We'd like to configure all Kolab components to use secure connections to LDAP. We figured out that setting ldap_uri to
tls://localhost:389 does the trick, f.e. Kolab Webadmin is able to speak to 389DS using StartTLS. But kolab-saslauthd now fails with:
2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Called for domain None 2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Using section dvshn0.ch and domain dvshn0.ch 2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Using section dvshn0.ch and domain dvshn0.ch 2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Connecting to Authentication backend for domain dvshn0.ch 2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Section kolab has auth_mechanism: 'ldap' 2016-09-20 10:36:39,737 pykolab.auth DEBUG [32477]: Starting LDAP... 2016-09-20 10:36:39,811 pykolab.auth DEBUG [32477]: Connecting to LDAP... 2016-09-20 10:36:39,812 pykolab.auth DEBUG [32477]: Attempting to use LDAP URI tls://localhost:389 Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/saslauthd/__init__.py", line 132, in run self.do_saslauthd() File "/usr/lib/python2.7/site-packages/saslauthd/__init__.py", line 254, in do_saslauthd auth.connect() File "/usr/lib/python2.7/site-packages/pykolab/auth/__init__.py", line 160, in connect self._auth.connect() File "/usr/lib/python2.7/site-packages/pykolab/auth/ldap/__init__.py", line 441, in connect retry_delay=retry_delay File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 731, in __init__ SimpleLDAPObject.__init__(self,uri,trace_level,trace_file,trace_stack_limit) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 70, in __init__ self._l = ldap.functions._ldap_function_call(ldap._ldap_module_lock,_ldap.initialize,uri) File "/usr/lib64/python2.7/site-packages/ldap/functions.py", line 63, in _ldap_function_call result = func(*args,**kwargs) LDAPError: (2, 'No such file or directory') Traceback occurred, please report a bug at https://issues.kolab.org
How do we need to configure Kolab to use secure connections to the LDAP server? F.e. setting ldap_uri to
ldaps://localhost:636 allows kolab-saslauthd to connect using TLS and this works, but this breaks Kolab Webadmin "PHP Error: Login failed. Unable to decode response (POST)".
pykolab-0.8.3-3.3.el7.kolab_16.noarch