First Experiences Installing the New Kolab 3.0

The Kolab Groupware Solution lets you synchronize your contacts and calenders over multiple devices and easily share them selectively with other users. It is a 100% Free Software and historically close to the KDE community, but you can also use it with a multitude of different clients such as Thunderbird. Ever since the first alpha version of the brand new Kolab 3.0 Groupware Solution was released, I wanted to give it a try. The new features and especially the freshly skinned webclient based on Roundcube got me excited. I’m still running an old Kolab 2.2 server on Debian for personal use and hope to be able to switch to 3.0 as soon as Debian packages are ready. So far the best system to run Kolab on is CentOS, because native packages exist. Even though I have virtually no experience with CentOS, I tried a test install in a virtual machine. Read on for my experiences.

Installing CentOS in VirtualBox

Being an advanced user, I started to follow the quick howto from So at first I had to download an ISO image of CentOS from a mirror. I decided to use VirtualBox because it has a nice GUI and is fairly easy to setup. Then I created a new VM called “Kolab Server” with Redhat GNU/Linux 64bit as an operating system because that was closest to CentOS. Afterward, I hooked in the ISO image as a virtual CD drive and booted the VM.


It booted right into a graphical GNOME environment showing me a button to install CentOS to the hard drive. Pressing that button a couple of times didn’t produce any result, so I figured out what the button was actually starting and ran that command from the terminal. There I was told that there wasn’t enough RAM available to execute the graphical installer. Thankfully the terminal installer was started right away for me and I could get going.VirtualBoxLiveCD

The install was quite easy. Just a few questions here and there. I decided to disable the firewall completely to not run into any trouble with that later. As soon as the installation was complete I didn’t want to work with the cumbersome VM window anymore and was looking into ways to access the VM with ssh. Turned out, I just had to configure Port Forwarding for the VM. So in VM Settings I selected “Attached to: NAT” in the “Network” tab. In “Advanced” I configured “Port Forwarding” as follows:

Name     | Protocol | Host IP | Host Port | Guest IP | Guest Port
guestssh | TCP      |         | 2222      |          | 22

This allowed me to login with ssh from the host machine using

ssh -p 2222 root@localhost

Installing and Setting Up Kolab

Then I continued to follow the quick installation howto. Since the URL of the release package changed since the howto was written, I had to look up the proper URL by clicking on the provided link. The installation of Kolab itself took some time, but it went through without errors. Starting setup-kolab resulted in the following warning:

WARNING: The Fully Qualified Domain Name or FQDN for this system is incorrect. Falling back to 'localdomain'.

Since I had already heard about problems with incorrect domain names, I decided to take the warning seriously and abort the setup by pressing Ctrl+C. To get some more advanced help on the issue I moved over to for the extensive installation guide. It told me that the setup “requires that the Fully Qualified Domain Name (FQDN) for the system resolves back to the system”. So in /etc/sysconfig/network I added and in /etc/hosts I added since was the IP address of the VM. Apparently, it is important not to use here. Then I had to reboot for the hostname change to take effect.

After the VM came back up, I logged into ssh and ran again:

# setup-kolab

This time, it started without warnings and asked me to provide many many passwords. You can see that Kolab still takes security seriously. I’ll post the output of setup-kolab below.

Please supply a password for the LDAP administrator user 'admin', used to login
to the graphical console of 389 Directory server.

Administrator password [ZqtSz8nIQI6f4hR]:

Please supply a password for the LDAP Directory Manager user, which is the
administrator user you will be using to at least initially log in to the Web
Admin, and that Kolab uses to perform administrative tasks.

Directory Manager password [KzHd2dVQ2o9JkXr]:

Please choose the system user and group the service should use to run under.
These should be existing, unprivileged, local system POSIX accounts with no

User [nobody]:
Group [nobody]:

This setup procedure plans to set up Kolab Groupware for the following domain
name space. This domain name is obtained from the reverse DNS entry on your
network interface. Please confirm this is the appropriate domain name space. [Y/n]: n
Domain name to use:

The standard root dn we composed for you follows. Please confirm this is the root
dn you wish to use.

dc=kolab,dc=example,dc=org [Y/n]:

Setup is now going to set up the 389 Directory Server. This may take a little
while (during which period there is no output and no progress indication).

Shutting down dirsrv:
    kolab...                                               [  OK  ]
Starting dirsrv:
    kolab...                                               [  OK  ]

Please supply a Cyrus Administrator password. This password is used by Kolab to
execute administrative tasks in Cyrus IMAP. You may also need the password
yourself to troubleshoot Cyrus IMAP and/or perform other administrative tasks
against Cyrus IMAP directly.

Cyrus Administrator password [kplMHHzS_U3QRP2]:

Please supply a Kolab Service account password. This account is used by various
services such as Postfix, and Roundcube, as anonymous binds to the LDAP server
will not be allowed.

Kolab Service password [IWx-2tE0QoC-VcZ]:
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
Shutting down amavisd: The amavisd daemon is apparently not running, no PID file /var/run/amavisd/

Starting amavisd:                                          [  OK  ]

Stopping clamd.amavisd:                                    [FAILED]
Starting clamd.amavisd: LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
                                                           [  OK  ]
Stopping wallaced:                                         [FAILED]
Starting wallaced:                                         [  OK  ]
Initializing MySQL database:                               [  OK  ]
Starting mysqld:                                           [  OK  ]

Please supply a root password for MySQL. This password will be the administrative
user for this MySQL server, and it should be kept a secret. After this setup
process has completed, Kolab is going to discard and forget about this password,
but you will need it for administrative tasks in MySQL.

MySQL root password [gOZS47jIzy8HOXy]:

Please supply a password for the MySQL user 'kolab'. This password will be used
by Kolab services, such as the Web Administration Panel.

MySQL kolab password [gsc5FFDJOgGGsOX]:

Please supply the timezone PHP should be using.

Timezone ID [UTC]: CEST

Please supply a password for the MySQL user 'roundcube'. This password will be
used by the Roundcube webmail interface.

MySQL roundcube password [j_dvolYPbVVfT8I]:
Stopping httpd:                                            [FAILED]
Starting httpd:                                            [  OK  ]
Shutting down cyrus-imapd:                                 [FAILED]
Starting cyrus-imapd:                                      [  OK  ]
Stopping kolab-saslauthd:                                  [FAILED]
Starting kolab-saslauthd:                                  [  OK  ]
Stopping kolabd:                                           [FAILED]
Starting kolabd:                                           [  OK  ]

At first I was afraid seeing these [FAILED] services, but then I realized that stopping services that haven’t been started yet will of course fail. There’s already an enhancement request for suppressing this and other unnecessary output from the setup script. Feel free to work on this request. It is a simple python script, so that should be an easy exercise.

Trying out Kolab

So now Kolab was installed and setup. Surprised by how smoothly that went I was asking myself “What now?”. So I looked in the documentation which pointed me to first login in the web-based administration panel. Since I had no graphical environment installed on the server, I had to forward ports again, to be able to access it from the host machine.

Name      | Protocol | Host IP | Host Port | Guest IP | Guest Port
guesthttp | TCP      |         | 8080      |          | 80

So now I could go to http://localhost:8080/kolab-webadmin/ and login with cn=Directory Manager and the password KzHd2dVQ2o9JkXr that was supplied during the setup process. The login worked well and I could see the shiny webadmin. I was only surprised to find no way to add users, so I asked in IRC. There I was pointed to the documentation again. Since I used the quick install guide, I completely missed the section “Preparing the System”. There was a paragraph on SELinux that says “Not all components of Kolab Groupware are currently completely compatible with running under SELinux enforcing the targeted policy”. So in /etc/selinux/config I had to change SELINUX=enforcing to SELINUX=permissive. This way SELinux just prints a warning, but doesn’t enforce the policy. I again restarted VM, reloaded the webadmin page and had still no links to add users. It turned out that I just had to terminate the current webadmin session by logging out and in again, and there the link appeared.

Now I created a test user and ran the following to verify that it was created successfully.

# kolab list-mailboxes

This is how it looked for me. But this screenshot is taken from

Great! It worked. Now I moved on to try the webmailer based on Roundcube by going to http://localhost:8080/roundcubemail. I was quite pleased by what I saw. It looke quite nice, a lot better than the old Roundcube skin and seemed to work flawlessly. Only when I sent a test mail to the test user, I noticed that there was a ServerError when checking for new mails. A look in /var/log/httpd/error_log indicated that I had foolishly specified the wrong timezone during setup. So I had to change it in /etc/php.ini from date.timezone=CEST to date.timezone=Europe/Berlin and restart apache with

# service httpd restart

From now on everything went smoothly and I had a working Kolab server running. Overall I was quite pleased how easy and fast the installation went. Configuration also improved significantly compared to the old Kolab release in Debian. There were a few problems during the installation, but all of them were caused by mistakes on my side and by not starting with the full documentation.

So if you are interested in Kolab, please give it a try and let me know about your experiences!


First Experiences Installing the New Kolab 3.0 — 5 Comments

  1. I suggest you don’t invoke init scripts directly on Fedora derivative distributions, but always use the trusty /sbin/service wrapper. The reason is that it “knows” how to handle mixed init script environments (SysV legacy + systemd or Upstart) and provides additional mechanisms, such as –full-restart.

    Also, creating new SELinux policies is fairly easy by running in permissive mode for a while, then using audit2allow to create a template policy to allow all denials caused by Kolab. See also


  2. Thanks Alex, I updated the post to use the service wrapper for restarting apache.

    Also, I’m passing on your information about SELinux policies. Thanks a lot!

  3. Hello Torsten,
    Thanks for sharing your experience.
    Do you have it already running under debian? How much resources is Kolab using with just some accounts (RAM, CPU)? I’m interested in running Kolab for a Project for which all authentification should be done over the Kolab LDAP, but I don’t want to rely on another Server running a Kolab instance – so i would like to run it on the same machine, but it has limited resources (1GB RAM, about 2GHz CPU).

  4. Hi Christoph, there is plenty of people you run Kolab on Debian. The
    Kolab users mailing list
    is a good place to be for information on this.

    The resources depend very much on the number of users and what else you want to do with it. There is people who run Kolab on a 512MB RAM Rasberry Pi for example.

Leave a Reply