zarafa-server

Langue: en

Version: May 2009 (fedora - 01/12/10)

Section: 1 (Commandes utilisateur)

NAME

zarafa-server - Start the Zarafa storage server.

SYNOPSIS

zarafa-server [OPTION]

DESCRIPTION

The zarafa-server is the Zafara storage server. It contacts a database server and provides services to Zarafa clients. The user base can be retreived from an external source, like LDAP, or can be setup with a separate list of users.

After starting, the server keeps listening for connections on the configured TCP port and/or Unix socket.

OPTIONS

The Zarafa server program takes one configuration option:

--config, -c file

Specify the location of the configuration file.

--foreground, -F

Run in the foreground. Normally the server will daemonize and run in the background.

--restart-searches, -R

Rebuild all search folders. This may take some time and is only needed when your search folders have become out-of-sync with the actual data in the database. The sync will start synchronously at the start of the server, and you will have to wait for all searches to complete before connecting to the server.

--ignore-database-version-conflict

Ignore version information from the database. Zarafa will normally not start the server if the database has a newer version than the zarafa-server binary. This makes sure you cannot downgrade your server binary while keeping the same database. If you know what you're doing, you can use this option to bypass the start-up version check of the database.

--ignore-attachment-storage-conflict

Override the attachment storage option from the configuration file. When you change the option of the location where to store attachments after you've already started the zarafa-server once, this location will conflict. Attachments will not be found when they are stored in a different location.

-V

Print the version and exit.

When invoked with no options, the server will search for a configuration file in /etc/zarafa/server.cfg. If no configuration file is found, default values are used. See zarafa-server.cfg(5) for all configuration options and their default values.

Options for Windows NT/XP/2003 only:

-v

Check the version of the installed Windows service.

-i

Register the Windows service.

-u

Deregister the Windows service.

USAGE

Starting the server with an alternative configuration:

zarafa-server -c /path/to/server.cfg

You may also use the init.d scripts:

/etc/init.d/zarafa-server [start| stop| restart]

FILES

/etc/zarafa/server.cfg

The server configuration file.

/etc/zarafa/license/base, /etc/zarafa/license/*

The base file contains your license key. When you have extra CAL license keys, these are found in the other files available in the license/ directory, one key per file. This directory is configurable.

Configuration options for user plugins are in their respective configuration file. The name of these files is set in the server.cfg file. See zarafa-server.cfg(5) for information on the server.cfg settings.

DIAGNOSTICS

If you run into problems, check the log for any errors. If you made a mistake in the configuration of the log method, this will be reported on standard error. You can also restart the server with a higher log level. Also, before starting the server, always make sure the database server is running at the right location and no other server is listening on the configured TCP port.

SECURITY

The normal way for user clients to connect to the server is over TCP, either direct using the Zarafa port, or over HTTP when Apache is setup as a proxy. Users can only login with their username and password.

The normal way for admin clients, like the spooler and admin tool, to connect to the server is through the Unix socket on Unix type servers. The admin clients are able to login when they are run as root or as the user the Zarafa server process is running as. Most of the time this will be root only, since the Zarafa server process runs as root by default.

As an exception for the dagent, a unix user can also connect to it's own store without a password. Any other store cannot be accessed this way.

Direct SSL connections are also possible. The server needs to be configured to accept SSL connections on a new port. Login via an SSL key is also possible. Please read the next section on how to setup SSL.

SSL

To accept SSL connections directly by the server, the Zarafa server will need to listen on a different port to separate the normal connections from the encrypted connections. This is set in the server_ssl_port setting in the configuration file.

Then, you must setup a signed SSL certificate. First, we'll create a Certificate Authority to be able to sign certificate requests. We provide a script which makes it easy to create certificates on any distribution. This script is located in /usr/share/zarafa, called ssl-certificate.sh. Enter the following commands to create a certificate for the Zarafa server.

mkdir -p /etc/zarafa/ssl cd /etc/zarafa/ssl sh /usr/share/zarafa/ssl-certificate.sh server

Press enter twice to start the creation of a new CA, probably called demoCA. Enter a password when asked for. This is the password later used to sign certificate requests. Then enter your certificate information. Do not leave the Common Name field blank, otherwise the creation will fail. A good example for the Common Name field is your hostname.

Now that we have a CA, we can create self-signed certificates. The script will automatically start the creation of this certificate. The CA certificate must be set in the server.cfg file in the server_ssl_ca_file setting. We need a signed certificate for the server to start with SSL support.

Enter a password for the request, and enter the certificate details. Some details need to be different from what you typed when creating the CA. Type atleast a different name in the 'Organizational Unit Name' field. The challenge password at the end may be left empty.

The script will automatically continue with signing this certificate request. You will need to enter your CA certificate password again to sign this request. Then you must accept the new certificate into the CA.

After accepting, a new signed certificate is created, with the name server.pem. This file contains the private key, so keep this file safe.

The script will ask if a public key should also be created. Since we're creating the certificate for the server, this is not needed. So enter 'n' and press enter.

The server.pem file should be set in the server.cfg file in the server_ssl_key_file option. See zarafa-server.cfg(5) for information on the possible SSL settings. The password of this key needs to be set in the server_ssl_key_pass option. Do not forget this password in the server.cfg file, otherwise the zarafa-server program will ask for this password when an SSL connection is accepted.

To create a new certificate for a client service, run the script again. You can create one new certificate for all clients, or seperate certificates for each client.

sh /usr/share/zarafa/ssl-certificates.sh

When typing the certificate information, type atleast a different 'Organizational Unit Name' field. When asked for a public key, type 'y' and enter to create the public key.

Install the new service.pem on the server that will be logging in. Install the service-public.pem file in the /etc/zarafa/sslkeys directory:

mkdir /etc/zarafa/sslkeys mv service-public.pem /etc/zarafa/sslkeys

The remote service, which has the service.pem private key, can now login with the certificate, because the known public key matches.

SIGNALS

The following signals can be sent to the Zarafa server process:

HUP

When the HUP signal is received, some options from the configuration file are reloaded. The reloadable options are listed in the zarafa-server.cfg(5) manual page.
Also, when using log_method = file, the logfile will be closed and a new logfile will be opened. You can use this signal in your logrotate system.

USR1

When you send this signal to the server, it will print some statistics about sessions and cache usage in the log.

USR2

When you send this signal to the server, it will purge all caches the server has in use.

TERM

To gracefully let the server exit, the normal TERM signal is used. Because of open sessions by clients it may take up to 60 seconds for the server to completely shutdown.

AUTHOR

Written by Zarafa.

SEE ALSO

zarafa-server.cfg(5) zarafa-admin(1)