Can't first login to WAP after fresh install CentOS 7, Kolab 3.3
Honza Burian
burian.honza at gmail.com
Thu Sep 11 23:49:22 CEST 2014
Hi again,
I found out that LDAP is not a problem. Kolab is probably contacting
LDAP every 10 minutes with Directory Manager (when I'm not doing any
login attempt).
So when I try to login to roundcube or chwala or from command line
(ldapsearch, testsalsauthd) LDAP is working normally, log file is
fine.
When I try login to kolab WAP, there is only "Internal system error!"
in browser and PHP error in log file:
# less /var/log/kolab-webadmin/errors
[11-Sep-2014 22:23:53 +0200](2b32v31rvpharkensitrp57qr4): PHP Error:
Login failed. Unable to decode response (POST)
Is there any way to get more info to the log file?
That will be geat.
In the half way of I am writing this mail I tried another things which
come to my mind and I found the problem.
I created myself.
I configure apache 2.4 virtualhost for <direcotry ... kolab-webadmin>
with only "Require ip my-extrenal-ip"
That works for showing the page. But when I tried to login the page
calling kolab-webadmin API on URL specified in kolab.conf in section
[kolab_wap] parameter api_url= https://my-domain/kolab-webadmin/api
So the server tries contact api on that URL which resolves back to IP
of the server.
But apache return 403 forbidden, because IP of the server, which was
calling API wasn't in Require directive.
To correct this is needed to add "Require local" directive.
The hint was log file of httpd of that virtual host:
[Thu Sep 11 22:23:53.551323 2014] [authz_core:error] [pid 15342]
[client ip-of-the-server:39273] AH01630: client denied by server
configuration: /usr/share/kolab-webadmin/public_html/api/system.authenticate
----------------
I have another problem now.
When I successfully logged in to kolab WAP with Directory Admin (first
login) I don't have here button "Add user" as is in this HOWTO:
http://docs.kolab.org/howtos/kolab-webadmin-create-user.html
Ok, there is a link
"http://docs.kolab.org/administrator-guide/faq.html#faq-no-add-user-button-or-link"
But it didn't help. SElinux is in permissive mode. DNS is ok.
Firewall? Where it could be problem?
Any error which I find is:
# less /var/log/kolab-webadmin/errors
[11-Sep-2014 23:36:09 +0200] PHP Warning: exec() has been disabled
for security reasons in /usr/share/php/Net/LDAP3.php on line 754
this error occurs 7 times after I logged in to kolab WAP.
I don't like to allow exec() function globally. Any idea?
Any help will be appreciate.
Best Regards
John
On 10 September 2014 22:30, Honza Burian <burian.honza at gmail.com> wrote:
> Hi there,
>
> I installed CentOS 7, made basic security configuration, then
> installed Kolab 3.3 with no errors.
> Then I made security setup for Kolab using this guide
> http://docs.kolab.org/howtos/secure-kolab-server.html
>
> Now I tried to make first login to kolab-webadmin using this guide:
> http://docs.kolab.org/howtos/kolab-webadmin-create-user.html#howto-kolab-webadmin-create-user
>
> But when I enter cn=Directory Manager and coresponding password then I
> get error:
> Internal system error!
>
> # less /var/log/kolab-webadmin/errors
> [10-Sep-2014 22:27:36 +0200](2b32v31rvpharkensitrp57qr4): PHP Error:
> Login failed. Unable to decode response (POST)
>
> # less /var/log/dirsrv/slapd-email/access
> [10/Sep/2014:22:27:52 +0200] conn=420 fd=67 slot=67 connection from ::1 to ::1
> [10/Sep/2014:22:27:52 +0200] conn=420 op=0 BIND dn="cn=Directory
> Manager" method=128 version=3
> [10/Sep/2014:22:27:52 +0200] conn=420 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [10/Sep/2014:22:27:52 +0200] conn=420 op=1 SRCH
> base="cn=kolab,cn=config" scope=2 filter="(&(associatedDomain=*))"
> attrs="associatedDomain"
> [10/Sep/2014:22:27:52 +0200] conn=420 op=1 RESULT err=0 tag=101
> nentries=1 etime=0
>
>
> Any ideas?
> Thanks in advance for anything.
>
> Best Regards
> John
More information about the users
mailing list