Kopano-Server, Ldap - Invalid credentials



we are using ucs & kopano as groupware-server.
Since yesterday kopano-server stopped working due to an LDAP-error:

Fri Mar 8 08:38:27 2019: [warning] LDAP (simple) bind on cn=mailHost,cn=dc,cn=computers,dc=XX-XXX,dc=intranet failed: Invalid credentials
Fri Mar 8 08:38:27 2019: [crit ] Cannot instantiate user plugin: Failure connecting any of the LDAP servers
Fri Mar 8 08:38:27 2019: [crit ] Unable to instantiate user plugin

First I detected that the machine.secret und kopano-ldap.secret are different - it seems that the machine.secret changes (?) After updating the kopano-ldap.secret I succeeded in using the ldap-search:

ldapsearch -D $(ucr get ldap/hostdn) -y /etc/kopano-ldap.secret

The system is up-to-date (apt update/upgrade)

journalctl -u kopano-server
There are no references/clues to the missing credentials.

However - concerning to

https://wiki.z-hub.io (Debugging Kopano on Univention)

the app


ist not shown using

univention-app info

apt-cache search finds nothing & on portal.kopano.com I have learned that Kopano Core is only available as Beta and not in Final release (? )


ii kopano-server-packages all Metapackage to install the entire Kopano Core stack
ii kopano-webapp all New and improved WebApp for Kopano
ii kopano-webapp-plugin-desktopnotifications all Kopano WebApp Desktop notifications plugin
ii kopano-webapp-plugin-filepreviewer all Kopano File previewer plugin
ii kopano-webapp-plugin-files all Adds Files functionality to Kopano enabling access to WebDAV and other files backends.
ii kopano-webapp-plugin-filesbackend-owncloud all Adds Owncloud specific functionality to Kopano Files plugin.
ii kopano-webapp-plugin-filesbackend-smb all Adds Samba specific functionality to Kopano Files plugin.
ii kopano-webapp-plugin-folderwidgets all Kopano WebApp folder widgets plugin
ii kopano-webapp-plugin-mdm all Kopano WebApp MDM plugin
ii kopano-webapp-plugin-smime all Kopano WebApp S/MIME plugin
ii kopano-webapp-plugin-spell all Kopano WebApp Spellchecker plugin
ii kopano-webapp-plugin-spell-de-de all Kopano WebApp Spellchecker German dictionary plugin
ii kopano-webapp-plugin-spell-en all Kopano WebApp Spellchecker English dictionary plugin
ii kopano-webapp-plugin-spell-nl all Kopano WebApp Spellchecker Dutch dictionary plugin
ii kopano-webapp-plugin-titlecounter all Kopano WebApp Titlecounter plugin
ii kopano-webapp-plugin-webappmanual all Kopano WebApp Manual plugin
rc kopano4ucs 1.4.8 all Kopano4ucs integration package for Univention Corporate Server
ii kopano4ucs-lib 1.5.13 all Library package for common Kopano4ucs functions
ii kopano4ucs-schema 1.4.8 all LDAP schema for the Kopano4ucs integration
ii kopano4ucs-udm 1.4.8 all UDM extensions for the Kopano4ucs integration
ii kopano4ucs-webapp 1.5.13 all Kopano4ucs kopano-webapp integration package for Univention Corporate Server
ii kopano4ucs-z-push 1.4.0 all Meta package for Z-Push installation
ii z-push-kopano 2.4.5+0-0 all Z-Push for Kopano
ii z-push-kopano-gabsync 2.4.5+0-0 all G

univention-app info

UCS: 4.3-3 errata452
Installed: fetchmail=6.3.26 kopano-webapp= self-service=3.0 z-push-kopano=2.4.2
Upgradable: z-push-kopano

ucr dump | grep kopano/cfg

kopano/cfg/gateway/imaps_enable: yes
kopano/cfg/gateway/pop3s_enable: yes
kopano/cfg/gateway/ssl_certificate_file: /etc/kopano/ssl/cert.pem
kopano/cfg/gateway/ssl_private_key_file: /etc/kopano/ssl/private.key
kopano/cfg/ical/icals_enable: yes
kopano/cfg/ical/server_timezone: @&@/etc/timezone@&@
kopano/cfg/ical/ssl_certificate_file: /etc/kopano/ssl/cert.pem
kopano/cfg/ical/ssl_private_key_file: /etc/kopano/ssl/private.key
kopano/cfg/ldap.propmap/0x3004001E: description
kopano/cfg/ldap.propmap/0x3A06001E: givenName
kopano/cfg/ldap.propmap/0x3A08001E: telephoneNumber
kopano/cfg/ldap.propmap/0x3A09001E: homePhone
kopano/cfg/ldap.propmap/0x3A11001E: sn
kopano/cfg/ldap.propmap/0x3A16001E: o
kopano/cfg/ldap.propmap/0x3A17001E: title
kopano/cfg/ldap.propmap/0x3A18001E: departmentNumber
kopano/cfg/ldap.propmap/0x3A19001E: roomNumber
kopano/cfg/ldap.propmap/0x3A1C001E: mobile
kopano/cfg/ldap.propmap/0x3A21001E: pager
kopano/cfg/ldap.propmap/0x3A27001E: l
kopano/cfg/ldap.propmap/0x3A29001E: street
kopano/cfg/ldap.propmap/0x3A2A001E: postalCode
kopano/cfg/ldap.propmap/0x8005001E: secretary
kopano/cfg/ldap/ldap_authentication_method: bind
kopano/cfg/ldap/ldap_bind_passwd: @&@/etc/kopano-ldap.secret@&@
kopano/cfg/ldap/ldap_bind_user: @%@ldap/hostdn@%@
kopano/cfg/ldap/ldap_emailaddress_attribute: mailPrimaryAddress
kopano/cfg/ldap/ldap_emailaliases_attribute: mailAlternativeAddress
kopano/cfg/ldap/ldap_group_search_filter: (&(kopanoAccount=1)(objectClass=kopano-group))
kopano/cfg/ldap/ldap_groupmembers_attribute: uniqueMember
kopano/cfg/ldap/ldap_groupmembers_attribute_type: dn

Problems with integration of kopano 8.7.0

yes, we decided to move (what you have installed) out of the final repo for the moment, while we are investigating a caching issue.

This is the reason why the ldap password was not updated. The integration package is carrying out this task, but its currently not installed.

I heard from our support that they have a case like this at the moment as well. We already fixed the missing dependency a few times in the past (it always came down to missing python3-xapian, which should be part of the repository).

Some steps to debug this are mentioned in Durch Paketupdate LDAP kaputt (post in german).

Edit: looking at our support ticketing system the mentioned support case actually seems to be be a ticket from you (KS-42759).


In case you did not manage to get it working… As long as the kopano4ucs package is not installed you will have to manually adapt the /etc/kopano/ldap.cfg and set ldap_bind_passwd to the content of /etc/machine.secret and restart the kopano-server service (or in your case, /etc/kopano-ldap.secret would also be fine as you fixed that file already)


ThanX - the system is now working aggain; I’ve manually updated both files:

/etc/kopano/ldap.cfg and

using the new generated password in


With respect to


I’ve found a corresponding clue via Google - but then I forgot to update the password in