1

Topic: Slapd not working

I had to work with mail by SMTP/POP3 over SSL

So i make the script like this:

http://www.iredmail.org/wiki/index.php? … .6.1-0.7.0
- Add missing value for mail users

SMTP/POP3 over SSL work fine, but after reboot my Slapd not working

<i>
/etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
  slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -f /etc/ldap/slapd.conf
</i>

i started to find some information about this, and found this:

    http://www.iredmail.org/forum/topic995- … rking.html

but i didnt find the answer...
so please help wink

<b>/var/log/mail.log</b>

Mar 23 13:11:32 MailSRV amavis[1340]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.39, libdb 4.8
Mar 23 13:11:38 MailSRV postfix/master[1994]: daemon started -- version 0.6.1, configuration /etc/postfix
Mar 23 13:11:38 MailSRV postfix-policyd: starting policyd v1.82
Mar 23 13:11:38 MailSRV postfix-policyd: connecting to mysql database: 127.0.0.1
Mar 23 13:11:38 MailSRV postfix-policyd: connected..
Mar 23 13:11:51 MailSRV postfix/master[1994]: reload -- version 0.6.1, configuration /etc/postfix
Mar 23 13:11:51 MailSRV postfix/master[1994]: reload -- version 0.6.1, configuration /etc/postfix


<b>/var/log/debug</b>

Mar 23 13:25:06 MailSRV slapd[2499]: @(#) $OpenLDAP: slapd 2.4.21 (Aug 10 2010 17:08:49) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd

<b>slapd -g openldap -u openldap -f /etc/ldap/slapd.conf -d 16383</b>

[...]
us $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType                                                                                  $ preferredLanguage $ ipServiceProtocol $ nisMapName $ disclaimer ) )
    1.2.36.79672281.1.13.3 (rdnMatch):     2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'dist                                                                                 inguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedO                                                                                 bjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuff                                                                                 ix $ olcUpdateDN $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedire                                                                                 ct ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedCo                                                                                 ntrol $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.


<b>strace -sS -fF slapd -g openldap -u openldap -f /etc/ldap/slapd.conf > /tmp/openldap.log</b>

[...]
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
select(10, [9], NULL, NULL, {3, 0})     = 1 (in [9], left {2, 999999})
read(9, ""..., 120)                     = 120
gettimeofday({1300876364, 328767}, NULL) = 0
getrusage(RUSAGE_SELF, {ru_utime={0, 12000}, ru_stime={0, 8000}, ...}) = 0
time(NULL)                              = 1300876364
times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718192316
gettimeofday({1300876364, 328950}, NULL) = 0
getrusage(RUSAGE_SELF, {ru_utime={0, 12000}, ru_stime={0, 8000}, ...}) = 0
time(NULL)                              = 1300876364
times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 1718192316
open("/etc/ssl/certs/iRedMail_CA.pem", O_RDONLY) = 10
fstat64(10, {st_mode=S_IFREG|0444, st_size=1302, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb786c000
read(10, ""..., 8192)                   = 1302
read(10, "", 4096)                      = 0
close(10)                               = 0
munmap(0xb786c000, 4096)                = 0
open("/etc/ssl/private/iRedMail.key", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
munmap(0x93f000, 24620)                 = 0
munmap(0xf8d000, 1442512)               = 0
munmap(0x668000, 16544)                 = 0
munmap(0x663000, 16544)                 = 0
munmap(0x65a000, 32928)                 = 0
munmap(0x64d000, 49544)                 = 0
munmap(0xa60000, 1380472)               = 0
munmap(0x647000, 20640)                 = 0
munmap(0xc04000, 16544)                 = 0
munmap(0xc49000, 235312)                = 0
close(3)                                = 0
shutdown(5, 2 /* send and receive */)   = -1 ENOTSOCK (Socket operation on non-socket)
close(5)                                = 0
shutdown(4, 2 /* send and receive */)   = -1 ENOTSOCK (Socket operation on non-socket)
close(4)                                = 0
close(6)                                = 0
exit_group(1)                           = ?


<b>/var/log/devocot</b>
Mar 23 13:11:50 dovecot: Info: Dovecot v1.2.9 starting up (core dumps disabled)
Mar 23 13:11:50 auth(default): Error: LDAP: Can't connect to server: 127.0.0.1:389
Mar 23 13:11:50 auth(default): Error: LDAP: Can't connect to server: 127.0.0.1:389


It seems to be working but...
If it's possible to repair?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Slapd not working

Gendalf wrote:

open("/etc/ssl/private/iRedMail.key", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)

It's clear here.
You should simply set 'read' permission on this file, OR grant read permission to openldap daemon user with command "setfacl".

3

Re: Slapd not working

Did you touch /etc/ssl/private/iRedMail.key? The script mentioned in upgrade tutorial won't change its file permission.

4

Re: Slapd not working

pff
Oh My God
i am so stupid...

really if i set:

chmod 444 /etc/ssl/private/iRedMail,key

it works fine!

Thanks!
If you come to Moscow i will buy for you beer!

> Did you touch /etc/ssl/private/iRedMail.key? The script mentioned in upgrade tutorial won't change its file permission.
I used generate_ssl_keys

5

Re: Slapd not working

Gendalf wrote:

If you come to Moscow i will buy for you beer!

Thanks smile