ZCS 6.0.2 Lost LDAP Server

[harlanb]

Hello,
I'm running ZCS 6.0.2 Open Source edition in a multi-server configuration. My systems are: LDAP, Mailbox, and MTA servers.

Today, the hard drive on the LDAP server completely failed, and I didn't create a backup ldif file (yes, I know stupid!). I have replaced the HD, installed debian 5 and installed ZCS using the same passwords, etc. that I originally used to created the LDAP server.

The LDAP server appears to be running just fine.

The other servers will not start ZCS.

$ zmcontrol start
Host mailbox1.xxxx.xxx
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
zimbra logger service is not enabled! failed.


Starting mailbox...Done.
Starting spell...Done.
Starting stats...Done.

$ zmcontrol status
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Host mailbox1.xxxx.xxx
logger Stopped
zmlogswatchctl is not running
mailbox Running
spell Running
stats Running

I've looked up the PKIX error and tried several of the suggestions, but to no avail. I'm trying to get a backup of the mailbox server, but it hasn't been going good since I can't login.

Any suggestions or ideas on how to make my servers play nice again?

Thanks...

[bdial]

theres a reason the ldap server si the first one you have to install when doing a multiserver install. the other servrers register themselves with the ldap server, and a lot of their configuration is stored in there. So when you do something like enable imap on a mailbox server, that setting is stored in ldap. so in short your mailbox and mta servers are saying "Ok what should we be doing boss?" and your ldap server is saying "I'm sorry, who are you?". theres also various keys and passwords that you need to make sure match in order for all the servers to communicate with the ldap server.

i dont really know how you'd go about fixing this, maybe running /opt/zimbra/libexec/zmsetup.pl on the mailbox & mta servers will reregister them but i'd be surprised if it was that easy

[bdial]

oh it's worth mentioning too that all your user accounts were stored in ldap as well

[harlanb]

Hi,
Thank You for replying.

I tried doing the zmsetup.pl, and you were correct, it didn't work. I realize the user account info is stored in the LDAP system; there are only a handful of users that use this system so recreating the users is not a problem.
I'm more concerned with losing any mail that I don't have backed up (from a few days ago).
Do you know of a way of extracting the emails and attachments, etc. from the mail store and also from the MTA (postfix) server? Once this is done, I can put a new servers fairly quickly.

Thanks...

[bdial]

all of the e-mails are stored in /opt/zimbra/store

theres 2 things on the mailbox server that are of vital importancde. the first is /opt/zimbra/store. This is where all the emails are stored. The second is /opt/zimbra/data. This is where the mysql databases for each user are stored. the databases have all your message metadata, folder structure, etc.. without the databases you would only be able to reimport the messages into one folder, you would have no folder structure and possibly no message flags or things like that either.

you could potentially reuse your /opt/zimbra/store and /opt/zimbra/db directories on a new mailbox server named the same thing, but you would want to make sure that when you create the users again they have the same mailboxid and zimbraid.