1

Topic: Split OpenLDAP & iRedMail

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.1
- Deployed with iRedMail Easy or the downloadable installer? no
- Linux/BSD distribution name and version: KCS (deb11)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello. I want to take out/split the built-in LDAP server in iRedMail to another server. How can I do this? Is there a manual?
If there is no instruction, then can I describe the sequence of actions?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by a060777 2022-09-29 17:39:04)

Re: Split OpenLDAP & iRedMail

So. I did it myself. KCS server helped a lot with the ability to create snapshots of the system "in one motion"
1. Install iRedMail on the 1st server
2. Configure everything we need
3. Making a snapshot of the server
4. Install the snapshot on the 2nd server
5. Configure the 2nd server as Documents -> How to -> How to allow external access to OpenLDAP service
6. We remove from the 2nd server: postfix, dovecot, clamav, spamassassin, etc. except slapd
7. We remove slapd from the 1st server
8. On the 1st server, we change the LDAP host to the IP of the 2nd server in the files:
- /etc/postfix/ldap/ all *.cf
- /etc/dovecot/dovecot-ldap.conf
- /opt/www/roundcubemail-*/config/config.inc.php

done. we enjoy the mail server in the DMZ, and the server with accounts in the company's intranet

P.S. I still haven't found the ROOTDN password. During installation, it is reported that it is created randomly. The LDAP config has a password hash in SSHA. And how do I still get this password. I want for example to add some new attributes to LDAP schemas?

P.P.S. sorry for the English, this is an automatic translation

3

Re: Split OpenLDAP & iRedMail

I definitely can't connect to the LDAP server via phpLDAPadmin.
Login: cn=Manager,dc=<host>,dc=<my>
Password: from the slapd.conf file
Server response: Invalid credentials (49) for users

In the phpldapadmin file config.php string $servers->setValue('login','attr','dn');

what else can I see, check?

4

Re: Split OpenLDAP & iRedMail

- Is LDAP server running on 127.0.0.1 or all available network interfaces?
- Is ldap port(s) open in firewall?