This document serves as a quickstart for Kopano One on Debian 10 (buster). These are step by step instructions that get your system into a state that is secure, performant and most importantly: supported.
There are a few requirements to the installation and the hardware:
- The configuration is designed to scale to up to 250 users
- Hardware wise, for 250 users you would need 32GB of memory and 4-8 CPU cores. Storage needs to be plenty and high-performant.
- Everything must be located on the local system (such as the database and attachments). The exception here is LDAP / AD, which can run on a separate system.
- The 'sudo' command is installed and configured (this means, your user is member of the 'sudo' group).
Step by step instructions
This document assumes you have a non-root user with sudo-acces on a clean Debian 10 system.
Some packages need to be installed on the system before we begin:
These instructions also depend on the server having a valid hostname, which includes the FQDN.
hostname -f must return the exact hostname you want to use to access the system. If the command does not provide the exact hostname, use the hostname manpages to change it.
NB: This hostname will be used in the configuration of services and cannot be changed later
1. Configure the repository
Kopano One comes in a Debian style repository. Install the key and add the repository to the apt sources list.
Download and install the repository key:
Verify that you have the key with the fingerprint
801A 065C 9F19 C9D9 1AB8 FBEE EC50 B5F3 B9DA 48E3
by searching for the last 8 characters of the fingerprint:
Add the repository:
2. Install Kopano One
Kopano One comes with a meta-package that will automatically install the software, the dependencies and the default configurations.
During the installation you might get prompted to configure Postfix. Choose the 'Internet site'-option, and keep the default values when prompted (we will configure postfix in a later step).
3. Install the license
While the software will run without a license, you’ll need a valid license with enough users to create new user accounts. On a fresh installation, this means you will need the license to be installed before the first mailbox can be created.
- Upload or paste your license to
(the filename does not matter, so use whatever you prefer)
4. Set up TLS
Kopano One requires trusted TLS. You will need a publicly trusted certificate and key.
Create the TLS directory
Move your key/certificate to the required locations:
- Server key:
- Certificate bundle:
Make sure the permissions to the files are secure:
Add the kopano user to the www-data group so it has access to the key
5. Set permissions on the database
Kopano One needs to store its data locally in the MariaDB database. Set the permissions for this user - the database will be automatically create on first startup.
The kopano-server also needs to use ther correct user to access the database, so make sure to add the following to /etc/kopano/server.cfg:
6a. Install LDAP and create users for Kopano ONE
If you already have a LDAP or AD setup, you can skip this step and continue with 6b.
First install the ldap server:
When prompted, provide a password for the ldap-admin.
This password will be used in the next step, so make sure you remember it.
Veryify the installation of slapd configured your hostname correctly by running
If the result is incorrect, reconfigure ldap:
When prompted provide your (complete) hostname and further details:
Now add the Kopano schema to ldap:
For the next part we will create some ldif-files and add those. To keep things organised, we suggest creating a folder for these ldif-files:
Create a file called users-org.ldif containing:
Import the ldif file into ldap.
Check if the Users organisational unit was created:
Now we are ready to add a user to LDAP, create a new file called <USERNAME>.ldif
If kopanoAdmin is set to 1, the user will be an administrator and have access to all mailboxes, so make sure not to enable administrator privileges for users that don't need it, by setting kopanoAdmin to 0.
Every user needs a uniq
gidNumber, so we suggest incrementing these for every user.
Then add the user to LDAP:
And confirm the user is added:
If you want to create more users, you can repeat these steps for every user.
6b. Configure LDAP for kopano-server
The Kopano server needs to get the email-accounts created in LDAP or AD.
In the Kopano server configuration
/etc/kopano/server.cfg set the user plugin to ldap:
Next, copy the example ldap configuration:
Adapt it to the desired configuration, by setting the following in
7. Configure Postfix
Postfix needs to be configured as the MTA and needs to talk to LDAP to resolve users and groups, and provide secure interfaces.
For resolving the primary e-mail address of the user, create the file
/etc/postfix/ldap-users.cf, add the following lines, and set the
Configure Postfix using the following commands:
/etc/kopano/dagent.cfg, set the following:
8. Set up Konnect (OpenID Connect)
Konnect provides the authentication for WebApp in Kopano One installations. Kopano-server and kopano-webapp need to be configured to use Konnect.
/etc/kopano/konnectd.cfg, set the following:
/etc/kopano/server.cfg, set the following:
/etc/kopano/kapid.cfg, set the following:
/etc/kopano/webapp/config.php, set the following:
9. Configure IMAP
IMAP services need to be securily accessible.
/etc/kopano/gateway.cfg, set the following:
10. Configure KDAV
If you want to use CalDAV and/or CardDAV, the root URI needs to be set in its configuration.
/etc/kopano/kdav/config.php, set the following:
11. Configure Kweb
Kweb is the Kopano provided webserver that delivers all the Kopano web applications in a performant and secure manner. It needs a little bit of configuration to use the TLS certificates generated or installed in step 4.
- In /etc/kopano/kwebd.cfg, set the following:
12. Restart services
Restart all services to activate changed configurations.
13. Create the public store and sync users
Even if you don’t use a public store, make sure you create it, as it is used for some internal functions like publishing of free/busy information.
You should now see a list of the users you created when configuring the LDAP or AD.
Done! You should now be able to login on https://<yourdomain.example.com>/webapp/ with the user(s) you created.