1

Topic: LDAP problem after installing iredmail

After installing iredmail on debian 5, I can't get the LDAP server working. I'm not really familiar with LDAP, so I can't make much out of the debugging output. Hopefully you guys can get me going.

when i start slapd:
mail01:~# /etc/init.d/slapd start
Starting OpenLDAP: slapd - failed.

So i put the loglevel in slapd.conf on -1, and now this is what i get in syslog:

Dec 27 13:35:12 mail01 slapd[2207]: @(#) $OpenLDAP: slapd 2.4.11 (Nov 26 2009 09:17:06) $#012#011root@SD6-Casa:/tmp/buildd/openldap-2.4.11/debian/build/servers/slapd
Dec 27 13:35:12 mail01 slapd[2207]: line 72 (access to attrs="userPassword,mailForwardingAddress"    by anonymous    auth    by self         write    by dn.exact="cn=vmail,dc=concept3,cd=be"   read    by dn.exact="cn=vmailadmin,dc=concept3,cd=be"  write    by users        none)
Dec 27 13:35:12 mail01 slapd[2207]: >>> dnNormalize: <cn=vmail,dc=concept3,cd=be>
Dec 27 13:35:12 mail01 slapd[2207]: /etc/ldap/slapd.conf: line 72: bad DN "cn=vmail,dc=concept3,cd=be" in by DN clause
Dec 27 13:35:12 mail01 slapd[2207]: <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ #012<what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>]#012<attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist>#012<attrlist> ::= <attr> [ , <attrlist> ]#012<attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children#012<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]#012#011[ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ]#012#011[dnattr=<attrname>]#012#011[realdnattr=<attrname>]#012#011[group[/<objectclass>[/<attrname>]][.<style>]=<group>]#012#011[peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]#012#011[domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]#012#011[dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]]#012#011[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]#012<style> ::= exact | regex | base(Object)#012<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex#012<attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children#012<peernamestyle> ::= exact | regex | ip | ipv6 | path#012<domainstyle> ::= exact | regex | base(Object) | sub(tree)#012<access> ::= [[real]self]{<level>|<priv>}#012<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage#012<priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+#012<control> ::= [ stop | continue | break ]#012dynacl:#012#011<name>=ACI#011<pattern>=<attrname>#012
Dec 27 13:35:12 mail01 slapd[2207]: /etc/ldap/slapd.conf: line 72: <access> handler exited with 1!
Dec 27 13:35:12 mail01 slapd[2207]: slapd destroy: freeing system resources.
Dec 27 13:35:12 mail01 slapd[2207]: slapd stopped.
Dec 27 13:35:12 mail01 slapd[2207]: connections_destroy: nothing to destroy.

Line 72 is the "by users" line of this:

# Set permission for LDAP attrs.
#
access to attrs="userPassword,mailForwardingAddress"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=concept3,cd=be"   read
    by dn.exact="cn=vmailadmin,dc=concept3,cd=be"  write
    by users        none

2

Re: LDAP problem after installing iredmail

iljat wrote:

Dec 27 13:35:12 mail01 slapd[2207]: /etc/ldap/slapd.conf: line 72: bad DN "cn=vmail,dc=concept3,cd=be" in by DN clause

You typed a incorrect root dn during installation. You used 'cd=be', it SHOULD BE 'dc=be', not 'cd='.