Multi-domain setup with Kolab 3.3 on CentOS 7

Cornelius Hald hald at icandy.de
Mon Sep 29 22:51:48 CEST 2014 

Well, at least I'm not alone :)

While writing this mail, it looks like I've solved my initial issue. So
the following is more of a walk through. Comments of people with more
insights are very welcome.

TL;DR
In imapd.conf replace 
ldap_domain_base_dn: ""
with
ldap_domain_base_dn: cn=kolab,cn=config


__ The story (so far) __

To me it looks like /var/log/dirsrv/slapd-kolab/access has the most
information about what is going on.

I think the imapd.conf is a bit strange. I've left the file mostly
untouched and only added the following at the end.

# Added for multi-domain support
ldap_domain_base_dn: ""
ldap_domain_filter:
(&(objectclass=domainrelatedobject)(associateddomain=%s))
ldap_domain_name_attribute: associatedDomain
ldap_domain_scope: sub
ldap_domain_result_attribute: inetdomainbasedn

After that I see LDAP messages like this:

conn=29 op=4 SRCH dn="""" authzid="(null)", invalid dn
conn=29 op=4 RESULT err=34 tag=101 nentries=0 etime=0

LDAP error 34 is LDAP_INVALID_DN_SYNTAX.

So after that I though maybe someone just added a typo to the
documentation and tried to use single quotes instead of double quotes.
The line in imapd.conf now looks like this:

ldap_domain_base_dn: ''

After restarting everything and trying to log in again the LDAP messages
look better. There are no 'invalid dn' messages anymore.

conn=10 op=4 SRCH base="''" scope=2
filter="(&(objectClass=domainrelatedobject)(associatedDomain=zwong.de))"
attrs="associatedDomain inetDomainBaseDN"
conn=10 op=4 RESULT err=32 tag=101 nentries=0 etime=0

Unfortunately the query returns 0 entries, so it looks like my second
domain (zwong.de) cannot be found. Well, to be honest that DN still
looks a bit strange to me.

Let's see how a working query for the primary domain looks like:

conn=34 op=1 SRCH base="cn=kolab,cn=config" scope=2
filter="(&(objectClass=domainrelatedobject)(associatedDomain=spongecomputing.com))" attrs="associatedDomain inetDomainBaseDN"

So the search base is "cn=kolab,cn=config". Shouldn't that be the search
base for my secondary domain as well? Let's give it a try. In imapd.conf
I've changed the line to:

ldap_domain_base_dn: cn=kolab,cn=config

After restarting everything the login to my secondary domain works.
Unfortunately roundcube gives me the error "Server Error: STATUS:
Mailbox does not exist" after login.

Well, so maybe because of the broken imapd setup, the users were not
correctly created by kolab-webadmin? So I've created a new user for my
secondary domain and this time the login worked and the error about the
missing mailbox was gone. Looks pretty good now.

The make a long story short. In imapd.conf replace 
ldap_domain_base_dn: ''
with
ldap_domain_base_dn: cn=kolab,cn=config

It would be great if someone with more knowledge could tell me if this
is a good idea or if I'm making a terrible mistake.

Cheers,
Conny



On Mon, 2014-09-29 at 10:26 -0500, Scott Damron wrote:
> I have had this exact experience.  I would really like to hear from
> someone who has managed to make it work.  If they don't have time to
> contribute docs, I am very willing to document it for the benefit of
> the entire community.
> 
> 
> Scott
> 
> 
> 
> -------- Original Message --------
> From: Cornelius Hald <hald at icandy.de>
> Sent: Monday, September 29, 2014 10:21 AM
> To: users at lists.kolab.org
> Subject: Multi-domain setup with Kolab 3.3 on CentOS 7
> 
>         Hi guys, I've tried a lot, read through the ML archives and
>         did my fair share of searching the net. Unfortunately I'm
>         still not able to get the multi-domain support to work in a
>         clean way. My goal is to have separate domains with separate
>         domain-admins, etc. Basically like a hosted setup. Is there
>         someone here having recent (Kolab 3.3) experience with the
>         multi-domain setup? I'm having the feeling that the IMAPD
>         config from the official docs[1] is not really correct or
>         maybe incomplete. If follow the steps under 'Cyrus IMAP
>         Changes' for Kolab 3.2 and later, I cannot log in to Roundcube
>         with users of my secondary domain. Users from the primary
>         domain (the one created during setup) still can log in.
>         However if I'm using the steps described for Kolab 3.1 and
>         older, I'm able to login those users. Right now I'm really
>         only trying to get the Roundcube login to work. Therefore I've
>         adjusted the Roundcube config and the IMAPD config. Other
>         things like postfix, amavisd are untouched. I can provide more
>         specifics, but maybe this is a known issue within the
>         documentation and someone is already able to point me to a
>         fix. Thanks! Conny [1]
>         http://docs.kolab.org/howtos/multi-domain.html
>         _______________________________________________ users mailing
>         list users at lists.kolab.org
>         https://lists.kolab.org/mailman/listinfo/users
>

More information about the users mailing list