Dec 29, 2023: iRedMail-1.6.8 has been released.

**eheimerman** · 2015-10-04 08:55:48

eheimerman
Member
Offline

Registered: 2015-10-04
Posts: 5

Topic: [RESOLVED] LDAP binding in debian 8.2

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian 8.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====

Fresh install of iredmail 0.9.2 on a brand new clean Debian 8.2 server. Installation seems to go fine, no apparent errors. When I try to log into roundcube at https://www.heimerman.org/mail/ using postmaster@heimerman.org and the password I set up during the install, I get a login failure and this in the openldap.log:

Oct 3 19:41:54 spinach2 slapd[2950]: daemon: read active on 19
Oct 3 19:41:54 spinach2 slapd[2950]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct 3 19:41:54 spinach2 slapd[2950]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct 3 19:41:54 spinach2 slapd[2950]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct 3 19:41:54 spinach2 slapd[2950]: connection_get(19)
Oct 3 19:41:54 spinach2 slapd[2950]: connection_get(19): got connid=1504
Oct 3 19:41:54 spinach2 slapd[2950]: connection_read(19): checking for input on id=1504
Oct 3 19:41:54 spinach2 slapd[2950]: op tag 0x60, time 1443919314
Oct 3 19:41:54 spinach2 slapd[2950]: conn=1504 op=0 do_bind
Oct 3 19:41:54 spinach2 slapd[2950]: >>> dnPrettyNormal: <cn=vmail,dc=heimerman,dc=org>
Oct 3 19:41:54 spinach2 slapd[2950]: <<< dnPrettyNormal: <cn=vmail,dc=heimerman,dc=org>, <cn=vmail,dc=heimerman,dc=org>
Oct 3 19:41:54 spinach2 slapd[2950]: conn=1504 op=0 BIND dn="cn=vmail,dc=heimerman,dc=org" method=128
Oct 3 19:41:54 spinach2 slapd[2950]: do_bind: version=3 dn="cn=vmail,dc=heimerman,dc=org" method=128
Oct 3 19:41:54 spinach2 slapd[2950]: ==> hdb_bind: dn: cn=vmail,dc=heimerman,dc=org
Oct 3 19:41:54 spinach2 slapd[2950]: bdb_dn2entry("cn=vmail,dc=heimerman,dc=org")
Oct 3 19:41:54 spinach2 slapd[2950]: => hdb_dn2id("dc=heimerman,dc=org")
Oct 3 19:41:54 spinach2 slapd[2950]: <= hdb_dn2id: get failed: BDB0073 DB_NOTFOUND: No matching key/data pair found (-30988)
Oct 3 19:41:54 spinach2 slapd[2950]: send_ldap_result: conn=1504 op=0 p=3
Oct 3 19:41:54 spinach2 slapd[2950]: send_ldap_result: err=49 matched="" text=""
Oct 3 19:41:54 spinach2 slapd[2950]: send_ldap_response: msgid=1 tag=97 err=49
Oct 3 19:41:54 spinach2 slapd[2950]: conn=1504 op=0 RESULT tag=97 err=49 text=
Oct 3 19:41:54 spinach2 slapd[2950]: daemon: activity on 1 descriptor
Oct 3 19:41:54 spinach2 slapd[2950]: daemon: activity on:

in the mail.info log I have lots of these:
Oct 3 19:46:54 spinach2 postfix/proxymap[15139]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=heimerman,dc=org: 49 (Invalid credentials)

I have since set up a clean debian 7 server and tried the exact same setup with iredmail 0.9.2 and it works perfectly. I've tried this install on debian 8.2 three different times thinking maybe I fat-fingered something, but the same results every time. If I install iredmail 0.9.2 on debian 8.2 selecting all of the same options, but choosing mysql instead of ldap, it also works perfectly. But I really want to use LDAP, if possible.

Post's attachments

openldap.log 5.27 kb, file has never been downloaded.

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2015-10-04 09:16:57

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: [RESOLVED] LDAP binding in debian 8.2

eheimerman wrote:

Oct 3 19:46:54 spinach2 postfix/proxymap[15139]: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=heimerman,dc=org: 49 (Invalid credentials)

It means either you're using a wrong password of cn=vmail,dc=heimerman,dc=org in /etc/postfix/ldap/*.cf, or iRedMail didn't correctly set its password during installation.

The solution is, reset cn=vmail,dc=heimerman,dc=org's password to the one defined in /etc/postfix/ldap/*.cf with phpldapadmin or other ldap management tools.

I will try to reproduce this issue later to see whether it's a iRedMail bug, but I didn't get this error during all my testing.

**eheimerman** · 2015-10-06 01:00:39

eheimerman
Member
Offline

Registered: 2015-10-04
Posts: 5

Re: [RESOLVED] LDAP binding in debian 8.2

Okay, I installed phpldapadmin, but when I try to log in with cn=Manager,dc=heimerman,dc=org, I get this in the browser:
EDIT: I get the same error if I use cn=vmailadmin,dc=heimerman,dc=org

Could not start TLS. (My LDAP Server)
Error: Could not start TLS. Please check your LDAP server configuration.
Unable to connect to LDAP server My LDAP Server
Error: Can't contact LDAP server (-1) for user
Failed to Authenticate to server
Invalid Username or Password.

And this in the openldap.log:

Oct  5 11:17:19 spinach2 slapd[20644]: slap_listener_activate(9):
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=9 busy
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: >>> slap_listener(ldap:///)
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: listen=9, new connection on 19
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: added 19r (active) listener=(nil)
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 fd=19 ACCEPT from IP=127.0.0.1:36184 (IP=0.0.0.0:389)
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on 1 descriptor
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on:
Oct  5 11:17:19 spinach2 slapd[20644]:
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on 1 descriptor
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on:
Oct  5 11:17:19 spinach2 slapd[20644]:  19r
Oct  5 11:17:19 spinach2 slapd[20644]:
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: read active on 19
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: connection_get(19)
Oct  5 11:17:19 spinach2 slapd[20644]: connection_get(19): got connid=13758
Oct  5 11:17:19 spinach2 slapd[20644]: connection_read(19): checking for input on id=13758
Oct  5 11:17:19 spinach2 slapd[20644]: op tag 0x60, time 1444061839
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 op=0 do_bind
Oct  5 11:17:19 spinach2 slapd[20644]: >>> dnPrettyNormal: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:17:19 spinach2 slapd[20644]: <<< dnPrettyNormal: <cn=vmailadmin,dc=heimerman,dc=org>, <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 op=0 BIND dn="cn=vmailadmin,dc=heimerman,dc=org" method=128
Oct  5 11:17:19 spinach2 slapd[20644]: do_bind: version=3 dn="cn=vmailadmin,dc=heimerman,dc=org" method=128
Oct  5 11:17:19 spinach2 slapd[20644]: ==> hdb_bind: dn: cn=vmailadmin,dc=heimerman,dc=org
Oct  5 11:17:19 spinach2 slapd[20644]: bdb_dn2entry("cn=vmailadmin,dc=heimerman,dc=org")
Oct  5 11:17:19 spinach2 slapd[20644]: => hdb_dn2id("dc=heimerman,dc=org")
Oct  5 11:17:19 spinach2 slapd[20644]: <= hdb_dn2id: get failed: BDB0073 DB_NOTFOUND: No matching key/data pair found (-30988)
Oct  5 11:17:19 spinach2 slapd[20644]: send_ldap_result: conn=13758 op=0 p=3
Oct  5 11:17:19 spinach2 slapd[20644]: send_ldap_result: err=49 matched="" text=""
Oct  5 11:17:19 spinach2 slapd[20644]: send_ldap_response: msgid=1 tag=97 err=49
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 op=0 RESULT tag=97 err=49 text=
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on 1 descriptor
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on:
Oct  5 11:17:19 spinach2 slapd[20644]:
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on 1 descriptor
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on:
Oct  5 11:17:19 spinach2 slapd[20644]:  19r
Oct  5 11:17:19 spinach2 slapd[20644]:
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: read active on 19
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct  5 11:17:19 spinach2 slapd[20644]: connection_get(19)
Oct  5 11:17:19 spinach2 slapd[20644]: connection_get(19): got connid=13758
Oct  5 11:17:19 spinach2 slapd[20644]: connection_read(19): checking for input on id=13758
Oct  5 11:17:19 spinach2 slapd[20644]: op tag 0x42, time 1444061839
Oct  5 11:17:19 spinach2 slapd[20644]: ber_get_next on fd 19 failed errno=0 (Success)
Oct  5 11:17:19 spinach2 slapd[20644]: connection_read(19): input error=-2 id=13758, closing.
Oct  5 11:17:19 spinach2 slapd[20644]: connection_closing: readying conn=13758 sd=19 for close
Oct  5 11:17:19 spinach2 slapd[20644]: connection_close: deferring conn=13758 sd=19
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 op=1 do_unbind
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 op=1 UNBIND
Oct  5 11:17:19 spinach2 slapd[20644]: connection_resched: attempting closing conn=13758 sd=19
Oct  5 11:17:19 spinach2 slapd[20644]: connection_close: conn=13758 sd=19
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: removing 19
Oct  5 11:17:19 spinach2 slapd[20644]: conn=13758 fd=19 closed
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on 1 descriptor
Oct  5 11:17:19 spinach2 slapd[20644]: daemon: activity on:

Here's the ldap log lines from startup. I don't have much experience with ldap servers so I don't know if there's anything wrong here:

Oct  5 11:20:18 spinach2 slapd[6411]: @(#) $OpenLDAP: slapd  (Sep 11 2015 15:11:55) $#012#011buildd@babin:/build/openldap-nFTO9j/openldap-2.4.40+dfsg/debian/build/servers/slapd
Oct  5 11:20:18 spinach2 slapd[6411]: line 51 (access to attrs="userPassword,mailForwardingAddress,storageBaseDirectory,homeDirectory,mailMessageStore"    by anonymous    auth    by self         write    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users        none)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 59 (access to attrs="cn,sn,gn,givenName,telephoneNumber"    by anonymous    auth    by self         write    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users        read)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 67 (access to attrs="objectclass,domainName,mtaTransport,enabledService,domainSenderBccAddress,domainRecipientBccAddress,domainBackupMX,domainMaxQuotaSize,domainMaxUserNumber"    by anonymous    auth    by self         read    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users        read)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 74 (access to attrs="domainAdmin,domainGlobalAdmin,domainSenderBccAddress,domainRecipientBccAddress"    by anonymous    auth    by self         read    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users        none)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 82 (access to attrs="employeeNumber,mail,accountStatus,userSenderBccAddress,userRecipientBccAddress,mailQuota,backupMailAddress,shadowAddress,memberOfGroup"    by anonymous    auth    by self         read    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users        read)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 91 (access to dn="cn=vmail,dc=heimerman,dc=org"    by anonymous                    auth    by self                         write    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users                        none)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 96 (access to dn="cn=vmailadmin,dc=heimerman,dc=org"    by anonymous                    auth    by self                         write    by users                        none)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 109 (access to dn.regex="domainName=([^,]+),o=domains,dc=heimerman,dc=org$"    by anonymous                    auth    by self                         write    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=heimerman,dc=org$" write    by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=heimerman,dc=org$" read    by users                        none)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 120 (access to dn.subtree="o=domains,dc=heimerman,dc=org"    by anonymous                    auth    by self                         write    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=heimerman,dc=org$" read    by users                        read)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <o=domains,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <o=domains,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 127 (access to dn.subtree="o=domainAdmins,dc=heimerman,dc=org"    by anonymous                    auth    by self                         write    by dn.exact="cn=vmail,dc=heimerman,dc=org"   read    by dn.exact="cn=vmailadmin,dc=heimerman,dc=org"  write    by users                        none)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <o=domainAdmins,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <o=domainadmins,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmail,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=vmailadmin,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 135 (access to dn.regex="cn=[^,]+,dc=heimerman,dc=org"    by anonymous                    auth    by self                         write    by users                        none)
Oct  5 11:20:18 spinach2 slapd[6411]: line 143 (access to *    by anonymous                    auth    by self                         write    by users                        read)
Oct  5 11:20:18 spinach2 slapd[6411]: line 154 (database    hdb)
Oct  5 11:20:18 spinach2 slapd[6411]: hdb_db_init: Initializing HDB database
Oct  5 11:20:18 spinach2 slapd[6411]: line 155 (suffix      dc=heimerman,dc=org)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnPrettyNormal: <dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnPrettyNormal: <dc=heimerman,dc=org>, <dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 156 (directory   /var/lib/ldap/heimerman.org)
Oct  5 11:20:18 spinach2 slapd[6411]: line 158 (rootdn      cn=Manager,dc=heimerman,dc=org)
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnPrettyNormal: <cn=Manager,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnPrettyNormal: <cn=Manager,dc=heimerman,dc=org>, <cn=manager,dc=heimerman,dc=org>
Oct  5 11:20:18 spinach2 slapd[6411]: line 159 (rootpw ***)
Oct  5 11:20:18 spinach2 slapd[6411]: line 161 (sizelimit   10000)
Oct  5 11:20:18 spinach2 slapd[6411]: line 162 (cachesize   10000)
Oct  5 11:20:18 spinach2 slapd[6411]: line 176 (checkpoint  128 5)
Oct  5 11:20:18 spinach2 slapd[6411]: line 179 (mode        0700)
Oct  5 11:20:18 spinach2 slapd[6411]: line 182 (index objectClass                                   eq,pres)
Oct  5 11:20:18 spinach2 slapd[6411]: index objectClass 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: line 183 (index uidNumber,gidNumber,uid,memberUid,loginShell  eq,pres)
Oct  5 11:20:18 spinach2 slapd[6411]: index uidNumber 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: index gidNumber 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: index uid 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: index memberUid 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: index loginShell 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: line 184 (index homeDirectory,mailMessageStore                eq,pres)
Oct  5 11:20:18 spinach2 slapd[6411]: index homeDirectory 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: index mailMessageStore 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: line 185 (index ou,cn,mail,surname,givenname,telephoneNumber,displayName  eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index ou 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index cn 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index mail 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index sn 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index givenName 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index telephoneNumber 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index displayName 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 186 (index nisMapName,nisMapEntry                        eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index nisMapName 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index nisMapEntry 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 187 (index shadowLastChange                              eq,pres)
Oct  5 11:20:18 spinach2 slapd[6411]: index shadowLastChange 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: line 193 (index domainName,mtaTransport,accountStatus,enabledService,disabledService  eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index domainName 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index mtaTransport 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index accountStatus 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index enabledService 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index disabledService 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 194 (index domainAliasName    eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index domainAliasName 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 195 (index domainMaxUserNumber eq,pres)
Oct  5 11:20:18 spinach2 slapd[6411]: index domainMaxUserNumber 0x0006
Oct  5 11:20:18 spinach2 slapd[6411]: line 196 (index domainAdmin,domainGlobalAdmin,domainBackupMX    eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index domainAdmin 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index domainGlobalAdmin 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index domainBackupMX 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 197 (index domainSenderBccAddress,domainRecipientBccAddress  eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index domainSenderBccAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index domainRecipientBccAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 199 (index accessPolicy,hasMember,listAllowedUser   eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index accessPolicy 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index hasMember 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index listAllowedUser 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 201 (index mailForwardingAddress,shadowAddress   eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index mailForwardingAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index shadowAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 202 (index backupMailAddress,memberOfGroup   eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index backupMailAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index memberOfGroup 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: line 203 (index userRecipientBccAddress,userSenderBccAddress  eq,pres,sub)
Oct  5 11:20:18 spinach2 slapd[6411]: index userRecipientBccAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: index userSenderBccAddress 0x0716
Oct  5 11:20:18 spinach2 slapd[6411]: >>> dnNormalize: <cn=Subschema>
Oct  5 11:20:18 spinach2 slapd[6411]: <<< dnNormalize: <cn=subschema>
Oct  5 11:20:18 spinach2 slapd[6411]: matching_rule_use_init
Oct  5 11:20:18 spinach2 slapd[6411]:     1.2.840.113556.1.4.804 (integerBitOrMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ domainMaxQuotaSize $ domainMaxUserNumber $ domainCurrentUserNumber $ domainMaxAliasNumber $ domainCurrentAliasNumber $ domainMaxListNumber $ domainCurrentListNumber $ domainDefaultUserQuota $ mailUID $ mailGID $ mailQuota $ mailQuotaMessageLimit ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     1.2.840.113556.1.4.803 (integerBitAndMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ domainMaxQuotaSize $ domainMaxUserNumber $ domainCurrentUserNumber $ domainMaxAliasNumber $ domainCurrentAliasNumber $ domainMaxListNumber $ domainCurrentListNumber $ domainDefaultUserQuota $ mailUID $ mailGID $ mailQuota $ mailQuotaMessageLimit ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ corbaIor $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry $ amavisSpamTagLevel $ amavisSpamTag2Level $ amavisSpamKillLevel $ amavisWhitelistSender $ amavisBlacklistSender $ amavisSpamQuarantineTo $ amavisVirusQuarantineTo $ amavisBannedQuarantineTo $ amavisBadHeaderQuarantineTo $ amavisMessageSizeLimit $ amavisVirusAdmin $ amavisNewVirusAdmin $ amavisSpamAdmin $ amavisBannedAdmin $ amavisBadHeaderAdmin $ amavisBannedRuleNames $ amavisSpamDsnCutoffLevel $ amavisSpamQuarantineCutoffLevel $ amavisSpamSubjectTag $ amavisSpamSubjectTag2 $ amavisArchiveQuarantineTo $ amavisAddrExtensionVirus $ amavisAddrExtensionSpam $ amavisAddrExtensionBanned $ amavisAddrExtensionBadHeader $ amavisSpamTag3Level $ amavisSpamSubjectTag3 $ amavisUncheckedQuarantineTo $ amavisCleanQuarantineTo $ amavisForwardMethod $ amavisSaUserConf $ amavisSaUserName $ amavisDisclaimerOptions $ domainName $ mtaTransport $ domainStatus $ domainAdmin $ domainGlobalAdmin $ domainBackupMX $ domainSenderBccAddress $ domainRecipientBccAddress $ domainCurrentQuotaSize $ domainAliasName $ domainWhitelistIP $ domainWhitelistSender $ domainBlacklistIP $ domainBlacklistSender $ storageBaseDirectory $ mailMessageStore $ mailHost $ mailForwardingAddress $ accountStatus $ userRecipientBccAddress $ userSenderBccAddress $ backupMailAddress $ enabledService $ memberOfGroup $ lastLoginIP $ lastLoginProtocol $ shadowAddress $ accountSetting $ userManager $ mailWhitelistRecipient $ mailBlacklistRecipient $ disabledService $ accessPolicy $ hasMember $ listAllowedUser ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ corbaIor $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry $ amavisSpamTagLevel $ amavisSpamTag2Level $ amavisSpamKillLevel $ amavisWhitelistSender $ amavisBlacklistSender $ amavisSpamQuarantineTo $ amavisVirusQuarantineTo $ amavisBannedQuarantineTo $ amavisBadHeaderQuarantineTo $ amavisMessageSizeLimit $ amavisVirusAdmin $ amavisNewVirusAdmin $ amavisSpamAdmin $ amavisBannedAdmin $ amavisBadHeaderAdmin $ amavisBannedRuleNames $ amavisSpamDsnCutoffLevel $ amavisSpamQuarantineCutoffLevel $ amavisSpamSubjectTag $ amavisSpamSubjectTag2 $ amavisArchiveQuarantineTo $ amavisAddrExtensionVirus $ amavisAddrExtensionSpam $ amavisAddrExtensionBanned $ amavisAddrExtensionBadHeader $ amavisSpamTag3Level $ amavisSpamSubjectTag3 $ amavisUncheckedQuarantineTo $ amavisCleanQuarantineTo $ amavisForwardMethod $ amavisSaUserConf $ amavisSaUserName $ amavisDisclaimerOptions $ domainName $ mtaTransport $ domainStatus $ domainAdmin $ domainGlobalAdmin $ domainBackupMX $ domainSenderBccAddress $ domainRecipientBccAddress $ domainCurrentQuotaSize $ domainAliasName $ domainWhitelistIP $ domainWhitelistSender $ domainBlacklistIP $ domainBlacklistSender $ storageBaseDirectory $ mailMessageStore $ mailHost $ mailForwardingAddress $ accountStatus $ userRecipientBccAddress $ userSenderBccAddress $ backupMailAddress $ enabledService $ memberOfGroup $ lastLoginIP $ lastLoginProtocol $ shadowAddress $ accountSetting $ userManager $ mailWhitelistRecipient $ mailBlacklistRecipient $ disabledService $ accessPolicy $ hasMember $ listAllowedUser ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.39 (certificateListMatch):
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.38 (certificateListExactMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.35 (certificateMatch):
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.34 (certificateExactMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.30 (objectIdentifierFirstComponentMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.29 (integerFirstComponentMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ domainMaxQuotaSize $ domainMaxUserNumber $ domainCurrentUserNumber $ domainMaxAliasNumber $ domainCurrentAliasNumber $ domainMaxListNumber $ domainCurrentListNumber $ domainDefaultUserQuota $ mailUID $ mailGID $ mailQuota $ mailQuotaMessageLimit ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.28 (generalizedTimeOrderingMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' APPLIES ( createTimestamp $ modifyTimestamp $ lastLoginDate $ expiredDate ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.27 (generalizedTimeMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ lastLoginDate $ expiredDate ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.24 (protocolInformationMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.23 (uniqueMemberMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.22 (presentationAddressMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.20 (telephoneNumberMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.18 (octetStringOrderingMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.18 NAME 'octetStringOrderingMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.17 (octetStringMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.16 (bitStringMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.15 (integerOrderingMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.15 NAME 'integerOrderingMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ domainMaxQuotaSize $ domainMaxUserNumber $ domainCurrentUserNumber $ domainMaxAliasNumber $ domainCurrentAliasNumber $ domainMaxListNumber $ domainCurrentListNumber $ domainDefaultUserQuota $ mailUID $ mailGID $ mailQuota $ mailQuotaMessageLimit ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.14 (integerMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ domainMaxQuotaSize $ domainMaxUserNumber $ domainCurrentUserNumber $ domainMaxAliasNumber $ domainCurrentAliasNumber $ domainMaxListNumber $ domainCurrentListNumber $ domainDefaultUserQuota $ mailUID $ mailGID $ mailQuota $ mailQuotaMessageLimit ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.13 (booleanMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ amavisVirusLover $ amavisBannedFilesLover $ amavisBypassVirusChecks $ amavisBypassSpamChecks $ amavisSpamModifiesSubj $ amavisSpamLover $ amavisBadHeaderLover $ amavisBypassBannedChecks $ amavisBypassHeaderChecks $ amavisLocal $ amavisWarnVirusRecip $ amavisWarnBannedRecip $ amavisWarnBadHeaderRecip $ amavisUncheckedLover ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.11 (caseIgnoreListMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.9 (numericStringOrderingMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.9 NAME 'numericStringOrderingMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.8 (numericStringMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.7 (caseExactSubstringsMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ c $ telephoneNumber $ destinationIndicator $ dnQualifier $ homePhone $ mobile $ pager ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.6 (caseExactOrderingMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ corbaRepositoryId $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ homePhone $ personalTitle $ mobile $ pager $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ pr
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.5 (caseExactMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ corbaRepositoryId $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ homePhone $ personalTitle $ mobile $ pager $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredL
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.4 (caseIgnoreSubstringsMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ c $ telephoneNumber $ destinationIndicator $ dnQualifier $ homePhone $ mobile $ pager ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.3 (caseIgnoreOrderingMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ corbaRepositoryId $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ homePhone $ personalTitle $ mobile $ pager $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ p
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.2 (caseIgnoreMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ corbaRepositoryId $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ homePhone $ personalTitle $ mobile $ pager $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferred
Oct  5 11:20:18 spinach2 slapd[6411]:     1.2.36.79672281.1.13.3 (rdnMatch):
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.1 (distinguishedNameMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect ) )
Oct  5 11:20:18 spinach2 slapd[6411]:     2.5.13.0 (objectIdentifierMatch):
Oct  5 11:20:18 spinach2 slapd[6411]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
Oct  5 11:20:18 spinach2 slapd[6412]: slapd startup: initiated.
Oct  5 11:20:18 spinach2 slapd[6412]: backend_startup_one: starting "cn=config"
Oct  5 11:20:18 spinach2 slapd[6412]: config_back_db_open
Oct  5 11:20:18 spinach2 slapd[6412]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Oct  5 11:20:18 spinach2 slapd[6412]: config_back_db_open: No explicit ACL for back-config configured. Using hardcoded default
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn=config"
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn=module{0}"
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn=schema"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={0}core>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={0}core>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={0}core"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={1}corba>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={1}corba>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={1}corba"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={2}cosine>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={2}cosine>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={2}cosine"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={3}inetorgperson>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={3}inetorgperson>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={3}inetorgperson"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={4}nis>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={4}nis>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={4}nis"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={5}amavis>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={5}amavis>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={5}amavis"
Oct  5 11:20:18 spinach2 slapd[6412]: >>> dnNormalize: <cn={6}iredmail>
Oct  5 11:20:18 spinach2 slapd[6412]: <<< dnNormalize: <cn={6}iredmail>
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "cn={6}iredmail"
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "olcDatabase={-1}frontend"
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "olcDatabase={0}config"
Oct  5 11:20:18 spinach2 slapd[6412]: config_build_entry: "olcDatabase={1}hdb"
Oct  5 11:20:18 spinach2 slapd[6412]: backend_startup_one: starting "dc=heimerman,dc=org"
Oct  5 11:20:18 spinach2 slapd[6412]: hdb_db_open: "dc=heimerman,dc=org"
Oct  5 11:20:18 spinach2 slapd[6412]: hdb_db_open: database "dc=heimerman,dc=org": dbenv_open(/var/lib/ldap/heimerman.org).
Oct  5 11:20:18 spinach2 slapd[6412]: slapd starting
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: added 6r listener=(nil)
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: added 9r listener=0x7f76bcd9c4f0
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: added 10r listener=0x7f76bcd9c5b0
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: added 11r listener=0x7f76bcd9d490
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: activity on 1 descriptor
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: activity on:
Oct  5 11:20:18 spinach2 slapd[6412]:
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Oct  5 11:20:18 spinach2 slapd[6412]: daemon: epoll: listen=11 active_threads=0 tvp=zero

**eheimerman** · 2015-10-06 01:03:59

eheimerman
Member
Offline

Registered: 2015-10-04
Posts: 5

Re: [RESOLVED] LDAP binding in debian 8.2

I did verify the passwords in /etc/postfix/ldap/*.cf, and they match what is in iRedMail.tips

**eheimerman** · 2015-10-06 11:01:02

eheimerman
Member
Offline

Registered: 2015-10-04
Posts: 5

Re: [RESOLVED] LDAP binding in debian 8.2

My install of Debian 8.2 did not have systemd installed. I'm not sure if that's standard or just the way my vps host builds it. I added "export USE_SYSTEMD=NO" as the last line of conf/global before running the iRedMail setup script, and everything seems to be working fine now. An alternative may have been to "apt-get install systemd" before running the script, but I haven't tried that yet.

In case this will help anyone in my same situation, my vps host is Servarica.

It is odd to me that I only ran into trouble when I tried to use LDAP. As long as I was using MySQL, it worked just fine. I may try to do some more troubleshooting to figure out why that is, but maybe someone with more intimate knowledge of the iRedMail install process will have a ready answer.

**ZhangHuangbin** · 2015-10-06 11:18:41

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: [RESOLVED] LDAP binding in debian 8.2

systemd is the default init system in Debian 8, that's odd that your VPS doesn't have it installed. I guess your vps vender replaces it with SysV in VPS OS template.

Is it possible for you to contact them to confirm this and ask why they change the default init system?

**eheimerman** · 2015-10-06 20:40:09

eheimerman
Member
Offline

Registered: 2015-10-04
Posts: 5

Re: [RESOLVED] LDAP binding in debian 8.2

ZhangHuangbin wrote:

systemd is the default init system in Debian 8, that's odd that your VPS doesn't have it installed. I guess your vps vender replaces it with SysV in VPS OS template.
Is it possible for you to contact them to confirm this and ask why they change the default init system?

I'm just guessing, but I'm thinking they probably built their Debian 8.2 image by upgrading a Debian 7 box. The tech support guy did not seem to know.

Dec 29, 2023: iRedMail-1.6.8 has been released.

[ Closed ] [RESOLVED] LDAP binding in debian 8.2

Posts: 7

1 Topic by eheimerman 2015-10-04 08:55:48 (edited by eheimerman 2015-10-06 11:02:04)

Topic: [RESOLVED] LDAP binding in debian 8.2

2 Reply by ZhangHuangbin 2015-10-04 09:16:57

Re: [RESOLVED] LDAP binding in debian 8.2

3 Reply by eheimerman 2015-10-06 01:00:39 (edited by eheimerman 2015-10-06 01:01:29)

Re: [RESOLVED] LDAP binding in debian 8.2

4 Reply by eheimerman 2015-10-06 01:03:59

Re: [RESOLVED] LDAP binding in debian 8.2

5 Reply by eheimerman 2015-10-06 11:01:02 (edited by eheimerman 2015-10-06 11:05:49)

Re: [RESOLVED] LDAP binding in debian 8.2

6 Reply by ZhangHuangbin 2015-10-06 11:18:41

Re: [RESOLVED] LDAP binding in debian 8.2

7 Reply by eheimerman 2015-10-06 20:40:09

Re: [RESOLVED] LDAP binding in debian 8.2

Posts: 7