[Solved] Problems with sldap after update YunoHost to latest version

Hello,

at first I want to say thanks to everyone that is spending time to the YunoHost-Project because I like this Project and I hope it will grow further.
Im from germany so my english is not perfect but I hope you will understand my problem :slight_smile:

My YunoHost server

Hardware: VPS bought online
YunoHost version: 3.7.0.12
I have access to my server : Through SSH

Description of my issue

I updated my YunoHost-Instance to the latest version through the web interface.
After the update were done, I couldn’t login neither to the admin web interface nor to the YunoHost Portal.
Login with SSH still works.
From Logs I found out, that the sldap does not start correctly.
After typing yunohost service restart slapd I got the following output (I replaced my domain-name with “domain”):

-- Unit slapd.service has begun starting up.                                                                                       
Mar 29 21:00:24 domain.de slapd[11883]: @(#) $OpenLDAP: slapd  (Aug 10 2019 19:17:00) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> 
Mar 29 21:00:24 domain.de slapd[11883]: main: TLS init def ctx failed: -1
Mar 29 21:00:2 domain.de slapd[11883]: DIGEST-MD5 common mech free        
Mar 29 21:00:24 domain.de slapd[11883]: DIGEST-MD5 common mech free                                                                                          
Mar 29 21:00:24 domain.de slapd[11878]: Starting OpenLDAP: slapd failed!                                                                                     
Mar 29 21:00:24 domain.de systemd[1]: slapd.service: Control process exited, code=exited
status=1  
Mar 29 21:00:24 domain.de systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).                               
-- Subject: Unit slapd.service has failed   
-- Defined-By: systemd                                                                                                                                                 
-- Support: https://www.debian.org/support                                                                                                                             
--                                                                                                                                                                     
-- Unit slapd.service has failed.                                                                                                                                      
--                                                                                                                                                                     
-- The result is failed.                                                                                                                                               
Mar 29 21:00:24 domain.de systemd[1]: slapd.service: Unit entered failed state.                                                                              
Mar 29 21:00:24 domain.de systemd[1]: slapd.service: Failed with result 'exit-code'.

I tried to repair it with yunohost tools regen-cof slapd --force and tried again to restart the service but that didn’t helped.

Output of systemctl status slapd.service:

slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)                                 
Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)                                                  
Active: failed (Result: exit-code) since Sun 2020-03-29 21:00:24 CEST; 1h 0min ago                                       
Docs: man:systemd-sysv-generator(8)                                                                                 
Process: 11878 ExecStart=/etc/init.d/slapd start (code=exited, status=1/FAILURE)                                           
CPU: 35ms                

Does someone have any approach to fix this issue?

slapd[11883]: main: TLS init def ctx failed: -1

Hm that’s an issue with slapd unable to load the certificate for TLS …

Can you check that you’re using the very last version of YunoHost (3.7.0.11 … or maybe 12 i dunno, from 1~2 days ago)

Hi, thanks for that tip, I also found that out and I fixed a few issues so far, but have still problems:
At first I noticed, that in /etc/yunohost/certs/yunohost.org/ there were the files crt.pem.b and key.pem.b.
I just renamed them to crt.pem and key.pem.
After that I was able to login to the Portal and the Admin Web Interface.

But I couldn’t receive E-Mails.
I have checked the dovecot and postfix settings.
I deleted the files /etc/postfix/ldap-accounts.cf, /etc/postfix/ldap-aliases.cf, /etc/dovecot/dovecot-ldap.conf and used the old configuration-files instead.
After that E-Mail seems to be working.

The next problem I have noticed is in the admin web interface:
I go to Application and click on any installed application -> the log on the top of the screen says “An error occurred during LDAP operation” and nothing happens.

I also cannot open phpLdapAdmin and phpMyAdmin but I haven’t examined that any further so far.

To answer your question:
The Admin Web Interface says I’m on Version 3.7.0.12 (stable).

Edit:
I also have found the following Errors in the yunohost-api.log:

2020-03-30 02:38:32,223 ERROR    moulinette.core translate - unable to retrieve string to translate with key 'service_description_shsd' for default locale 'locales/en.json' file (don't panic this is just a warning)
2020-03-30 02:38:32,316 ERROR    moulinette.core translate - unable to retrieve string to translate with key 'service_description_gitea' for default locale 'locales/en.json' file (don't panic this is just a warning)
2020-03-30 02:38:37,208 ERROR    moulinette.authenticator.ldap search - error during LDAP search operation with: base='ou=permission,dc=yunohost,dc=org', filter='(objectclass=permissionYnh)', attrs=['cn', 'groupPermission', 'inheritPermission', 'URL'] and exception {'matched': 'dc=yunohost,dc=org', 'desc': 'No such object'}

The first two are in fact just a warning which are not easily displayable as warning, so displayed as error … But just ignore them
The last one is your LDAP error

About the LDAP error : probably as a consequence of the error you fixed, the LDAP migration shipped in 3.7 failed to run

So can you try to yunohost migrations migrate which should run the big group and permission initialization ?

I have done yunohost tools migrations migrate.
After that everything seems to work. I have to do some more testing tomorrow.
Thank you very much. :slight_smile:
I thought I have to go through all my configuration-files to fix that :sweat_smile:
I didn’t know the migrate function. I think I better have to study the yunohost cli functions.

The migration are ran automatically during upgrades (well, most of them) but if they fail you have to re-run them manually. Note that it can also be done through the webadmin in Tools > Migrations (though we should probably show pending migration in the update view as well)

Hi,
I haven‘t noticed any more problems so far. So my issue is fixed :slight_smile:
Thank you for helping that fast. :+1:t2:
YunoHost is a realy big help and simplyfies a lot.
Again thanks to all devs and maintainers. You do a great job.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.