Zarafa SYSADMIN
EXCHANGELinux groupware server natively serves Outlook clients ALTERNATIVE www.onlinebewerbung.de, Fotolia
Zarafa replaces Microsoft Exchange on a Linux server and collaborates website. Although these prices are cer- tainly higher than free alternatives such with Outlook thanks to native MAPI support. as Kolab, the cost of Zarafa compares fa- vorably with the cost of Microsoft Ex- BY SEBASTIAN KUMMER AND MANFRED KUTAS change, and because the server runs on Linux, you can avoid many of the issues any Linux servers work in het- relies on services such as WebDav. In associated with running Windows server erogeneous environments, many cases, each function has to be con- systems. Contact the company for infor- Mserving Windows clients that figured separately on the client side, and mation on local business partners and use MS Outlook for mail and calendar this leads to inflationary administrative support options. functions. Even if a new groupware sys- overhead. Additionally, this kind of inte- tem is introduced, the widespread use of gration only covers a small proportion of MAPI4Linux Windows clients sometimes makes Out- Outlook’s functionality. MAPI4Linux supports a compatible look an inescapable alternative. Unfortu- The Zarafa groupware server [1] takes Exchange counterpart on Linux. Zarafa nately, Outlook uses the native Windows a different approach. Instead of convert- comprises the MAPI4Linux library, Messaging Application Programming In- ing Outlook requests, Zarafa offers a which controls access to the MAPI store, terface (MAPI) for communication with comprehensive Microsoft-compatible at is core, and a collection of peripheral other applications, and the Outlook MAPI interface for Linux environments. tools. A MySQL database is used for client is designed to talk to a Windows Complex conversion of requests is no storage, and this makes it easier to back Exchange server. This preference for longer needed because the Zarafa server up or replicate the data. Exchange makes the integration of talks MAPI, specifically MAPI4Linux. MAPI4Linux controls the read and Linux-based groupware systems difficult. Zarafa is a commercial groupware write operations. Direct access to the da- Alternative groupware applications server that runs on Linux. Because the tabase is not recommended because it such as Scalix, Kolab, and Open Ex- Zarafa server communicates directly would break the caching and affect the change use an Outlook connector to with Windows clients using a variant of response time. integrate with Windows clients running MAPI, it provides a high level of Outlook Outlook. These tools convert Outlook’s compatibility with minimal client config- Open Interfaces MAPI queries to other, partly proprietary uration. See the box “Buying Zarafa” for Zarafa relies on open interfaces and protocols. Apart from this, processing a price summary as given on the Zarafa tried-and-trusted server components; it
FEBRUARY 2008 ISSUE 87 73
073-079_zarafa.indd 73 13.12.2007 16:07:05 Uhr SYSADMIN Zarafa
uses Postfix, for example, to send email language of Microsoft’s Ex-
and Apache as its web server, making it change server access to the (eg. SpamAssasin)
(eg. ClamAV) MTA Antivirus easy to integrate into environments that MAPI store. Figure 2 shows (eg. Postfix, qmail) Antispam already implement these services. the configuration menu. Figure 1 shows the Zarafa server’s SOAP messages handle major components. The MAPI kernel is communications between Mail delivery surrounded by various connectors. The the MAPI provider and the (eg. procmail) figure shows the path an email takes Outlook share on the server. Spooler / dAgent from physical reception by the Mail A proxy or Apache web Transfer Agent (MTA) through to the server transparently adver- Zarafa store. The MTA can be supple- tises this service on Intranets mented with various tools, such as spam or the Internet. To allow this Outlook Share
filters or virus scanners. When an in- to happen, you just need PHP MAPI coming mail message is ready for deliv- the following entry in your ery to the receiver, the MTA passes it on Apache configuration: to the Zarafa D(elivery) Agent. This pro- MySQL cess is controlled by the mailbox_com-
74 ISSUE 87 FEBRUARY 2008
073-079_zarafa.indd 74 13.12.2007 16:07:12 Uhr Zarafa SYSADMIN
support the following configuration: seconds), which waits for a result that is Changes immediately take effect in the • Server 1: MySQL database relevant to the client. After this interval store. For example, Zarafa will immedi- • Server 2: Zarafa core has expired, the connection terminates; ately create mail boxes for new users. • Server 3: MTA + antispam/virus the request then recommences immedi- Admins can use policies and scripts to • Server 4: web server ately after this. Each Outlook client es- tell the system how to react to other The Zarafa core server configuration tablishes four or five connections of this kinds of change (such as when groups defines the connection between the da- kind to avoid interruptions. are modified at directory service level). tabase and the Zarafa core, which is the If you have many clients, it makes only entity to talk to it. All the other sense to increase the maximum number Backup components can use TCP port 236 to of parallel connections for the web The Zarafa Backup Utility does what its access the core server. server – Apache restricts this to 100 by name implies. The utility creates two The MTA server hands incoming email default. Because the lightweight requests files: One contains the data, the second to the delivery agent, which runs on the generate a couple of bytes of network contains an index. Creating a consistent MTA server and uses an SSL certificate transfer traffic, this isn't a problem. snapshot of the complete store without to authenticate with the Zarafa core blocking the database is not possible, server. The web server follows a similar User Management which means that elements that change approach to communicate with the Internal user management is fine for or are created during the backup process Zarafa core and thus bind the web com- smaller environments. Currently, this in- are not included in the backup. ponents to the MAPI store. volves using a command-line tool that The current 5.20 version of Zarafa in- If your spam volumes are particularly also supports OpenLDAP and Active Di- troduces advanced backup options. The high, it might make sense to distribute rectory. The admin simply adds required new features include support for brick- the MTA and antispam or antivirus soft- attributes to a configuration file. Because level backup. Individual stores, includ- ware to separate servers. changes to the directory service do not ing the public store, can now be backed This scenario also shows how to run trigger events to update the data, Zarafa up fully or incrementally. Brick-level the web server in the DMZ, while the da- authenticates each user at login. backup now allows administrators to re- tabase and the Zarafa core reside on the store the whole store, individual secure internal network. messages, or complete Client directories. Data Import Because it does not store the Zarafa offers various approaches to im- meta data, this method is not porting data sets into a store. Using the Outlook useful for disaster recovery. If open source tool imapsync [2], you can you do a full restore from the migrate data from other IMAP servers. brick-level backup, you use all To do so, the admin users would create MAPI view settings, rules, and unique a user in Zarafa and then use the Zarafa user and store IDs. Also, admin- IMAP gateway to handle the synchroni- istrators must create the user zation process. MAPI provider MAPI profiles again from scratch If you need to migrate multiple users, under Windows. scripts could be the answer. For existing Information on other features, Outlook systems, whether standalone or such as synchronization tools for with a Microsoft Exchange server, Zarafa SOAP PDAs (via SyncML), privilege has its own migration tool (see Figure 4) management via ACLs, or the for importing the .pst files. This tool mobile web interface for HTML- must be run on a Windows system; it APACHE capable mobiles, is available on- (optional) has an unattended mode and can handle line [3]. about 7GB of data per hour. Fortunately, Zarafa supports Outlook Share not only commercial Linux dis- Notifications tributions, such as Red Hat and One of MAPI’s biggest strengths is its no- Novell SLES, but also Debian tification mechanism, which servers can MAPI 4 LINUX and Ubuntu. Also, Zarafa 5 is use to push messages to clients. Changes now available for 64-bit systems. thus become visible on the system after MAPI via PHP a short interval of less than a second and Groupware Server do not require user interaction. Many online applications are Network topologies often do not allow Zarafa component programmed in PHP, a program- servers to reach clients directly when Microsoft component ming language that is an obvi- sending messages of this kind. To work ous choice due to its rapid devel- Open Source component around this problem, the client opens a opment potential and wide- long open http request (maximum 60 Figure 3: How Outlook maps to MAPI4Linux. spread use.
FEBRUARY 2008 ISSUE 87 75
073-079_zarafa.indd 75 13.12.2007 16:07:13 Uhr SYSADMIN Zarafa
Zarafa Z-Push is based on To make it easier to log onto a server WAP Binary XML (WBXML), via a socket, you can make the user who like Microsoft AirSync, which runs the application a Zarafa admin, is used by the original; this is thus enabling access to the store without a kind of low-overhead XML entering a password. This gives any PHP for narrow bandwidths. script administrative access to the server, Users do not need to install but this method is not recommended for any additional software on security reasons. the PDA since Z-Push han- dles synchronization na- Example of a PHP-MAPI tively. Previously, back ends Application integrated Zarafa and Mail- Listing 1 is a sample calendar function Dirs. A comprehensive inter- that shows how MAPI integration works face description supports col- [8]. The first step is to set up a connec- Figure 4: The Zarafa migration tool can handle 2GB of laboration between Z-Push tion to the MAPI store: data per hour. and any groupware system. Additionally, Z-Push now mapi_openmsgstore_zarafaU Zarafa features programmed in PHP supports IMAP as a back (string $user , U include the web front end, Webaccess. end, bringing push services with IMAP string $password, U Webaccess resembles the Outlook client to cell phones for free [6]. string $server) and communicates directly with the MAPI4Linux layer via the PHP-MAPI PHP-MAPI Technology This example uses a socket connection. module. PHP-MAPI has useful options Enterprises use a variety of Intranet ap- Note that the application logs on to the for adding groupware functionality to plications that benefit from the ability MAPI store as an administrative user open source solutions in areas such as to display and modify appointments or and that a password is not required to Customer Relationship Management contacts from groupware. PHP-MAPI of- authenticate. (CRM), Enterprise Resource Planning fers the ability of integrating MAPI func- (ERP), document management systems, tionality with existing web solutions. Successful Login or wikis. Basically, you have two options for A successful login returns an array with The module is a prebuilt .so file. The accessing the Zarafa server from a PHP two stores: the user’s private store with PHP configuration file, php.ini, loads the application: via a UNIX socket: data from the user’s own PIM and the module like this: extension = mapi.so. public store with data for shared use. Developers can use this module to im- $zarafaserver = U MAPI stores have a tree structure. plement MAPI functionality in PHP. "file:///var/run/zarafa" To access a branch or leaf, you need to Zarafa also offers a detailed interface de- know its address. Properties are used for scription online [4], and general infor- or via the SOAP interface: addressing purposes. The mapi_prop_ mation on MAPI is available [5]. tags() function creates addresses from Although Zarafa stores data in a $zarafaserver = U a type and an ID. MySQL database, the use of PHP-MAPI "http://url_zum_zarafaserverU The mapitags.php file in the {webac- is the recommended approach for access :236/zarafa". cess}/mapi folder (for Zarafa 5) or in by web applications to the MAPI store. Figure 5 shows PHP-MAPI’s web server integration. Programmers can use special PHP MAPI MobileSync Webaccess functions to connect to the store and, for example, read its properties. MAPI 4 LINUX MAPI Z-Push MAPI Previously, the only way to synchronize data with a PDA was to use the cradle PHP MAPI and a desktop tool with SyncML. In April 2007, Zarafa introduced Z-Push, an open source implementation of Micro- APACHE soft’s ActiveSync protocol. PDAs with Windows Mobile 2003, Web Server 2005, and 6.0 can synchronize their local contacts, email, appointments, and vari- Zarafa components Open Source components ous tasks with the server online via GPRS or UMTS. Figure 5: PHP-MAPI web server integration.
76 ISSUE 87 FEBRUARY 2008
073-079_zarafa.indd 76 13.12.2007 16:07:14 Uhr Zarafa SYSADMIN
Listing 1: PHP-MAPI Sample Application 001
FEBRUARY 2008 ISSUE 87 77
073-079_zarafa.indd 77 13.12.2007 16:07:14 Uhr SYSADMIN Zarafa
Listing 1: continued {webaccess}/include/mapi (for Zarafa 4) contains a list of constants. 057 timezone data Alternatively, you can use tools like 058 $props[16] = PR_BODY; OutlookSpy [7] to search for the required 059 properties. If the programmer uses MAPI 060 //restrictions' array include files from the directories we just 061 $restriction = Array(RES_OR, mentioned, there is no need to create ad- 062 Array( dresses. 063 // OR Once the connection to the store has 064 // (item[start] >= start && item[start] <= end) been set up, you can open the user’s 065 Array(RES_AND, inbox to access all the objects in the 066 Array( store: 067 Array (RES_PROPERTY, Array(RELOP => U 068 RELOP_GE, ULPROPTAG => $props[0], VALUE mapi_msgstore_getreceivefolder 069 => $start)), (mapimsgstore $store); 070 Array (RES_PROPERTY, Array(RELOP => The mapi_getprops() function reads the 071 RELOP_LE, ULPROPTAG => $props[0], VALUE properties of the required object. In this 072 => $end)) case, it is an entry ID for the calendar. 073 ) mapi_msgstore_openentry() lets us cre- 074 ), ate a pointer to the calendar and access 075 // OR further calendar object properties. mapi_ 076 // (item[end] >= start && item[end] <= end) folder_getcontentstable() then opens the 077 Array(RES_AND, messages in the folder. 078 Array( Before you can start reading appoint- 079 Array(RES_PROPERTY, Array(RELOP => ments, you need to generate the IDs for 080 RELOP_GE, ULPROPTAG => $props[1], VALUE the required properties (start, end, loca- 081 => $start)), tion, and so on) using mapi_prop_tag() 082 Array(RES_PROPERTY, Array(RELOP => and mapi_getIdsFromNames(). 083 RELOP_LE, ULPROPTAG => $props[1], VALUE 084 => $end)) Restrictions 085 ) The example only shows appointments 086 ), for the month of September; it uses PHP- 087 // OR MAPI restrictions to do so. 088 // (item[start] < start && item[end] > end) The restriction array contains a time stamp for the start and end of the re- 089 Array(RES_AND, quired period. Then, the array is passed 090 Array( in to the MAPI request. 091 Array(RES_PROPERTY, Array(RELOP => Now you know where the folder with 092 RELOP_LT, ULPROPTAG => $props[0], VALUE the calendar entries is, which appoint- 093 => $start)), ment properties you want to query, and 094 Array(RES_PROPERTY, Array(RELOP => what restrictions they are subject to. 095 RELOP_GT, ULPROPTAG => $props[1], VALUE The mapi_table_queryallrows() function 096 => $end)) stores the relevant entries in a result 097 ) array, giving you the ability to display it. 098 ), 099 ) Conclusion 100 ); // global OR Zarafa is a robust groupware server that 101 integrates seamlessly with existing Linux 102 $start = mktime(0, 0, 0, 9, 1, 2007); environments. The core is supplemented 103 $end = mktime(23, 59, 59, 9, 30, 2007); with open source components such as 104 Apache, Postfix, or MySQL. 105 //get the required calender items Besides native Outlook access, clients 106 $rows = mapi_table_queryallrows($contents, $props, $restriction); benefit from POP3, IMAP, or iCalendar 107 foreach ($rows as $appointment) { interfaces. PHP-MAPI gives developers rapid access to data and the ability to 108 /* do something */ manipulate the data in the store. 109 } Webaccess comes with an AJAX inter- 110 ?> face and new functions. Because the fea-
78 ISSUE 87 FEBRUARY 2008
073-079_zarafa.indd 78 13.12.2007 16:07:15 Uhr Zarafa SYSADMIN
ture scope is similar to that of Outlook, Listing 2: Definition File many users have started to use Webac- cess exclusively. 01 Germany. He has worked as a free 28 define('RES_AND', 0); software developer for various en- terprises since 2000. 29 define('RES_OR', 1); Sebastian has also worked on 30 define('RES_PROPERTY', 4); Zarafa migration and integration for 31 inmedias.it GmbH in Hamburg. 32 /* restriction compares */ Since September 2006, Sebastian has been working on developing 33 define('RELOP_LT', 0); the mobile security design for the 34 define('RELOP_LE', 1); colamo. org project. 35 define('RELOP_GT', 2); Manfred Kutas studied Computer Science at HAW, the University of 36 define('RELOP_GE', 3); THE AUTHORS Applied Science in Hamburg Ger- 37 many. He works as a freelance de- 38 /* array index values of restrictions */ veloper, focusing on PHP and Java. In the scope of the open source 39 define('VALUE', 0); // propval project, colamo. org, Manfred has 40 define('RELOP', 1); // compare method worked exhaustively with PHP-MAPI 41 define('ULPROPTAG', 6); // property and implemented read/write access to the Zarafa server for inmedias. it. 42 ?>
FEBRUARY 2008 ISSUE 87 79
073-079_zarafa.indd 79 13.12.2007 16:07:15 Uhr