1

Topic: iRedMail update issue - Couldn't restart slapd

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Deployed with iRedMail Easy or the downloadable installer? the downloadable installer
- Linux/BSD distribution name and version: Ubuntu-18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello all,

I was working on updating from iRedMail Pro 0.9.8 to 0.9.9 and after backing up the iRedmail Schema and updating the schema per the step-by-step update guide, when I tried to restart slapd it gives me this error:
Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details.

And when I run "systemctl status slapd.service"

Feb 20 06:39:26 mydomain-ired slapd[13502]: >>> dnNormalize: <cn=vmail,dc=mydomain,dc=com>
Feb 20 06:39:26 mydomain-ired slapd[13502]: <<< dnNormalize: <cn=vmail,dc=mydomain,dc=com>
Feb 20 06:39:26 mydomain-ired slapd[13502]: >>> dnNormalize: <cn=vmailadmin,dc=mydomain,dc=com>
Feb 20 06:39:26 mydomain-ired slapd[13502]: <<< dnNormalize: <cn=vmailadmin,dc=mydomain,dc=com>
Feb 20 06:39:26 mydomain-ired slapd[13502]: line 73 (access to attrs="objectclass,domainName,mtaTransport,enabledService,domainSenderBccAddress,domainRecipientBccAddress,domainBackupMX,domainMaxQuotaSize,domain
Feb 20 06:39:26 mydomain-ired slapd[13496]:    ...fail!
Feb 20 06:39:26 mydomain-ired systemd[1]: slapd.service: Control process exited, code=exited status=1
Feb 20 06:39:26 mydomain-ired systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Feb 20 06:39:26 mydomain-ired systemd[1]: slapd.service: Unit entered failed state.
Feb 20 06:39:26 mydomain-ired systemd[1]: slapd.service: Failed with result 'exit-code'.

and here is sldap.conf file

# Schemas.
include     /etc/ldap/schema/core.schema
include     /etc/ldap/schema/corba.schema
include     /etc/ldap/schema/cosine.schema
include     /etc/ldap/schema/inetorgperson.schema
include     /etc/ldap/schema/nis.schema
# Amavisd-new schema.
include     /etc/ldap/schema/amavis.schema
# iRedMail schema.
include     /etc/ldap/schema/iredmail.schema

# Where the pid file is put. The init.d script will not stop the
# server if you change this.
pidfile     /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile    /var/run/slapd/slapd.args

modulepath  /usr/lib/ldap
moduleload  back_mdb

# Support password verification with SSHA512. Require OpenLDAP-2.4.32 or later.
moduleload  pw-sha2

# The syncprov overlay
#moduleload syncprov.la

# TLS files.
TLSCACertificateFile /etc/ssl/certs/mydomain.crt
TLSCertificateFile /etc/ssl/certs/mydomain.crt
TLSCertificateKeyFile /etc/ssl/private/privkey.pem

# Disallow bind as anonymous.
disallow    bind_anon

# Uncomment below line to allow binding as anonymous.
#allow bind_anon_cred

# Specify LDAP protocol version.
require     LDAPv3
#allow       bind_v2

# Log level.
#   -1:     enable all debugging
#    0:     no debugging
#   128:    access control list processing
#   256:    stats log connections/operations/results
loglevel    -1

# Access Control
# Allow users to change their own passwords and mail forwarding addresses.
access to attrs="userPassword,mailForwardingAddress,storageBaseDirectory,homeDirectory,mailMessageStore"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by users        none

# Allow to read others public info.
access to attrs="cn,sn,gn,givenName,telephoneNumber"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by users        read

# Domain attrs.
access to attrs="objectclass,domainName,mtaTransport,enabledService,domainSenderBccAddress,domainRecipientBccAddress,domainBackupMX,domainMaxQuotaSize,domainMaxUserNumber,domainPendingAliasName"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by users        read

access to attrs="domainAdmin,domainGlobalAdmin,domainSenderBccAddress,domainRecipientBccAddress"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by users        none

# User attrs.
access to attrs="domainStatus,employeeNumber,mail,accountStatus,userSenderBccAddress,userRecipientBccAddress,mailQuota,backupMailAddress,shadowAddress,memberOfGroup"
    by anonymous    auth
    by self         read
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by users        read

#
# Set ACL for vmail/vmailadmin.
#
access to dn="cn=vmail,dc=mydomain,dc=com"
    by anonymous                    auth
    by self                         write
    by users                        none

access to dn="cn=vmailadmin,dc=mydomain,dc=com"
    by anonymous                    auth
    by self                         write
    by users                        none

#
# Allow users to access their own domain subtree.
# Allow domain admin to modify accounts under same domain.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=mydomain,dc=com$"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=mydomain,dc=com"   read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=mydomain,dc=com$" write
    by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=mydomain,dc=com$" read
    by users                        none

#
# Grant correct privileges to vmail/vmailadmin.
#
access to dn.subtree="o=domains,dc=mydomain,dc=com"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=mydomain,dc=com"    read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    #by users                        none
    by users                 read

access to dn.subtree="o=domainAdmins,dc=mydomain,dc=com"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmail,dc=mydomain,dc=com"    read
    by dn.exact="cn=vmailadmin,dc=mydomain,dc=com"  write
    by users                        none

#
# Set permission for "cn=*,dc=mydomain,dc=com".
#
access to dn.regex="cn=[^,]+,dc=mydomain,dc=com"
    by anonymous                    auth
    by self                         write
    by users                        none

#
# Set default permission.
#
access to *
    by anonymous                    auth
    by self                         write
    by users                        read

#######################################################################
# Databases
#######################################################################
#database monitor
#access to *
#    by dn.exact="cn=Manager,dc=mydomain,dc=com"
#    by * none

# Database used to store mail accounts
database    mdb
suffix      dc=mydomain,dc=com
directory   /var/lib/ldap/mydomain.com

rootdn      cn=Manager,dc=mydomain,dc=com
rootpw      {SSHA}secret

# Specify the maximum number of entries to return from a search operation.
# Defaults to 500. Use `unlimited` to specify no limits.
sizelimit   10000

# Specify the size in entries of the in-memory entry cache maintained by the
# bdb or hdb backend database instance. Defaults to 1000 entries.
#cachesize   10000

# Specify the maximum size of the database in bytes for mdb backend database.
# A memory map of this size is allocated at startup time and the database will
# not be allowed to grow beyond this size. The default is 10485760 bytes
# (10 MB). This setting may be changed upward if the configured limit needs to
# be increased.
maxsize     2147483648

# This directive specifies how often to checkpoint the BDB transaction log.
# A checkpoint operation flushes the database buffers to disk and writes a
# checkpoint record in the log. The checkpoint will occur if either <kbyte>
# data has been written or <min> minutes have passed since the last checkpoint.
# Both arguments default to zero, in which case they are ignored. When the
# <min> argument is non-zero, an internal task will run every <min> minutes
# to perform the checkpoint. See the Berkeley DB reference guide for more
# details.
#
# OpenLDAP default is NO CHECKPOINTING.
#
# whenever 128kb data bytes written or 5 minutes has elapsed
checkpoint  128 5

# Set directory permission.
mode        0700

#
# Default indexes.
#
index objectclass,entryCSN,entryUUID                eq
index uidNumber,gidNumber,uid,memberUid,loginShell  eq,pres
index homeDirectory,mailMessageStore                eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber,displayName  eq,pres,sub
index nisMapName,nisMapEntry                        eq,pres,sub
index shadowLastChange                              eq,pres

#
# Index for mail attrs.
#
# Domain object
index domainName,mtaTransport,accountStatus,enabledService,disabledService  eq,pres,sub
index domainAliasName    eq,pres,sub
index domainMaxUserNumber eq,pres
index domainAdmin,domainGlobalAdmin,domainBackupMX    eq,pres,sub
index domainSenderBccAddress,domainRecipientBccAddress  eq,pres,sub

# Group object
index accessPolicy,hasMember,listAllowedUser   eq,pres,sub

# User object
index mailForwardingAddress,shadowAddress   eq,pres,sub
index backupMailAddress,memberOfGroup   eq,pres,sub
index userRecipientBccAddress,userSenderBccAddress  eq,pres,sub
index member,uniqueMember eq,pres
index mailingListID eq

your help is highly appreciated

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail update issue - Couldn't restart slapd

Try to start openldap service manually with command below:

slapd -u openldap -g openldap -f /etc/ldap/slapd.conf -d -1

it will report detailed error in last few lines on terminal.

3 (edited by bassem.elbeheiry 2019-02-20 22:33:49)

Re: iRedMail update issue - Couldn't restart slapd

Hello ZhangHuangbin,

Kindly find attched the output of the command, the service halted at line 125 of the slapd.conf file with "5c6d607c /etc/ldap/slapd.conf: line 125: <access> handler exited with 1!" error

Post's attachments

Log.txt 79.97 kb, 1 downloads since 2019-02-20 

You don't have the permssions to download the attachments of this post.

4

Re: iRedMail update issue - Couldn't restart slapd

/etc/ldap/slapd.conf: line 125: expecting "to" or "by" got "#by"

See this line?

You have one line which contains "#by", but it should be just "by".

5

Re: iRedMail update issue - Couldn't restart slapd

Thanks ZhangHuangbin (Y)
The service started after deleting the comment from the conf file