[Kolab-devel] Kolab and FreeIPA article
Jochen Hein
jochen at jochen.org
Fri Oct 5 22:31:07 CEST 2018
kvaps <kvapss at gmail.com> writes:
> OK, here is my article about Kolab and FreeIPA integration:
>
> https://medium.com/@kvapss/install-kolab-and-integrate-it-with-freeipa-c80c3b34b7b7
I'll just add the parts where I use FreeIPA. Let's start with TLS for
IMAP:
# My kolab/IMAP server is available under three names:
# - physical hostname jupiter.example.org
# - logical hostname kolab3.example.org (when moving from kolab2 to kolab3 :-)
# - DNS alias imap.example.org
#
# I'd like to have SSO working for imap.example.org,
# thunderbird detects that automatically. (That's subject of another config)
#
# We use kerberos principal aliases here (since FreeIPA 4.4.0).
#
# ipa service-add imap/jupiter.example.org
# ipa service-add-principal imap/jupiter.example.org imap/kolab3.example.org
# ipa service-add-principal imap/jupiter.example.org imap/imap.example.org
#
# Now we can get the certificate...
ipa-getcert request -f /etc/ssl/certs/imap.example.org.crt -k /etc/ssl/private/imap.example.org.key \
-N "CN=jupiter.example.org" \
-D imap.example.org \
-D kolab3.example.org \
-K imap/jupiter.example.org \
-U 1.3.6.1.5.5.7.3.1 -C "/root/refresh_postfix_certificate.sh"
# Fix permissions
chown cyrus /etc/ssl/private/imap.example.org.key
chmod 644 /etc/ssl/certs/imap.example.org.crt
# The following lines in /etc/imap.conf are needed to use the certificate:
# tls_ciphers: TLSv1+HIGH:!aNULL:@STRENGTH
# tls_server_cert: /etc/ssl/certs/imap.example.org.crt
# tls_server_key: /etc/ssl/private/imap.example.org.key
# tls_client_ca_file: /etc/ipa/ca.crt
# Restart cyrus
systemctl restart cyrus-imapd.service
--
This space is intentionally left blank.
More information about the users
mailing list