1 Topic by isaacv91

  • isaacv91
  • Member
  • Offline
  • Registered: 2017-11-07
  • Posts: 3

Topic: Unable to connect to remote LDAP

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Dear Support,

After following several tutorials and researching for hours on the forum, I’ve installed iRedMail on two fresh servers running Ubuntu 16.04. Server 1 (lets call it LDAP server) was setup and after that I stopped and removed all services, except for OpenLDAP, and allowed external access.

On the SMTP server I set up also iRedMail and updated the following files after the installation:
/etc/postfix/ldap/
catchall_maps.cf                           sender_dependent_relayhost_maps_domain.cf  virtual_group_maps.cf
recipient_bcc_maps_domain.cf               sender_dependent_relayhost_maps_user.cf    virtual_group_members_maps.cf
recipient_bcc_maps_user.cf                 sender_login_maps.cf                       virtual_mailbox_domains.cf
relay_domains.cf                           transport_maps_domain.cf                   virtual_mailbox_maps.cf
sender_bcc_maps_domain.cf                  transport_maps_user.cf                     
sender_bcc_maps_user.cf                    virtual_alias_maps.cf

/etc/dovecot/dovecot-ldap.conf

/opt/www/roundcubemail/config/config.inc.php

and also verified that the binding information is correct:
LDAP Server:
server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=tutorrd,dc=com
bind_pw         = passwordVmail

SMTP Server
server_host     = xxx.xxx.xxx.xxx
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=tutorrd,dc=com
bind_pw         = passwordVmail

both bind_dn and bind_pw are correct and are the ones listed in iRedMail.tips file

OpenLDAP:
    * LDAP suffix: dc=tutorrd,dc=com
    * LDAP root dn: cn=Manager,dc=tutorrd,dc=com, password: passwordMan
    * LDAP bind dn (read-only): cn=vmail,dc=tutorrd,dc=com, password: passwordVmail
    * LDAP admin dn (read-write): cn=vmailadmin,dc=tutorrd,dc=com, password: passwordVmailAdmin
    * LDAP base dn: o=domains,dc=tutorrd,dc=com
    * LDAP admin base dn: o=domainAdmins,dc=tutorrd,dc=com

I’m getting the following errors:
Nov 08 17:27:54 mail dovecot[4933]: auth: Error: LDAP: Can't connect to server: ldap.tutorrd.com:389
Nov 08 17:27:59 mail dovecot[4933]: auth: Error: LDAP: Can't connect to server: ldap.tutorrd.com:389
Nov 08 17:28:00 mail roundcube[5006]: <ohihar79> IMAP Error: Login failed for ivilchez@tutorrd.com from xxx.xxx.xxx.xxx(My IP Address). LOGIN: Temporary authentication failure.
Nov 08 17:28:00 mail dovecot[4933]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<ivilchez@tutorrd.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<S7LmMoBdbtF/AAAB>

I’ve followed the tips on posts like the following:
https://forum.iredmail.org/topic3904-ir … -host.html

I’m still unable to connect. I’ve also tried using the IP of the LDAP Server (xxx.xxx.xxx.xxx), but I get the same error.

Ports 389 and 636 are both open in both servers.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,163

Re: Unable to connect to remote LDAP

Is LDAP service listening on a IP address which is accessible by another server?

3 Reply by isaacv91

  • isaacv91
  • Member
  • Offline
  • Registered: 2017-11-07
  • Posts: 3

Re: Unable to connect to remote LDAP

There was an issue with UFW rules. I fixed it and now the server is listening in both ports.

I have enabled TLS, and I can authenticate the users from a separate wordpress site and also from Roundcube (Mail Server).

The issue that I'm now having is that, eventhough I can log in Roundcube with any user on my LDAP server, I get the following message when I try to send an email:
SMTP Error: [451] 4.3.0 Error: queue file write error

4 Reply by isaacv91

  • isaacv91
  • Member
  • Offline
  • Registered: 2017-11-07
  • Posts: 3

Re: Unable to connect to remote LDAP

I see the following error when I run journalctl -xe, after I try to send an Email:

Nov 16 10:46:23 mail postfix/proxymap[13603]: warning: dict_ldap_connect: Unable to bind to server ldap://45.55.129.46:389 with dn cn=vmail,dc=tutorrd,dc=com: 49 (Inva
Nov 16 10:46:23 mail postfix/cleanup[13815]: warning: proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf lookup error for "root@mail.tutorrd.com"
Nov 16 10:46:23 mail postfix/cleanup[13815]: warning: 9139A42F2C: recipient_bcc_maps map lookup problem -- message not accepted, try again later
Nov 16 10:46:23 mail postfix/pickup[12840]: warning: maildrop/EFA3542F2D: error writing 9139A42F2C: queue file write error
Nov 16 10:46:23 mail postfix/pickup[12840]: warning: 9584A42F2C: message has been queued for 7 days
Nov 16 10:46:23 mail postfix/pickup[12840]: 9584A42F2C: uid=0 from=<root>

I've noticed that there was an error with the password on recipient_bcc_maps_user.cf and after fixing it, the server begun working right again.

Best regards