Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: MDM plugin with WebApp 2.2.0

  1. #1

    MDM plugin with WebApp 2.2.0

    Hi all,

    I have recently upgraded my Debian 8 server to Zarafa 7.2.3 and also installed the WebApp 2.2.0 without issues, all is fine. I have also upgraded the z-push application to its latest version 2.9. All works perfect.
    The only issue is with the MDM plugin available for the WebApp application.
    I have installed the 1.1 beta version (latest) and cannot configure it to work with my z-push application.

    In the /etc/zarafa/webapp/config-mdm.php file I have set the following :
    PLUGIN_MDM_SERVER = zpush.mydomain.com
    PLUGIN_MDM_SERVER_SSL = true

    However, each time I go in the WebApp parameters, the MDM plugin pops a window that it cannot connect to the z-push server, or, if I put in my web browser, all is OK and all my mobile phones connect correctly to the z-push server.

    I use a self signed certificate, is that the issue?

    Can someone shine a light for me on that problem ?

    Thanks!
    Last edited by moody_styley; 09-05-2016 at 02:22 PM.

  2. #2
    Zarafa
    markb's Avatar
    Join Date
    Sep 2013
    Location
    Delft
    Posts
    124
    Hi,

    Please try the updated MDM plugin from the link below.



    Good Luck

  3. #3
    Hi Markb,

    Thanks for your help.

    This is exactly the MDM plugin version I am already using. Is there a configuration problem somewhere that I did not do correctly or is it the plugin which is not functioning as before and breaks the connection?

    Thank you.

  4. #4
    How is the syntax of your mdm-php config ?

    mine looks this and it works:

    <?php
    define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
    define('PLUGIN_MDM_SERVER', 'localhost');
    define('PLUGIN_MDM_SERVER_SSL', true);
    ?>

    think you'll have to correct localhost to your server ip if its on different server

  5. #5
    Hi Externa1,

    Previously, I was using WebAccess with Zarafa Server 7.2.1 and Z-Push 2.6 and MDM plugin 2.1 for WebAccess without problem.
    In the old configuration, the Z-Push server variable was set to: $GLOBALS['pluginconfig']['mdm']['zpush-url'] = "https://zpush.mydomain.com";

    With Zarafa Server 7.2.3, Z-Push 2.9 and WebApp 2.2.0, I have the following configuration:
    <?php
    define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
    define('PLUGIN_MDM_SERVER', 'zpush.mydomain.com');
    define('PLUGIN_MDM_SERVER_SSL', true);
    ?>

    The Z-Push server is on the same machine and I am using a VirtualHost to access it.

    The hosts file points correctly to this URL as when I ping zpush.mydomain.com I get a ping on 127.0.0.1.
    If I ping 'localhost' it will also give 127.0.0.1 as result.
    In a web browser, I cannot get to the Z-Push server if I set 127.0.0.1 instead of the correct URL.
    If I use a web browser I can access my Z-Push server from everywhere.

    I don't understand why I am able to get the MDM plugin working with WebAccess and not with WebApp. It seems that something is broken in the way the MDM plugin tries to connect to the Z-Push server with WebApp 2.2.0.

    Let me know if youthink of something else.

    Thank you

  6. #6
    To give you more information on this, I have modified my 000-default.conf file to points to the Z-Push server instead of the virtual host zpush.mydomain.com.conf file.

    I have tried again with the web browser to connect to the Z-Push server on localhost or even 127.0.0.1 and it was successfull.

    Then, in the MDM plugin configuration file I have set:
    PLUGIN_MDM_SERVER = localhost
    or
    PLUGIN_MDM_SERVER = 127.0.0.1

    and in both cases the MDM plugin still cannot connect to the Z-Push server.... tells me that it cannot reach the server

    I have installed the MDM plugin using 'dpkg -Bi <MDM plugin package name>' which asked me for some more dependencies that I have then installed.

    I have also checked the owner of the webapp folder and configuration files and set it to www-data:www-data but still no luck.

    Any help would be really appreciated!

    Thanks!

  7. #7
    Zarafa

    Join Date
    Jan 2009
    Location
    Hanover, Germany
    Posts
    1,891
    Hello moody_styley,

    if you depend on this issue being resolved in a timely manner and have a valid subscription for Zarafa/Kopano then I would recommend you to open up an official supportcase. In all other cases you might want to check your Apache Logs of the mdm plugin tries to access you z-push url at all.

    If not then the self signed cert is probably the issue (would need to be replaced with something that openssl on your system trusts/has to be imported).
    Regards Felix

    How to get Kopano

    Zarafa ALPHA/BETA/RC feedback in BETA forum please.
    Zarafa IRC chat: irc.freenode.com > #zarafa
    Zarafa documentation: http://documentation.zarafa.com/

    No support via PM! Please contact our sales team for an offer if you want my full attention.

  8. #8
    An user
    Guest
    Yes, as fbartels pointed out, the self-signed cert is the issue. This also occurs with highly secured TLS apache/nginx setups using ECC-based certs / CA authorities.

    By default, the php-based SoapClient function that is used in /usr/share/zarafa-webapp/plugins/mdm/php/class.pluginmdmmodule.php only verifies RSA-based certs from 'known' CA authorities.

    To get MDM to play nicely with a z-push installation using ECC or Self-Signed certs, look for in class.pluginmdmmodule.php and replace it with

    An alternative to not verifying your self-signed cert, which I do not recommend, is to disable verification all together by using this code instead

    For reference, you may use this resource

    Cheers
    Last edited by Wiz; 09-05-2016 at 10:51 AM. Reason: Alternative less secure workaround

  9. #9
    Senior Member
    Join Date
    Jan 2008
    Posts
    400
    On a debian server, installing the CAroot of your selfsigned cert should fix this.

    how:
    apt-get install ca-certificates

    get the self signed rootCA cert
    put it in /usr/local/share/ca-certificates/ownCAcertificate

    run update-ca-certificates ( or update-ca-certificates --fresh which recreated the hased files in /etc/ssl/certs )

    now in the example with ldap (client) /etc/ldap/ldap.conf

    TLS_CACERT /etc/ssl/certs/ca-certificates.crt
    and add:
    TLS_REQCERT allow

    the ca-certificates.crt contains all CA roots, including the one placed in /usr/local/share/(optional_subfolder)
    so use that one also in apache.

    im using self-signed and official certs, both work fine here.

    And put a key chained cert in apache, so the root cert is published in the keychain.

    Greetz,

    Louis

  10. #10

    MDM plugin with WebApp 2.2.0 [FIXED]

    Hi fbartels, Wiz and thctlo,

    Thanks a lot for your explanations.

    In order to avoid problems with the certificate, I have created a local virtual host that does not use the SSL certificate and I have changed the MDM plugin configuration to use this local host and everything works like a charm now.

    This is a pitty that the new MDM plugin does not allow usage of personnal certificates as before with the WebAccess interface.

    Again, thank you for complete and great explanation and your help on this issue.

    Best regards
    Last edited by moody_styley; 09-05-2016 at 02:23 PM. Reason: FIXED

Page 1 of 2 12 LastLast

Similar Threads

  1. WebApp s/mime Plugin
    By rnrl in forum Beta Feedback
    Replies: 3
    Last Post: 23-04-2015, 11:45 PM
  2. Owncloud Plugin with Webapp 7.1.7
    By peterbeck in forum Zarafa WebApp Plugins
    Replies: 6
    Last Post: 19-06-2014, 07:28 AM
  3. Plugin issue with WebApp
    By kaptain46 in forum WebApp
    Replies: 0
    Last Post: 22-01-2014, 10:45 AM
  4. Webapp Spam Plugin
    By gehrke in forum Zarafa WebApp Plugins
    Replies: 5
    Last Post: 30-08-2013, 05:04 PM
  5. Help Developing Plugin WebApp
    By dragem in forum WebApp
    Replies: 3
    Last Post: 04-03-2012, 12:20 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •