Page MenuHomekolab.org

TLS support broken in kolab-saslauthd
Closed, ResolvedPublic

Description

We'd like to configure all Kolab components to use secure connections to LDAP. We figured out that setting ldap_uri to
tls://localhost:389 does the trick, f.e. Kolab Webadmin is able to speak to 389DS using StartTLS. But kolab-saslauthd now fails with:

2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Called for domain None
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Using section dvshn0.ch and domain dvshn0.ch
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Using section dvshn0.ch and domain dvshn0.ch
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Connecting to Authentication backend for domain dvshn0.ch
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Section kolab has auth_mechanism: 'ldap'
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Starting LDAP...
2016-09-20 10:36:39,811 pykolab.auth DEBUG [32477]: Connecting to LDAP...
2016-09-20 10:36:39,812 pykolab.auth DEBUG [32477]: Attempting to use LDAP URI tls://localhost:389
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/saslauthd/__init__.py", line 132, in run
    self.do_saslauthd()
  File "/usr/lib/python2.7/site-packages/saslauthd/__init__.py", line 254, in do_saslauthd
    auth.connect()
  File "/usr/lib/python2.7/site-packages/pykolab/auth/__init__.py", line 160, in connect
    self._auth.connect()
  File "/usr/lib/python2.7/site-packages/pykolab/auth/ldap/__init__.py", line 441, in connect
    retry_delay=retry_delay
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 731, in __init__
    SimpleLDAPObject.__init__(self,uri,trace_level,trace_file,trace_stack_limit)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 70, in __init__
    self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri)
  File "/usr/lib64/python2.7/site-packages/ldap/functions.py", line 63, in _ldap_function_call
    result = func(*args,**kwargs)
LDAPError: (2, 'No such file or directory')
Traceback occurred, please report a bug at https://issues.kolab.org

How do we need to configure Kolab to use secure connections to the LDAP server? F.e. setting ldap_uri to
ldaps://localhost:636 allows kolab-saslauthd to connect using TLS and this works, but this breaks Kolab Webadmin "PHP Error: Login failed. Unable to decode response (POST)".

pykolab-0.8.3-3.3.el7.kolab_16.noarch

Details

Ticket Type
Task

Event Timeline

tobru created this task.Sep 20 2016, 10:45 AM
tobru added projects: PyKolab, PyKolab Developers.
vanmeeuwen closed this task as Resolved.
vanmeeuwen claimed this task.
vanmeeuwen added a subscriber: vanmeeuwen.

Try to add use_tls = true to the [ldap] section to fix the web admin.

Consider re-opening the ticket in Bifrost should this not work.