1 (edited by VITAS 2017-09-19 22:41:04)

Topic: One of those LDAP migration problems

==== Required information ====
- iRedMail version 0.9.7
- Debian 9 Stretch x64 with Proxmox 5 (4.10.17-3-pve #1 SMP PVE 4.10.17-21)
- Store mail accounts in which backend: LDAP
- Web server: Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I try to Migrate my existing iRedMail Install to a new machine.
For that, i used this tutorial:
http://www.iredmail.org/docs/backup.restore.html

In order to get somethign working i installed iredmail on the new server using my old config file.
After that i went forward with the howto (including generating new password hashes for the old passwords for vmail and vmailadmin)
slapd is starting normaly but i cant login to ldap at all (not even with the manager password) and postfix & dovecot cant either:

postfix/proxymap[8713]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=52k,dc=de: 49 (Invalid credentials)

So clearly i did somethign wrong. But im out of idears.
(i redid all of the above several times to ensure im not missing anything)

The replaced password hashes in my backup look like thes (i used the iredmail ldap backup script to genrate those backups manualy):

dn: cn=vmail,dc=52k,dc=de
objectClass: person
objectClass: shadowAccount
objectClass: top
cn: vmail
sn: vmail
uid: vmail
userPassword: {SSHA}M6ctDlUXFRmRQnZatPqOi07GKNqfcd4p

Any idears?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: One of those LDAP migration problems

VITAS wrote:

Invalid credentials

This error message always means you're using an incorrect LDAP bind dn and/or password.

I think you missed section of updating passwords for cn=vmail and cn=vmailadmin in the tutorial:
http://www.iredmail.org/docs/backup.restore.html

3

Re: One of those LDAP migration problems

Hello,
as i wrote above:

"(including generating new password hashes for the old passwords for vmail and vmailadmin)"

i wish it was that simple smile

I agree that i must have missed something in relation to credentials (hash) but what?

4

Re: One of those LDAP migration problems

VITAS wrote:

postfix/proxymap[8713]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=52k,dc=de: 49 (Invalid credentials)

This error "invalid credentials" means you're using incorrect ldap bind dn and/or password in Postfix LDAP query file.

5 (edited by VITAS 2017-09-30 04:12:26)

Re: One of those LDAP migration problems

Hello,
first of all: Thank you for your answers.
Yes im aware that the scripts use different passwords.
My initial question was, how i can debug that problem.
(The hashs have to include unwanted characters or something like that)

What i tryed today:
I set up a VM and redit everything multiple times.
It seems that even encoding problems (UTF8 vs  Ansi and so on) and non visible characters can cause the hash to be incorrect.
I now managed to get it working inside that VM.

Is there any way to force the installer to overwrite all config files (and not skip steps)?
The Server intended for the Mailserver now is preconfigured from all of my attempts and i cant remove/purge/reinstall all packets (like posfix and so on).

6

Re: One of those LDAP migration problems

VITAS wrote:

My initial question was, how i can debug that problem.

Debug what? It's clear that your Postfix config file has invalid ldap bind dn or password, so you just replace them by the correct one, and issue solved.

VITAS wrote:

Is there any way to force the installer to overwrite all config files (and not skip steps)?

iRedMail does override config files.