[SOLVED] zimbra cant start after crash ldap error

[bonadio]

Hello

We had a server unexpected halt and after that we cant start zimbra by running zimbra start.

the startup.log says

Host mail.compay.com
Starting ldap...Done.
FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:650
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
main: TLS init def ctx failed: -1


we found a work around starting ldap manually with

sudo /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://mail.company.com:389/ -f /opt/zimbra/conf/slapd.conf

and then

sudo zimbra
zmstorectl start
zmnginx start
zmspellctl start


Any idea how to fix this problem? seens like a certificate problem but we already have reinstalled the commercial certificate but the problem persist.

Thanks

[LMStone]

There is a bug with LDAP TLS in that LDAP doesn't know where the ca file are.

We have an open support ticket on this, and you can look at the bug report for more info.

https://bugzilla.zimbra.com/show_bug.cgi?id=43701

Suggest opening a support ticket with Zimbra directly, in the interim you can disable LDAP TLS on both servers by running the following as the zimbra user on both servers and then restarting Zimbra.

Code:

zmlocalconfig -e ldap_starttls_supported=1

At that point though, all the inter-server LDAP traffic is plain text, which may be a security risk depending on your infrastructure.

Hope that helps,
Mark

[bonadio]

Hi Mark

Thanks for the reply, but the command

zmlocalconfig -e ldap_starttls_supported=0 or
zmlocalconfig -e ldap_starttls_supported=1

did not work, tried with both options, stopped but when I restart the startup.log says the same thing

FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:650
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
main: TLS init def ctx failed: -1


I will copy this zimbra to a new server where I can do more tests, I will post back any results

Thanks

[bonadio]

Quote:

Originally Posted by bonadio

Hi Mark

Thanks for the reply, but the command

zmlocalconfig -e ldap_starttls_supported=0 or
zmlocalconfig -e ldap_starttls_supported=1

did not work, tried with both options, stopped but when I restart the startup.log says the same thing

FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:650
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
main: TLS init def ctx failed: -1


I will copy this zimbra to a new server where I can do more tests, I will post back any results

Thanks

Hi

I found a solution.

I found that in the /opt/zimbra/conf/ca directory there was 2 broken link files, I removed those files and them zimbra started normally.

[]s