new domains without changes to /etc/kolab/kolab.conf OR "pure" LDAP-only administration

Christian Hügel christian.huegel at stonebyte.de
Thu Oct 31 07:48:16 CET 2013


Am 31-10-2013 04:22, schrieb Christian Tardif:
> That I can help with.
> 
> Once your kolab 3.1 installation is done (I think I've seen it's
> possible in Kolab 3.0, but..), you have to edit/correct a couple of
> things:
> 
> 1) You have to download and run this script:
> 
> https://github.com/tpokorra/kolab3_tbits_scripts/blob/master/kolab3.1/initMultiDomain.sh
> 
> with a single parameter: your cn=Directory Manager password
> 
> It will update a number of files...
> 
> Oh! You know what?  I'm attaching the initMultiDomain.sh script that I
> modified to automate some patches download, in order to make things
> simpler. Because if you don't check the script before running it,
> chances are that it will fail to complete since you'll be missing 4
> patches.
> 
> Maybe someone would want to replace the online script with the one I
> just provided?  It's the exact same thing, but just easier to run.
> 
> Done for the base setup.  Now, you can create the domain, and this
> will create another ldap tree...  completely isolated from the first
> one. But the creation of the domain won't help much at that point. Log
> out from the Kolab Admin Panel, then log back in. On the top right,
> left from Logout, you'll see a text menu with your default domain (the
> one you created during instalation). Click on it, and you'll get a
> menu allowing to change the domain on which to work.  Now, you can
> create a user in the domain you want.
> 
> But there's more to do. Actually, the setup-kolab install script does
> not create certificates. So once your user is created, you won't see
> it appear under /var/spool/imap/domain/ structure. Why?  Because the
> pykolab script can't log to the imap server since tls is not
> available, as there's no certificates.
> 
> Here's the recipe (adapt it for your environment):
> 
>  * openssl req -new -nodes -out req.pem -keyout key.pem
>  * openssl rsa -in key.pem -out new.key.pem
>  * openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem
>    -days 3650
>  * cp new.key.pem /etc/pki/cyrus-imapd/cyrus-imapd.pem
>  * cat ca-cert >> /etc/pki/cyrus-imapd/cyrus-imapd.pem
> 
> Now, you have a certificate you can work with. By the time you check,
> your user directory will probably be created. Depending on the distro
> you're using (I assume CentOS), you will probably see a lot of errors
> in ....  well, I don't remember the logfile name  :-)  , but you'll
> see errors complaining that /etc/sasldb2 does not exist.  You just
> need to create a dummy file with:
> 
> saslpasswd2 /etc/sasldb2
> 
> and set appropriate permissions:
> 
> chown cyrus /etc/sasldb2
> chmod 640 /etc/sasldb2
> 
> Now, you should have a setup to play with.
> 
> Cheers!
> 
> Christian...

...great. All useful infos at one place. Let´s not forget the 5 minutes 
delay when creating another mailbox:

edit /usr/lib/python2.6/site-packages/kolabd/__init__.py line
257 (https://git.kolab.org/pykolab/tree/kolabd/__init__.py#n257)
             if len(removed_domains) == 0 and len(added_domains) == 0:
                 time.sleep(300)

change 300 to 10, so it will not sleep for 5 minutes, only 10 seconds.


Christian


More information about the users mailing list