Zimbra MTA fails on LDAP replica host (LDAP: error code 32 - No Such Object)

[andreturpin]

hello all, wondering if anyone can assist...haven't seen this in the groups anywhere, but it's a problem that I've replicated several times, reinstalling and hoping to get around it somehow but it reoccurs.

Assume CentOS i386 4.3 minimal install on each server, and zcs-3.1.1_GA_394.RHEL4.tgz as the installed Zimbra build. Nothing strange or funky running on the machines, each server is running a local DNS server (Bind) providing the MX and host information for the domain I'm setting up, but I haven't made these nameservers authoritative for the domain (that comes later in my email migration). I've replaced "mydomain" for my actual mail domain throughout.

Have installed Zimbra Community Edition on a server at one site as primary server. All services are installed on this server, let's call it HR. I tested HR to be operational and online, was able to add a user and send/recieve mail, all appeared to be fine.

Then I installed on the second server, named YK, which is to be an LDAP replica. Installed as per instructions at the following URLs...
1) http://wiki.zimbra.com/index.php?title=LDAP
2) Multi Server Installation

The instructions at both are consistent, with the exception of the Wiki telling me to run zmsshkeygen on each machine involved, which I understand is done during installation anyway (no?), but I did it again just for good measure. It ran fine. I then ran zmupdateauthkeys, no problem there.

When I ran zmldapenablereplica, it didn't error, but I was expecting the script to stop and start the LDAP services on my master LDAP server, which it didn't appear to do.

[zimbra@yk zcs]$ /opt/zimbra/libexec/zmldapenablereplica
Looking for LDAP installation...succeeded
Verifying ldap on ldap://hr.mydomain.com:389...succeeded
Creating LDAP config in /opt/zimbra/conf/slapd.conf...succeeded
Setting up replication ldap user...succeeded
Enabling LDAP service on yk.mydomain.com......succeeded
Setting ldap_url on yk.mydomain.com...done
Starting LDAP on yk.mydomain.com...done


I then run zmcontrol status, and didn't get what I expected, then stopped and attempted to start the zimbra services...output as follows...

[zimbra@yk zcs]$ zmcontrol status
Cannot determine services - exiting
[zimbra@yk zcs]$ zmcontrol stop
Host yk.mydomain.com
Stopping antispam...Done
Stopping antivirus...Done
Stopping imapproxy...Done
Stopping ldap...Done
Stopping logger...Done
Stopping mailbox...Done
Stopping mta...Done
Stopping snmp...Done
Stopping spell...Done
[zimbra@yk zcs]$ zmcontrol start
Host yk.mydomain.com
Starting ldap...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting imapproxy...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting mta...FAILED
ERROR: service.FAILURE (system failure: unable to get config) (cause: javax.naming.NameNotFoundException [LDAP: error code 32 - No Such Object])
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: antivirus
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: antispam
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: mta
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: sasl
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: webxml
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: mailbox
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: perdition
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
DO: /opt/zimbra/postfix/sbin/postconf -e content_filter=''
DO: /opt/zimbra/postfix/sbin/postconf -e myhostname='yk.mydomain.com'
DO: /opt/zimbra/postfix/sbin/postconf -e recipient_delimiter=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_sasl_auth_enable=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_auth_only=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_use_tls=''
DO: /opt/zimbra/postfix/sbin/postconf -e disable_dns_lookups=''
DO: /opt/zimbra/postfix/sbin/postconf -e message_size_limit=''
DO: /opt/zimbra/postfix/sbin/postconf -e relayhost=''
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_recipient_restrictions='reject_non_fqdn_reci pient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit'
DO: /opt/zimbra/postfix/sbin/postconf -e alias_maps='hash:/etc/aliases'
DO: /opt/zimbra/postfix/sbin/postconf -e broken_sasl_auth_clients='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e command_directory='/opt/zimbra/postfix-2.2.9/sbin'
DO: /opt/zimbra/postfix/sbin/postconf -e daemon_directory='/opt/zimbra/postfix-2.2.9/libexec'
DO: /opt/zimbra/postfix/sbin/postconf -e header_checks='pcre:/opt/zimbra/conf/postfix_header_checks'
DO: /opt/zimbra/postfix/sbin/postconf -e mailq_path='/opt/zimbra/postfix-2.2.9/sbin/mailq'
DO: /opt/zimbra/postfix/sbin/postconf -e manpage_directory='/opt/zimbra/postfix-2.2.9/man'
DO: /opt/zimbra/postfix/sbin/postconf -e newaliases_path='/opt/zimbra/postfix-2.2.9/sbin/newaliases'
DO: /opt/zimbra/postfix/sbin/postconf -e queue_directory='/opt/zimbra/postfix-2.2.9/spool'
DO: /opt/zimbra/postfix/sbin/postconf -e sender_canonical_maps='ldap:/opt/zimbra/conf/ldap-scm.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e sendmail_path='/opt/zimbra/postfix-2.2.9/sbin/sendmail'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_client_restrictions='reject_unauth_pipelinin g'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_data_restrictions='reject_unauth_pipelining'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_helo_required='yes'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_cert_file='/opt/zimbra/conf/smtpd.crt'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_key_file='/opt/zimbra/conf/smtpd.key'
DO: /opt/zimbra/postfix/sbin/postconf -e smtpd_tls_loglevel='3'
DO: /opt/zimbra/postfix/sbin/postconf -e transport_maps='ldap:/opt/zimbra/conf/ldap-transport.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e version='2.2.9'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_alias_domains='ldap://opt/zimbra/conf/ldap-vad.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_alias_maps='ldap:/opt/zimbra/conf/ldap-vam.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_mailbox_domains='ldap:/opt/zimbra/conf/ldap-vmd.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_mailbox_maps='ldap:/opt/zimbra/conf/ldap-vmm.cf'
DO: /opt/zimbra/postfix/sbin/postconf -e virtual_transport='error'
postmap: fatal: bad numerical configuration: message_size_limit =
postsuper: fatal: bad numerical configuration: message_size_limit =
postalias: fatal: bad numerical configuration: message_size_limit =
postfix failed to start
saslauthd[17286] :set_auth_mech : failed to initialize mechanism zimbra
zmsaslauthdctl failed to start


Starting snmp...Done.
Starting spell...Done.

So I'm wondering, am I supposed to be running this a zimbra user, or root, or ??? Seems the first error that causes the chain of problems is a missing object in the LDAP directory...
ERROR: service.FAILURE (system failure: unable to get config) (cause: javax.naming.NameNotFoundException [LDAP: error code 32 - No Such Object])

thanks for any help on this!
Andre

[andreturpin]

I've attempted to change LDAP and LDAP root password with zmldappasswd to ensure password consistency across the two servers, doesn't help much.

[zimbra@yk bin]$ zmldappasswd --root <mypassword>
Updating local config
Stopping ldap
slapd not running
Updating ldap configuration
Starting ldap
Updating zimbra.ldif
Running ldapmodify
Password change complete.

You may need to restart tomcat, if it is running.

[zimbra@yk bin]$ zmldappasswd <mypassword>
Updating local config
Stopping ldap
Updating ldap configuration
Starting ldap
Updating zimbra.ldif
Running ldapmodify
Password change complete.

You may need to restart tomcat, if it is running.


[zimbra@yk bin]$ zmmtactl start
ERROR: service.FAILURE (system failure: unable to get config) (cause: javax.naming.NameNotFoundException [LDAP: error code 32 - No Such Object])
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: antivirus
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: antispam
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: mta
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: sasl
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: webxml
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: mailbox
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)
getService: perdition
ERROR: account.NO_SUCH_SERVER (no such server: yk.mydomain.com)


whereas previously I was getting the following message at one point...
[zimbra@yk bin]$ zmmtactl start
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])

and so on...

[rsharpe]

Well from looking at this line:
ERROR: service.FAILURE (system failure: unable to get config) (cause: javax.naming.NameNotFoundException [LDAP: error code 32 - No Such Object])

I would have to say the Zimbra installation doesn't know about your server. Meaning in the LDAP tree there is no entry for server yk.mydomain.com. If you have an LDAP browser (Softerra) take a look at the ldap tree and see if the server is in there.

There was also a mention in another post about LDAP replication being broken in the last release, and apartently the fix for the latest release was to comment it out. My interpretation of this is that LDAP relplication currently will not work at all.