After the recent upgrade I am unable to fetch the user info and not able to login my mail server or receive any email to the server.
yunohost user info anmol
Traceback (most recent call last):
File "/usr/bin/yunohost", line 214, in <module>
timeout=opts.timeout,
File "/usr/lib/python2.7/dist-packages/moulinette/__init__.py", line 135, in cli
moulinette.run(args, output_as=output_as, password=password, timeout=timeout)
File "/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py", line 424, in run
ret = self.actionsmap.process(args, timeout=timeout)
File "/usr/lib/python2.7/dist-packages/moulinette/actionsmap.py", line 527, in process
return func(**arguments)
File "/usr/lib/moulinette/yunohost/user.py", line 482, in user_info
shell=True)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command 'doveadm -f flow quota get -u anmol' returned non-zero exit status 67
Debug: Loading modules from directory: /usr/lib/dovecot/modules
Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm
Debug: Skipping module doveadm_acl_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so: undefined symbol: acl_lookup_dict_iterate_visible_next (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message)
Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so
Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so
Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_user_get_language_list (this is usually intentional, so just ignore this message)
Debug: Skipping module doveadm_mail_crypt_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/libdoveadm_mail_crypt_plugin.so: undefined symbol: mail_crypt_box_get_pvt_digests (this is usually intentional, so just ignore this message)
doveadm(anmol): Error: User doesn't exist
We identified that the issues lied in slapd and the fact that a backport version of it was installed. You can identify this running ‘dpkg --list | grep slapd’ which showed a version with “deb10~bpo9” (instead of deb9)
This in turns trigger this issue about member overlay being broken with the new slapd version (or maybe that’s just yunohost doing something bad, we don’t know yet)
Can be confirmed by running 'grep -nr "MemberOfMemberAD:" /etc/ldap' (which should return three lines about inheritPermission, groupPermission and member, but doesn’t when the bug happens). Hence the group permission system is broken - not just “doveadm”
Tried to identify where the initial backport issue was coming from by running 'for FILE in $(ls /var/log/apt/history*); do zgrep -C3 "deb10\|~bpo9" $FILE; done', and looking for lines related to ldap/slapd. Unfortunatenly the logs were not going far enough in the past (the system deletes logs older than 1 year apparently?) to identify the moment these backports were installed…
Anyway, we finally downgraded the slapd packages to the non-backport version with:
# This version numbers comes from `apt policy slapd`. Might be different on another system / arch
VERSION=2.4.44+dfsg-5+deb9u3
apt install slapd=$VERSION libldap-2.4-2=$VERSION ldap-utils=$VERSION libldap2-dev=$VERSION
# apt will display a warning ... gotta check that nothing fucky is going to be done...