<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Jan, <br>
everyone,<br>
<br>
after having setup a test environment and working every step to
secure Kolab and checking the /var/log/kolab-webadmin/errors as well
as the function, I found that I had missed the full domain when
setting the <a class="moz-txt-link-freetext" href="https://-URL">https://-URL</a> for the Kolab-CLI. I.e. it was<br>
<br>
sed -r -i \<br>
-e '/api_url/d' \<br>
-e "s#\[kolab_wap\]#[kolab_wap]\napi_url =
<a class="moz-txt-link-freetext" href="https://sikolab.systematic-investments/kolab-webadmin/api#g">https://sikolab.systematic-investments/kolab-webadmin/api#g</a>" \<br>
/etc/kolab/kolab.conf<br>
<br>
<br>
and should have been<br>
<br>
sed -r -i \<br>
-e '/api_url/d' \<br>
-e "s#\[kolab_wap\]#[kolab_wap]\napi_url =
<a class="moz-txt-link-freetext" href="https://sikolab.systematic-investments.de/kolab-webadmin/api#g">https://sikolab.systematic-investments.de/kolab-webadmin/api#g</a>" \<br>
/etc/kolab/kolab.conf<br>
<br>
The .de was missing in "sikolab.systematic-investments.de". To
answer Jans other questions: yes, both commands requested by you
worked perfectly.<br>
<br>
Well, I will work on my typing skills. To the knowing: is it
thinkable to build a script which takes the names of the
certificates as input and then automatically does the securing of
Kolab?<br>
<br>
Anyway, thank you a lot everyone,<br>
<br>
Matthias<br>
<br>
<div class="moz-cite-prefix">-------- Original-Nachricht --------<br>
<b>Betreff: </b>Re: Kolab 3.3, Debian Wheezy (correction ;-))<br>
<b>Von: </b>Jan Kowalsky <a class="moz-txt-link-rfc2396E" href="mailto:jankow@datenkollektiv.net"><jankow@datenkollektiv.net></a><br>
<b>An: </b>Matthias Albrecht
<a class="moz-txt-link-rfc2396E" href="mailto:matthias.albrecht@tigerbaer.de"><matthias.albrecht@tigerbaer.de></a>, <a class="moz-txt-link-abbreviated" href="mailto:users@lists.kolab.org">users@lists.kolab.org</a><br>
<b>Datum: </b>09.12.2014 21:25<br>
</div>
<blockquote cite="mid:20141209202425.978255826B2@mail1.tigerbaer.de"
type="cite">
<pre wrap="">Hi Matthias,
Am 08.12.2014 um 11:47 schrieb Matthias Albrecht:
</pre>
<blockquote type="cite">
<pre wrap="">Franz,
you certainly pointed me the right direction. This is from
/var/log/kolab/pykolab.log and seems to show, that Kolab can't access
the LDAP-Server any more.
2014-12-06 17:09:37,844 pykolab.conf WARNING Option ldap/auth_cache_uri
does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
2014-12-06 17:09:37,844 pykolab.conf WARNING Option does not exist in
defaults.
2014-12-07 21:29:09,873 pykolab.imap WARNING Could not connect to Cyrus
IMAP server 'imaps://localhost:993'
2014-12-07 21:29:18,392 pykolab.conf WARNING Option ldap/auth_cache_uri
does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
2014-12-07 21:29:18,392 pykolab.conf WARNING Option does not exist in
defaults.
2014-12-07 23:38:35,415 pykolab.auth ERROR An error occured using
_regular_search: SERVER_DOWN({'desc': "Can't contact LDAP server"},)
2014-12-07 23:38:35,416 pykolab.auth ERROR Traceback (most recent call
last):
File "/usr/lib/python2.7/dist-packages/pykolab/auth/ldap/__init__.py",
line 2725, in _search
secondary_domains
File "<string>", line 10, in <module>
File "/usr/lib/python2.7/dist-packages/pykolab/auth/ldap/__init__.py",
line 2623, in _regular_search
attrsonly=attrsonly
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 549,
in search
return
self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541,
in search_ext
timeout,sizelimit,
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99,
in _ldap_call
result = func(*args,**kwargs)
SERVER_DOWN: {'desc': "Can't contact LDAP server"}
</pre>
</blockquote>
<pre wrap="">
I think, you can ignore some of the warnings. But ldap and imap-Server
are both not reachable.
Try to check step by step, if they are accessible
Have you configured the directory server also for ssl?
If not, what does:
/usr/lib/mozldap/ldapsearch -x -h localhost -p 389 -D 'cn=Directory
Manager' -w SECRETPASSWORD -b dc=yourprimary,dc=domain '(objectClass=*)'
says?
can you connect to cyrus using cyradm:
cyradm -u cyrus-admin localhost
</pre>
<blockquote type="cite">
<pre wrap="">And this is in /var/log/kolab-webadmin/errors:
[07-Dec-2014 23:32:33 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
Login failed. Unable to decode response (POST)
[07-Dec-2014 23:35:06 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
Login failed. Unable to connect to
ssl://sikolab.systematic-investments:443. Error:
php_network_getaddresses: getaddrinfo failed: Name or service not known
(POST)
</pre>
</blockquote>
<pre wrap="">This looks a little bit strange for me. Where this ssl:// come from?
Maybe a typo?
</pre>
<blockquote type="cite">
<pre wrap="">[07-Dec-2014 23:39:25 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
Login failed. Unable to connect to
tcp://sikolab.systematic-investments:80. Error:
php_network_getaddresses: getaddrinfo failed: Name or service not known
(POST)
Obviously, more than one thing went wrong when I secured Kolab.
I then followed the section "Apache - Switch to own Certification
Authority" in <a class="moz-txt-link-freetext" href="http://kolab.org/planet?page=1">http://kolab.org/planet?page=1</a> since this said "Alter
web-server configuration to require valid client certificate, but allow
direct API calls from mail server (omit |internal error| when using
|kolab-admin|).". But no change.
Does anyone know help?
</pre>
</blockquote>
<pre wrap="">
Regards
Jan
</pre>
</blockquote>
<br>
<br>
</body>
</html>