Kolab 3.3, Debian Wheezy (correction ;-))
Matthias Albrecht
matthias.albrecht at tigerbaer.de
Sun Dec 14 22:34:22 CET 2014
Jan,
everyone,
after having setup a test environment and working every step to secure
Kolab and checking the /var/log/kolab-webadmin/errors as well as the
function, I found that I had missed the full domain when setting the
https://-URL for the Kolab-CLI. I.e. it was
sed -r -i \
-e '/api_url/d' \
-e "s#\[kolab_wap\]#[kolab_wap]\napi_url =
https://sikolab.systematic-investments/kolab-webadmin/api#g" \
/etc/kolab/kolab.conf
and should have been
sed -r -i \
-e '/api_url/d' \
-e "s#\[kolab_wap\]#[kolab_wap]\napi_url =
https://sikolab.systematic-investments.de/kolab-webadmin/api#g" \
/etc/kolab/kolab.conf
The .de was missing in "sikolab.systematic-investments.de". To answer
Jans other questions: yes, both commands requested by you worked perfectly.
Well, I will work on my typing skills. To the knowing: is it thinkable
to build a script which takes the names of the certificates as input and
then automatically does the securing of Kolab?
Anyway, thank you a lot everyone,
Matthias
-------- Original-Nachricht --------
*Betreff: *Re: Kolab 3.3, Debian Wheezy (correction ;-))
*Von: *Jan Kowalsky <jankow at datenkollektiv.net>
*An: *Matthias Albrecht <matthias.albrecht at tigerbaer.de>,
users at lists.kolab.org
*Datum: *09.12.2014 21:25
> Hi Matthias,
>
> Am 08.12.2014 um 11:47 schrieb Matthias Albrecht:
>> Franz,
>>
>> you certainly pointed me the right direction. This is from
>> /var/log/kolab/pykolab.log and seems to show, that Kolab can't access
>> the LDAP-Server any more.
>>
>> 2014-12-06 17:09:37,844 pykolab.conf WARNING Option ldap/auth_cache_uri
>> does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
>> 2014-12-06 17:09:37,844 pykolab.conf WARNING Option does not exist in
>> defaults.
>> 2014-12-07 21:29:09,873 pykolab.imap WARNING Could not connect to Cyrus
>> IMAP server 'imaps://localhost:993'
>> 2014-12-07 21:29:18,392 pykolab.conf WARNING Option ldap/auth_cache_uri
>> does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
>> 2014-12-07 21:29:18,392 pykolab.conf WARNING Option does not exist in
>> defaults.
>> 2014-12-07 23:38:35,415 pykolab.auth ERROR An error occured using
>> _regular_search: SERVER_DOWN({'desc': "Can't contact LDAP server"},)
>> 2014-12-07 23:38:35,416 pykolab.auth ERROR Traceback (most recent call
>> last):
>> File "/usr/lib/python2.7/dist-packages/pykolab/auth/ldap/__init__.py",
>> line 2725, in _search
>> secondary_domains
>> File "<string>", line 10, in <module>
>> File "/usr/lib/python2.7/dist-packages/pykolab/auth/ldap/__init__.py",
>> line 2623, in _regular_search
>> attrsonly=attrsonly
>> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 549,
>> in search
>> return
>> self.search_ext(base,scope,filterstr,attrlist,attrsonly,None,None)
>> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541,
>> in search_ext
>> timeout,sizelimit,
>> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99,
>> in _ldap_call
>> result = func(*args,**kwargs)
>> SERVER_DOWN: {'desc': "Can't contact LDAP server"}
> I think, you can ignore some of the warnings. But ldap and imap-Server
> are both not reachable.
>
> Try to check step by step, if they are accessible
>
> Have you configured the directory server also for ssl?
>
> If not, what does:
>
> /usr/lib/mozldap/ldapsearch -x -h localhost -p 389 -D 'cn=Directory
> Manager' -w SECRETPASSWORD -b dc=yourprimary,dc=domain '(objectClass=*)'
>
> says?
>
> can you connect to cyrus using cyradm:
>
> cyradm -u cyrus-admin localhost
>
>> And this is in /var/log/kolab-webadmin/errors:
>>
>> [07-Dec-2014 23:32:33 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
>> Login failed. Unable to decode response (POST)
>> [07-Dec-2014 23:35:06 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
>> Login failed. Unable to connect to
>> ssl://sikolab.systematic-investments:443. Error:
>> php_network_getaddresses: getaddrinfo failed: Name or service not known
>> (POST)
> This looks a little bit strange for me. Where this ssl:// come from?
>
> Maybe a typo?
>
>> [07-Dec-2014 23:39:25 +0100](ham9u49ajk2cfg20g8fafq4b62): PHP Error:
>> Login failed. Unable to connect to
>> tcp://sikolab.systematic-investments:80. Error:
>> php_network_getaddresses: getaddrinfo failed: Name or service not known
>> (POST)
>>
>> Obviously, more than one thing went wrong when I secured Kolab.
>>
>> I then followed the section "Apache - Switch to own Certification
>> Authority" in http://kolab.org/planet?page=1 since this said "Alter
>> web-server configuration to require valid client certificate, but allow
>> direct API calls from mail server (omit |internal error| when using
>> |kolab-admin|).". But no change.
>>
>> Does anyone know help?
> Regards
> Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20141214/5d8f3cbf/attachment.html>
More information about the users
mailing list