1

Topic: opnenldap not starting and unable to login and receive mail

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

Hello I have been running iredmail on my opensuse 12.1 server for a few months now for my business with no issues and now all of a sudden as of last week we are not able to login to our mailboxes or get mail. Absolutely no changes have been made to the server  and it appears that the ldap daemon is not starting and I tried the database recovery, but that did not help my issue. Below are some of the errors in my logs. 

# service ldap status
redirecting to systemctl
ldap.service - LSB: OpenLDAP Server (slapd)
          Loaded: loaded (/etc/init.d/ldap)
          Active: failed since Mon, 09 Jul 2012 10:34:24 -0400; 2 days ago
         Process: 6695 ExecStart=/etc/init.d/ldap start (code=exited, status=7/NOTRUNNING)
          CGroup: name=systemd:/system/ldap.service

------------------------------------------------------------
mailog
warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389
--------------------------------------------------------------
openldap log

Jul  9 10:34:24 mail slapd[6759]: @(#) $OpenLDAP: slapd 2.4.26 $#012#011opensuse-buildservice@opensuse.org
Jul  9 10:34:24 mail slapd[6759]: main: TLS init def ctx failed: -1
Jul  9 10:34:24 mail slapd[6759]: slapd stopped.
Jul  9 10:34:24 mail slapd[6759]: connections_destroy: nothing to destroy.

Any help with resolving this issue would be greatly appreciated

2

Re: opnenldap not starting and unable to login and receive mail

Looks like a SSL cert related issue. DId you re-create SSL certs? They should be /etc/ssl/certs/iRedMail_CA.pem and /etc/ssl/private/iRedMail.key.

Also, please set 'log_level 256' in /etc/openldap/slapd.conf, then restart OpenLDAP service, paste related log in /var/log/openldap.log here to help troubleshoot.

3

Re: opnenldap not starting and unable to login and receive mail

Zhang,

I generated the certs and moved the to the proper directory and restarted my server and the ldap service is back up and running and I am no longer generating the "Jul 16 13:40:07 mail slapd[1733]: main: TLS init def ctx failed: -1" error message but I am still not able login or receive email. Below is what I am seeing in my mail log.

Here is the error I get when trying to login, and again no changes were made to this server.

Jul 16 14:21:43 mail roundcube: IMAP Error: Login failed for localuser@domain.com from 127.0.0.1. AUTHENTICATE PLAIN: Temporary authentication failure. in /srv/www/roundcubemail-0.7/program/include/rcube_imap.php on line 205 (POST /mail/?_task=login&_action=login)

And for any incoming mail I get this below

Jul 16 14:20:21 mail clamd[2524]: SelfCheck: Database status OK.
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4427]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup of * failed
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4427]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup of * failed
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4427]: fatal: proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup problem
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4428]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup of * failed
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4428]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup of * failed
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4428]: fatal: proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup problem
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4429]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup of * failed
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4429]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup of * failed
Jul 16 14:20:27 mail postfix/smtpd[4424]: private/rewrite socket: wanted attribute: flags
Jul 16 14:20:27 mail postfix/smtpd[4424]: input attribute name: flags
Jul 16 14:20:27 mail postfix/smtpd[4424]: input attribute value: 0
Jul 16 14:20:27 mail postfix/smtpd[4424]: private/rewrite socket: wanted attribute: address
Jul 16 14:20:27 mail postfix/smtpd[4424]: input attribute name: address
Jul 16 14:20:27 mail postfix/smtpd[4424]: input attribute value: rvdmitchell@comcast.net
Jul 16 14:20:27 mail postfix/smtpd[4424]: private/rewrite socket: wanted attribute: (list terminator)
Jul 16 14:20:27 mail postfix/smtpd[4424]: input attribute name: (end)
Jul 16 14:20:27 mail postfix/smtpd[4424]: rewrite_clnt: local: rvdmitchell@comcast.net -> rvdmitchell@comcast.net
Jul 16 14:20:27 mail postfix/smtpd[4424]: send attr request = resolve
Jul 16 14:20:27 mail postfix/smtpd[4424]: send attr sender =
Jul 16 14:20:27 mail postfix/smtpd[4424]: send attr address = rvdmitchell@comcast.net
Jul 16 14:20:27 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)
Jul 16 14:20:27 mail postfix/trivial-rewrite[4429]: fatal: proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup problem
Jul 16 14:20:28 mail postfix/smtpd[4047]: warning: problem talking to service rewrite: Success
Jul 16 14:20:28 mail postfix/smtpd[4159]: warning: problem talking to service rewrite: Connection reset by peer
Jul 16 14:20:28 mail postfix/master[3965]: warning: process /usr/lib/postfix/trivial-rewrite pid 4427 exit status 1
Jul 16 14:20:28 mail postfix/master[3965]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
Jul 16 14:20:28 mail postfix/smtpd[4200]: warning: problem talking to service rewrite: Success
Jul 16 14:20:28 mail postfix/smtpd[4367]: warning: problem talking to service rewrite: Connection reset by peer
Jul 16 14:20:28 mail postfix/master[3965]: warning: process /usr/lib/postfix/trivial-rewrite pid 4428 exit status 1
Jul 16 14:20:28 mail postfix/smtpd[4424]: warning: problem talking to service rewrite: Success
Jul 16 14:20:28 mail postfix/master[3965]: warning: process /usr/lib/postfix/trivial-rewrite pid 4429 exit status 1
Jul 16 14:20:29 mail postfix/smtpd[4047]: rewrite stream disconnect
Jul 16 14:20:29 mail postfix/smtpd[4047]: connect to subsystem private/rewrite
Jul 16 14:20:29 mail postfix/smtpd[4047]: send attr request = resolve
Jul 16 14:20:29 mail postfix/smtpd[4047]: send attr sender =
Jul 16 14:20:29 mail postfix/smtpd[4047]: send attr address = rvdmitchell@comcast.net
Jul 16 14:20:29 mail postfix/smtpd[4159]: rewrite stream disconnect
Jul 16 14:20:29 mail postfix/smtpd[4159]: connect to subsystem private/rewrite
Jul 16 14:20:29 mail postfix/smtpd[4159]: send attr request = resolve
Jul 16 14:20:29 mail postfix/smtpd[4159]: send attr sender =
Jul 16 14:20:29 mail postfix/smtpd[4159]: send attr address = rvdmitchell@comcast.net
Jul 16 14:20:29 mail postfix/smtpd[4200]: rewrite stream disconnect
Jul 16 14:20:29 mail postfix/smtpd[4200]: connect to subsystem private/rewrite
Jul 16 14:20:29 mail postfix/smtpd[4367]: rewrite stream disconnect
Jul 16 14:20:29 mail postfix/smtpd[4200]: send attr request = resolve
Jul 16 14:20:29 mail postfix/smtpd[4200]: send attr sender =
Jul 16 14:20:29 mail postfix/smtpd[4200]: send attr address = rvdmitchell@comcast.net
Jul 16 14:20:29 mail postfix/smtpd[4367]: connect to subsystem private/rewrite
Jul 16 14:20:29 mail postfix/smtpd[4367]: send attr request = rewrite
Jul 16 14:20:29 mail postfix/smtpd[4367]: send attr rule = local
Jul 16 14:20:29 mail postfix/smtpd[4367]: send attr address = rvdmitchell@comcast.net
Jul 16 14:20:29 mail postfix/smtpd[4424]: rewrite stream disconnect
Jul 16 14:20:29 mail postfix/smtpd[4424]: connect to subsystem private/rewrite
Jul 16 14:20:29 mail postfix/smtpd[4424]: send attr request = resolve
Jul 16 14:20:29 mail postfix/smtpd[4424]: send attr sender =
Jul 16 14:20:29 mail postfix/smtpd[4424]: send attr address = rvdmitchell@comcast.net
Jul 16 14:21:28 mail postfix/proxymap[3987]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=articulate2day,dc=com: -1 (Can't contact LDAP server)

4

Re: opnenldap not starting and unable to login and receive mail

Zhang,

it appears that the ldap server had stopped running again and it is now unable to restart, and this was after I regenerated the new ssl keys via the script, and I am back to receiving the error message in the openldap.log below.

Jul 16 15:13:42 mail slapd[4102]: connections_destroy: nothing to destroy.
Jul 15 15:21:28 mail slapd[1740]: @(#) $OpenLDAP: slapd 2.4.26 $#012#011opensuse-buildservice@opensuse.org
Jul 15 15:21:29 mail slapd[1740]: main: TLS init def ctx failed: -1
Jul 15 15:21:29 mail slapd[1740]: slapd stopped.
Jul 15 15:21:29 mail slapd[1740]: connections_destroy: nothing to destroy.

I'm not really sure what else to really check here as far as this issue is concerned and I could see that the service did come back for a while when I checked the status of the ldap daemon, but I decided to restart it when I could not login, and the ldap service never recovered.

5

Re: opnenldap not starting and unable to login and receive mail

Do you have correct file permission on cert files? Show us output of below commands:

# ls -l /etc/ssl/certs/iRedMail_CA.pem /etc/ssl/private/iRedMail.key

6

Re: opnenldap not starting and unable to login and receive mail

Below is the output you asked for and they appear to correct unless, they are supposed to be read write and execute?

ls -l /etc/ssl/certs/iRedMail_CA.pem
-rw-r--r-- 1 root root 1525 Jul 16 13:34 /etc/ssl/certs/iRedMail_CA.pem

ls -l /etc/ssl/private/iRedMail.key
-rw-r--r-- 1 root root 1704 Jul 16 13:33 /etc/ssl/private/iRedMail.key

7

Re: opnenldap not starting and unable to login and receive mail

I was wondering if you had a chance too look into this issue, because since then I have went through the process of creating the certificates and giving them the proper permissions three times, and yet I am still not able to start ldap and use email.