[Kolab-devel] kolabd error filling log

Thomas Spuhler thomas at btspuhler.com
Mon Jan 28 01:31:42 CET 2013 

On Saturday, January 26, 2013 03:09:04 PM Thomas Spuhler wrote:
> On Tuesday, January 22, 2013 10:03:31 AM Jeroen van Meeuwen (Kolab Systems) wrote:
> > On Tue, 2013-01-22 at 08:52 -0800, Diane Trout wrote:
> > > On Tuesday, January 22, 2013 11:49:31 Jeroen van Meeuwen wrote:
> > > > On 2013-01-22 05:00, Thomas Spuhler wrote:
> > > > > Yes, I have
> > > > > /usr/lib64/python2.7/site-packages/ldap/controls/psearch.py but I
> > > > > have no python-pyasn1.
> > > > 
> > > > Lovely, but I'm afraid the packager of python-ldap for Mageia may
> > > > have
> > > > 
> > > > missed the inclusion of:
> > > >    # Imports from pyasn1
> > > >    from pyasn1.type import namedtype,namedval,univ,constraint
> > > >    from pyasn1.codec.ber import encoder,decoder
> > > >    from pyasn1_modules.rfc2251 import LDAPDN
> > > 
> > > There is a python-pyasn1 package in debian. it seems to have those
> > > modules you were listing above.
> > 
> > I knew this, as I provide / have provided the pyasn1-modules for both
> > RPM and Debian.
> 
> OK, no more errors during setup.
> 
> What I now get is when running the server, I get the error cannot connect
> to the imap server port 993
> I know there is a lot of information on Google about this, but I think that
> is different. I found the certs/pem are at a different location then the
> imap.conf tells.
> Where is this location defined.
> 
> the kolab-conf from pykolab has this snippet:
> 
> ;ssl_cafile = /path/to/ca/file
> ;ssl_capath = /path/to/ca/dir
> ;ssl_local_cert = /path/to/local/cert

OK, I fixed it manually by changing

from

tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

to 

tls_cert_file: /etc/pki/tls/certs/cyrus-imapd.pem
tls_key_file: /etc/pki/tls/private/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

after making these changes, the kolab-webadmin now creates the mailbox:

# kolab list-mailboxes
user/thomas.spuhler at btspuhler.com


I still get the expected error of self signed certs

# imtest -t "" -u cyrus-admin -a cyrus-admin -w $password localhost
WARNING: no hostname supplied, assuming localhost

S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED] vbox.btspuhler.com Cyrus 
IMAP v2.4.17-Mageia-RPM-2.4.17-3.mga3 server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE 
UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT 
SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN 
QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE AUTH=PLAIN AUTH=LOGIN SASL-IR IDLE
S: C01 OK Completed
C: A01 AUTHENTICATE PLAIN Y3lydXMtYWRtaW4AY3lydXMtYWRtaW4AbG9jYWxob3N0
S: A01 NO no mechanism available
Authentication failed. generic failure
Security strength factor: 256


Where do I need to cahnge the cert location when building the packages?

-- 
Best regards
Thomas Spuhler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/devel/attachments/20130127/503775a5/attachment.sig>

More information about the devel mailing list