Enabling CBPolicyD WebUI

How to Install/Enable CBPolicyD WebUI in Zimbra

Activating CBPolicyD

Before using CBPolicyD, you must have CBPolicyd installed and enabled in your Zimbra server. To install and enable it login to your Zimbra server as the Zimbra user

su - zimbra
zmprov ms `zmhostname` +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

Activating CBPolicyD WebUI

Now you need to host the CBPolicyD website in Zimbra’s Apache server. This we can do by creating a soft link of CBPolicyD’s source code on apache’s root directory.

cd /opt/zimbra/data/httpd/htdocs/ && ln -s ../../../common/share/webui

Now, we need to configure CBPolicyD’s source code to connect to the appropriate database. To do this, we need to open the config file and change DB_DSN value. To do so open the config file by

vi /opt/zimbra/common/share/webui/includes/config.php

and change DB_DSN value from mysql:host=localhost;dbname=cluebringer to sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb as follows

$DB_DSN=”mysql:host=localhost;dbname=cluebringer”;

to

$DB_DSN="sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb";

Enable ACLs for CBPolicyD

zmprov mcf +zimbraMtaRestriction 'check_policy_service inet:127.0.0.1:10031'
zmprov ms mail.domainname.com zimbraCBPolicydAccessControlEnabled TRUE

Restart Zimbra

su - zimbra -c "zmcontrol restart"
su - zimbra -c "zmapachectl restart"

Access CBPolicyD from http://yourServerName:7780/webui/index.php replacing yourServerName.

Protect CBPolicyD WebUI with Password

When you access PolicyD WebUI, you are not be asked to enter any username and password. To protect PolicyD WebUI you can set username and password using htaccess as follows

Go to

cd /opt/zimbra/common/share/webui/

open .htaccess file

vi .htaccess

Add these lines

AuthUserFile /opt/zimbra/common/share/webui/.htpasswd
AuthGroupFile /dev/null
AuthName "User and Password"
AuthType Basic
require valid-user

create .htpasswd file

touch .htpasswd
/opt/zimbra/common/bin/htpasswd -cb .htpasswd user password

open httpd.conf file

vi /opt/zimbra/conf/httpd.conf

add these lines to the end

Alias /webui /opt/zimbra/common/share/webui/
<Directory /opt/zimbra/common/share/webui/>
# Comment out the following 3 lines to make web ui accessible from anywhere
AllowOverride AuthConfig
Order Deny,Allow
Allow from all
</Directory>

and run

su – zimbra -c "zmapachectl restart"

Access CBPolicyD from http://yourServerName:7780/webui/index.php replacing yourServerName to verify if it asks for username and password.

Technical writer at Zextras, an open-source and technology enthusiast who creates instructional and technical articles about Zextras and Zimbra.

Post your comment