LDAP error after fresh install



  • On a fresh install on Debian 10 I want to use LDAP. When I try to sync the users I get:

    root@mail:~# kopano-cli --sync
    MAPI error 8004010F (MAPI_E_NOT_FOUND)
    

    In “var/log/mail.log” it says:
    Config error: Unable to open config file “/usr/share/kopano/ldap.openldap.cfg”:

    Feb 17 16:45:23 mail kopano-server[832]: Config error: Option 'ldap_group_type_attribute_value' cannot be empty!
    Feb 17 16:45:23 mail kopano-server[832]: Config error: Option 'ldap_user_type_attribute_value' cannot be empty!
    Feb 17 16:45:23 mail kopano-server[832]: Cannot instantiate user plugin: Not a valid configuration file.
    Feb 17 16:45:23 mail kopano-server[832]: Unable to instantiate user plugin
    Feb 17 16:45:23 mail kopano-monitor[450]: Unable to get userlist for company "Default": not found (8004010f)
    Feb 17 16:45:28 mail kopano-server[832]: Failed to open plugin configuration file, using defaults.
    Feb 17 16:45:28 mail kopano-server[832]: Config error: Unable to open config file "/usr/share/kopano/ldap.openldap.cfg"
    Feb 17 16:45:28 mail kopano-server[832]: Config error: Option 'ldap_group_type_attribute_value' cannot be empty!
    Feb 17 16:45:28 mail kopano-server[832]: Config error: Option 'ldap_user_type_attribute_value' cannot be empty!
    Feb 17 16:45:28 mail kopano-server[832]: Cannot instantiate user plugin: Not a valid configuration file.
    Feb 17 16:45:28 mail kopano-server[832]: Unable to instantiate user plugin
    Feb 17 16:45:28 mail kopano-server[832]: Error synchronizing company list: not found (80000002)
    

    But the file “/usr/share/kopano/ldap.openldap.cfg” definetly exists:

    root@mail:~# ls -la /usr/share/kopano/ldap.openldap.cfg
    -rw-r--r-- 1 root root 15793 Apr 25  2019 /usr/share/kopano/ldap.openldap.cfg
    

    I got it working by copying all LDAP files from /usr/share/kopano to /etc/kopano:

    cp /usr/share/kopano/ldap.* /etc/kopano/
    

    And changing the path in “ldap.openldap.cfg”:

    !propmap /etc/kopano/ldap.propmap.cfg
    

    Aswell as in “/etc/kopano/ldap.cfg”:

    !include /etc/kopano/ldap.openldap.cfg
    

    But that can’t be the solution, right? it seems there is a right problem.

    To reproduce, these are the steps I took for installing kopano:

    apt-get update & apt-get dist-upgrade -V
    apt-get install kopano-core kopano-webapp-nginx
    rm -f /etc/nginx/sites-enabled/default
    systemctl restart nginx
    apt-get install postfix postfix-mysql 
    

    Edit main.cf

    nano /etc/postfix/main.cf
    

    and insert:

    # Kopano Custom
    virtual_alias_map = hash:/etc/postfix/virtual # Aliase/Weiterleitungen für Postfächer
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf # Auslesen vorhandener Postfächer
    virtual_transport = lmtp:127.0.0.1:2003 # Weiterleiten der Mail an Dagent für die Zustellung an das Postfach
    virtual_mailbox_domains = sxps.it # Berechtigte Empfangs-Domains
    
    smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_non_fqdn_hostname, reject_invalid_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unauth_pipelining, reject_unverified_recipient
    

    Create MySQL user

    mysql -u root
    GRANT ALL PRIVILEGES ON kopanoserver.* TO 'kopano'@'localhost' IDENTIFIED BY '12345' WITH GRANT OPTION;
    flush privileges;
    exit
    
    nano /etc/postfix/mysql-users.cf
    

    Insert:

    user = kopano
    password = 12345
    hosts = 127.0.0.1
    dbname = kopanoserver
    query = SELECT value FROM objectproperty where propname = 'emailaddress' and value = '%s'
    

    Keep going:

    touch /etc/postfix/virtual
    chmod 600 /etc/postfix/mysql-users.cf
    postmap /etc/postfix/mysql-users.cf
    postmap /etc/postfix/virtual
     
    apt-get install kopano-webapp-contactfax kopano-webapp-gmaps kopano-webapp-pimfolder kopano-webapp-quickitems kopano-webapp-titlecounter kopano-webapp-webappmanual kopano-webapp-zdeveloper kopano-webapp-files
    

    Edit ldap.cfg

    nano /etc/kopano/ldap.cfg
    

    My content:

    ##############################################################
    #  LDAP DIRECTORY USER PLUGIN SETTINGS
    #
    
    # Select implementation.
    # If you have any reason to override settings from /usr/share/kopano/*.cfg,
    # do so at the end of this (/etc-resident) config file.
    #
    !include /usr/share/kopano/ldap.openldap.cfg
    #!include /usr/share/kopano/ldap.active-directory.cfg
    
    # LDAP host name/IP address
    # ldap_host = 10.0.220.2
    
    # LDAP port
    # Optional, default = 389
    # Use 636 for ldaps
    # ldap_port = 389
    
    # LDAP protocol
    # Optional, default = ldap
    # use 'ldaps' for Implicit SSL encryption. Make sure /etc/ldap/ldap.conf is
    # configured correctly with TLS_CACERT
    # ldap_protocol = ldap
    ldap_uri = ldap://10.0.220.2:389/
    
    # LDAP URI
    # Optional, override ldap_host, ldap_port and ldap_protocol if set
    # e.g. ldaps://servername:port. You may also specify multiple space-separated
    # URIs
    #ldap_uri =
    
    # The charset that strings are stored in on the LDAP server. Normally this
    # is utf-8, but this can differ according to your setup. The charset specified
    # here must be supported by your iconv(1) setup. See iconv -l for all charset
    #ldap_server_charset = utf-8
    
    # The DN of the user to bind as for normal operations (not used for
    # authentication if ldap_authentication_method is set to "bind".
    # When empty, uses anonymous binding.
    # The userPassword attribute must be readable for this user if the
    # ldap_authentication_method option is set to password.
    ldap_bind_user = cn=admin,dc=sxps,dc=it
    
    # LDAP bind password
    ldap_bind_passwd = admin
    ldap_authentication_method = bind
    
    # The timeout for network operations in seconds
    #ldap_network_timeout = 30
    
    # ldap_page_size limits the number of results from a query that will be downloaded at a time.
    # Default ADS MaxPageSize is 1000.
    ldap_page_size = 1000
    
    ##########
    # Object settings
    ldap_object_type_attribute = objectClass
    ldap_user_type_attribute_value = User
    ldap_group_type_attribute_value = Group
    ldap_contact_type_attribute_value = Contact
    ldap_company_type_attribute_value = ou
    ldap_addresslist_type_attribute_value = kopano-addresslist
    ldap_dynamicgroup_type_attribute_value = kopano-dynamicgroup
    ldap_user_search_filter = (kopanoAccount=1)
    ldap_user_unique_attribute = objectGUID
    ldap_user_unique_attribute_type = binary
    ldap_fullname_attribute = cn
    ldap_loginname_attribute = sAMAccountName
    ldap_emailaddress_attribute = mail
    ldap_emailaliases_attribute = otherMailbox
    ldap_password_attribute =
    ldap_isadmin_attribute = kopanoAdmin
    ldap_nonactive_attribute = kopanoSharedStoreOnly
    # Top level search base, every object should be available under this tree
    ldap_search_base = dc=sxps,dc=it
    
    # Use custom defined LDAP property mappings
    # This is not a requirement for most environments but allows custom mappings of
    # special LDAP properties to custom MAPI attributes
    #!propmap /etc/kopano/ldap.propmap.cfg
    

    Finally activating LDAP in server.cfg:

    nano /etc/kopano/server.cfg
    

    and set:

    user_plugin = ldap
    user_plugin_config = /etc/kopano/ldap.cfg
    createuser_script = /usr/lib/kopano/userscripts/createuser
    deleteuser_script = /usr/lib/kopano/userscripts/deleteuser
    creategroup_script = /usr/lib/kopano/userscripts/creategroup
    deletegroup_script = /usr/lib/kopano/userscripts/deletegroup
    createcompany_script = /usr/lib/kopano/userscripts/createcompany
    deletecompany_script = /usr/lib/kopano/userscripts/deletecompany
    user_safe_mode = no
    


  • I’m gonna reply to my own post, I hope that is okay.
    As I learned, Kopano (the company) are not maintaining the Debian packages, and I installed it from there. After installing it directly from the Kopano web page the error is gone. Thanks!


  • Kopano


Log in to reply