rmk
(Reggie Ho)
July 28, 2017, 11:36am
1
Help… Started not able to login as any user to the email server. I can only login as root to the Dashboard. When login as root, not able to add new users, or change existing user password. I get Task completed with errors (exit status)
Totally lockout all email users and admin.
I can login via ssh and update OS , seems like the database of the Nethserver is corrupted ? How can I recover ?
Thanks
m.traeumner
(Michael Träumner)
July 28, 2017, 12:43pm
2
Hi,
which account provider have you installed?
rmk
(Reggie Ho)
July 28, 2017, 12:45pm
3
I am using the none… local LDAP.
m.traeumner
(Michael Träumner)
July 28, 2017, 12:54pm
4
I use samba, but I think ldap logs to
/var/log/messages
Please have a look at it, after trying to add an user.
rmk
(Reggie Ho)
July 28, 2017, 1:01pm
5
I get these errors…R
Jul 28 06:00:12 zmail esmith::event[3033]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.021004]
Jul 28 06:00:12 zmail esmith::event[3033]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-directory-password-policy SUCCESS [0.186056]
Jul 28 06:00:12 zmail esmith::event[3033]: Event: password-policy-update SUCCESS
Jul 28 06:00:12 zmail esmith::event[3041]: Event: password-modify zisadmin@zis.net /tmp/ng-cip4k7
Jul 28 06:00:12 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.010005]
Jul 28 06:00:13 zmail esmith::event[3041]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S30nethserver-directory-password-set FAILED: 1 [0.25093]
Jul 28 06:00:13 zmail esmith::event[3041]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:00:13 zmail esmith::event[3041]: [ERROR] could not unlock account zisadmin
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S40nethserver-directory-user-unlock FAILED: 1 [0.247866]
Jul 28 06:00:13 zmail systemd: Reloading.
Jul 28 06:00:13 zmail esmith::event[3041]: [INFO] squid is disabled: skipped
Jul 28 06:00:13 zmail esmith::event[3041]: [INFO]
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.268553]
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.056316]
Jul 28 06:00:13 zmail esmith::event[3041]: Event: password-modify FAILED
rmk
(Reggie Ho)
July 28, 2017, 1:18pm
6
If I try to modify an existing account password… here are the error messages
Jul 28 06:15:22 zmail esmith::event[5334]: Event: password-modify admin@xxxx /tmp/ng-e8RleI
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.004743]
Jul 28 06:15:22 zmail esmith::event[5334]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S30nethserver-directory-password-set FAILED: 1 [0.234144]
Jul 28 06:15:22 zmail esmith::event[5334]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:15:22 zmail esmith::event[5334]: [ERROR] could not unlock account admin
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S40nethserver-directory-user-unlock FAILED: 1 [0.233365]
Jul 28 06:15:22 zmail systemd: Reloading.
Jul 28 06:15:22 zmail esmith::event[5334]: [INFO] squid is disabled: skipped
Jul 28 06:15:22 zmail esmith::event[5334]: [INFO]
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.266827]
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.055464]
Jul 28 06:15:22 zmail esmith::event[5334]: Event: password-modify FAILED
I think your LDAP service isn’t running, please check it.
rmk
(Reggie Ho)
July 28, 2017, 1:56pm
8
Thanks for the response… I checked the SLAPD is running… and also I tried restarting it … no difference…
Could you try with commandline please. For help have a look at this post:
Hi,
thanks for your help!
This works:
ldapsearch -x -h myserver.com -b “” -s base "(objectclass=*)"
If I use a specific binddn it fails.
Here is the dump of the account-provider test
[root@bla ~]# account-provider-test dump
{
“BindDN” : “cn=ldapservice,dc=directory,dc=nh”,
“LdapURI” : “ldap://127.0.0.1”,
“StartTls” : “”,
“port” : 389,
“host” : “127.0.0.1”,
“isAD” : “”,
“isLdap” : “1”,
“UserDN” : “ou=People,dc=directory,dc=nh”,
“GroupDN” : “ou=Groups,dc=directory,dc=nh”,
“Bind…
How did you try? With Sogo?
I have the same problem…!!!
Have you solved it already?
I use LDAP, too. as email client I use roundcubemail. I am not able to login to roundcubemail and get exactly the same error messages in my logs when trying to change passwords or creating new users as @rmk .
I only can login with root (also in roundcubemail!)…
I have tested it from command line as suggested and that works.
ldapsearch -x -h example.com -b "" -s base "(objectclass=*)"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
~]# account-provider-test dump
{
"BindDN" : "cn=ldapservice,dc=directory,dc=nh",
"LdapURI" : "ldap://127.0.0.1",
"StartTls" : "",
"port" : 389,
"host" : "127.0.0.1",
"isAD" : "",
"isLdap" : "1",
"UserDN" : "ou=People,dc=directory,dc=nh",
"GroupDN" : "ou=Groups,dc=directory,dc=nh",
"BindPassword" : "Zx3tB9WNlWPiiUEN",
"BaseDN" : "dc=directory,dc=nh",
"LdapUriDn" : "ldap:///dc%3Dexample%2Cdc%3Dcom"
However, I don’t know how to change ldap
into ldaps
as proposed by @jschmidt in Local LDAP does not receive any remote client communication … can someone give me a hint please??
I have enabled that root can login as any user in the webgui. And this works, but only if I choose “local” as server at the login page of roundcubemail…!
Could it be a DNS problem somehow??? or something due to certificates (I use letsencrypt certificate)???
I have no idea!!!
rmk
(Reggie Ho)
August 21, 2017, 1:31am
12
I was able to login as root on the dashboard and restore my backup configuration to get it all working again.
unfortunately, that doesn’t work for me since there are only configuration backups from the last three days available in the dashboard… the error have however been there before that already.
Is there any way to recover older configurations?
solved!!!
I had to perform signal-event certificate-update
and then everything works again!!!
2 Likes