tobru's picture

Kolab 3 Vagrant box with Puppet provisioning


Kolab has released it’s first beta of the upcoming version 3.3.
To test it on Debian I’ve created a Vagrantfile and a small Puppet module which provisions Kolab into a Debian VM. It’s available
on Github.

How to use it

Make sure you have the latest Vagrant version installed. Please see the official documentation.
Clone the git repository with git clone and change into this directory.
Then run vagrant up and wait a while until Vagrant and Puppet have done their jobs. When it’s finished you’re good to enter the VM with vagrant ssh.
To have a working Kolab installation, setup-kolab needs to be called as root (hint: sudo su) once. It configures the Kolab components.
The Kolab Web Admin Panel is now reachable under http://localhost:8080/kolab-webadmin and Roundcube under

For more information about how Vagrant works, have a look at the official Getting Started guide.

Chose the Kolab version

By default Kolab will be installed from the development repository where all the latest (and maybe broken) packages are located. To install
a different version, just change the version parameter in manifests/default.pp to the desired version.

Andreas Cordes's picture

Updating from 3.2 to 3.3 beta1


I just finished the compiling of all modules and performed an upgrade to 3.3 beta1 on +Rasperry Pi .

For all impatient:

deb /

Changes I adopted to my installation :


modules = resources, invitationpolicy, footer 
kolab_invitation_policy =, ACT_MANUAL
Andreas Cordes's picture

Kolab 3.3 beta1 released

Hi there,

+Kolab  just released the 3.3 beta1 version of kolab. (
My +Raspberry Pi is currently downloading and compiling all the packages.
Because of all the dependencies I solved during the first compile phase, I expect not so much errors during this installation.
Hope to tell you more tomorrow or even on friday.
Greets Andreas
roundcube's picture

Update 1.0.2 released

This is the second service release to update the stable version 1.0. It contains some bug fixes and improvements we considered important for the long term support branch of Roundcube.

It’s considered stable and we recommend to update all productive installations of Roundcube with this version. Download it from, see the full changelog here.

Please do backup before updating!

Kolab - SSL certificate authentication (web-based interface)

I have spent some time this weekend investigating SSL certificate-based authentication and implementing it in Kolab web-based user interface.

This topic is very interesting, but definitely too broad to be briefly described in a single blog post, so do not look at it as complete solution, but treat it only as a proof of concept.

Table of contents

Certification Authority


Kolab - Web-based user interface


Prepare Certification Authority

At first you need to create Certification Authority on an off-line, and secured system.

I have already created required shell scripts (miniature-octo-ca) to ease the whole operation, so just clone the following repository and move it to the CA system.

$ git clone
Cloning into 'miniature-octo-ca'...
remote: Counting objects: 10, done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 10 (delta 2), reused 10 (delta 2)
Unpacking objects: 100% (10/10), done.

Please remember to change working directory before executing any available shell script.

$ cd miniature-octo-ca

Configure Certification Authority

The next step is to configure CA by using configuration file.

HOWTO: CalDAV+CardDAV-iRony-Subdomain NGINX

Apple Clients work best if you create a virtual host for them.

In CentOS create the file /etc/nginx/conf.d/

server {
    listen                      443 ssl;
    server_name       ;

location /
    client_max_body_size 30M; # set maximum upload size
    # Make Apple and happy:
    rewrite ^/.well-known/caldav / last;
    rewrite ^/.well-known/carddav / last;
    include fastcgi_params;
    fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php-fpm/kolab.example.org_iRony.sock;
    fastcgi_param SCRIPT_FILENAME /usr/share/iRony/public_html/index.php;


Edit /usr/share/iRony/config/ or /etc/iRony/


// Log DAV requests to <log_dir>/davdebug
$config['base_uri'] = '/';

Restart nginx and choose try manual setup in your Apple Calendar with your virtual host

HOWTO: Use Dovecot instead of Cyrus in Kolab 3.2

This HOWTO is for CentOS 6.5 and Kolab 3.2
Download the Kolab packages but don't run setup-kolab.

Warning: This will not work if you follow this HOWTO:

  • chwala (File Storing)

-- fixed in 3.3 beta 1

  • Roundcube tasklist does not show created entries (Maybe a bug in Dovecot, Tasklist plugin or configuration problem)

-- fixed in 3.3 beta 1

  • Delegation
  • Kolab Command-Line Interface!
  • too much Roundcube bugs (I solved this with using nginx instead of httpd)

-- fixed in 3.3 beta 1

Sieve and ACL are also described in this text.


# yum install mercurial
# setup-kolab ldap

Look for the Cyrus Administrator Passwort.
It is needed for the config of the master user in Dovecot. Also Directory
Manager password is needed later in this HOWTO.

Install Dovecot 2.2.13 (stable at time of this HOWTO)

Install and erase old dovecot

# yum install dovecot
# yum erase dovecot

Build dependencies:

# yum install gcc gcc-c++ kernel-devel make
# yum install autoconf automake libtool pkg-config gettext
# yum install openssl-devel openldap-devel
# mkdir -p /root/dovecot && cd /root/dovecot
# hg clone && cd dovecot-2.2 && hg update -r c55c660d6e9d
# ./
# ./configure --enable-maintainer-mode --with-ldap --sysconfdir=/etc --prefix=/usr --localstatedir=/var --with-ssl=openssl
# make
# make install

When returns autoreconf: /usr/bin/autoconf failed with exit status: 1 you have to run it again.

Dovecot Startscript

Start Dovecot at boot:

HOWTO: Catch-all for Postfix in Kolab 3.2

Create the file /etc/postfix/ldap/

server_host = localhost
server_port = 389
version = 3
search_base = dc=example,dc=org
scope = sub
domain = ldap:/etc/postfix/ldap/
bind_dn = uid=kolab-service,ou=Special Users,dc=example,dc=org
bind_pw = PASSWORD_FROM_kolab-service
query_filter = (&(alias=catchall@%d)(objectclass=kolabinetorgperson))
result_attribute = mail

Change dc=example,dc=org twice and the password in this file.

Then edit /etc/postfix/

,   ldap:/etc/postfix/ldap/

at the end of virtual_alias_maps

In the kolab-webadmin page you can now add a new alias called

Kolab 3.1.5, Debian 7.5 and issue during setup process

After a longer period of time I have decided to install Kolab and use it as personal information manager. Installation process went as expected up to the point where setup process tried to install Roundcube database and failed miserably.

Source of the problem

The problem can be easily identified by the error messages returned by the setup process.

Follow the example below to see MySQL errors at the very end.

mollekopf's picture

A new folder subscription system

Wouldn’t it be great if Kontact would allow you to select a set of folders you’re interested in, that setting would automatically be respected by all your devices and you’d still be able to control for each individual folder whether it should be visible and available offline?

I’ll line out a system that allows you to achieve just that in a groupware environment. I’ll take Kolab and calendar folders as example, but the concept applies to all groupware systems and is just as well applicable to email or other groupware content.

User Scenarios

  •  Anna has access to hundreds of shared calendars, but she usually only uses a few selected ones. She therefore only has a subset of the available calendars enabled, that are shown to her in the calendar selection dialog, available for offline usage and also get synchronized to her mobile phone. If she realizes she no longer requires a calendar, she simply disables it and it disappears from the Kontact, the Webclient and her phone.
  • Joe works with a small team that shares their calendars with him. Usually he only uses the shared team-calendar, but sometimes he wants to quickly check if they are in the office before calling them, and he’s often doing this in the train with unreliable internet connection. He therefore disables the team member’s calendars but still enables synchronization for them. This hides the calendars from all his devices, but he still can quickly enable them on his laptop while being offline.
  • Fred has a mailing list folder that he always reads on his mobile, but never on his laptop. He keeps the folder enabled, but hides it on his laptop so his folder list isn’t unnecessarily cluttered.

What these scenarios tell us is that we need a flexible mechanism to specify the folders we want to see and the folders we want synchronized. Additionally we want, in today’s world where we have multiple devices, to synchronize the selection of folders that are important to us. It is likely I’d like to see the calendar I have just enabled in Kontact also on my phone. However, we always want to keep the possibility to alter that default setting on specific devices.