[Kolab-devel] Kolab and FreeIPA article

Jochen Hein jochen at jochen.org
Fri Oct 5 22:31:07 CEST 2018


kvaps <kvapss at gmail.com> writes:

> OK, here is my article about Kolab and FreeIPA integration:
>
> https://medium.com/@kvapss/install-kolab-and-integrate-it-with-freeipa-c80c3b34b7b7

I'll just add the parts where I use FreeIPA. Let's start with TLS for
IMAP:

# My kolab/IMAP server is available under three names:
# - physical hostname jupiter.example.org
# - logical hostname kolab3.example.org (when moving from kolab2 to kolab3 :-)
# - DNS alias imap.example.org
#
# I'd like to have SSO working for imap.example.org,
# thunderbird detects that automatically. (That's subject of another config)
#
# We use kerberos principal aliases here (since FreeIPA 4.4.0).
#
# ipa service-add imap/jupiter.example.org
# ipa service-add-principal imap/jupiter.example.org imap/kolab3.example.org
# ipa service-add-principal imap/jupiter.example.org imap/imap.example.org
#
# Now we can get the certificate...
ipa-getcert request -f /etc/ssl/certs/imap.example.org.crt -k /etc/ssl/private/imap.example.org.key \
        -N "CN=jupiter.example.org" \
        -D imap.example.org \
        -D kolab3.example.org \
        -K imap/jupiter.example.org \
        -U 1.3.6.1.5.5.7.3.1 -C "/root/refresh_postfix_certificate.sh"

# Fix permissions
chown cyrus /etc/ssl/private/imap.example.org.key
chmod 644 /etc/ssl/certs/imap.example.org.crt

# The following lines in /etc/imap.conf are needed to use the certificate:
# tls_ciphers:              TLSv1+HIGH:!aNULL:@STRENGTH
# tls_server_cert:          /etc/ssl/certs/imap.example.org.crt
# tls_server_key:           /etc/ssl/private/imap.example.org.key
# tls_client_ca_file:       /etc/ipa/ca.crt

# Restart cyrus
systemctl restart cyrus-imapd.service

-- 
This space is intentionally left blank.


More information about the users mailing list