Page 1 of 5 123 ... LastLast
Results 1 to 10 of 48

Thread: Upgrade from 7.2.0 to 8.0 fail with ldap error

  1. #1
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default Upgrade from 7.2.0 to 8.0 fail with ldap error

    System ubuntu 10.04 LTS 64
    Current Zimbra FOSS 7.2.0

    Upgrade Fails with that log

    Code:
    Fri Sep 21 04:53:14 2012 done.
    Fri Sep 21 04:53:15 2012 This appears to be 7.2.0_GA
    Fri Sep 21 04:53:15 2012 Setting local config ssl_allow_untrusted_certs to true
    Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='true' 2> /dev/null
    Fri Sep 21 04:53:15 2012 Upgrading ldap data...
    Fri Sep 21 04:53:15 2012 done.
    Fri Sep 21 04:53:15 2012 Upgrading LDAP configuration database...
    Fri Sep 21 04:53:15 2012 done.
    Fri Sep 21 04:53:15 2012 Loading database...
    Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/openldap/sbin/slapadd -q -b '' -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/ldap.80
    505bd69c ldif_read_file: checksum error on "/opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif"
    Fri Sep 21 04:53:16 2012 slapadd import failed.
    Fri Sep 21 04:53:16 2012 UPGRADE FAILED - exiting.
    any ideas?

    maybe its nothing but why it stated untrusted certs to be true? ife installed a commercial certificate
    is it just bogus or something wrong with the certs?

    edit: what is interresting that i do not have a /olcDatabase={2}mdb.ldif so why he even bother to check that ?
    i tried to find that file in any conifg but no luck i guess is related to some config key
    Last edited by bofh; 09-20-2012 at 08:47 PM.

  2. #2
    apsantos is offline Junior Member
    Join Date
    Mar 2007
    Posts
    8
    Rep Power
    8

    Default

    same problem where, but i have the file "olcDatabase={2}mdb.ldif"

    i have noticed that there is a another log error: Package 'zimbra-ldap' isn't signed with proper key

    when i do clean install no problem reported.

  3. #3
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    sounds like cert

    do you have a comercial or a private cert?
    make shure in case you got a private cert that it is up to date and still valid

    btw oyu have that file?
    what zimbra are you running ? FOSS or NE?

  4. #4
    apsantos is offline Junior Member
    Join Date
    Mar 2007
    Posts
    8
    Rep Power
    8

    Default

    hi,

    FOSS with self-signed certificate

    how do i check the validation of certificat?

    another error log: slapadd[1598] general protection ip:4eeba8 sp:7fbe6575d8d0 error:0 in slapd[400000+14e000]

    cat /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif:

    # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
    # CRC32 b7f493ee
    dn: olcDatabase={2}mdb
    objectClass: olcDatabaseConfig
    objectClass: olcMdbConfig
    olcDatabase: {2}mdb
    olcSuffix:
    olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=adm
    ins,cn=zimbra" write
    olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"
    write
    olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBind Password,zi
    mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuth Key,zimbraPasswordHistory,z
    imbraIsAdminAccount,zimbraAuthLdapSearchBindPasswo rd by dn.children="cn=admi
    ns,cn=zimbra" write by * none
    olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write
    by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam
    avis,cn=appaccts,cn=zimbra" read by * read
    olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr
    ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
    olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn
    .base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
    olcAccess: {6}to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=zi
    mbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * none
    olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di
    splayName,givenName,gn,initials,l,mail,o,ou,physic alDeliveryOfficeName,postal
    Code,sn,st,street,streetAddress,telephoneNumber,ti tle,uid,homePhone,pager,mob
    ile,userCertificate by dn.children="cn=admins,cn=zimbra" write by dn.base="
    uid=zmpostfix,cn=appaccts,cn=zimbra" read by * read
    olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,z imbraMailCa
    nonicalAddress,zimbraMailCatchAllAddress,zimbraMai lCatchAllCanonicalAddress,z
    imbraMailCatchAllForwardingAddress,zimbraMailDeliv eryAddress,zimbraMailForwar
    dingAddress,zimbraPrefMailForwardingAddress,zimbra MailHost,zimbraMailStatus,z
    imbraMailTransport,zimbraDomainName,zimbraDomainTy pe,zimbraPrefMailLocalDeliv
    eryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpo
    stfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmamavis,cn=appaccts,cn=zi
    mbra" read by * read
    olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by *
    read
    olcLastMod: TRUE
    olcMaxDerefDepth: 15
    olcReadOnly: FALSE
    olcRootDN: cn=config
    olcSizeLimit: unlimited
    olcTimeLimit: unlimited
    olcMonitoring: TRUE
    olcDbDirectory: /opt/zimbra/data/ldap/mdb/db
    olcDbNoSync: TRUE
    olcDbIndex: objectClass eq
    olcDbIndex: entryUUID eq
    olcDbIndex: entryCSN eq
    olcDbIndex: cn pres,eq,sub
    olcDbIndex: uid pres,eq
    olcDbIndex: zimbraForeignPrincipal eq
    olcDbIndex: zimbraYahooId eq
    olcDbIndex: zimbraId eq
    olcDbIndex: zimbraVirtualHostname eq
    olcDbIndex: zimbraVirtualIPAddress eq
    olcDbIndex: zimbraMailDeliveryAddress eq,sub
    olcDbIndex: zimbraAuthKerberos5Realm eq
    olcDbIndex: zimbraMailForwardingAddress eq
    olcDbIndex: zimbraMailCatchAllAddress eq,sub
    olcDbIndex: zimbraShareInfo sub
    olcDbIndex: zimbraMailTransport eq
    olcDbIndex: zimbraMailAlias eq,sub
    olcDbIndex: zimbraACE sub
    olcDbIndex: zimbraDomainName eq,sub
    olcDbIndex: mail pres,eq,sub
    olcDbIndex: zimbraCalResSite eq,sub
    olcDbIndex: givenName pres,eq,sub
    olcDbIndex: displayName pres,eq,sub
    olcDbIndex: sn pres,eq,sub
    olcDbIndex: zimbraCalResRoom eq,sub
    olcDbIndex: zimbraCalResCapacity eq
    olcDbIndex: zimbraCalResBuilding eq,sub
    olcDbIndex: zimbraCalResFloor eq,sub
    olcDbIndex: zimbraMailHost eq
    olcDbMode: 0600
    olcDbMaxsize: 85899345920
    olcDbSearchStack: 16
    structuralObjectClass: olcMdbConfig
    entryUUID: 152ab0a8-333e-102d-8700-d562901af228
    creatorsName: cn=config
    createTimestamp: 20081020215916Z
    olcDbCheckpoint: 64 5
    entryCSN: 20120508131730.926865Z#000000#000#000000
    modifiersName: cn=config
    modifyTimestamp: 20120508131730Z

  5. #5
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    Ahm did the file bevore the upgrade exist or is it after the upgrade?
    i think its made during the process

    about the cert use this

    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

  6. #6
    gilles.guillotin is offline Starter Member
    Join Date
    Sep 2012
    Posts
    2
    Rep Power
    2

    Default

    Hi,

    I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.
    It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.

    Concerning certificate, this command is placed before the error occurs :

    Setting local config ssl_allow_untrusted_certs to true
    So, this might not be certificate related.

  7. #7
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    Quote Originally Posted by gilles.guillotin View Post
    Hi,

    I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.
    It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.

    Concerning certificate, this command is placed before the error occurs :



    So, this might not be certificate related.
    thanks for the intel, i suspected something like that.

    wll that line concern me, i got the same but have commercial certs installed, so like my initial posts says im curious now about that
    also i read somewhere you need commercial certs and thers a bug with untrusted, i think somwhere at the releasenotes
    can be wrong but i really think i picked that one up somewhere

  8. #8
    apsantos is offline Junior Member
    Join Date
    Mar 2007
    Posts
    8
    Rep Power
    8

    Default

    in the release note they talk about certs:

    ...
    Verify Certificates Expiration Date
    ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for
    communication between some components. The self-signed certificates that
    are automatically created by the ZCS install have a default expiration in ZCS
    7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825
    days (5 years).
    If you have an ZCS installation that is over one year old and are using self-
    signed certificates, your certificates will need to be updated either prior to the
    upgrade or immediately following the upgrade.

  9. #9
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    Quote Originally Posted by apsantos View Post
    in the release note they talk about certs:

    ...
    Verify Certificates Expiration Date
    ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for
    communication between some components. The self-signed certificates that
    are automatically created by the ZCS install have a default expiration in ZCS
    7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825
    days (5 years).
    If you have an ZCS installation that is over one year old and are using self-
    signed certificates, your certificates will need to be updated either prior to the
    upgrade or immediately following the upgrade.
    ok i looked it up theres aslo another issue but only for multinode. under known issue you will find that a roling upgrade on a multinodeconfig is only with a commercial cert possible

    so does not affect single server installs

  10. #10
    Albin Mujkic is offline Junior Member
    Join Date
    Sep 2012
    Posts
    5
    Rep Power
    2

    Default

    I had the same problem and it is not certificate related.

    The problem was that i have changed ldap settings:
    ldap_common_threads,ldap_common_toolthreads,ldap_d b_cachesizeldap_db_idlcachesize,ldap_cache_domain_ maxsize
    by following OpenLDAP Performance Tuning instructions (OpenLDAP Performance Tuning - Zimbra :: Wiki).

    I had set the ldap settings to default again:

    su - zimbra
    zmlocalconfig -e ldap_common_threads=8
    zmlocalconfig -e ldap_common_toolthreads=1
    zmlocalconfig -e ldap_db_cachesize=10000
    zmlocalconfig -e ldap_db_idlcachesize=10000
    zmlocalconfig -e ldap_cache_domain_maxsize=100

    zmcontrol restart

    and upgrade to 8.0 finished successfully.

    For multinode installation do this on ldap master and replicas to.
    Last edited by Albin Mujkic; 09-22-2012 at 12:14 AM.

Page 1 of 5 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade from 6.0.10NE to 7.0.0 fails with LDAP error.
    By Angrysmiley in forum Installation
    Replies: 5
    Last Post: 08-19-2011, 10:51 AM
  2. [SOLVED] Upgrade from 5.0.20 to 6.0.2 LDAP error
    By johjoh2k in forum Installation
    Replies: 4
    Last Post: 11-25-2009, 05:50 PM
  3. Upgrade Fail from 6.0.1 to 6.0.2
    By stich86 in forum Migration
    Replies: 2
    Last Post: 10-29-2009, 10:30 AM
  4. [SOLVED] Upgrade from 5.0.7 to 5.0.9 Mac Fail
    By BarefootPanda in forum Installation
    Replies: 0
    Last Post: 08-25-2008, 07:43 AM
  5. All cronjobs fail after upgrade
    By linmar in forum Administrators
    Replies: 2
    Last Post: 06-30-2007, 06:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •