cyradm and custom annotations

An old problem reared its ugly head again: Trying to set up mailbox folders in Cyrus imapd for a new Kolab user, the message “Permission denied” was the only result when trying to set the required annotations:

user@somehost:~ > cyradm --user cyrusadmin --auth plain mailhost
Password:
mailhost@company.com> mboxconfig user/username@company.com /vendor/kolab/folder-type mail
Permission denied

But after all, we’re using the Cyrus admin account. So what permission is it looking for?

That does ring a bell. It’s likely that we stumbled across that old problem of cyradm not knowing about custom annotations, rather than about missing permissions. And indeed, looking at “/usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/Cyrus/IMAP/Admin.pm” shows just the static list of annotations. Continue reading

Posted in Horde, Kolab, Linux | Leave a comment

PHP7, LDAP & TLS

It’s been quite a while since I’ve updated this blog, but not because we’ve run out of problems – most of the issues were either too complex to document them in a simple article, too confidential to be allowed to be documented here, or both. And I’ve been pretty busy fighting bugs, too, leaving close to no time for getting updates into this blog. So to set a new starting point, here’s a smaller recent issue.

While migrating a PHP application to a newly set up server platform, an issue with non-working connections to a back-end LDAP server turned up. The application just reported some generic problem, while the log revealed a bit more information:

Unable to start TLS and unable to fetch rootDSE entry to see if TLS is supported: Can't contact LDAP server

Fortunately, the LDAP server wasn’t down nor malfunctioning, and fortunately invoking “ldapsearch” to verify the state of the LDAP server (of course invoked on the server running the PHP application) gave an immediate hint at the root cause:

# ldapsearch -Wx -ZZ -h ldap.example.com -b "dc=example,dc=com" "(objectClass=*)" 
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain)
#

Indeed, the LDAP server was configured to use a certificate that was issued by an internal Certification Authority, the latter using a self-signed certificate. But that’s nothing new and the CA certificate was available on the server where we called “ldapsearch”, so what’s the deal? Continue reading

Posted in howto, openssl, OpenSUSE | Tagged , , | Leave a comment

FRITZ!WLAN USB Stick N v2 on openSUSE Leap 42.1

I recently had to deal with a freshly bought HP laptop (called “HP 15-BA030NG”), a basically nice piece of hardware, nothing fancy but doing its job under openSUSE Leap 42.1. We moved the laptop to a location where it had to access a 5 GHz WLAN, no 2.4 GHz networks available. To cut the story short: That 2016 hardware comes without 5 GHz support. (HP, are you listening? What a crappy design decision, just to save a few cents!)

So we took a USB WLAN stick, “FRITZ!WLAN USB Stick N v2”, and hoped for plug&play. Continue reading

Posted in howto, Linux, OpenSUSE | Leave a comment