1

Topic: Migrating from iRedMail 0.9.8 to 1.6.0

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.0 OPENLDAP edition
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Rocky Linux 8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

The old server with iRedMail 0.9.8 is on CentOS Linux 7.9.2009 and uses LDAP backend. I installed iRedMail 1.6.0 on a new server with freshly installed Rocky Linux 8.6. During installation, I saw an error message:

touch: cannot touch '/opt/netdata/etc/netdata/.opt-out-from-anonymous-statistics': No such file or directory

I thought it could be because 'touch' had been issued before the directory was created and ran the command manually. After the installation, I rebooted the server. After reboot, iredapd and iredadmin services were enabled and ran, but the other mail services installed by iRedMail were disabled. I enabled and started the services and then restored using {SSHA512} LDAP configuration backed up on the old server.

The next step was to apply 'updateLDAPValues_099_to_1.py' script. First I had to correct syntax errors in the script since when I ran

 python3 updateLDAPValues_099_to_1.py

I got

SyntaxError: Missing parentheses in call to 'print' 

After providing parentheses for print(), I had

# python3 updateLDAPValues_099_to_1.py.
* Connecting to LDAP server: ldap://127.0.0.1:389
* Get all mail accounts...
* Total 16 user(s).
* (1 of 16) Updating user: b'user@mydomain.org'
Traceback (most recent call last):
  File "updateLDAPValues_099_to_1.py", line 52, in <module>
    conn.modify_s(dn, mod_attrs)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 640, in modify_s
    return self.modify_ext_s(dn,modlist,None,None)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 612, in modify_ext_s
    msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 609, in modify_ext
    return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/usr/lib64/python3.6/site-packages/ldap/ldapobject.py", line 324, in _ldap_call
    result = func(*args,**kwargs)
TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', 'quota-status')

How can I fix that?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Migrating from iRedMail 0.9.8 to 1.6.0

The scripts were written for Python 2, but new linux releases offers Python-3 and no more 2.
As a temporary solution, simply replace all python 2 "print" command by "print()" like below:

# Python 2
print "..."

# Python 3
print("...")

3

Re: Migrating from iRedMail 0.9.8 to 1.6.0

ZhangHuangbin wrote:

As a temporary solution, simply replace all python 2 "print" command by "print()" like below:

# Python 2
print "..."

# Python 3
print("...")

In my first message, I wrote that I had already done it. And after that I got the error I cited at the end of the message.

4

Re: Migrating from iRedMail 0.9.8 to 1.6.0

I upgraded my old server to version 1.6.0 and migrated to the new server with iRedMail 1.6.0. I can send and receive mail via Roundcube and I can change user's settings in iRedAdmin panel. But Thunderbird asks for a password and after the password is typed in, it asks for the password again. I attach dovecot log and openldap.log. One can see "no fields returned by the server" in dovecot.log.

How do I fix it?

Post's attachments

dovecot.log 2.68 kb, 1 downloads since 2022-08-22 

openldap.log 3.46 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

5

Re: Migrating from iRedMail 0.9.8 to 1.6.0

Can you find the user with ldap filter "(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=imaptls)(|(mail=postmaster@mydomain.com)(&(enabledService=shadowaddress)(shadowAddress=postmaster@mydomain.com))))" with command line tool like "ldapsearch"?

6

Re: Migrating from iRedMail 0.9.8 to 1.6.0

ZhangHuangbin wrote:

Can you find the user with ldap filter "(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=imaptls)(|(mail=postmaster@mydomain.com)(&(enabledService=shadowaddress)(shadowAddress=postmaster@mydomain.com))))" with command line tool like "ldapsearch"?

The result using the real email address is

ldap_initialize( <DEFAULT> )
ldap_sasl_interactive_bind_s: No such object (32)

7

Re: Migrating from iRedMail 0.9.8 to 1.6.0

You should replace the email address by the real one, and give ldapsearch proper arguments and values.

8

Re: Migrating from iRedMail 0.9.8 to 1.6.0

ZhangHuangbin wrote:

Can you find the user with ldap filter "(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=imaptls)(|(mail=postmaster@mydomain.com)(&(enabledService=shadowaddress)(shadowAddress=postmaster@mydomain.com))))" with command line tool like "ldapsearch"?

Thank you for your help! I've found out that some mail accounts including postmaster have "enabledService: imapsecured" attribute but have no "enabledService: imaptls" one. I added the attribute to the corresponding DNs and Thunderbird can now access the accounts.

The odd thing is that unlike the new server with Rocky Linux 8.6, on the old server with CentOS 7.9 everything works without that "enabledService: imaptls" attribute but with just "enabledService: imapsecured". Have you an explanation?

I will give the commands that I used. Maybe someone will need it.
Print out all mail accounts:

ldapsearch -D "cn=vmail,dc=mydomain,dc=com" -W -x "(objectclass=mailUser)"

The accounts without "enabledService: imaptls":

ldapsearch -D "cn=vmail,dc=mydomain,dc=com" -W "(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(!(enabledService=imaptls)))" > have_no_imaptls

Insert the "enabledService: imaptls" attribute in the DNs corresponding to the found accounts:

ldapmodify -v -D "cn=vmailadmin,dc=mydomain,dc=com" -W -f ./user_mods

where the file "user_mods" contains:

dn: mail=user1@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com
changeType: modify
add: enabledService
enabledService: imaptls

Here the string starting with "dn:" and ending with "dc=com" should be on one line. And of course "mydomain.com" should be replaced by the real domain name.

9

Re: Migrating from iRedMail 0.9.8 to 1.6.0

mike934 wrote:

... no "enabledService: imaptls" one.

Check this tutorial: https://docs.iredmail.org/upgrade.dovec … d-backends

mike934 wrote:

The odd thing is that unlike the new server with Rocky Linux 8.6, on the old server with CentOS 7.9 everything works without that "enabledService: imaptls" attribute but with just "enabledService: imapsecured". Have you an explanation?

CentOS 7 offers Dovecot-22, but CentOS Stream 8 and Rocky Linux 8 offer Dovecot-2.3. The "enabledService: XXXtls" is required by Dovecot 2.3.

10

Re: Migrating from iRedMail 0.9.8 to 1.6.0

ZhangHuangbin wrote:

Check this tutorial: https://docs.iredmail.org/upgrade.dovec … d-backends

After applying the actions in the tutorial and restarting dovecot, I got this error:

doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: duplicate listener: /run/dovecot/stats-writer

So, I renamed "unix_listener stats-writer" to "unix_listener old-stats-writer" inside "service old-stats".

11

Re: Migrating from iRedMail 0.9.8 to 1.6.0

Hello,

migrating from 0.9.9 to 1.6.8 (CentOS 7.9 to Rocky 9.4) according to:

docs.iredmail.org_migrate.to.new.iredmail.server.html

and:

docs.iredmail.org_backup.restore.html#after-ldap-restore
github.com_iredmail_iRedMail_tree_master_update_ldap
docs.iredmail.org_iredmail.releases.html
docs.iredmail.org_upgrade.dovecot.2.2-2.3.html#ldap-changes-for-openldapldapd-backends

while trying to run:

updateLDAPValues_099_to_1.py

i get:

./updateLDAPValues_099_to_1.py
* Connecting to LDAP server: ldap://127.0.0.1:389
* Get all mail accounts...
* Total xxx user(s).
* (1 of xxx) Updating user: b'user@example.com'
Traceback (most recent call last):
  File "./updateLDAPValues_099_to_1.py", line 52, in <module>
    conn.modify_s(dn, mod_attrs)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 427, in modify_s
    return self.modify_ext_s(dn,modlist,None,None)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 399, in modify_ext_s
    msgid = self.modify_ext(dn,modlist,serverctrls,clientctrls)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 396, in modify_ext
    return self._ldap_call(self._l.modify_ext,dn,modlist,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
TypeError: ('Tuple_to_LDAPMod(): expected a byte string in the list', 'quota-status')

and while trying to run:

update-ldap-dovecot-2.3.py

i get somewhat similar output:

./update-ldap-dovecot-2.3.py
* Connecting to LDAP server: ldap://127.0.0.1:389
* Get mail accounts ...
Traceback (most recent call last):
  File "./update-ldap-dovecot-2.3.py", line 22, in <module>
    allUsers = conn.search_s(
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 631, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 625, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 535, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 539, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 543, in result3
    resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 553, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib64/python3.9/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.NO_SUCH_OBJECT: {'msgtype': 101, 'msgid': 2, 'result': 32, 'desc': 'No such object', 'ctrls': []}

so the first one seems to connect (bind) and get the accounts but is unable to update records and the second one doesn't even get the accounts?! (both python scripts are from iRedMail git repository and both are python3 - the first one was converted accordingly)

ldapsearch -D "cn=vmail,dc=example,dc=com" -W -x "(&(objectClass=mailUser)(|(enabledService=imapsecured)(enabledService=pop3secured)(enabledService=smtpsecured)(enabledService=sievesecured)(enabledService=managesievesecured)))"

is working as expected and gives proper output (ldap records with attributes)

Please let me know if you have any suggestions on how can I fix this issue?
(Any help appreciated)

12

Re: Migrating from iRedMail 0.9.8 to 1.6.0

Those Python scripts were written in Python v2 and should be ran with "python2". sad
https://github.com/iredmail/iRedMail/tr … date/ldap/