Forgot your password?
New user?
Synchronizing OGo events with Symbian S60 phones
Document Actions
This HOWTO covers synchronizing OGo 1.1.7 (or even 1.0.0) with Symbian S60 phones by using Funambol and the GroupDAV connector.
Contents
* Introduction
* Tested software configurations
* Check your Java version
* Check the Funambol version
* Matthew McBride's official install guide
* Installing the connector on bundled version of Funambol (3.0a)
* Using postgresql instead of hsqldb for Funambol ds-server
o Installing and configuring postgresql
o Configuring ds-server to use Postgresql
* Configuring the GroupDAV plugin
* Configuring Funambol server
o Server URI
o Creating a new principal
* Zidestore-related issues
o Browsing the Zidestore tree
o Which calendars to get?
o Zidestore bugs
o Other info
* Configuring the S60 phone (Finnish interface)
* Configuring the S60 phone (English interface)
* Securing the SyncML transfers
o SSL support in Nokia (S60) phones
o SSL support in Funambol
o SSL support in Tomcat
* Logs and troubleshooting
*** Introduction ***
This HOWTO is written for the Linux version of Funambol. The variable $FUNAMBOL_HOME refers to the Funambol's base directory. Replace it with your install directory, for example with /opt/Funambol.
*** Tested software configurations ***
Funambol seems to be really picky about software (Java, jdbc-java, ant etc.) versions. Here's a list of software that has been tested:
This setup fails during the bin/install-modules tomcat50 phase when using postgresql. GroupDAV connector 1818 does not work with hsqldb (hypersonic) during the initial install so that's pretty much it, then. Also
* CentOS 5
o Host (=not an OpenVZ VPS)
o Funambol 3.0a or 6.0
o Funambol built-in JRE or Sun Java EE SDK 1.6
o Funambol built-in ant or ant from the repos
o Postgresql-8.1.4
o Postgresl-jdbc-8.1
o GroupDAV plugin 1818 (not really relevant here)
This setup works. Some details might be wrong because the system's harddrive crashed hard so all details were lost.
* Ubuntu 6.06
o Funambol 3.0a bundle
o Funambol built-in JRE
o Funambol built-in ant
o Funambol built-in Tomcat
o Postgresql version unknown (possibly 7.4, 8.0 or 8.1)
o Matching libpg-java version
o GroupDAV plugin 1818
This setup works with connector 1.1.1838.
* Debian Etch (Macbook)
o Funambol 3.0a bundle
o Funambol built-in JRE
o Funambol built-in ant
o Funambol built-in Tomcat
o Funambol built-in HSQLDB database
o GroupDAV plugin 1838
*** Check your Java version ***
First of all, check which version of Java you are using if you are not using the bundled Funambol. Even if you are using the bundle, it's a good idea to check that you have Sun Java installed, instead of GNU Java or something else. The bundle should use it's own ant,tomcat,java and all, but it's better to be on the safe side.
Most Linux distros ship with GNU Java by default, but for complex apps it is not enough. Go get Sun's Java Development kit (JDK) - it's available in Debian/Ubuntu repos. If you're running some other Linux flavor, get SDK from Sun's homepage. Also make sure that you're actually using the correct version. With Redhat/CentOS/Debian you might have serveral different versions installed (due to the alternatives system).
*** Check the Funambol version ***
Currently (6. June 2007) the GroupDAV connector does not work with latest Funambol release (6.0). Use the older 5.0 release instead (funambol-3.0a.bin). Use the bundled version if possible: the standalone ds-server can be made to work, but it does NOT work out of the box, due to several missing files / startup scripts.
*** Installing the connector on bundled version of Funambol (3.0a) ***
NOTE: Newer versions of GroupDAV connector might have everything you need in one *.s4j package. If that is the case, you can safely skip most of this.
Install Funambol as usual: ./funambol3.0a.bin. Then find the zip or tar.gz that contains a directory gdav_libs. Make sure that you're using the right package, as there are several floating around. Next copy the contents of the directory gdav_libs into $FUNAMBOL_HOME/tools/tomcat/server/lib. Afterwards it should look like this (note the file sizes):
samuli@macbook:/tmp/Funambol/tools/tomcat/server/lib$ ls -l
totale 4544
-rw-r--r-- 1 samuli samuli 20418 2007-06-05 13:42 catalina-ant.jar
-rw-r--r-- 1 samuli samuli 124130 2007-06-05 13:42 catalina-cluster.jar
-rw-r--r-- 1 samuli samuli 23233 2007-06-05 13:42 catalina-i18n-es.jar
-rw-r--r-- 1 samuli samuli 22345 2007-06-05 13:42 catalina-i18n-fr.jar
-rw-r--r-- 1 samuli samuli 23733 2007-06-05 13:42 catalina-i18n-ja.jar
-rw-r--r-- 1 samuli samuli 709833 2007-06-05 13:42 catalina.jar
-rw-r--r-- 1 samuli samuli 108919 2007-06-05 13:42 catalina-optional.jar
-rw-r--r-- 1 samuli samuli 188671 2007-06-05 13:42 commons-beanutils.jar
-rw-r--r-- 1 samuli samuli 46725 2007-06-05 14:20 commons-codec-1.3.jar
-rw-r--r-- 1 samuli samuli 109096 2007-06-05 13:42 commons-digester.jar
-rw-r--r-- 1 samuli samuli 22379 2007-06-05 13:42 commons-fileupload-1.0.jar
-rw-r--r-- 1 samuli samuli 63980 2007-06-05 14:20 commons-lang-1.0.1.jar
-rw-r--r-- 1 samuli samuli 52915 2007-06-05 14:20 commons-logging-1.1.jar
-rw-r--r-- 1 samuli samuli 20937 2007-06-05 14:20 commons-logging-adapters-1.1.jar
-rw-r--r-- 1 samuli samuli 44598 2007-06-05 14:20 commons-logging-api-1.1.jar
-rw-r--r-- 1 samuli samuli 109670 2007-06-05 13:42 commons-modeler.jar
-rw-r--r-- 1 samuli samuli 265111 2007-06-05 14:20 foundation-3.0.9.jar
-rw-r--r-- 1 samuli samuli 6272 2007-06-05 14:20 funambol-admin-dev.jar
-rw-r--r-- 1 samuli samuli 417303 2007-06-05 14:20 funambol-framework.jar
-rw-r--r-- 1 samuli samuli 473546 2007-06-05 14:20 ical4j-1.0-beta1.jar
-rw-r--r-- 1 samuli samuli 25429 2007-06-05 13:42 jakarta-regexp-1.3.jar
-rw-r--r-- 1 samuli samuli 110237 2007-06-05 13:42 JGroupDAV.jar
-rw-r--r-- 1 samuli samuli 110237 2007-06-05 13:20 JGroupDAV.jar.1
-rw-r--r-- 1 samuli samuli 161809 2007-06-05 13:34 JGroupDAV.jar.2
-rw-r--r-- 1 samuli samuli 30436 2007-06-05 13:42 jkconfig.jar
-rw-r--r-- 1 samuli samuli 463 2007-06-05 13:42 jkshm.jar
-rw-r--r-- 1 samuli samuli 502389 2007-06-05 14:20 joda-time-1.0.jar
-rw-r--r-- 1 samuli samuli 20425 2004-11-24 12:42 servlets-cgi.renametojar
-rw-r--r-- 1 samuli samuli 3978 2007-06-05 13:42 servlets-common.jar
-rw-r--r-- 1 samuli samuli 20554 2007-06-05 13:42 servlets-default.jar
-rw-r--r-- 1 samuli samuli 6107 2007-06-05 13:42 servlets-invoker.jar
-rw-r--r-- 1 samuli samuli 46220 2004-11-24 12:42 servlets-ssi.renametojar
-rw-r--r-- 1 samuli samuli 21834 2007-06-05 13:42 servlets-webdav.jar
-rw-r--r-- 1 samuli samuli 199556 2007-06-05 14:20 smallsql.jar
-rw-r--r-- 1 samuli samuli 18899 2007-06-05 13:42 tomcat-coyote.jar
-rw-r--r-- 1 samuli samuli 52653 2007-06-05 13:42 tomcat-http11.jar
-rw-r--r-- 1 samuli samuli 118840 2007-06-05 13:42 tomcat-jk2.jar
-rw-r--r-- 1 samuli samuli 3543 2007-06-05 13:42 tomcat-jk.jar
-rw-r--r-- 1 samuli samuli 13088 2007-06-05 13:42 tomcat-jni.jar
-rw-r--r-- 1 samuli samuli 184267 2007-06-05 13:42 tomcat-util.jar
Most of these jar's are not related to the GroupDAV connector. Check that the JGroupDAV.jar is the same size as the one above: there are several versions floating around in Matthew's webpage, and they don't seem to be compatible with each other. The smallsql.jar is probably required, even though it's not in gdav_libs - Tomcat will complain if it's missing (or so it seems).
Next copy groupdav-1.1.1838.s4j to $FUNAMBOL_HOME/ds-server/modules. Add a new entry groupdav-1.1.1838 to $FUNAMBOL_HOME/ds-server/install.properties file, into section modules-to-install
samuli@macbook:/tmp/Funambol/ds-server/modules$ ls -l
totale 3004
-rw-r--r-- 1 samuli samuli 11909 2006-09-08 17:25 dummy-3.0.4.s4j
-rw-r--r-- 1 samuli samuli 738826 2006-09-08 17:25 foundation-3.0.9.s4j
-rw-r--r-- 1 samuli samuli 79097 2006-09-08 17:25 funambol-db-3.0.7.s4j
-rw-r--r-- 1 samuli samuli 576942 2006-09-08 17:27 funambol-email-3.0.15.s4j
-rw-r--r-- 1 samuli samuli 68128 2007-06-05 13:20 groupdav-1.1.1838.s4j
-rw-r--r-- 1 samuli samuli 16791 2006-09-08 17:25 pdi-3.0.5.s4j
-rw-r--r-- 1 samuli samuli 1552360 2006-09-08 17:25 pimweb-3.0.8.s4j
If you are using the built-in Hypersonic (hsqldb) database, you'll have to start Funambol next: $FUNAMBOL_HOME/tools/bin/funambol.sh start. Then move to $FUNAMBOL_HOME/ds-server and install the Funambol applications to the Tomcat application server:
sudo bin/install.sh tomcat50
sudo bin/install-modules.sh tomcat50
Now restart Funambol:
$FUNAMBOL_HOME/tools/bin/funambol.sh stop
$FUNAMBOL_HOME/tools/bin/funambol.sh start
and start the admin tool with
cd $FUNAMBOL_HOME/admin/bin
./funamboladmin
Funamboladmin will not start unless you are in the specified directory.
*** Using postgresql instead of hsqldb for Funambol ds-server ***
Version 1.1.1818 of the groupDAV connector does not seem to work with Funambol's built-in hsqldb dastabase. This problem can be circumvented by using postgresql, for example. This is probably a good idea anyway, and is not really that hard to set ds-server to use postgresql instead of hsqldb.
Version 1.1.1838 seems to install fine on either Postgresql or Hsqldb.
** Installing and configuring postgresql **
First install postgresql. I've tested only postgresql 8.0.7, but probably anything remotely recent version will work. You should not encounter any problems here. In addition to postgresql, you will need postgresql.jar, which enables Java software to connect to postgresql databases. On Debian, this file is in package libpg-java. NOTE: libpg-java in Ubuntu 6.06 (June 2006) supports only postgresql 8.0.x and older. Check the compability of you libpg-java before proceeding.
Next modify the file /etc/postgresql-8.0/main/pg_hba.conf (provided you are on Debian/Ubuntu). If you're on CentOS 4/5 the file must be created and is located in /var/lib/pgsql/data:
# Database administrative login by UNIX sockets
local all postgres ident sameuser
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
# We don't want to use md5 passwords for testing and we trust anything coming from localhost.
# Funambol uses TCP/IP for communication so trusting Unix domain sockets is not enough.
#host all all 127.0.0.1/32 md5
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
If you don't feel lucky, edit the file /etc/postgresql-8.0/main/postgresql.conf and change the logging levels. Next restart postgresql with /etc/init.d/postgresql-8.0 restart. Then from a terminal do
bash> sudo -s
bash> su - postgres
bash> createuser --password funambol
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) n
Password:
CREATE USER
bash> createdb -O funambol funambol
bash>
You can verify that all went ok by doing
-bash-3.00$ psql -h localhost
Welcome to psql 8.1.8, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=# \l
List of databases
Name | Owner | Encoding
-----------+----------+-----------
funambol | funambol | SQL_ASCII
postgres | postgres | SQL_ASCII
template0 | postgres | SQL_ASCII
template1 | postgres | SQL_ASCII
(4 rows)
postgres=# \q
** Configuring ds-server to use Postgresql **
Now that we have a user with a password, we can move on to configuring Funambol ds-server.
bash> nano $FUNAMBOL_HOME/ds-server/install.properties
Change the DBMS name to postgresql:
#
# The DBMS name. One of:
# - ansisql99
# - db2
# - hypersonic
# - mysql
# - oracle
# - postgresql
# - sqlserver
# - sybase
#
#dbms=hypersonic
dbms=postgresql
Also comment out all references to hsqldb, just in case:
#jdbc.classpath=../tools/hypersonic/lib/hsqldb.jar
#jdbc.driver=org.hsqldb.jdbcDriver
#jdbc.url=jdbc:hsqldb:hsql://localhost/funambol
#jdbc.user=sa
#jdbc.password=
Last and not definitely least configure the postgresql connector:
# PostgreSQL
# ==========
#
#jdbc.classpath=<somepath>/postgresql.jar
#jdbc.driver=org.postgresql.Driver
#jdbc.url=jdbc:postgresql://<hostname>/funambol
#jdbc.user=funambol
#jdbc.password=funambol
jdbc.classpath=/usr/share/java/postgresql.jar
jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost/funambol
jdbc.user=sa
jdbc.password=sa
Make sure that you use the same password you gave when you did createuser --password sa. Next proceed with installing modules as shown in previous chapter.
NOTE: You probably get errors like "unknown table fnbl_module" or similar when installing the modules. These are not actually errors, as the install script just informs that such tables do not _yet_ exist. When you run the install command again, it should not complain anymore.
In case you're interested, you can find the SQL database initialization scripts like this:
etch:/opt/Funambol/ds-server# find . -name "*.ddl"
./default/sql/mysql/create_engine.ddl
./default/sql/mysql/drop_engine.ddl
./default/sql/hypersonic/create_engine.ddl
./default/sql/hypersonic/drop_engine.ddl
./default/sql/ansisql99/create_engine.ddl
./default/sql/ansisql99/drop_engine.ddl
./default/sql/sqlserver/create_engine.ddl
./default/sql/sqlserver/drop_engine.ddl
./default/sql/sybase/create_engine.ddl
./default/sql/sybase/drop_engine.ddl
./default/sql/db2/create_engine.ddl
./default/sql/db2/drop_engine.ddl
./default/sql/postgresql/create_engine.ddl
./default/sql/postgresql/drop_engine.ddl
./default/sql/oracle/create_engine.ddl
./default/sql/oracle/drop_engine.ddl
The files we're interested in are in default/sql/postgresql. If you for some reason want to initialize the database manually, you can do it like this:
etch:/opt/Funambol/ds-server# cd default/sql/postgresql
etch:/opt/Funambol/ds-server/default/sql/postgresql# psql -h localhost -U funambol funambol < create_engine.ddl
--- psql output ---
etch:/opt/Funambol/ds-server/default/sql/postgresql# psql -h localhost -U funambol funambol < init_engine.dll
--- psql output ---
*** Configuring the GroupDAV plugin ***
From here on, you should be able to follow Matthew's own deployment guide. Some things, however, are not mentioned in it, and all the steps will be covered here also. You're supposed to be in the Funamboladmin tool now.
* Go to Server settings -> Logging -> funambol and set logging level to ALL
* Go to Users and create a new user with the same name and password which OGo uses. NOTE: Synchronization will fail if you the user is Administrator - you will have to use User instead. This was not the case before.
* Go to Modules -> GroupDAV -> BionicMessageGroupDAVconnector and create a new instance of the GroupDAV connector with following settings
o SyncML Source URI: ./calendar
+ NOTE:: Nokia S60 phones add ./ automatically so it is required
o Source type: text/x-vcalendar
+ For events, see Matthew's guide for more info
o GroupDAV URL: http://hostname:port
o Server Source: /zidestore/dav/%USER%/Calendar
+ %USER% refers to the connecting user, so there's no need to create 1000 instances of this connector for 1000 users. Note that you might or might not have to add a trailing slash to the end, depending on the connector version
o Store Location: /opt/Funambol/groupdav-cal
+ This is where groupdav connector's logs are stored in
*** Configuring Funambol server ***
** Server URI **
A snippet from Stefano at sync4-users list:
> Does https work if Server URI is not set? Also, could you explain what
> is the point of Server URI anyway? I know Funambol can operate fine even
> without it, so when and why do I need to define it?
You should set it [Server URI] every time you want that the client gets back to a
specific URL. For example, if you have a load balancer in front of a
cluster of Funambol servers, you probably want that the clients use
always the cluster URL to address a server, not the one of the node
that is handled the request.
** Creating a new principal **
A principal is what ties a user and a device together in Funambol. First sync should create the user, the device and the principal automatically (s.c. autoprovisioning of principals). If that does not work, create the principal manually with Funamboladmin:
* Go to Principal and add a new principal
* Select the user and device you wish to link and click Add principal
That's all.
*** Zidestore-related issues ***
** Browsing the Zidestore tree **
Zidestore server can be browsed with any WebDAV client, like cadaver. With it the calendar/todo/task files at Zidestore server can be listed, downloaded, etc. It is also possible to use a WebDAV capable browser, like Firefox to browse the DAV tree.
Examples:
cadaver http://ogo-server-address/zidestore
firefox http://ogo-server-address/zidestore
If browsing does not work, it is likely that you're trying to browse a branch to which you don't have access to (=only root has access). In this case, try giving your own DAV path:
firefox http://ogo-server-address/zidestore/dav/myusername/Calendar
** Which calendars to get? **
As S60 phones seem to be able to keep in sync with only one calendar at time (verify this), it's extremely important to get the right set of events (=calendar) from Zidestore.
* User's private events: /zidestore/dav/%USER%/Calendar
o this contains events that are marked private in OGo and Nokia S60
* User's non-private events: /zidestore/dav/%USER%/Overview
o This _should_ contain all events that the user is part of, whether as himself/herself or as a part of a group. This DOES NOT include events that are common to All intranet, as there are simply too many of them.
* Group events: /zidestore/dav/%USER%/Groups/Sales/Calendar/
o All events that are readable by members of the given group
* Group overview: /zidestore/dav/$user/Groups/Sales/Overview/ics (does this exist?)
o Shows the appointments where any of Sales members is an attendee
The "Overview" query is what the regular OGo web interface shows.
In case you want to use Group Overview calendars, take a look at http://www.opengroupware.org/en/users/docs/snippets/ZideStore/ZideStore-URLs.html:
Group Overview folders are activated using the "ZLShowGroupOverviewCalendars"
default:
Defaults write ZideStore ZLShowGroupOverviewCalendars YES
Most likely you don't want this (see above).
** Zidestore bugs **
GroupDAV mailinglist 24.-25. July 2007:
Hi!
I've finally managed to sort out most issues with Zidestore 1.5 <-> GroupDAV connector <->
Funambol <-> Nokia S60 synchronization. There is one problem, however... Whenever I create
an event in OGo and write a multiline comment for it, it doesn't get synced at all. All
VCALENDARs thatcontain a multiline DESCRIPTION fail consistently, so linefeeds are obviously
the source of the problem. These multiline DESCRIPTION events do appear in the GroupDAV connector
logs, but they never gets to the Nokia. I suppose GroupDAV connector is rejecting it.
The OGo event comment get mapped to DESCRIPTION in the VCALENDAR's VEVENT subsection. When I
view the multiline DESCRIPTION field with either "less" or "vi", this is what I get:
--- snip ---
DESCRIPTION:John Doe\, mobile. 555 123456^M\n^M\nSee: http://www.johndoe.com/ (Pages are not in use yet)
--- snip ---
This is from GroupDAV connector logs, of course. This does not look right. There should not be any
^M 's (either a CR or LF, I can't never remember).
From RFC2445 (http://www.faqs.org/rfcs/rfc2445.html):
description = "DESCRIPTION" descparam ":" text CRLF
--- snip ---
Example: The following is an example of the property with formatted
line breaks in the property value:
DESCRIPTION:Meeting to provide technical review for "Phoenix"
design.\n Happy Face Conference Room. Phoenix design team
MUST attend this meeting.\n RSVP to team leader.
The following is an example of the property with folding of long
lines:
DESCRIPTION:Last draft of the new novel is to be completed
for the editor's proof today.
--- snip ---
This clearly states that the DESCRIPTION field should contain only \n as the linefeed,
or CRLF linefeed. Or possibly both, if I understand correctly. No DOS/Mac linefeed
(just CR or LF, not CRLF).
Is this just Zidestore serving invalid VCALENDAR files, or is GroupDAV connector doing
something it shouldn't?
Samuli
> Is this just Zidestore serving invalid VCALENDAR files
Apparently the CRs are not properly escaped (or removed) in the comment content. Maybe thats
confusing the vcard4j, yes.
Helge
** Other info **
An important piece of information from Helge (28.7.2003), seems to be valid even to this day (2007):
The main thing the ZideStore middleware does is mapping the "flat" OGo
database calendar containing *all* OGo appointments to a hierarchy for
ZideLook/Evolution/WebDAV. So you always get a "virtual hierarchy"
which is mapped to queries, eg:
/zidestore/so/donald
/Calendar => only private appointments of donald
/Groups
/Sales
/Calendar => only apts where read-access is "Sales" group
/Overview => apts of all people connected to Sales group
/Overview => *all* apts of donald
Also needs to be documented ... If ZideStore on day uses SoOFS, it will
be pretty easy to see the internal workings, since the WebDAV hierarchy
will map to a filesystem (template) hierarchy.
regards,
Helge
From helge.hess@opengroupware.org Mon Nov 24 22:03:15 2003
Return-Path: <helge.hess@opengroupware.org>
Delivered-To: users@opengroupware.org
> 2) If I try to use the /zidestore/so/marcus/Overview/calendar.ics I
> only get my personal stuff, i.e., not any of the groups I'm a member
> of.
That would be a bug. You should see all appointments which are directly
connected to you (where you are added as an account or as a group). But
it doesn't contain appointments of other people, for that you need to
subscribe a Group Calendar, eg:
/zidestore/so/<login>/Groups/sales/calendar.ics
Message from Helge Hess:
From: groupdav@opengroupware.org (Helge Hess)
Date: Tue, 1 Aug 2006 14:33:15 +0200
Subject: [GroupDAV] Exception with GroupDAV Connector
On Aug 1, 2006, at 14:25, Mathew McBride wrote:
>> http://myserver:80/zidestore/dav/myuser. I thought it was /zidestore/so/user?
The 'so' key does some automatic detection of which HTTP protocol is being used (based on user agent,
method, content etc etc). Using 'dav' ensures that we are in 'WebDAV mode', so its the better choice
for GroupDAV clients. (other modes are things like XML-RPC or SOAP)
From: Helge Hess <helge.hess@opengroupware.org>
Subject: Re: [OGo-Users] Wanted: Testers for GroupDAV Integration with KOrganzier
Date: Thu, 7 Apr 2005 12:51:36 +0200
To: users@opengroupware.org
> both URL's return folder listings
> http://localhost/zidestore/so/chris123 and
> http://localhost/zidestore/dav/chris123
>
> which one is preferred or considered correct?
"dav" is better. SOPE URL are always like this:
/APPNAME/REQUEST-HANDLER/stuff
The REQUEST-HANDLER determines how requests are processed, we have
x or wa - direct actions
wo - component actions
so - SOPE path traversal
RPC2 - XML-RPC (SOPE-path traversal)
dav - WebDAV access (SOPE-path traversal)
If you use "so", SOPE will try to detect the request type
automagically. It uses the user-agent and other request properties to
do this. Eg if the client issues a PROPFIND request, WebDAV will always
get selected. On the other side Cadaver is always in WebDAV mode by
user-agent.
"Problematic" requests are GET and POST, those can be ambiguous and
might need ua detection.
Summary: 'dav' is more explicit than 'so' if you want to enforce WebDAV
access.
Subject: Re: [OGo-Users] What gets into /Calendar/calendar.ics?
From: Adam Tauno Williams <awilliam@whitemice.org>
To: users@opengroupware.org
Date: Mon, 16 Apr 2007 13:36:01 -0400
> > This is explained, mostly, at:
> > http://www.opengroupware.org/en/users/docs/snippets/ZideStore/ZideStore-URLs.html
> Thanks. I've been reading this page about 10 times today.
> >> To say is that this user is the team leader and almost all his
> >> appointments are created by the secretary. In the web-ui I can see that
> >> he is in all appointments as an attendee.
> > You probably want to use the Overview folder.
> No, because the user would see all the team members appointments as
> well. Or am I wrong? But I got the "problem" now.
If you are using a group Overview yes.
The user's Overview should be the events they are participating in;
/zidestore/dav/%USER%/Overview
If possible I'd recommend retrieving events via GroupDAV (DAV) rather
can iCalendar; depends on what your client supports.
> In the .ics file everything is included a user can see.
Correct, the private and public folders are based on permissions.
> But I wanted to have everything the user attends.
That is Overview folders.
> And I got the difference between public and private wrong because I was
> looking at it from the attendees point of view and not from the view
> privilege point of view.
From: Helge Hess <helge.hess@opengroupware.org>
Subject: Re: [OGo-Users] What gets into /Calendar/calendar.ics?
Date: Mon, 16 Apr 2007 22:35:02 +0200
To: users@opengroupware.org
On Apr 16, 2007, at 19:25, Raffael Luthiger wrote:
>> You probably want to use the Overview folder.
> No, because the user would see all the team members appointments as
> well. Or am I wrong?
You are wrong. The Overview resource includes the appointments you
attend while the "other" (regular) calendars show the appointments
based on permissions.
> In the .ics file everything is included a user can see. But I
> wanted to have everything the user attends.
/zidestore/dav/$user/Calendar/ics
shows the *private* appointments of $user
/zidestore/dav/$user/Overview/ics
shows the appointments where $user is an attendee
/zidestore/dav/$user/Groups/$group/Calendar/ics
shows the appointments where the read-access-group is $group
/zidestore/dav/$user/Groups/$group/Overview/ics (does that exist?)
shows the appointments where any of $group members is an attendee
The "Overview" query is what the regular OGo web interface shows.
*** Configuring the S60 phone (Finnish interface) ***
Create a new synchronization profile for the S60 phone as shown below (for the Finnish interface of Symbian S60):
*
o Synkr.profiilin nimi: whatever_you_want
o Sovellukset
+ Osoitekirja < don't sync >
+ Kalenteri
# Sisällytä synkronointiin: Kyllä
# Etätietokanta: < same as GroupDAV connector's SyncML source URI without the ./ >
# Synkronointitapa: Normaali
+ Muistikirja < don't sync >
+ SMS < don't sync >
+ Bookmarks < don't sync >
o Yhteysasetukset
+ Palvelinversio: 1.2 (tai 1.1)
+ Siirtotie: Internet
+ Yhteysosoite: < select some network profile here >
+ Palvelimen osoite: something like http://172.16.0.133/funambol/ds
+ Portti: 8080
+ Käyttäjänimi: < OGo username here >
+ Salasana: < OGo password here>
+ Salli synkr.pyynnöt: ei
+ Verkon tarkistus: ei
Now try synchronizing the phone with your newly created profile. It will fail, but a new device entry will be created to Funambol's device database.
*** Configuring the S60 phone (English interface) ***
NOTE: Just translated from Finnish back to english. Terms used may be differs from those used in the English interface.
Create a new synchronization profile for the S60 phone as shown below:
*
o Profile name: whatever_you_want
o Applications
+ Addressbook < don't sync >
+ Calendar
# Include in synchronization: Yes
# Database: < same as GroupDAV connector's SyncML source URI without the ./ >
# Sync type: Normal
+ Memo < don't sync >
+ SMS < don't sync >
+ Bookmarks < don't sync >
o Connection settings
+ Server version: 1.2 (tai 1.1)
+ Transport/Connection used: Internet
+ Connection address: < select some network profile here >
+ Server address: something like http://172.16.0.133/funambol/ds
+ Port: 8080
+ Username: < OGo username here >
+ Password: < OGo password here>
+ Allow sync. requests: ei
+ Verify/check network: ei
Now try synchronizing the phone with your newly created profile. It might fail, but a new device entry will be created to Funambol's device database.
*** Securing the SyncML transfers ***
** SSL support in Nokia (S60) phones **
All Symbian S60 phones that are less than a couple of years old (2004->) should support SyncML via SSL. The synchronization program in Nokia S60 does not support untrusted certificates. Therefore we need to import Tomcat's SSL certificate to the Nokia, or the sync will fail without any meaningful error message. In addition the certificate name has to match the IP address (or hostname) of the server that is serving it. See SSL support in Tomcat for more information about this.
1 Enter the Tomcat (=Funambol's application server) startup screen with Mozilla Firefox, for example: firefox https://172.16.0.54
2 Accept the certificate
3 Download the "Certviewer plus" extension for Firefox and restart the browser
4 View Tomcat's certificate in "Certviewer plus" and save the certificate in DER format. This is the only format Nokia will accept
5 Upload the DER certificate into some web server's path, for example /var/www/html/cert.der. Make sure you add the extension .der - we need that in the next step
6 By default Nokia's browser cannot comprehend what this .der file is. We need to tweak Apache's configuration so that it will tell what MIME type to associate with these .der files. This can probably be done in many ways, but I simply added a line AddType application/x-x509-ca-cert .der to /etc/httpd/conf/httpd.conf and reloaded Apache configuration with /etc/init.d/httpd reload.
7 Load the .der file with Nokia's web browser. It should now understand what it is, and start the certificate import wizard.
References:
http://discussion.forum.nokia.com/forum/showthread.php?t=109955 http://www.forum.nokia.com/info/sw.nokia.com/id/a60ed5ab-c2fc-486c-89d0-2695b67ffec4/Installing_Certificates_to_S60_3rd_Edition_Devices_v1_1_en.pdf.html
** SSL support in Funambol **
SSL support is provided by the application server (Tomcat), so no special configuration is be needed. Only thing that one might have to do is set the Server URI to point to the correct place, but I have not confirmed this yet.
References:
http://sourceforge.net/mailarchive/message.php?msg_id=1D203E78025AD211A17600A0C9E49BFF3C4D94%40icmiserver01
RE: [Sync4j-users] sync4j on a secure line?
From: Pasi Kallioniemi <pasi.kallioniemi@ip...> - 2004-02-11 11:01
Hi, I have used Nokia 3650 with https in sync4j. Propably most of the new
nokia phones should implement it(?). One which doesn't is nokia 9210(i)
(atleast at the moment with the sync client available v.1.10dev and v.1.01).
I just got syn4j running with https by setting in the install.properties the
address to be https://... and by creating the certificate to the server.
ofcourse setted also to the phone the https://-path
Also I have read somewhere that when using wap as an bearer you can also set
the connection to be secure without https. But this I don't know how will it
work. (I didn't get it working with 9210, because it want's to use internet
connetion somehow).
** SSL support in Tomcat **
By default Tomcat only listens to requests that arrive at port 8080 (webcache), and uses the unencrypted http protocol for transferring the data. It is luckily easy to enable SSL-encrypted communications to Tomcat. You can simply follow the SSL-HOWTO in Tomcat documentation:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
The HOWTO is good, but some points are not 100% clear, so I'll clarify them here. First of all, it's probably best to use the keytool included in the Funambol bundle, instead of your system's default keytool. You can find it from $FUNAMBOL_HOME/tools/jre-1.5.0/jre/bin. When keytool asks about Your name, you must give the server's IP address or hostname instead. Otherwise Nokia's browser and it's synchronization program will fail silently.
When you've opened the server.xml file and uncommented the SSL connector part, make sure that it looks something like this. You can also use the standard SSL port, if some SyncML devices give you a hard time.
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorefile="/root/.keystore" keystorePass="java_keystore_and_tomcat_password" />
Make sure that you have the keystorefile and keystorePass entries. Check the logfile catalina.out in $TOMCAT_ROOT/logs if SSL connection does not work. You can verify that Tomcat is using SSL with a web browser and/or netstat -an.
NOTE: This does not seem to redirect queries from port 8080 to 8443, even though there is a redirectPort="8443"-clause in the Connector port="8080" definition.
Rerences:
http://tomcat.apache.org/tomcat-5.5-doc/index.html
*** Logs and troubleshooting ***
There are a dozen or so logfiles which you can and probably have to use if you encounter problems with Funambol, Opengroupware.org or the GroupDAV connector.
* Discussion boards and mailinglists:
o Nokia discussion forums: http://discussion.forum.nokia.com
o GroupDAV mailinglist: groupdav@opengroupware.org
o Funambol support: http://www.funambol.com/opensource/support/overview.html
* Logs:
o Funambol logs are in $FUNAMBOL_HOME/ds-server/logs. Set the loglevel to ALL in Funamboladmin to get maximum output. You can force different Funambol modules (transport, engine, server, etc) to log to their own logfiles instead of the generic funambol_ds.log.
o GroupDAV connector logs are in $FUNAMBOL_HOME/groupdav-cal. If you have several different connector instances, they can (and must) log to different directories
o OpenGroupware.org logs are in /var/lib/opengroupware/ogo-*.log, but we're most interested in the ogo-zidestore-1.4-err.log and ogo-zidestore-1.4-out.log
o Tomcat logs are in $FUNAMBOL_HOME/tools/tomcat/logs. Tomcat logs contain some things that Funambol logs don't. The most interesting log file is called catalina.out.
o Nokia S60 logs are utterly useless.
Verifying that network connections work is easy with tcpdump, for example on OGo server do a
tcpdump -i eth0 host your_funambol_host
to see if any traffic arrives from the funambol host to the OGo server.
* Introduction
* Tested software configurations
* Check your Java version
* Check the Funambol version
* Matthew McBride's official install guide
* Installing the connector on bundled version of Funambol (3.0a)
* Using postgresql instead of hsqldb for Funambol ds-server
o Installing and configuring postgresql
o Configuring ds-server to use Postgresql
* Configuring the GroupDAV plugin
* Configuring Funambol server
o Server URI
o Creating a new principal
* Zidestore-related issues
o Browsing the Zidestore tree
o Which calendars to get?
o Zidestore bugs
o Other info
* Configuring the S60 phone (Finnish interface)
* Configuring the S60 phone (English interface)
* Securing the SyncML transfers
o SSL support in Nokia (S60) phones
o SSL support in Funambol
o SSL support in Tomcat
* Logs and troubleshooting
*** Introduction ***
This HOWTO is written for the Linux version of Funambol. The variable $FUNAMBOL_HOME refers to the Funambol's base directory. Replace it with your install directory, for example with /opt/Funambol.
*** Tested software configurations ***
Funambol seems to be really picky about software (Java, jdbc-java, ant etc.) versions. Here's a list of software that has been tested:
This setup fails during the bin/install-modules tomcat50 phase when using postgresql. GroupDAV connector 1818 does not work with hsqldb (hypersonic) during the initial install so that's pretty much it, then. Also
* CentOS 5
o Host (=not an OpenVZ VPS)
o Funambol 3.0a or 6.0
o Funambol built-in JRE or Sun Java EE SDK 1.6
o Funambol built-in ant or ant from the repos
o Postgresql-8.1.4
o Postgresl-jdbc-8.1
o GroupDAV plugin 1818 (not really relevant here)
This setup works. Some details might be wrong because the system's harddrive crashed hard so all details were lost.
* Ubuntu 6.06
o Funambol 3.0a bundle
o Funambol built-in JRE
o Funambol built-in ant
o Funambol built-in Tomcat
o Postgresql version unknown (possibly 7.4, 8.0 or 8.1)
o Matching libpg-java version
o GroupDAV plugin 1818
This setup works with connector 1.1.1838.
* Debian Etch (Macbook)
o Funambol 3.0a bundle
o Funambol built-in JRE
o Funambol built-in ant
o Funambol built-in Tomcat
o Funambol built-in HSQLDB database
o GroupDAV plugin 1838
*** Check your Java version ***
First of all, check which version of Java you are using if you are not using the bundled Funambol. Even if you are using the bundle, it's a good idea to check that you have Sun Java installed, instead of GNU Java or something else. The bundle should use it's own ant,tomcat,java and all, but it's better to be on the safe side.
Most Linux distros ship with GNU Java by default, but for complex apps it is not enough. Go get Sun's Java Development kit (JDK) - it's available in Debian/Ubuntu repos. If you're running some other Linux flavor, get SDK from Sun's homepage. Also make sure that you're actually using the correct version. With Redhat/CentOS/Debian you might have serveral different versions installed (due to the alternatives system).
*** Check the Funambol version ***
Currently (6. June 2007) the GroupDAV connector does not work with latest Funambol release (6.0). Use the older 5.0 release instead (funambol-3.0a.bin). Use the bundled version if possible: the standalone ds-server can be made to work, but it does NOT work out of the box, due to several missing files / startup scripts.
*** Installing the connector on bundled version of Funambol (3.0a) ***
NOTE: Newer versions of GroupDAV connector might have everything you need in one *.s4j package. If that is the case, you can safely skip most of this.
Install Funambol as usual: ./funambol3.0a.bin. Then find the zip or tar.gz that contains a directory gdav_libs. Make sure that you're using the right package, as there are several floating around. Next copy the contents of the directory gdav_libs into $FUNAMBOL_HOME/tools/tomcat/server/lib. Afterwards it should look like this (note the file sizes):
samuli@macbook:/tmp/Funambol/tools/tomcat/server/lib$ ls -l
totale 4544
-rw-r--r-- 1 samuli samuli 20418 2007-06-05 13:42 catalina-ant.jar
-rw-r--r-- 1 samuli samuli 124130 2007-06-05 13:42 catalina-cluster.jar
-rw-r--r-- 1 samuli samuli 23233 2007-06-05 13:42 catalina-i18n-es.jar
-rw-r--r-- 1 samuli samuli 22345 2007-06-05 13:42 catalina-i18n-fr.jar
-rw-r--r-- 1 samuli samuli 23733 2007-06-05 13:42 catalina-i18n-ja.jar
-rw-r--r-- 1 samuli samuli 709833 2007-06-05 13:42 catalina.jar
-rw-r--r-- 1 samuli samuli 108919 2007-06-05 13:42 catalina-optional.jar
-rw-r--r-- 1 samuli samuli 188671 2007-06-05 13:42 commons-beanutils.jar
-rw-r--r-- 1 samuli samuli 46725 2007-06-05 14:20 commons-codec-1.3.jar
-rw-r--r-- 1 samuli samuli 109096 2007-06-05 13:42 commons-digester.jar
-rw-r--r-- 1 samuli samuli 22379 2007-06-05 13:42 commons-fileupload-1.0.jar
-rw-r--r-- 1 samuli samuli 63980 2007-06-05 14:20 commons-lang-1.0.1.jar
-rw-r--r-- 1 samuli samuli 52915 2007-06-05 14:20 commons-logging-1.1.jar
-rw-r--r-- 1 samuli samuli 20937 2007-06-05 14:20 commons-logging-adapters-1.1.jar
-rw-r--r-- 1 samuli samuli 44598 2007-06-05 14:20 commons-logging-api-1.1.jar
-rw-r--r-- 1 samuli samuli 109670 2007-06-05 13:42 commons-modeler.jar
-rw-r--r-- 1 samuli samuli 265111 2007-06-05 14:20 foundation-3.0.9.jar
-rw-r--r-- 1 samuli samuli 6272 2007-06-05 14:20 funambol-admin-dev.jar
-rw-r--r-- 1 samuli samuli 417303 2007-06-05 14:20 funambol-framework.jar
-rw-r--r-- 1 samuli samuli 473546 2007-06-05 14:20 ical4j-1.0-beta1.jar
-rw-r--r-- 1 samuli samuli 25429 2007-06-05 13:42 jakarta-regexp-1.3.jar
-rw-r--r-- 1 samuli samuli 110237 2007-06-05 13:42 JGroupDAV.jar
-rw-r--r-- 1 samuli samuli 110237 2007-06-05 13:20 JGroupDAV.jar.1
-rw-r--r-- 1 samuli samuli 161809 2007-06-05 13:34 JGroupDAV.jar.2
-rw-r--r-- 1 samuli samuli 30436 2007-06-05 13:42 jkconfig.jar
-rw-r--r-- 1 samuli samuli 463 2007-06-05 13:42 jkshm.jar
-rw-r--r-- 1 samuli samuli 502389 2007-06-05 14:20 joda-time-1.0.jar
-rw-r--r-- 1 samuli samuli 20425 2004-11-24 12:42 servlets-cgi.renametojar
-rw-r--r-- 1 samuli samuli 3978 2007-06-05 13:42 servlets-common.jar
-rw-r--r-- 1 samuli samuli 20554 2007-06-05 13:42 servlets-default.jar
-rw-r--r-- 1 samuli samuli 6107 2007-06-05 13:42 servlets-invoker.jar
-rw-r--r-- 1 samuli samuli 46220 2004-11-24 12:42 servlets-ssi.renametojar
-rw-r--r-- 1 samuli samuli 21834 2007-06-05 13:42 servlets-webdav.jar
-rw-r--r-- 1 samuli samuli 199556 2007-06-05 14:20 smallsql.jar
-rw-r--r-- 1 samuli samuli 18899 2007-06-05 13:42 tomcat-coyote.jar
-rw-r--r-- 1 samuli samuli 52653 2007-06-05 13:42 tomcat-http11.jar
-rw-r--r-- 1 samuli samuli 118840 2007-06-05 13:42 tomcat-jk2.jar
-rw-r--r-- 1 samuli samuli 3543 2007-06-05 13:42 tomcat-jk.jar
-rw-r--r-- 1 samuli samuli 13088 2007-06-05 13:42 tomcat-jni.jar
-rw-r--r-- 1 samuli samuli 184267 2007-06-05 13:42 tomcat-util.jar
Most of these jar's are not related to the GroupDAV connector. Check that the JGroupDAV.jar is the same size as the one above: there are several versions floating around in Matthew's webpage, and they don't seem to be compatible with each other. The smallsql.jar is probably required, even though it's not in gdav_libs - Tomcat will complain if it's missing (or so it seems).
Next copy groupdav-1.1.1838.s4j to $FUNAMBOL_HOME/ds-server/modules. Add a new entry groupdav-1.1.1838 to $FUNAMBOL_HOME/ds-server/install.properties file, into section modules-to-install
samuli@macbook:/tmp/Funambol/ds-server/modules$ ls -l
totale 3004
-rw-r--r-- 1 samuli samuli 11909 2006-09-08 17:25 dummy-3.0.4.s4j
-rw-r--r-- 1 samuli samuli 738826 2006-09-08 17:25 foundation-3.0.9.s4j
-rw-r--r-- 1 samuli samuli 79097 2006-09-08 17:25 funambol-db-3.0.7.s4j
-rw-r--r-- 1 samuli samuli 576942 2006-09-08 17:27 funambol-email-3.0.15.s4j
-rw-r--r-- 1 samuli samuli 68128 2007-06-05 13:20 groupdav-1.1.1838.s4j
-rw-r--r-- 1 samuli samuli 16791 2006-09-08 17:25 pdi-3.0.5.s4j
-rw-r--r-- 1 samuli samuli 1552360 2006-09-08 17:25 pimweb-3.0.8.s4j
If you are using the built-in Hypersonic (hsqldb) database, you'll have to start Funambol next: $FUNAMBOL_HOME/tools/bin/funambol.sh start. Then move to $FUNAMBOL_HOME/ds-server and install the Funambol applications to the Tomcat application server:
sudo bin/install.sh tomcat50
sudo bin/install-modules.sh tomcat50
Now restart Funambol:
$FUNAMBOL_HOME/tools/bin/funambol.sh stop
$FUNAMBOL_HOME/tools/bin/funambol.sh start
and start the admin tool with
cd $FUNAMBOL_HOME/admin/bin
./funamboladmin
Funamboladmin will not start unless you are in the specified directory.
*** Using postgresql instead of hsqldb for Funambol ds-server ***
Version 1.1.1818 of the groupDAV connector does not seem to work with Funambol's built-in hsqldb dastabase. This problem can be circumvented by using postgresql, for example. This is probably a good idea anyway, and is not really that hard to set ds-server to use postgresql instead of hsqldb.
Version 1.1.1838 seems to install fine on either Postgresql or Hsqldb.
** Installing and configuring postgresql **
First install postgresql. I've tested only postgresql 8.0.7, but probably anything remotely recent version will work. You should not encounter any problems here. In addition to postgresql, you will need postgresql.jar, which enables Java software to connect to postgresql databases. On Debian, this file is in package libpg-java. NOTE: libpg-java in Ubuntu 6.06 (June 2006) supports only postgresql 8.0.x and older. Check the compability of you libpg-java before proceeding.
Next modify the file /etc/postgresql-8.0/main/pg_hba.conf (provided you are on Debian/Ubuntu). If you're on CentOS 4/5 the file must be created and is located in /var/lib/pgsql/data:
# Database administrative login by UNIX sockets
local all postgres ident sameuser
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident sameuser
# IPv4 local connections:
# We don't want to use md5 passwords for testing and we trust anything coming from localhost.
# Funambol uses TCP/IP for communication so trusting Unix domain sockets is not enough.
#host all all 127.0.0.1/32 md5
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
If you don't feel lucky, edit the file /etc/postgresql-8.0/main/postgresql.conf and change the logging levels. Next restart postgresql with /etc/init.d/postgresql-8.0 restart. Then from a terminal do
bash> sudo -s
bash> su - postgres
bash> createuser --password funambol
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) n
Password:
CREATE USER
bash> createdb -O funambol funambol
bash>
You can verify that all went ok by doing
-bash-3.00$ psql -h localhost
Welcome to psql 8.1.8, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
postgres=# \l
List of databases
Name | Owner | Encoding
-----------+----------+-----------
funambol | funambol | SQL_ASCII
postgres | postgres | SQL_ASCII
template0 | postgres | SQL_ASCII
template1 | postgres | SQL_ASCII
(4 rows)
postgres=# \q
** Configuring ds-server to use Postgresql **
Now that we have a user with a password, we can move on to configuring Funambol ds-server.
bash> nano $FUNAMBOL_HOME/ds-server/install.properties
Change the DBMS name to postgresql:
#
# The DBMS name. One of:
# - ansisql99
# - db2
# - hypersonic
# - mysql
# - oracle
# - postgresql
# - sqlserver
# - sybase
#
#dbms=hypersonic
dbms=postgresql
Also comment out all references to hsqldb, just in case:
#jdbc.classpath=../tools/hypersonic/lib/hsqldb.jar
#jdbc.driver=org.hsqldb.jdbcDriver
#jdbc.url=jdbc:hsqldb:hsql://localhost/funambol
#jdbc.user=sa
#jdbc.password=
Last and not definitely least configure the postgresql connector:
# PostgreSQL
# ==========
#
#jdbc.classpath=<somepath>/postgresql.jar
#jdbc.driver=org.postgresql.Driver
#jdbc.url=jdbc:postgresql://<hostname>/funambol
#jdbc.user=funambol
#jdbc.password=funambol
jdbc.classpath=/usr/share/java/postgresql.jar
jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost/funambol
jdbc.user=sa
jdbc.password=sa
Make sure that you use the same password you gave when you did createuser --password sa. Next proceed with installing modules as shown in previous chapter.
NOTE: You probably get errors like "unknown table fnbl_module" or similar when installing the modules. These are not actually errors, as the install script just informs that such tables do not _yet_ exist. When you run the install command again, it should not complain anymore.
In case you're interested, you can find the SQL database initialization scripts like this:
etch:/opt/Funambol/ds-server# find . -name "*.ddl"
./default/sql/mysql/create_engine.ddl
./default/sql/mysql/drop_engine.ddl
./default/sql/hypersonic/create_engine.ddl
./default/sql/hypersonic/drop_engine.ddl
./default/sql/ansisql99/create_engine.ddl
./default/sql/ansisql99/drop_engine.ddl
./default/sql/sqlserver/create_engine.ddl
./default/sql/sqlserver/drop_engine.ddl
./default/sql/sybase/create_engine.ddl
./default/sql/sybase/drop_engine.ddl
./default/sql/db2/create_engine.ddl
./default/sql/db2/drop_engine.ddl
./default/sql/postgresql/create_engine.ddl
./default/sql/postgresql/drop_engine.ddl
./default/sql/oracle/create_engine.ddl
./default/sql/oracle/drop_engine.ddl
The files we're interested in are in default/sql/postgresql. If you for some reason want to initialize the database manually, you can do it like this:
etch:/opt/Funambol/ds-server# cd default/sql/postgresql
etch:/opt/Funambol/ds-server/default/sql/postgresql# psql -h localhost -U funambol funambol < create_engine.ddl
--- psql output ---
etch:/opt/Funambol/ds-server/default/sql/postgresql# psql -h localhost -U funambol funambol < init_engine.dll
--- psql output ---
*** Configuring the GroupDAV plugin ***
From here on, you should be able to follow Matthew's own deployment guide. Some things, however, are not mentioned in it, and all the steps will be covered here also. You're supposed to be in the Funamboladmin tool now.
* Go to Server settings -> Logging -> funambol and set logging level to ALL
* Go to Users and create a new user with the same name and password which OGo uses. NOTE: Synchronization will fail if you the user is Administrator - you will have to use User instead. This was not the case before.
* Go to Modules -> GroupDAV -> BionicMessageGroupDAVconnector and create a new instance of the GroupDAV connector with following settings
o SyncML Source URI: ./calendar
+ NOTE:: Nokia S60 phones add ./ automatically so it is required
o Source type: text/x-vcalendar
+ For events, see Matthew's guide for more info
o GroupDAV URL: http://hostname:port
o Server Source: /zidestore/dav/%USER%/Calendar
+ %USER% refers to the connecting user, so there's no need to create 1000 instances of this connector for 1000 users. Note that you might or might not have to add a trailing slash to the end, depending on the connector version
o Store Location: /opt/Funambol/groupdav-cal
+ This is where groupdav connector's logs are stored in
*** Configuring Funambol server ***
** Server URI **
A snippet from Stefano at sync4-users list:
> Does https work if Server URI is not set? Also, could you explain what
> is the point of Server URI anyway? I know Funambol can operate fine even
> without it, so when and why do I need to define it?
You should set it [Server URI] every time you want that the client gets back to a
specific URL. For example, if you have a load balancer in front of a
cluster of Funambol servers, you probably want that the clients use
always the cluster URL to address a server, not the one of the node
that is handled the request.
** Creating a new principal **
A principal is what ties a user and a device together in Funambol. First sync should create the user, the device and the principal automatically (s.c. autoprovisioning of principals). If that does not work, create the principal manually with Funamboladmin:
* Go to Principal and add a new principal
* Select the user and device you wish to link and click Add principal
That's all.
*** Zidestore-related issues ***
** Browsing the Zidestore tree **
Zidestore server can be browsed with any WebDAV client, like cadaver. With it the calendar/todo/task files at Zidestore server can be listed, downloaded, etc. It is also possible to use a WebDAV capable browser, like Firefox to browse the DAV tree.
Examples:
cadaver http://ogo-server-address/zidestore
firefox http://ogo-server-address/zidestore
If browsing does not work, it is likely that you're trying to browse a branch to which you don't have access to (=only root has access). In this case, try giving your own DAV path:
firefox http://ogo-server-address/zidestore/dav/myusername/Calendar
** Which calendars to get? **
As S60 phones seem to be able to keep in sync with only one calendar at time (verify this), it's extremely important to get the right set of events (=calendar) from Zidestore.
* User's private events: /zidestore/dav/%USER%/Calendar
o this contains events that are marked private in OGo and Nokia S60
* User's non-private events: /zidestore/dav/%USER%/Overview
o This _should_ contain all events that the user is part of, whether as himself/herself or as a part of a group. This DOES NOT include events that are common to All intranet, as there are simply too many of them.
* Group events: /zidestore/dav/%USER%/Groups/Sales/Calendar/
o All events that are readable by members of the given group
* Group overview: /zidestore/dav/$user/Groups/Sales/Overview/ics (does this exist?)
o Shows the appointments where any of Sales members is an attendee
The "Overview" query is what the regular OGo web interface shows.
In case you want to use Group Overview calendars, take a look at http://www.opengroupware.org/en/users/docs/snippets/ZideStore/ZideStore-URLs.html:
Group Overview folders are activated using the "ZLShowGroupOverviewCalendars"
default:
Defaults write ZideStore ZLShowGroupOverviewCalendars YES
Most likely you don't want this (see above).
** Zidestore bugs **
GroupDAV mailinglist 24.-25. July 2007:
Hi!
I've finally managed to sort out most issues with Zidestore 1.5 <-> GroupDAV connector <->
Funambol <-> Nokia S60 synchronization. There is one problem, however... Whenever I create
an event in OGo and write a multiline comment for it, it doesn't get synced at all. All
VCALENDARs thatcontain a multiline DESCRIPTION fail consistently, so linefeeds are obviously
the source of the problem. These multiline DESCRIPTION events do appear in the GroupDAV connector
logs, but they never gets to the Nokia. I suppose GroupDAV connector is rejecting it.
The OGo event comment get mapped to DESCRIPTION in the VCALENDAR's VEVENT subsection. When I
view the multiline DESCRIPTION field with either "less" or "vi", this is what I get:
--- snip ---
DESCRIPTION:John Doe\, mobile. 555 123456^M\n^M\nSee: http://www.johndoe.com/ (Pages are not in use yet)
--- snip ---
This is from GroupDAV connector logs, of course. This does not look right. There should not be any
^M 's (either a CR or LF, I can't never remember).
From RFC2445 (http://www.faqs.org/rfcs/rfc2445.html):
description = "DESCRIPTION" descparam ":" text CRLF
--- snip ---
Example: The following is an example of the property with formatted
line breaks in the property value:
DESCRIPTION:Meeting to provide technical review for "Phoenix"
design.\n Happy Face Conference Room. Phoenix design team
MUST attend this meeting.\n RSVP to team leader.
The following is an example of the property with folding of long
lines:
DESCRIPTION:Last draft of the new novel is to be completed
for the editor's proof today.
--- snip ---
This clearly states that the DESCRIPTION field should contain only \n as the linefeed,
or CRLF linefeed. Or possibly both, if I understand correctly. No DOS/Mac linefeed
(just CR or LF, not CRLF).
Is this just Zidestore serving invalid VCALENDAR files, or is GroupDAV connector doing
something it shouldn't?
Samuli
> Is this just Zidestore serving invalid VCALENDAR files
Apparently the CRs are not properly escaped (or removed) in the comment content. Maybe thats
confusing the vcard4j, yes.
Helge
** Other info **
An important piece of information from Helge (28.7.2003), seems to be valid even to this day (2007):
The main thing the ZideStore middleware does is mapping the "flat" OGo
database calendar containing *all* OGo appointments to a hierarchy for
ZideLook/Evolution/WebDAV. So you always get a "virtual hierarchy"
which is mapped to queries, eg:
/zidestore/so/donald
/Calendar => only private appointments of donald
/Groups
/Sales
/Calendar => only apts where read-access is "Sales" group
/Overview => apts of all people connected to Sales group
/Overview => *all* apts of donald
Also needs to be documented ... If ZideStore on day uses SoOFS, it will
be pretty easy to see the internal workings, since the WebDAV hierarchy
will map to a filesystem (template) hierarchy.
regards,
Helge
From helge.hess@opengroupware.org Mon Nov 24 22:03:15 2003
Return-Path: <helge.hess@opengroupware.org>
Delivered-To: users@opengroupware.org
> 2) If I try to use the /zidestore/so/marcus/Overview/calendar.ics I
> only get my personal stuff, i.e., not any of the groups I'm a member
> of.
That would be a bug. You should see all appointments which are directly
connected to you (where you are added as an account or as a group). But
it doesn't contain appointments of other people, for that you need to
subscribe a Group Calendar, eg:
/zidestore/so/<login>/Groups/sales/calendar.ics
Message from Helge Hess:
From: groupdav@opengroupware.org (Helge Hess)
Date: Tue, 1 Aug 2006 14:33:15 +0200
Subject: [GroupDAV] Exception with GroupDAV Connector
On Aug 1, 2006, at 14:25, Mathew McBride wrote:
>> http://myserver:80/zidestore/dav/myuser. I thought it was /zidestore/so/user?
The 'so' key does some automatic detection of which HTTP protocol is being used (based on user agent,
method, content etc etc). Using 'dav' ensures that we are in 'WebDAV mode', so its the better choice
for GroupDAV clients. (other modes are things like XML-RPC or SOAP)
From: Helge Hess <helge.hess@opengroupware.org>
Subject: Re: [OGo-Users] Wanted: Testers for GroupDAV Integration with KOrganzier
Date: Thu, 7 Apr 2005 12:51:36 +0200
To: users@opengroupware.org
> both URL's return folder listings
> http://localhost/zidestore/so/chris123 and
> http://localhost/zidestore/dav/chris123
>
> which one is preferred or considered correct?
"dav" is better. SOPE URL are always like this:
/APPNAME/REQUEST-HANDLER/stuff
The REQUEST-HANDLER determines how requests are processed, we have
x or wa - direct actions
wo - component actions
so - SOPE path traversal
RPC2 - XML-RPC (SOPE-path traversal)
dav - WebDAV access (SOPE-path traversal)
If you use "so", SOPE will try to detect the request type
automagically. It uses the user-agent and other request properties to
do this. Eg if the client issues a PROPFIND request, WebDAV will always
get selected. On the other side Cadaver is always in WebDAV mode by
user-agent.
"Problematic" requests are GET and POST, those can be ambiguous and
might need ua detection.
Summary: 'dav' is more explicit than 'so' if you want to enforce WebDAV
access.
Subject: Re: [OGo-Users] What gets into /Calendar/calendar.ics?
From: Adam Tauno Williams <awilliam@whitemice.org>
To: users@opengroupware.org
Date: Mon, 16 Apr 2007 13:36:01 -0400
> > This is explained, mostly, at:
> > http://www.opengroupware.org/en/users/docs/snippets/ZideStore/ZideStore-URLs.html
> Thanks. I've been reading this page about 10 times today.
> >> To say is that this user is the team leader and almost all his
> >> appointments are created by the secretary. In the web-ui I can see that
> >> he is in all appointments as an attendee.
> > You probably want to use the Overview folder.
> No, because the user would see all the team members appointments as
> well. Or am I wrong? But I got the "problem" now.
If you are using a group Overview yes.
The user's Overview should be the events they are participating in;
/zidestore/dav/%USER%/Overview
If possible I'd recommend retrieving events via GroupDAV (DAV) rather
can iCalendar; depends on what your client supports.
> In the .ics file everything is included a user can see.
Correct, the private and public folders are based on permissions.
> But I wanted to have everything the user attends.
That is Overview folders.
> And I got the difference between public and private wrong because I was
> looking at it from the attendees point of view and not from the view
> privilege point of view.
From: Helge Hess <helge.hess@opengroupware.org>
Subject: Re: [OGo-Users] What gets into /Calendar/calendar.ics?
Date: Mon, 16 Apr 2007 22:35:02 +0200
To: users@opengroupware.org
On Apr 16, 2007, at 19:25, Raffael Luthiger wrote:
>> You probably want to use the Overview folder.
> No, because the user would see all the team members appointments as
> well. Or am I wrong?
You are wrong. The Overview resource includes the appointments you
attend while the "other" (regular) calendars show the appointments
based on permissions.
> In the .ics file everything is included a user can see. But I
> wanted to have everything the user attends.
/zidestore/dav/$user/Calendar/ics
shows the *private* appointments of $user
/zidestore/dav/$user/Overview/ics
shows the appointments where $user is an attendee
/zidestore/dav/$user/Groups/$group/Calendar/ics
shows the appointments where the read-access-group is $group
/zidestore/dav/$user/Groups/$group/Overview/ics (does that exist?)
shows the appointments where any of $group members is an attendee
The "Overview" query is what the regular OGo web interface shows.
*** Configuring the S60 phone (Finnish interface) ***
Create a new synchronization profile for the S60 phone as shown below (for the Finnish interface of Symbian S60):
*
o Synkr.profiilin nimi: whatever_you_want
o Sovellukset
+ Osoitekirja < don't sync >
+ Kalenteri
# Sisällytä synkronointiin: Kyllä
# Etätietokanta: < same as GroupDAV connector's SyncML source URI without the ./ >
# Synkronointitapa: Normaali
+ Muistikirja < don't sync >
+ SMS < don't sync >
+ Bookmarks < don't sync >
o Yhteysasetukset
+ Palvelinversio: 1.2 (tai 1.1)
+ Siirtotie: Internet
+ Yhteysosoite: < select some network profile here >
+ Palvelimen osoite: something like http://172.16.0.133/funambol/ds
+ Portti: 8080
+ Käyttäjänimi: < OGo username here >
+ Salasana: < OGo password here>
+ Salli synkr.pyynnöt: ei
+ Verkon tarkistus: ei
Now try synchronizing the phone with your newly created profile. It will fail, but a new device entry will be created to Funambol's device database.
*** Configuring the S60 phone (English interface) ***
NOTE: Just translated from Finnish back to english. Terms used may be differs from those used in the English interface.
Create a new synchronization profile for the S60 phone as shown below:
*
o Profile name: whatever_you_want
o Applications
+ Addressbook < don't sync >
+ Calendar
# Include in synchronization: Yes
# Database: < same as GroupDAV connector's SyncML source URI without the ./ >
# Sync type: Normal
+ Memo < don't sync >
+ SMS < don't sync >
+ Bookmarks < don't sync >
o Connection settings
+ Server version: 1.2 (tai 1.1)
+ Transport/Connection used: Internet
+ Connection address: < select some network profile here >
+ Server address: something like http://172.16.0.133/funambol/ds
+ Port: 8080
+ Username: < OGo username here >
+ Password: < OGo password here>
+ Allow sync. requests: ei
+ Verify/check network: ei
Now try synchronizing the phone with your newly created profile. It might fail, but a new device entry will be created to Funambol's device database.
*** Securing the SyncML transfers ***
** SSL support in Nokia (S60) phones **
All Symbian S60 phones that are less than a couple of years old (2004->) should support SyncML via SSL. The synchronization program in Nokia S60 does not support untrusted certificates. Therefore we need to import Tomcat's SSL certificate to the Nokia, or the sync will fail without any meaningful error message. In addition the certificate name has to match the IP address (or hostname) of the server that is serving it. See SSL support in Tomcat for more information about this.
1 Enter the Tomcat (=Funambol's application server) startup screen with Mozilla Firefox, for example: firefox https://172.16.0.54
2 Accept the certificate
3 Download the "Certviewer plus" extension for Firefox and restart the browser
4 View Tomcat's certificate in "Certviewer plus" and save the certificate in DER format. This is the only format Nokia will accept
5 Upload the DER certificate into some web server's path, for example /var/www/html/cert.der. Make sure you add the extension .der - we need that in the next step
6 By default Nokia's browser cannot comprehend what this .der file is. We need to tweak Apache's configuration so that it will tell what MIME type to associate with these .der files. This can probably be done in many ways, but I simply added a line AddType application/x-x509-ca-cert .der to /etc/httpd/conf/httpd.conf and reloaded Apache configuration with /etc/init.d/httpd reload.
7 Load the .der file with Nokia's web browser. It should now understand what it is, and start the certificate import wizard.
References:
http://discussion.forum.nokia.com/forum/showthread.php?t=109955 http://www.forum.nokia.com/info/sw.nokia.com/id/a60ed5ab-c2fc-486c-89d0-2695b67ffec4/Installing_Certificates_to_S60_3rd_Edition_Devices_v1_1_en.pdf.html
** SSL support in Funambol **
SSL support is provided by the application server (Tomcat), so no special configuration is be needed. Only thing that one might have to do is set the Server URI to point to the correct place, but I have not confirmed this yet.
References:
http://sourceforge.net/mailarchive/message.php?msg_id=1D203E78025AD211A17600A0C9E49BFF3C4D94%40icmiserver01
RE: [Sync4j-users] sync4j on a secure line?
From: Pasi Kallioniemi <pasi.kallioniemi@ip...> - 2004-02-11 11:01
Hi, I have used Nokia 3650 with https in sync4j. Propably most of the new
nokia phones should implement it(?). One which doesn't is nokia 9210(i)
(atleast at the moment with the sync client available v.1.10dev and v.1.01).
I just got syn4j running with https by setting in the install.properties the
address to be https://... and by creating the certificate to the server.
ofcourse setted also to the phone the https://-path
Also I have read somewhere that when using wap as an bearer you can also set
the connection to be secure without https. But this I don't know how will it
work. (I didn't get it working with 9210, because it want's to use internet
connetion somehow).
** SSL support in Tomcat **
By default Tomcat only listens to requests that arrive at port 8080 (webcache), and uses the unencrypted http protocol for transferring the data. It is luckily easy to enable SSL-encrypted communications to Tomcat. You can simply follow the SSL-HOWTO in Tomcat documentation:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
The HOWTO is good, but some points are not 100% clear, so I'll clarify them here. First of all, it's probably best to use the keytool included in the Funambol bundle, instead of your system's default keytool. You can find it from $FUNAMBOL_HOME/tools/jre-1.5.0/jre/bin. When keytool asks about Your name, you must give the server's IP address or hostname instead. Otherwise Nokia's browser and it's synchronization program will fail silently.
When you've opened the server.xml file and uncommented the SSL connector part, make sure that it looks something like this. You can also use the standard SSL port, if some SyncML devices give you a hard time.
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorefile="/root/.keystore" keystorePass="java_keystore_and_tomcat_password" />
Make sure that you have the keystorefile and keystorePass entries. Check the logfile catalina.out in $TOMCAT_ROOT/logs if SSL connection does not work. You can verify that Tomcat is using SSL with a web browser and/or netstat -an.
NOTE: This does not seem to redirect queries from port 8080 to 8443, even though there is a redirectPort="8443"-clause in the Connector port="8080" definition.
Rerences:
http://tomcat.apache.org/tomcat-5.5-doc/index.html
*** Logs and troubleshooting ***
There are a dozen or so logfiles which you can and probably have to use if you encounter problems with Funambol, Opengroupware.org or the GroupDAV connector.
* Discussion boards and mailinglists:
o Nokia discussion forums: http://discussion.forum.nokia.com
o GroupDAV mailinglist: groupdav@opengroupware.org
o Funambol support: http://www.funambol.com/opensource/support/overview.html
* Logs:
o Funambol logs are in $FUNAMBOL_HOME/ds-server/logs. Set the loglevel to ALL in Funamboladmin to get maximum output. You can force different Funambol modules (transport, engine, server, etc) to log to their own logfiles instead of the generic funambol_ds.log.
o GroupDAV connector logs are in $FUNAMBOL_HOME/groupdav-cal. If you have several different connector instances, they can (and must) log to different directories
o OpenGroupware.org logs are in /var/lib/opengroupware/ogo-*.log, but we're most interested in the ogo-zidestore-1.4-err.log and ogo-zidestore-1.4-out.log
o Tomcat logs are in $FUNAMBOL_HOME/tools/tomcat/logs. Tomcat logs contain some things that Funambol logs don't. The most interesting log file is called catalina.out.
o Nokia S60 logs are utterly useless.
Verifying that network connections work is easy with tcpdump, for example on OGo server do a
tcpdump -i eth0 host your_funambol_host
to see if any traffic arrives from the funambol host to the OGo server.
