=====Doc en cours de construction !====

=====Installation de apache et roundcube sous lenny====
(source : http://www.starbridge.org/spip/spip.php?article12&artsuite=6#sommaire_1)
http://howto.landure.fr/gnu-linux/debian-4-0-etch/creer-un-certificat-ssl-multi-domaines
installation de apache,mysql,php :
  aptitude install apache2 mysql-server php5 php5-mysql phpmyadmin

paramétrage du mode sécurisé pour apache :

Activation du ssl :
  a2enmod ssl

Création du virtualhost :
  cd /etc/apache2/sites-available/
  vi ssl

Et on colle :
  NameVirtualHost *:443
  <VirtualHost *:443>
          ServerAdmin webmaster@mdl29.net
          ServerName www.mdl29.net
          DocumentRoot /var/www/
          <Directory />
                  Options FollowSymLinks
                  AllowOverride None
          </Directory>
          <Directory /var/www/>
                  Options Indexes FollowSymLinks MultiViews
                  AllowOverride All
                  Order allow,deny
                  allow from all
                  # This directive allows us to have apache2's default start page
                  # in /apache2-default/, but still have / go to the right place
                  # Commented out for Ubuntu
                  #RedirectMatch ^/$ /apache2-default/
          </Directory>
  
          ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
          <Directory "/usr/lib/cgi-bin">
                  AllowOverride AuthConfig
                  Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                  Order allow,deny
                  Allow from all
          </Directory>
  
          ErrorLog /var/log/apache2/error.log
  
          # Possible values include: debug, info, notice, warn, error, crit,
          # alert, emerg.
          LogLevel warn
  
          CustomLog /var/log/apache2/access.log combined
          ServerSignature On
  
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/mdl29-certkey-www.pem
  
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  </VirtualHost>

Edition du fichier ports.conf afin de vérifier que le port 443 y figure (ce qui devrait être le cas) :
  vi /etc/apache2/ports.conf

et on ajoute la ligne (si besoin)
  listen 443

Activation du virtualhost :
  a2ensite ssl

Génération des certificats :

On édite la configuration de ssl pour pouvoir signer des certificats sur 10 ans, au lieu d’1 an par défaut (comme çà, on est tranquille plus longtemps) :
  vi /etc/ssl/openssl.cnf 

on change la ligne default_days en
  default_days    = 3650

Création du Certificat Racine :
  cd ~
  mkdir CERT
  /usr/lib/ssl/misc/CA.pl -newca

Entrez les paramètres requis et choississez un pass phrase laissez "challenge password" vide.

  CA certificate filename (or enter to create)
  
  Making CA certificate ...
  Generating a 1024 bit RSA private key
  .......
  .........................................
  writing new private key to './demoCA/private/cakey.pem'
  Enter PEM pass phrase:
  Verifying - Enter PEM pass phrase:
  
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  
  Country Name (2 letter code) [AU]:FR
  State or Province Name (full name) [Some-State]:Brest 
  Locality Name (eg, city) []:Brest
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:mdl29.net
  Organizational Unit Name (eg, section) []:
  Common Name (eg, YOUR name) []:mdl29.net
  Email Address []:tech@mdl29.net
  
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:
  Using configuration from /usr/lib/ssl/openssl.cnf
  Enter pass phrase for ./demoCA/private/cakey.pem:
  Check that the request matches the signature
  Signature ok
  Certificate Details:
          //blablabla//
  Data Base Updated

Création d'une clé privée pour le serveur et d'’un certificat public non signé.

Il est important de créer un certificat avec le même nom que celui utilisé pour la connexion (ex : si on se connecte au serveur web par www.mdl29.net, il faut créer un certificat avec un "Common Name" en www.mdl29.net) .

Création d'un certificat public non signé et une clé, puis signature avec le CA :
  cd ~/CERT
  openssl req -new -nodes -keyout mdl29-key-www.pem -out mdl29-req-www.pem -days 3650

On entre les informations en prenant soin de bien spécifier le Common Name en www.mdl29.net. Il faut également mettre les mêmes informations entrées dans le CA plus tôt.
  cd ~
  openssl ca -out CERT/mdl29-cert-www.pem -infiles CERT/mdl29-req-www.pem
  cd CERT/
  cat mdl29-key-www.pem mdl29-cert-www.pem >mdl29-certkey-www.pem
  mkdir /etc/apache2/ssl
  cp mdl29-certkey-www.pem /etc/apache2/ssl/
  chmod 600 /etc/apache2/ssl/mdl29-certkey-www.pem

On redémarre Apache :
  /etc/init.d/apache2 restart

On peut vérifier la connexion en ssl sur l'adresse https://ip_de_la_machine

=====Installation et paramétrage de roundcube=====

installation de roundcube :

  aptitude install php5-ldap
on redémarre apache :
  /etc/init.d/apache2 restart
(voir si cette partie est nécessaire car pas de connexion ldap avec roundcube)

sous lenny, il n'y a pas de paquet pour roundcube, nous allons récupérer la dernière version (0.3.1) :

  cd /var/www
  wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.3.1/roundcubemail-0.3.1.tar.gz?use_mirror=freefr
  tar -xzvf roundcubemail-0.3.1.tar.gz 


L'autorisation d'accès à roundcube étant gérée par dovecot, la configuration de roundcube sera assez basique.

On renomme le répertoire (histoire de rendre plus facile l'accès) :
  mv roundcubemail-0.3.1 roundcube

paramétrage de roundcube :

  cd /var/www/roundcube/config
  mv db.inc.php.dist db.inc.php
  mv main.inc.php.dist main.inc.php

On créé la base et l'utilisateur :
  mysql -u root -p
  create database roundcube;
  GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY '*****';
  FLUSH PRIVILEGES;
  quit
(remplacer les '* * * * *' par votre mot de passe)

On importe la base de données :
  mysql -u root -p roundcube < ../SQL/mysql.initial.sql


Il faut adapter les fichiers de configuration (/var/www/roundcube/config/db.inc.php et main.inc.php) en fonction de vos souhaits.

db.inc.php : il faut modifier le fichier en indiquant le mot de passe choisi pour l'utilisateur sql de roundcube :
  vi /var/www/roundcube/config/db.inc.php
et modifier la ligne :
  $rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcube';
en remplaçant pass par le password choisi plus haut (attention à la modification de la fin de la ligne aussi).

main.inc.php :
ce fichier contient beaucoup de commentaire qui explique chaque paramètre. En voici un fonctionnel (purgé des commentaires pour une lecture plus facile sur la doc) :

  <?php
  
  /*
   +-----------------------------------------------------------------------+
   | Main configuration file                                               |
   |                                                                       |
   | This file is part of the RoundCube Webmail client                     |
   | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
   | Licensed under the GNU GPL                                            |
   |                                                                       |
   +-----------------------------------------------------------------------+
  
  */
  $rcmail_config = array();
  $rcmail_config['debug_level'] = 1;
  $rcmail_config['log_driver'] = 'file';
  $rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
  $rcmail_config['syslog_id'] = 'roundcube';
  $rcmail_config['syslog_facility'] = LOG_USER;
  $rcmail_config['log_dir'] = 'logs/';
  $rcmail_config['temp_dir'] = 'temp/';
  $rcmail_config['plugins'] = array();
  $rcmail_config['enable_caching'] = FALSE;
  $rcmail_config['message_cache_lifetime'] = '10d';
  $rcmail_config['force_https'] = TRUE;
  $rcmail_config['auto_create_user'] = TRUE;
  $rcmail_config['default_host'] = 'imap://mdl29.net:143';
  $rcmail_config['default_port'] = 143;
  $rcmail_config['imap_auth_type'] = null;
  $rcmail_config['imap_root'] = null;
  $rcmail_config['imap_delimiter'] = null;
  $rcmail_config['username_domain'] = '';
  $rcmail_config['mail_domain'] = '';
  $rcmail_config['virtuser_file'] = '';
  $rcmail_config['virtuser_query'] = '';
  $rcmail_config['smtp_server'] = '';
  $rcmail_config['smtp_port'] = 25;
  $rcmail_config['smtp_user'] = '';
  $rcmail_config['smtp_pass'] = '';
  $rcmail_config['smtp_auth_type'] = '';
  $rcmail_config['smtp_helo_host'] = '';
  $rcmail_config['smtp_log'] = TRUE;
  $rcmail_config['sql_debug'] = false;
  $rcmail_config['imap_debug'] = false;
  $rcmail_config['ldap_debug'] = false;
  $rcmail_config['smtp_debug'] = false;
  $rcmail_config['sendmail_delay'] = 0;
  $rcmail_config['list_cols'] = array('subject', 'from', 'date', 'size', 'flag', 'attachment');
  $rcmail_config['skin_include_php'] = FALSE;
  $rcmail_config['session_lifetime'] = 10;
  $rcmail_config['ip_check'] = false;
  $rcmail_config['double_auth'] = false;
  $rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
  $rcmail_config['language'] = 'fr_FR';
  $rcmail_config['date_short'] = 'D H:i';
  $rcmail_config['date_long'] = 'd.m.Y H:i';
  $rcmail_config['date_today'] = 'H:i';
  $rcmail_config['useragent'] = 'RoundCube Webmail/'.RCMAIL_VERSION;
  $rcmail_config['product_name'] = 'RoundCube Webmail';
  $rcmail_config['drafts_mbox'] = 'Drafts';
  $rcmail_config['junk_mbox'] = 'Junk';
  $rcmail_config['sent_mbox'] = 'Sent';
  $rcmail_config['trash_mbox'] = 'Trash';
  $rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
  $rcmail_config['create_default_folders'] = TRUE;
  $rcmail_config['protect_default_folders'] = TRUE;
  $rcmail_config['quota_zero_as_unlimited'] = TRUE;
  $rcmail_config['mdn_requests'] = 0;
  $rcmail_config['default_charset'] = 'ISO-8859-1';
  $rcmail_config['enable_spellcheck'] = TRUE;
  $rcmail_config['spellcheck_engine'] = 'pspell';
  $rcmail_config['spellcheck_uri'] = '';
  $rcmail_config['spellcheck_languages'] = NULL;
  $rcmail_config['generic_message_footer'] = '';
  $rcmail_config['http_received_header'] = false;
  $rcmail_config['http_received_header_encrypt'] = false;
  $rcmail_config['mail_header_delimiter'] = NULL;
  $rcmail_config['session_domain'] = '';
  $rcmail_config['address_book_type'] = 'sql';
  $rcmail_config['ldap_public'] = array();
  $rcmail_config['autocomplete_addressbooks'] = array('sql');
  $rcmail_config['dont_override'] = array();
  $rcmail_config['identities_level'] = 1;
  $rcmail_config['include_host_config'] = false;
  $rcmail_config['max_pagesize'] = 200;
  $rcmail_config['mime_magic'] = '/usr/share/file/magic';
  $rcmail_config['message_sort_col'] = 'date';
  $rcmail_config['message_sort_order'] = 'DESC';
  $rcmail_config['enable_installer'] = false;
  $rcmail_config['log_logins'] = false;
  $rcmail_config['delete_always'] = false;
  $rcmail_config['min_keep_alive'] = 60;
  $rcmail_config['email_dns_check'] = false;
  $rcmail_config['skin'] = 'default';
  $rcmail_config['pagesize'] = 40;
  $rcmail_config['timezone'] = 'auto';
  $rcmail_config['dst_active'] = (bool)date('I');
  $rcmail_config['prefer_html'] = TRUE;
  $rcmail_config['show_images'] = 0;
  $rcmail_config['htmleditor'] = FALSE;
  $rcmail_config['prettydate'] = TRUE;
  $rcmail_config['draft_autosave'] = 300;
  $rcmail_config['preview_pane'] = FALSE;
  $rcmail_config['focus_on_new_message'] = true;
  $rcmail_config['logout_purge'] = FALSE;
  $rcmail_config['logout_expunge'] = FALSE;
  $rcmail_config['inline_images'] = TRUE;
  $rcmail_config['mime_param_folding'] = 1;
  $rcmail_config['skip_deleted'] = FALSE;
  $rcmail_config['read_when_deleted'] = TRUE;
  $rcmail_config['flag_for_deletion'] = FALSE;
  $rcmail_config['keep_alive'] = 60;
  $rcmail_config['check_all_folders'] = FALSE;
  $rcmail_config['display_next'] = FALSE;
  $rcmail_config['index_sort'] = TRUE;
  ?>

enfin il reste à faire :
  chown -R www-data:www-data /var/www/roundcube

Il ne reste plus qu'à tester la connexion avec roundcube sur https://ip_de_la_machine/roundcube .

=====Récupération du carnet d'adresses de Thunderbird vers Roundcube=====

il faut installer le paquet 2vcard.

Puis exporter le carnet d'adresses de Thunderbird (au format ldif - format par défaut).

Ensuite dans un terminal :
  2vcard -f ldif -i fichier.ldif -o fichier.vcard
(en remplaçant fichier par le nom du fichier)

Il ne reste plus qu'à importer le carnet d'adresses sous Roundcube (le fichier.vcard).