Debian - Administrators - Kolab Installation

From Kolab Wiki

Jump to: navigation, search
This page applies to Kolab 2.
This page is outdated. Up to date information can be found in the Community Installation Guide.
This type of fancy box indicate Debian specific bits of information throughout this Wiki. The color should be familiar.



You need to do Apt-Pinning to get minimal versions!


  • Nothing to do


  • libnet-ldap-perl (>= 0.39): since squeeze
  • php-net-ldap2: since squeeze
  • horde3 (>= 3.3.3): since squeeze

Add this in /etc/apt/preferences:

Package: *
Pin: release o=Debian,a=testing
Pin-Priority: -1

Package: libnet-ldap-perl php-net-ldap2 horde3 dimp1 imp4 ingo1 kronolith2 mnemo2 nag2 passwd3 turba2
Pin: release o=Debian,a=testing
Pin-Priority: 900

Package: kolab-webadmin kolabd libkolab-perl php-kolab-filter php-kolab-freebusy
Pin: release o=Debian,a=testing
Pin-Priority: 900

Package: kolab-webclient
Pin: release o=Debian,a=experimental
Pin-Priority: 900

And this in /etc/apt/sources.list:

deb squeeze main

Update Repositories with:

apt-get update

Then check your Pinning:

# apt-cache policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
  -1 squeeze/main Packages
     release o=Debian,a=testing,l=Debian,c=main
 500 lenny/updates/main Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
 500 lenny/main Packages
     release v=5.0.2,o=Debian,a=stable,l=Debian,c=main
Pinned packages:
     php-kolab-filter -> 0.1.5-2
     turba2 -> 2.3.1-1
     kronolith2 -> 2.3.1-1
     kolab-webclient -> (not found)
     kolab-webadmin -> 2.2.2-20090514-1
     libkolab-perl -> 1:2.2.1-20090331-1
     ingo1 -> 1.2.1-1
     libnet-ldap-perl -> 1:0.39-1
     horde3 -> 3.3.4+debian0-1
     kolabd -> 2.2.2-20090514-1
     php-kolab-freebusy -> 0.1.5-2
     imp4 -> 4.3.4+debian0-1
     mnemo2 -> 2.2.1-1
     nag2 -> 2.3.2-1

etch (same, and):

  • postfix (>= 2.4), postfix-ldap (>= 2.4): since lenny
  • php-net-lmtp: since lenny
  • libmime-tools-perl: since lenny, libmime-perl should work


See Packages overview for Debian Kolab Maintainers.


Documentation to install Kolab on Debian

The Kolab groupware server system consists of several interacting parts that need to be configured to work together. They include the LDAP server, the SMTP server, the IMAP server, and the web server, as well as the Kolab server itself. The Kolab configuration scripts want to reconfigure some of these services without much regard to what else they might be doing. So to try this out, it is advisable to use a completely separate test system or a virtual machine at first. Once you have developed an acceptable setup, you can transfer the configuration files to the production system.


The Kolab packages do not come with end-user client programs. The following programs are the primary available Kolab clients:

  • KDE Client: Kontact (Debian package kontact)
  • Microsoft Outlook with proprietary connector

The following programs among others provide limited or experimental support for Kolab:

  • Horde (Debian package horde3)
  • Mozilla Thunderbird a.k.a. Icedove (Debian package icedove)

See <> and <> for more information.


Install this kolabd package with all dependencies:

apt-get install kolabd postfix slapd

(postfix conflicts with exim4, so it may be necessary to mention it explicitly to convince apt-get to install it. slapd must be installed unless you already have an LDAP server elsewhere and know how to access it. The kolabd package depends on all remaining necessary packages.)

Or you use

aptitude install kolabd

which will figure all this out automatically.

If you want to setup slaves, on the master, set SLAPD_SERVICES in /etc/default/slapd and run /etc/init.d/slapd restart:

SLAPD_SERVICES="ldap:// ldaps:/// ldapi:///"

If you want to enable imaps, uncomment the following line in /etc/cyrus.conf and run /etc/init.d/kolab-cyrus restart:

imaps          cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100


Stop all daemons:

/etc/init.d/apache2 stop
/etc/init.d/kolabd stop
/etc/init.d/kolab-cyrus stop
/etc/init.d/postfix stop
/etc/init.d/saslauthd stop
/etc/init.d/slapd stop
/etc/init.d/amavis stop #optionally


kolab_bootstrap -b

(This will ask you a number of questions and overwrite several configuration files in your system based on the answers. You can check in /etc/kolab/templates/ for which files might be overwritten in what way.)

After kolab_bootstrap has finished, you can start all the daemons again:

/etc/init.d/amavis start #optionally
/etc/init.d/slapd start
/etc/init.d/saslauthd start
/etc/init.d/postfix start
/etc/init.d/kolab-cyrus start
/etc/init.d/kolabd start
/etc/init.d/apache2 start

You can test afterwards whether authentication is working as expected by using the testsaslauthd command, e.g.,

testsaslauthd -u manager -p PASSWORD

(using the password that you configured in kolab_bootstrap.)

Web administration frontend

If you want the Web Administration frontend, install the package kolab-webadmin and follow its README.Debian file for setup instructions.

apt-get install kolab-webadmin

Enabling TLS for IMAP

If you are planning to use the Toltec Groupware Connector, you will also need to enable TLS with Cyrus.

openssl req -new -nodes -out req.pem -keyout key.pem  
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999 
cp new.key.pem /etc/ssl/certs/cyrus.pem
rm new.key.pem
cat ca-cert >> /etc/ssl/certs/cyrus.pem
chown cyrus:mail /etc/ssl/certs/cyrus.pem
chmod 600 /etc/ssl/certs/cyrus.pem  # Your key should be protected.

Edit /etc/imapd.conf and change the following lines:

tls_ca_file: /etc/ssl/certs/cyrus.pem
tls_cert_file: /etc/ssl/certs/cyrus.pem
tls_key_file: /etc/ssl/certs/cyrus.pem


If there are strange DB_ERROR entries in the /var/log/mail.log file related to some problems with the ptloader from the kolab-cyrus, it helps to create the directory /var/lib/cyrus/ptclient. But this shouldn't be the case, and we will keep an eye on this bug.

-- The Debian Kolab Maintainers, 31 July 2007


Setup web administration frontend

First, set up /etc/kolab/session_vars.php. On a new installation, with kolabd bootstrapped the following commands should do it:

sed -i -e "`grep '^fqdnhostname : ' \
  /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
sed -i -e "s@dc=example,dc=com@`grep '^base_dn : ' \
  /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
sed -i -e "s@PASSWORD@`grep '^php_pw : ' \
  /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php
sed  -i -e "s@cn=nobody,cn=internal,dc=example,dc=com@`grep '^php_dn : ' \
  /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab/session_vars.php

Then, to activate the web site, in order of preference,

(a) If you have kolabd installed, that package's (SSL-enabled)
    Apache configuration includes
    /etc/kolab/kolab-webadmin-apache.conf by default.

- or -

(b) Set up an SSL virtual host and include
    /etc/kolab/kolab-webadmin-apache.conf there.

- or -

(c) Symlink /etc/kolab/kolab-webadmin-apache.conf to
    /etc/apache2/conf.d/kolab-webadmin.  (This is obviously insecure,
    but good enough for testing.)

Reload Apache afterwards in any case.

/etc/init.d/apache2 reload


  • go to
    • create an account
    • create the mailing lists
    • If you have an internet domain:
      • set smarthost/relayhost
      • [x] Accept Internet Mail

See also

Personal tools