Page MenuHomePhorge

TLS support broken in kolab-saslauthd
Closed, ResolvedPublic


We'd like to configure all Kolab components to use secure connections to LDAP. We figured out that setting ldap_uri to
tls://localhost:389 does the trick, f.e. Kolab Webadmin is able to speak to 389DS using StartTLS. But kolab-saslauthd now fails with:

2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Called for domain None
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Using section and domain
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Using section and domain
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Connecting to Authentication backend for domain
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Section kolab has auth_mechanism: 'ldap'
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Starting LDAP...
2016-09-20 10:36:39,811 pykolab.auth DEBUG [32477]: Connecting to LDAP...
2016-09-20 10:36:39,812 pykolab.auth DEBUG [32477]: Attempting to use LDAP URI tls://localhost:389
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/saslauthd/", line 132, in run
  File "/usr/lib/python2.7/site-packages/saslauthd/", line 254, in do_saslauthd
  File "/usr/lib/python2.7/site-packages/pykolab/auth/", line 160, in connect
  File "/usr/lib/python2.7/site-packages/pykolab/auth/ldap/", line 441, in connect
  File "/usr/lib64/python2.7/site-packages/ldap/", line 731, in __init__
  File "/usr/lib64/python2.7/site-packages/ldap/", line 70, in __init__
    self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri)
  File "/usr/lib64/python2.7/site-packages/ldap/", line 63, in _ldap_function_call
    result = func(*args,**kwargs)
LDAPError: (2, 'No such file or directory')
Traceback occurred, please report a bug at

How do we need to configure Kolab to use secure connections to the LDAP server? F.e. setting ldap_uri to
ldaps://localhost:636 allows kolab-saslauthd to connect using TLS and this works, but this breaks Kolab Webadmin "PHP Error: Login failed. Unable to decode response (POST)".



Ticket Type

Event Timeline

vanmeeuwen claimed this task.
vanmeeuwen subscribed.

Try to add use_tls = true to the [ldap] section to fix the web admin.

Consider re-opening the ticket in Bifrost should this not work.