Dec 29, 2023: iRedMail-1.6.8 has been released.

**jobu** · 2012-01-10 15:28:43

jobu
Member
Offline

Registered: 2011-08-01
Posts: 120

Topic: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Hi there,

after upgrading iRedMail openldap from version 0.7.3. to 0.7.4 on debian squeeze the ldap server can't be contacted anymore. Restoring the ldap servers backup doesn't help either.

The trouble looks like this:
Jan 10 08:19:04 mail postfix/proxymap[2581]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 as cn=vmail,dc=my,dc=domain,dc=com: -1 (Can't conta
ct LDAP server)
Jan 10 08:19:04 mail postfix/trivial-rewrite[3007]: fatal: proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup problem
Jan 10 08:19:05 mail postfix/master[2547]: warning: process /usr/lib/postfix/trivial-rewrite pid 3007 exit status 1

Any hints ?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2012-01-10 16:26:27

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,768

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Is OpenLDAP running?
Any error message while starting OpenLDAP service?

**jobu** · 2012-01-10 16:40:24

jobu
Member
Offline

Registered: 2011-08-01
Posts: 120

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

ZhangHuangbin wrote:

Is OpenLDAP running?
Any error message while starting OpenLDAP service?

/etc/init.d/slapd start -> Starting OpenLDAP: slapd failed!

in /var/log/openldap.log & syslog only this entry sjows up:
Jan 10 09:35:47 mail slapd[22052]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) $#012#011@incagijs:/home/thijs/debian/p-u/openldap-2.4.23/debian/build/servers/slapd

Is there anything i have to restore (i am using the recommend backup/restore procedure) refering to virtual_mailbox_domains.cf ?

**ZhangHuangbin** · 2012-01-10 16:49:46

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,768

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Please set "loglevel 256" in /etc/openldap/slapd.conf or /etc/ldap/slapd.conf, then try starting OpenLDAP service. It will log more details, please check its log in /var/log/openldap.log again.

**jobu** · 2012-01-10 16:55:04

jobu
Member
Offline

Registered: 2011-08-01
Posts: 120

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Jan 10 09:52:36 mail slapd[25766]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) $#012#011@incagijs:/home/thijs/debian/p-u/openldap-2.4.23/debian/build/servers/slapd
Jan 10 09:52:36 mail slapd[25766]: main: TLS init def ctx failed: -1
Jan 10 09:52:36 mail slapd[25766]: slapd stopped.
Jan 10 09:52:36 mail slapd[25766]: connections_destroy: nothing to destroy.

By reverting the update-procedure i didn't undo the section "Add INDEXes for Amavisd database " - could this be part of the problem ?

**ZhangHuangbin** · 2012-01-10 16:58:58

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,768

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Upgrading from 0.7.3 to 0.7.4 doesn't impact OpenLDAP server, there's no changes in OpenLDAP config file or data.

jobu wrote:

Jan 10 09:52:36 mail slapd[25766]: main: TLS init def ctx failed: -1

Looks like SSL key issue.
Do you have correct file permission on these SSL files? Which Linux/BSD distribution do you use?

**jobu** · 2012-01-10 17:26:09

jobu
Member
Offline

Registered: 2011-08-01
Posts: 120

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

ZhangHuangbin wrote:

Upgrading from 0.7.3 to 0.7.4 doesn't impact OpenLDAP server, there's no changes in OpenLDAP config file or data.
jobu wrote:
Jan 10 09:52:36 mail slapd[25766]: main: TLS init def ctx failed: -1
Looks like SSL key issue.
Do you have correct file permission on these SSL files? Which Linux/BSD distribution do you use?

It's a debian squeeze 2.6.32-5-amd64

the keys worked fine until the upgrade (probably there was no reboot until today) - i added offical ones using your slightly adjusted script generate_ssl_keys.sh

-rw-r--r-- 1 root root 2045 2. Dez 11:28 /etc/ssl/certs/iRedMail_CA.pem
-r-------- 1 root root 1679 30. Nov 11:46 /etc/ssl/private/iRedMail.key

**ZhangHuangbin** · 2012-01-10 17:27:53

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,768

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

That's the problem. Please execute below command to fix it:

# chmod +r /etc/ssl/private/iRedMail.key

Then restart OpenLDAP service.

**jobu** · 2012-01-10 17:33:16

jobu
Member
Offline

Registered: 2011-08-01
Posts: 120

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

You were absolutly right - it's working fine now. Thanks a lot for great support. Hope you'll get your benefits out of this all ... (i'm using the iRedAdmin-Pro).

Best regards

Dec 29, 2023: iRedMail-1.6.8 has been released.

[SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Posts: 9

1 Topic by jobu 2012-01-10 15:28:43

Topic: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

2 Reply by ZhangHuangbin 2012-01-10 16:26:27

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

3 Reply by jobu 2012-01-10 16:40:24

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

4 Reply by ZhangHuangbin 2012-01-10 16:49:46

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

5 Reply by jobu 2012-01-10 16:55:04

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

6 Reply by ZhangHuangbin 2012-01-10 16:58:58

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

7 Reply by jobu 2012-01-10 17:26:09

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

8 Reply by ZhangHuangbin 2012-01-10 17:27:53

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

9 Reply by jobu 2012-01-10 17:33:16

Re: [SOLVED] Can't contact LDAP server after upgrading to 0.7.4

Posts: 9