1 Topic by tchangth

  • tchangth
  • Member
  • Offline
  • Registered: 2017-05-21
  • Posts: 10

Topic: iRedmail 0.98 OpenLDAP edition with Letsecncrypt

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Nginx):
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,
If anyone of you are facing the problems as I do on openldap with Letsecnrypt with such error message in the log:

apparmor="DENIED" operation="open" parent=2911 profile="/usr/lib/telepathy/mission-control-5" name="/home/jagat/.config/dconf/user" pid=7426 comm="mission-control" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0

The answer is here: https://serverfault.com/questions/77701 … h-openldap

For me I choose to edit /etc/apparmor.d/usr.sbin.slapd and add a line:

/etc/letsencrypt/archive/domain-name/* r,

chmod -R 775 /etc/letsecnrypt

service slapd restart
service nginx restart

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,094

Re: iRedmail 0.98 OpenLDAP edition with Letsecncrypt

Since postfix/dovecot/roundcube need to query LDAP, but OpenLDAP is listening on 127.0.0.1 (or external access is blocked in firewall), it's a good idea to not enable ssl/tls support in OpenLDAP so that you don't need to restart openldap service every 3 months (letsencrypt cert renewal).