new domains without changes to /etc/kolab/kolab.conf OR "pure" LDAP-only administration

Christian Hügel christian.huegel at
Thu Oct 31 18:32:16 CET 2013

Hi Christian,

thx for the script. One remark: the script has a bunch of escape
characters which had to be eliminated with dos2unix <script> otherwise
the script fails to start. I assume the script was written under Windows?!


Am 31.10.2013 04:22, schrieb Christian Tardif:
> That I can help with.
> Once your kolab 3.1 installation is done (I think I've seen it's
> possible in Kolab 3.0, but..), you have to edit/correct a couple of things:
> 1) You have to download and run this script:
> with a single parameter: your cn=Directory Manager password
> It will update a number of files...
> Oh! You know what?  I'm attaching the script that I modified to automate some patches download, in order to make things simpler. Because if you don't check the script before running it, chances are that it will fail to complete since you'll be missing 4 patches.
> Maybe someone would want to replace the online script with the one I just provided?  It's the exact same thing, but just easier to run.
> Done for the base setup.  Now, you can create the domain, and this will
> create another ldap tree...  completely isolated from the first one. But
> the creation of the domain won't help much at that point. Log out from
> the Kolab Admin Panel, then log back in. On the top right, left from
> Logout, you'll see a text menu with your default domain (the one you
> created during instalation). Click on it, and you'll get a menu allowing
> to change the domain on which to work.  Now, you can create a user in
> the domain you want.
> But there's more to do. Actually, the setup-kolab install script does
> not create certificates. So once your user is created, you won't see it
> appear under /var/spool/imap/domain/ structure.  Why?  Because the
> pykolab script can't log to the imap server since tls is not available,
> as there's no certificates.
> Here's the recipe (adapt it for your environment):
>   * openssl req -new -nodes -out req.pem -keyout key.pem
>   * openssl rsa -in key.pem -out new.key.pem
>   * openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem
>     -days 3650
>   * cp new.key.pem /etc/pki/cyrus-imapd/cyrus-imapd.pem
>   * cat ca-cert >> /etc/pki/cyrus-imapd/cyrus-imapd.pem
> Now, you have a certificate you can work with. By the time you check,
> your user directory will probably be created. Depending on the distro
> you're using (I assume CentOS), you will probably see a lot of errors in
> ....  well, I don't remember the logfile name  :-)  , but you'll see
> errors complaining that /etc/sasldb2 does not exist.  You just need to
> create a dummy file with:
> saslpasswd2 /etc/sasldb2
> and set appropriate permissions:
> chown cyrus /etc/sasldb2
> chmod 640 /etc/sasldb2
> Now, you should have a setup to play with.
> Cheers!
> Christian...
-------------- n?chster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde abgetrennt...
Dateiname   : 0x1F814CFD.asc
Dateityp    : application/pgp-keys
Dateigr??e  : 3129 bytes
Beschreibung: nicht verf?gbar
URL         : <>
-------------- n?chster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigr??e  : 901 bytes
Beschreibung: OpenPGP digital signature
URL         : <>

More information about the users mailing list