoFirstWeekOfYear	Parameter used to defined how is identified the first week of the year.Possible values are: `January1` `First4DayWeek` `FirstFullWeek` Defaults to `January1` when unset.
U	SOGoTimeFormat	The format used to display time in the timeline of the day and weekviews. Please refer to the documentation for the date command or the`strftime` C function for the list of available format sequence. Defaults to `%H:%M`.
U	SOGoCalendarCategories	Parameter used to define the categories that can be associated toevents. This parameter is an array of arbitrary strings. Defaults to a list that depends on the language.
U	SOGoCalendarCategoriesColors	Parameter used to define the colour of categories. This parameteris a dictionary of category name/color. Defaults to `#F0F0F0` for all categories when unset.
U	SOGoCalendarEventsDefaultClassification	Parameter used to defined the default classification for new events.Possible values are: `PUBLIC` `CONFIDENTIAL` `PRIVATE` Defaults to `PUBLIC` when unset.
U	SOGoCalendarTasksDefaultClassification	Parameter used to defined the default classification for new tasks.Possible values are: `PUBLIC` `CONFIDENTIAL` `PRIVATE` Defaults to `PUBLIC` when unset.
U	SOGoCalendarDefaultReminder	Parameter used to defined a default reminder for new events. Possiblevalues are: `-PT5M` `-PT10M` `-PT15M` `-PT30M` `-PT45M` `-PT1H` `-PT2H` `-PT5H` `-PT15H` `-P1D` `-P2D` `-P1W`
D	SOGoFreeBusyDefaultInterval	The number of days to include in the free busy information. Theparameter is an array of two numbers, the first being the number of daysprior to the current day and the second being the number of daysfollowing the current day. Defaults to `(7, 7)` when unset.
D	SOGoDAVCalendarStartTimeLimit	The number of days, at maximum, to include in DAV calendar responses.For example, when set to 180, SOGo will not include in DAV calendarresponses events that are older than 180 days from the current date. Defaults to `0` when unset - which means no limit is imposed.
U	SOGoBusyOffHours	Parameter used to specify if off-hours should be automatically added tothe free-busy information. Off hours included weekends and periodscovered between SOGoDayEndTime and SOGoDayStartTime. Defaults to `NO` when unset.
U	SOGoMailMessageForwarding	The method the message is to be forwarded. Possible values are: `inline` `attached` Defaults to `inline` when unset.
U	SOGoMailDisplayFullEmail	Show recipients or sender full email in mailboxes if set to `YES`. Default value is `NO`.
U	SOGoMailHideInlineAttachments	Hide attachements for inline images if set to `YES`. Default value is `NO`.
U	SOGoMailCustomFullName	The string to use as full name when composing an email, ifSOGoMailCustomFromEnabled is set in the user’s domain defaults. When unset, the full name specified in the user sources for the user isused instead.
U	SOGoMailCustomEmail	The string to use as email address when composing an email, ifSOGoMailCustomFromEnabled is set in the user’sdomain defaults. When unset, the email specified in the user sources forthe user is used instead.
U	SOGoMailReplyPlacement	The reply placement with respect to the quoted message. Possible valuesare: `above` `below` Defaults to `below`.
U	SOGoMailReplyTo	The email address to use in the `reply-to` header field when the usersends a message, if SOGoMailCustomFromEnabled is set in the user’sdomain defaults. Ignored when empty.
U	SOGoMailSignaturePlacement	The placement of the signature with respect to the quoted message.Possible values are: `above` `below` Defaults to `below`.
U	SOGoMailUseSignatureOnNew	Add signature to new message Defaults to `YES`.
U	SOGoMailUseSignatureOnReply	Add signature to reply Defaults to `YES`.
U	SOGoMailUseSignatureOnForward	Add signature to forward Defaults to `YES`.
U	SOGoMailComposeMessageType	The message composition format. Possible values are: `text` `html` Defaults to `html`.
U	SOGoMailComposeWindow (optional)	Force mail composer window to always open in either the current windowor in a popup window. Possible values are: `inline` `popup`
S	SOGoEnableEMailAlarms	Parameter used to enable email-based alarms on events and tasks. Defaults to `NO` when unset. For this feature to work correctly, one must also set theOCSEMailAlarmsFolderURL parameter and enable the associated cronjob.See the Cronjob — EMail reminders section from this document for moreinformation.
U	SOGoContactsCategories	Parameter used to define the categories that can be associated tocontacts. This parameter is an array of arbitrary strings. Defaults to a list that depends on the language.
D	SOGoUIAdditionalJSFiles	Parameter used to define a list of additional JavaScript files loadedby SOGo for all displayed web pages. This parameter is an array ofstrings corresponding of paths to the arbitrary JavaScript files. Thepaths are relative to the `WebServerResources` directory, which isusually found under `/usr/lib/GNUstep/SOGo/.`
D	SOGoMailCustomFromEnabled	Parameter used to allow or not users to specify custom "From" addressesfrom SOGo’s preferences panel. Defaults to `NO` when unset.
D	SOGoSubscriptionFolderFormat	Parameter used to set the default formatting of a subscription foldername. Available variables are: `%{FolderName}` `%{UserName}` `%{Email}` Defaults to `%{FolderName} (%{UserName} <%{Email}>)` when unset.
D	SOGoUIxAdditionalPreferences	Parameter used to enable an extra preferences tab using the content ofthe template named `UIxAdditionalPreferences.wox`. This template shouldbe put under `~sogo/GNUstep/Library/SOGo/Templates/PreferencesUI/`.
D	SOGoMailJunkSettings	Parameter used to enable email junk settings. The value is a dictionaryand the follow keys are supported: `vendor` (which must be set to "generic"for now), `junkEmailAddress` which sets the email address to whom SOGo willsend junk mails to, `notJunkEmailAddress` which sets the email address towhom SOGo will send non-junk mails to and `limit`, which is an integer valueand sets the maximum number of mails that will be attached to ajunk/not junk report sent by SOGo. Example: SOGoMailJunkSettings = {vendor = "generic";junkEmailAddress = "spam@foo.com";notJunkEmailAddress = "ham@foo.com";limit = 10;};
D	SOGoMailKeepDraftsAfterSend	Parameter used to keep mails in the drafts folder once they have beensent by SOGo. Defaults to `NO` when unset.

5.15. SOGo Configuration Summary

The complete SOGo configuration file /etc/sogo/sogo.conf should looklike this:

{ SOGoProfileURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_user_profile"; OCSFolderInfoURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_folder_info"; OCSSessionsFolderURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_sessions_folder"; SOGoAppointmentSendEMailNotifications = YES; SOGoCalendarDefaultRoles = ( PublicViewer, ConfidentialDAndTViewer ); SOGoLanguage = English; SOGoTimeZone = America/Montreal; SOGoMailDomain = acme.com; SOGoIMAPServer = 127.0.0.1; SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent; SOGoTrashFolderName = Trash; SOGoJunkFolderName = Junk; SOGoMailingMechanism = smtp; SOGoSMTPServer = "smtp://127.0.0.1"; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users,dc=acme,dc=com"; bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = 127.0.0.1; id = public; isAddressBook = YES; port = 389; } );}

5.16. Multi-domains Configuration

If you want your installation to isolate two groups of users, you mustdefine a distinct authentication source for each domain. Your domain keysmust have the same value as your email domain you want to add. Following isthe same configuration that now includes two domains (acme.com andcoyote.com):

{... domains = { acme.com = { SOGoMailDomain = acme.com; SOGoDraftsFolderName = Drafts; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users,dc=acme,dc=com"; bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = 127.0.0.1; id = public_acme; isAddressBook = YES; port = 389; } ); }; coyote.com = { SOGoMailDomain = coyote.com; SOGoIMAPServer = imap.coyote.com; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users,dc=coyote,dc=com"; bindDN = "uid=sogo,ou=users,dc=coyote,dc=com"; bindPassword = qwerty; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = 127.0.0.1; id = public_coyote; isAddressBook = YES; port = 389; } ); }; };}

The following additional parameters only affect SOGo when using multipledomains.

S	SOGoEnableDomainBasedUID	Parameter used to enable user identification by domain. Users will beable (without being required) to login using the form `username@domain`,meaning that values of UIDFieldName no longer have to be unique amongall domains but only within the same domain. Internally, users willalways be identified by the concatenation of their username and domain. Consequently, activating this parameter on an existing system impliesthat user identifierswill change and their previous calendars andaddress books will no longer be accessible unless a conversion isperformed. Defaults to `NO` when unset.
S	SOGoLoginDomains	Parameter used to define which domains should be selectable from thelogin page. This parameter is an array of keys from the `domains`dictionary. Defaults to an empty array, which means that no domains appear on thelogin page. If you prefer having the domain names listed, just use theseas keys for the the `domains` dictionary.
S	SOGoDomainsVisibility	Parameter used to set domains visible among themselves. This parameteris an array of arrays. Example: `SOGoDomainsVisibility = ( (acme, coyote) );` Defaults to an empty array, which means domains are isolated from eachother.

5.17. Apache Configuration

The SOGo configuration for Apache is located in/etc/httpd/conf.d/SOGo.conf.

Upon SOGo installation, a default configuration file is created which issuitable for most configurations.

You must also configure the following parameters in the SOGoconfiguration file for Apache in order to have a working installation:

RequestHeader set "x-webobjects-server-port" "80"RequestHeader set "x-webobjects-server-name" "yourhostname"RequestHeader set "x-webobjects-server-url" "http://yourhostname"

You may consider enabling SSL on top of this current installation tosecure access to your SOGo installation.

See http://httpd.apache.org/docs/2.4/ssl/ for details.

You might also have to adjust the configuration if you have SELinuxenabled.

The default configuration will use mod_proxy and mod_headers torelay requests to the sogod parent process. This is suitable for smallto medium deployments.

5.18. Starting Services

Once SOGo if fully installed and configured, start the services usingthe following command:

systemctl start sogod.service

You may verify using the systemctl is-enabled sogod command that the SOGoservice is automatically started at boot time. Restart the Apache service sincemodules and configuration files were added:

systemctl restart httpd.service

Finally, you should also make sure that the memcached service isstarted and that it is also automatically started at boot time.

5.19. Cronjob — EMail reminders

SOGo allows you to set email-based reminders for events and tasks. Toenable this, you must enable the SOGoEnableEMailAlarms preference andset the OCSEMailAlarmsFolderURL preference accordingly.

Once you’ve correctly set those two preferences, you must createa cronjob that will run under the "sogo" user. This cronjob shouldbe run every minute.

A commented out example should have been installed in/etc/cron.d/sogo, to enable it, simply uncomment it.

As a reference, the cronjob should de defined like this:

* * * * * /usr/sbin/sogo-ealarms-notify

If your mail server requires use of SMTP AUTH, you can use the following parameters in the configuration file :

SOGoSMTPMasterUserEnabled = YES;SOGoSMTPMasterUserUsername = "foo";SOGoSMTPMasterUserPassword = "bar";

5.20. Cronjob — Vacation messages activation and expiration

When vacation messages are enabled (see the parameterSOGoVacationEnabled), users can set an activation or expiration dateto messages auto-reply. For this feature to work, your Sieve server mustimplement the date extension. Otherwise, you must run a cronjob underthe "sogo" user.

A commented out example should have been installed in/etc/cron.d/sogo.To work correctly this tool must login as anadministrative user on the sieve server. The required credentials mustbe specified in a file by using -p /path/to/credFile.This file shouldcontain the username and password, separated by a colon(username:password).

The cronjob should look like this:

0 0 * * *sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds

5.21. Password — Force user password change at login

The following commands force user to change his password at login :

/usr/sbin/sogo-tool user-preferences set settings [USER] ForceResetPassword 1

Disable :

/usr/sbin/sogo-tool user-preferences unset settings [USER] ForceResetPassword

Installation and Configuration Guide (2024)

FAQs

What is system installation and configuration? ›

installation coopies the software to the correcct location and writes the settings needed for windows to run it. configuration is modifying your installation with setting specific to you such as logins, passwords, ip addresses wi fi connections , keyboard language and country settings.

What is the difference between installing and configuring peripheral devices? ›

Installing a peripheral device involves physically connecting it to the computer, while configuring involves setting up the software and adjusting settings to work properly.

Discover More ›

What is the difference between software installation and software configuration? ›

Software installation that requires a user to be present and interact with the installation process. A configuration that allows an operating system or application to automatically download and install system updates.

Tell Me More ›

How to configure a server step by step? ›

1 Choose the hardware. The first step for configuring a server is to choose the appropriate hardware that meets your needs and budget. ...
2 Install the operating system. ...
3 Configure the network. ...
4 Install the applications. ...
5 Configure the security. ...
6 Monitor and maintain. ...
7 Here's what else to consider.

Dec 1, 2023

View Details ›

What are the 4 types of installation? ›

There are four approaches of installation; direct, parallel, single-location and phased installation.

How do I find my System Configuration? ›

Open the Start menu and search for Command Prompt. Right-click on the top result and select the 'Run as Administrator option. Now, you need to type 'systeminfo' command and then press Enter. Once done, you will get all the information including hardware, Windows 10 version, BIOS or UEFI, RAM, network details, and more.

Know More ›

What does configuring your device mean? ›

Device configuration involves assembling device configuration profiles that consist of a collection of function-specific templates. Certain templates are augmented by collections of data, known as building blocks that define sets of transactions, definitions, schedules, and badge formats to be used by a device.

Read The Full Story ›

What automatically configures new devices as you install or connect them? ›

Plug and Play means the operating system automatically configures new devices as you install or connect them.

How do you install peripheral devices step by step? ›

General procedures to install any peripheral device:

Read the manufacturer's directions.
Make sure the drivers are written for the proper OS.
Make sure the motherboard port you are using is enabled.
Install drivers or plug in the device.
Install the application software to use the device.

Get More Info ›

How do I install and configure software? ›

1 Choose the right source. Before you install any software, you need to make sure that you are downloading it from a reputable and secure source. ...
2 Prepare your system. ...
3 Follow the instructions. ...
4 Configure the software. ...
5 Test the software. ...
6 Here's what else to consider.

Aug 4, 2023

View Details ›

What is the importance of proper installation and configuration of computer systems? ›

The right configuration nurtures peak operation, while the wrong setup often breeds frustration and wasted time. The importance of proper computer configuration only grows as devices become more deeply integrated into both personal and professional spheres.

What is software configuration in simple words? ›

To "configure software" means selecting programmable options that make the program function to the user's liking. To "configure hardware" means assembling desired components for a custom system as well as selecting options in the user-programmable parts of the system.

type	The type of this user source, set to ldap` for an LDAP source.
id	The identification name of the LDAP repository. This must be unique -even when using multiple domains.
CNFieldName	The field that returns the complete name.
IDFieldName	The field that starts a user DN if bindFields is not used. This fieldmust be unique across the entire SOGo domain.
UIDFieldName	The field that returns the login name of a user. The returned value must be unique across the whole SOGo installationsince it is used to identify the user in the `folder_info` databasetable.
MailFieldNames (optional)	An array of fields that returns the user’s email addresses (defaults to`mail` when unset). Note that SOGo will always automatically strip theprotocol value from the attribute if the attribute name is `proxyAddresses`.
SearchFieldNames (optional)	An array of fields to match against the search string when filteringusers (defaults to `sn`, `displayName`, `cn`, `mail`, and `telephoneNumber`when unset).
IMAPHostFieldName (optional)	The field that returns either an URI to the IMAP server as describedfor SOGoIMAPServer, or a simple server hostname that would be used as areplacement for the hostname part in the URI provided by theSOGoIMAPServer parameter.
IMAPLoginFieldName (optional)	The field that returns the IMAP login name for the user (defaults tothe value of UIDFieldName when unset).
SieveHostFieldName (optional)	The field that returns either an URI to the SIEVE server as describedfor SOGoSieveServer, or a simple server hostname that would be used asa replacement for the hostname part in the URI provided by theSOGoSieveServer parameter.
baseDN	The base DN of your user entries. You can use `%d` in this value if youwant the base DN to be built dynamically from the user’s domain duringthe login process. If you use that, you might always enable bindAsCurrentUser. For example: `baseDN = "ou=%d,ou=domains,dc=example,dc=com";` Moreover, if you use the dynamic base DN, you should use setUIDFieldName to `mail` in order to be able to extract the domainname automatically during the backup/restore process.
KindFieldName (optional)	If set, SOGo will try to determine if the value of the fieldcorresponds to either "group", "location" or "thing". If that’s thecase, SOGo will consider the returned entry to be a resource. For LDAP-based sources, SOGo can also automatically determine if it’s aresource if the entry has the `CalendarResource` objectClass set.
MultipleBookingsFieldName (optional)	The value of this attribute is the maximum number of concurrent eventsto which a resource can be part of at any point in time. If this is set to `0`, or if the attribute is missing, it means nolimit. If set to `-1`, no limit is imposed but the resource willbe marked as busy the first time it is booked.
filter (optional)	The filter to use for LDAP queries, it should be defined as anEOQualifier. The following operators are supported: `<>` - inequality operator `=` - equality operator Multiple qualifiers can be joined by using `OR` and `AND`, they can alsobe grouped together by using parenthesis. Attribute values should bequoted to avoid unexpected behaviour. For example: `filter = "(objectClass='mailUser' OR objectClass='mailGroup') AND accountStatus='active' AND uid <> 'alice'";`
scope (optional)	Either `BASE`, `ONE` or `SUB`.
bindDN	The DN of the login name to use for binding to your server.
bindPassword	Its password.
bindAsCurrentUser	If set to `YES`, SOGo will always keep binding to the LDAP server usingthe DN of the currently authenticated user. If bindFields is set,bindDN and bindPassword will still be required to find the proper DN of the user.
bindFields (optional)	An array of fields to use when doing indirect binds.
lookupFields (optional)	Lookup fields for LDAP queries. Default is `()`. This can be utilizedto lookup operational fields (which are per default not part of the result)such as `memberOf`: `lookupFields = ("", "memberOf");`
hostname	A space-delimited list of LDAP URLs or LDAP hostnames. LDAP URLs are specified in RFC 4516 and have the following generalformat: `scheme://host:port/DN?attributes?scope?filter?extensions` Note that SOGo doesn’t currently support DN, attributes, scope andfilter in such URLs. Using them may have undefined side effects. URLs examples: `ldap://127.0.0.1:3389` `ldaps://127.0.0.1` `ldap://127.0.0.1/????!StartTLS`
port (deprecated)	Port number of the LDAP server. A non-default port should be part of the ldap URL in the hostnameparameter.
encryption (deprecated)	Either `SSL` or `STARTTLS` SSL should be specified as `ldaps://` in the LDAP URL. STARTTLS shouldbe specified as a LDAP Extension in the LDAP URL (e.g.`ldap://127.0.0.1/????!StartTLS`)
userPasswordAlgorithm	The algorithm used for password encryption when changing passwordswithout Password Policies enabled. Possible values are: `none`, `plain`, `crypt`, `md5`, `md5-crypt`,`sha256-crypt` and `sha512-crypt`, `smd5`, `cram-md5` and `sha`, `sha256`,`sha512` and its ssha (e.g. `ssha` or `ssha256`) variants(plus setting of the encoding with `.b64` or `.hex`). For a more detailed description seehttps://doc.dovecot.org/configuration_manual/authentication/password_schemes/. Note that `cram-md5` is not actually using cram-md5 (due to the lack ofchallenge-response mechanism), its just saving the intermediate MD5context as Dovecot stores in its database. Also note that `sha256-crypt` and `sha512-crypt` requires that youroperating system supports glibc 2.7 or more recent.
canAuthenticate	If set to `YES`, this LDAP source is used for authentication
passwordPolicy	If set to `YES`, SOGo will use the extended LDAP Password Policiesattributes. If you LDAP server does not support those and you activatethis feature, every LDAP requests will fail. Note that some LDAP serversrequire LDAP/SSL for password policies to work. This is the case forexample with 389 Directory Server.
updateSambaNTLMPasswords	If set to `YES`, SOGo will automatically update the sambaNTPasswordand sambaLMPassword attributes when changing passwords. The attributesmust be called sambaNTPassword and sambaLMPassword. You must also makesure the correct ACL is set in your LDAP server to allow users to changetheir own sambaNTPassword and sambaLMPassword password attributes.Defaults to `NO` when unset.
isAddressBook	If set to `YES`, this LDAP source is used as a shared address book(with read-only access). Note that if set to `NO`, autocompletion willnot work for entries in this source and thus, freebusy lookups.
displayName (optional)	If set as an address book, the human identification name of the LDAPrepository
listRequiresDot (optional)	If set to `YES`, listing of this LDAP source is only possible when performing a search (respecting the SOGoSearchMinimumWordLength parameter) or when explicitly typing a single dot.Defaults to `YES` when unset.
ModulesConstraints (optional)	Limits the access of any module through a constraint based on an LDAPattribute; must be a dictionary with keys `Mail`, and/or `Calendar`,and/or `ActiveSync` for example: ModulesConstraints = {Calendar = {ou = employees;};};
mapping	A dictionary that maps contact attributes used by SOGo to the LDAPattributes used by the schema of the LDAP source. Each entry must havean attribute name as key and an array of strings as value. This enablesactual fields to be mapped one after another when fetching contactinformation. See the LDAP Attribute Mapping section below for an example and a listof supported attributes.
objectClasses	When the modifiers list (see below) is set, or when using LDAP-baseduser address books (see abOU below), this list of object classes willbe applied to new records as they are created.
GroupObjectClasses	A list (array) of names identifying groups within the LDAP source. If notset, SOGo will use `group`, `groupofnames`, `groupofuniquenames`and `posixgroup`.
modifiers	A list (array) of usernames that are authorized to performmodifications to the address book defined by this LDAP source.
abOU	This field enables LDAP-based user address books by specifying the valueof the address book container beneath each user entry, for example:`ou=addressbooks,uid=username,dc=domain`.

D	SOGoLDAPContactInfoAttribute	Parameter used to specify an attribute that should appear inautocompletion of the web interface.
D	SOGoLDAPQueryLimit	Parameter used to limit the number of returned results from the LDAPserver whenever SOGo performs a LDAP query (for example, duringaddresses completion in a shared address book).
D	SOGoLDAPQueryTimeout	Parameter to define the timeout of LDAP queries. The actual time limitfor operations is also bounded by the maximum time that the server isconfigured to allow. Defaults to `0` (unlimited).
D	SOGoLDAPGroupExpansionEnabled	Parameter used to enable group expansion from the Web interface. Defaults to `NO` when unset.