Not able to Update User Password or Add new User

Help… Started not able to login as any user to the email server. I can only login as root to the Dashboard. When login as root, not able to add new users, or change existing user password. I get Task completed with errors (exit status)

Totally lockout all email users and admin.
I can login via ssh and update OS , seems like the database of the Nethserver is corrupted ? How can I recover ?
Thanks

Hi,
which account provider have you installed?

I am using the none… local LDAP.

I use samba, but I think ldap logs to

/var/log/messages

Please have a look at it, after trying to add an user.

I get these errors…R

Jul 28 06:00:12 zmail esmith::event[3033]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.021004]
Jul 28 06:00:12 zmail esmith::event[3033]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-directory-password-policy SUCCESS [0.186056]
Jul 28 06:00:12 zmail esmith::event[3033]: Event: password-policy-update SUCCESS
Jul 28 06:00:12 zmail esmith::event[3041]: Event: password-modify zisadmin@zis.net /tmp/ng-cip4k7
Jul 28 06:00:12 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.010005]
Jul 28 06:00:13 zmail esmith::event[3041]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S30nethserver-directory-password-set FAILED: 1 [0.25093]
Jul 28 06:00:13 zmail esmith::event[3041]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:00:13 zmail esmith::event[3041]: [ERROR] could not unlock account zisadmin
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S40nethserver-directory-user-unlock FAILED: 1 [0.247866]
Jul 28 06:00:13 zmail systemd: Reloading.
Jul 28 06:00:13 zmail esmith::event[3041]: [INFO] squid is disabled: skipped
Jul 28 06:00:13 zmail esmith::event[3041]: [INFO]
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.268553]
Jul 28 06:00:13 zmail esmith::event[3041]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.056316]
Jul 28 06:00:13 zmail esmith::event[3041]: Event: password-modify FAILED

If I try to modify an existing account password… here are the error messages

Jul 28 06:15:22 zmail esmith::event[5334]: Event: password-modify admin@xxxx /tmp/ng-e8RleI
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.004743]
Jul 28 06:15:22 zmail esmith::event[5334]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S30nethserver-directory-password-set FAILED: 1 [0.234144]
Jul 28 06:15:22 zmail esmith::event[5334]: Error initializing libuser: could not bind to LDAP server, first attempt as `cn=libuser,dc=directory,dc=nh': Can't contact LDAP server.
Jul 28 06:15:22 zmail esmith::event[5334]: [ERROR] could not unlock account admin
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S40nethserver-directory-user-unlock FAILED: 1 [0.233365]
Jul 28 06:15:22 zmail systemd: Reloading.
Jul 28 06:15:22 zmail esmith::event[5334]: [INFO] squid is disabled: skipped
Jul 28 06:15:22 zmail esmith::event[5334]: [INFO]
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.266827]
Jul 28 06:15:22 zmail esmith::event[5334]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.055464]
Jul 28 06:15:22 zmail esmith::event[5334]: Event: password-modify FAILED

I think your LDAP service isn’t running, please check it.

Thanks for the response… I checked the SLAPD is running… and also I tried restarting it … no difference…

Could you try with commandline please. For help have a look at this post:

How did you try? With Sogo?

I have the same problem…!!! :frowning:
Have you solved it already?

I use LDAP, too. as email client I use roundcubemail. I am not able to login to roundcubemail and get exactly the same error messages in my logs when trying to change passwords or creating new users as @rmk.
I only can login with root (also in roundcubemail!)…
I have tested it from command line as suggested and that works.

ldapsearch -x -h example.com -b "" -s base "(objectclass=*)"
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

#
dn:
objectClass: top
objectClass: OpenLDAProotDSE

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

~]# account-provider-test dump
{
   "BindDN" : "cn=ldapservice,dc=directory,dc=nh",
   "LdapURI" : "ldap://127.0.0.1",
   "StartTls" : "",
   "port" : 389,
   "host" : "127.0.0.1",
   "isAD" : "",
   "isLdap" : "1",
   "UserDN" : "ou=People,dc=directory,dc=nh",
   "GroupDN" : "ou=Groups,dc=directory,dc=nh",
   "BindPassword" : "Zx3tB9WNlWPiiUEN",
   "BaseDN" : "dc=directory,dc=nh",
   "LdapUriDn" : "ldap:///dc%3Dexample%2Cdc%3Dcom"

However, I don’t know how to change ldap into ldaps as proposed by @jschmidt in Local LDAP does not receive any remote client communication… can someone give me a hint please??

I have enabled that root can login as any user in the webgui. And this works, but only if I choose “local” as server at the login page of roundcubemail…!
Could it be a DNS problem somehow??? or something due to certificates (I use letsencrypt certificate)???
I have no idea!!!

I was able to login as root on the dashboard and restore my backup configuration to get it all working again.

unfortunately, that doesn’t work for me since there are only configuration backups from the last three days available in the dashboard… the error have however been there before that already. :frowning:
Is there any way to recover older configurations?

solved!!!
I had to perform signal-event certificate-update and then everything works again!!! :wink:

2 Likes