Kolab 3.3, Debian Wheezy (correction ;-))

Tue Dec 9 21:25:58 CET 2014

Hi Matthias,

Am 08.12.2014 um 11:47 schrieb Matthias Albrecht:
> Franz,
> 
> you certainly pointed me the right direction. This is from
> /var/log/kolab/pykolab.log and seems to show, that Kolab can't access
> the LDAP-Server any more.
> 
> 2014-12-06 17:09:37,844 pykolab.conf WARNING Option ldap/auth_cache_uri
> does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
> 2014-12-06 17:09:37,844 pykolab.conf WARNING Option does not exist in
> defaults.
> 2014-12-07 21:29:09,873 pykolab.imap WARNING Could not connect to Cyrus
> IMAP server 'imaps://localhost:993'
> 2014-12-07 21:29:18,392 pykolab.conf WARNING Option ldap/auth_cache_uri
> does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
> 2014-12-07 21:29:18,392 pykolab.conf WARNING Option does not exist in
> defaults.
> 2014-12-07 23:38:35,415 pykolab.auth ERROR An error occured using
> _regular_search: SERVER_DOWN({'desc': "Can't contact LDAP server"},)
> 2014-12-07 23:38:35,416 pykolab.auth ERROR Traceback (most recent call
> last):
>   File "/usr/lib/python2.7/dist-packages/pykolab/auth/ldap/__init__.py",
> line 2725, in _search
>     secondary_domains
>   File "<string>", line 10, in <module>
>   File "/usr/lib/python2.7/dist-packages/pykolab/auth/ldap/__init__.py",
> line 2623, in _regular_search
>     attrsonly=attrsonly
>   File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 549,
> in search
>     return
> self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None)
>   File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541,
> in search_ext
>     timeout,sizelimit,
>   File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99,
> in _ldap_call
>     result = func(*args,**kwargs)
> SERVER_DOWN: {'desc': "Can't contact LDAP server"}

I think, you can ignore some of the warnings. But ldap and imap-Server
are both not reachable.

Try to check step by step, if they are accessible

Have you configured the directory server also for ssl?

If not, what does:

/usr/lib/mozldap/ldapsearch -x -h localhost -p 389 -D 'cn=Directory
Manager' -w SECRETPASSWORD -b dc=yourprimary,dc=domain '(objectClass=*)'

says?

can you connect to cyrus using cyradm:

cyradm -u cyrus-admin localhost

> And this is in /var/log/kolab-webadmin/errors:
> 
> [07-Dec-2014 23:32:33 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
> Login failed. Unable to decode response (POST)
> [07-Dec-2014 23:35:06 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
> Login failed. Unable to connect to
> ssl://sikolab.systematic-investments:443. Error:
> php_network_getaddresses: getaddrinfo failed: Name or service not known
> (POST)

This looks a little bit strange for me. Where this ssl:// come from?

Maybe a typo?

> [07-Dec-2014 23:39:25 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
> Login failed. Unable to connect to
> tcp://sikolab.systematic-investments:80. Error:
> php_network_getaddresses: getaddrinfo failed: Name or service not known
> (POST)
> 
> Obviously, more than one thing went wrong when I secured Kolab.
> 
> I then followed the section "Apache - Switch to own Certification
> Authority" in http://kolab.org/planet?page=1 since this said "Alter
> web-server configuration to require valid client certificate, but allow
> direct API calls from mail server (omit |internal error| when using
> |kolab-admin|).". But no change.
> 
> Does anyone know help?

Regards
Jan