Results 1 to 4 of 4

Thread: Problems connecting to the Zimbra LDAP servers.

  1. #1
    TARDIS42 is offline Junior Member
    Join Date
    Jan 2013
    Location
    Redwood City, CA, USA
    Posts
    6
    Rep Power
    2

    Default Problems connecting to the Zimbra LDAP servers.

    So after ditching the VMware Zimbra appliances, I have instead installed several Ubuntu 12.04.02 (64-bit) VM's with ZCS 8.0.2. The idea is to have two LDAP servers (one primary, one slave) and one Mailbox and one MX server (for now) I am still having LDAP issues though as I can't get the other components to connect/verify the LDAP Admin passwords.

    On ldap-1, I have the ldap service up and running:

    -=-
    zimbra@ldap-1:~$ zmcontrol status
    Host ldap-1.isc.org
    ldap Running
    stats Running
    zmconfigd Running
    -=-

    And there is no firewall running on the box:

    -=-
    root@ldap-1:/opt/zimbra/log# ufw status
    Status: inactive
    -=-

    (Now there is a thought that perhaps the default/inactive status may still block the LDAP (389) port)

    Tried to setup replication on ldap-2; ldap-1 was setup to allow replication:

    -=-
    zimbra@zl1:~$ /opt/zimbra/libexec/zmldapenablereplica
    Enabling sync provider on master...succeeded
    -=-

    So should be easy to setup ldap-2 as a slave, run the installer and use ldap-1 as the LDAP server to pull from. When I enter the LDAP Admin password, it says it can't be verified. Looking at the /tmp/zmsetup.log the cause is:

    -=-
    Tue Feb 5 02:20:28 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 02:20:28 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 02:20:28 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 02:20:29 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 02:20:29 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 02:20:29 2013 Couldn't bind to ldap-1.domain.org as uid=zmreplica,cn=admins,cn=zimbra
    Tue Feb 5 02:20:29 2013 Checking ldap replication is enabled on ldap-1.domain.org:389
    Tue Feb 5 02:20:29 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 02:20:29 2013 ldap configuration not complete. Unable to verify ldap replication is enabled on ldap-1.domain.org
    -=-

    As you see it's not getting thru the initial connection to auth or verify that replication is enabled.

    Tried setting up the mailbox server, same issue when connecting to the LDAP server:

    -=-
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-store
    Tue Feb 5 00:05:27 2013 zimbra-store is enabled
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-proxy
    Tue Feb 5 00:05:27 2013 zimbra-proxy is not enabled
    Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-proxy
    Tue Feb 5 00:05:27 2013 zimbra-proxy is not enabled
    Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-proxy
    Tue Feb 5 00:05:27 2013 zimbra-proxy is not enabled
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
    Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
    Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
    Tue Feb 5 00:05:27 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlicense -c
    [] FATAL: failed to initialize LDAP client
    com.zimbra.cs.ldap.LdapException: LDAP error: : An error occurred while attempting to connect to server localhost:389: java.io.IOException: An error occurred while attempting to establish a connection to server localhost:389: java.net.ConnectException: Connection refused
    ExceptionId:main:1360051529050:5a2c8682ebd32591
    Code:ldap.LDAP_ERROR
    at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapEx ception.java:88)
    at
    com.zimbra.cs.ldap.unboundid.UBIDLdapException.map ToLdapException(UBIDLdapException.java:72)
    at
    com.zimbra.cs.ldap.unboundid.UBIDLdapException.map ToLdapException(UBIDLdapException.java:38)
    at
    com.zimbra.cs.ldap.unboundid.LdapConnectionPool.cr eateConnPool(LdapConnectionPool.java:117)
    at
    com.zimbra.cs.ldap.unboundid.LdapConnectionPool.cr eateConnectionPool(LdapConnectionPool.java:64)
    at
    com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init( UBIDLdapContext.java:95)
    at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(U BIDLdapClient.java:37)
    at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClie nt.java:63)
    at com.zimbra.cs.ldap.LdapClient.initialize(LdapClien t.java:86)
    at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapPro v.java:46)
    at
    com.zimbra.cs.account.ldap.LdapProvisioning.<init> (LdapProvisioning.java:256)
    at
    com.zimbra.cs.account.ldap.LdapProvisioning.<init> (LdapProvisioning.java:253)
    at sun.reflect.NativeConstructorAccessorImpl.newInsta nce0(Native Method)
    at
    sun.reflect.NativeConstructorAccessorImpl.newInsta nce(NativeConstructorAccessorImpl.java:57)
    at
    sun.reflect.DelegatingConstructorAccessorImpl.newI nstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Construc tor.java:525)
    at java.lang.Class.newInstance0(Class.java:372)
    at java.lang.Class.newInstance(Class.java:325)
    at com.zimbra.cs.account.Provisioning.getInstance(Pro visioning.java:278)
    at com.zimbra.cs.account.Provisioning.getInstance(Pro visioning.java:238)
    at
    com.zimbra.cs.license.LdapLicenseCounter.<init>(Ld apLicenseCounter.java:48)
    at com.zimbra.cs.license.LicenseManager.<init>(Licens eManager.java:76)
    at com.zimbra.cs.license.LicenseManager.<clinit>(Lice nseManager.java:80)
    at com.zimbra.cs.license.LicenseCLI.exec(LicenseCLI.j ava:97)
    at com.zimbra.cs.license.LicenseCLI.main(LicenseCLI.j ava:161)
    Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An
    error occurred while attempting to connect to server localhost:389:
    java.io.IOException: An error occurred while attempting to establish a
    connection to server localhost:389: java.net.ConnectException:
    Connection refused')
    at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAP Connection.java:741)
    at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAP Connection.java:675)
    at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPC onnection.java:507)
    at
    com.unboundid.ldap.sdk.SingleServerSet.getConnecti on(SingleServerSet.java:229)
    at com.unboundid.ldap.sdk.ServerSet.getConnection(Ser verSet.java:98)
    at
    com.unboundid.ldap.sdk.LDAPConnectionPool.createCo nnection(LDAPConnectionPool.java:616)
    at
    com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(L DAPConnectionPool.java:562)
    at
    com.zimbra.cs.ldap.unboundid.LdapConnectionPool.cr eateConnPool(LdapConnectionPool.java:113)
    ... 21 more
    Caused by: java.io.IOException: An error occurred while attempting to establish a connection to server localhost:389: java.net.ConnectException: Connection refused
    at
    com.unboundid.ldap.sdk.LDAPConnectionInternals.<in it>(LDAPConnectionInternals.java:142)
    at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAP Connection.java:732)
    ... 28 more
    -=-

    (I hope that the java LDAP calls to localhost quiet down when it can auth against ldap-1)

    Anyway, it does look like ldap-1 is the culprit, it's just not talking to the outside. Likely need to tweak the logging level on the LDAP process
    on ldap-1 in case it's starting up weird - and also see if I can fake client connection in LDAP to test it out before trying again.

    Any avenues I should be trying here?

  2. #2
    powrrrplay is offline Special Member
    Join Date
    Nov 2008
    Posts
    119
    Rep Power
    6

    Default

    I am having trouble figuring out the new zimbra8 ldap as well. I can connect but that is all.
    Guest Ubuntu 12.04LTS x64 and Zimbra 8.0.5
    Host CentOS 6.4 x64 :: KVM :: LVM :: Hardware RAID

  3. #3
    TARDIS42 is offline Junior Member
    Join Date
    Jan 2013
    Location
    Redwood City, CA, USA
    Posts
    6
    Rep Power
    2

    Default It was IPv6 (with no fallback to IPv4) that caused the issue...

    Found the issue - We run a dual-stack network and so when I installed Zimbra, I told it to listen on IPv6 and IPv4 and had A and AAAA records configured in the DNS. Well after a lot of tcpdumping and wiresharking, we found the following two things...

    - There is no IPv6 listener for LDAP (slapd), just IPv4
    - Sending a IPv6 LDAP query resets the connection
    - Zimbra does *NOT* fall back to doing a IPv4 query (which would have also worked)

    I eventually had to reinstall ZCS and pull the AAAA records for DNS and... then it all started working...

    So what is the official Zimbra position on IPv6 support... just the external facing parts? (MTA/HTTP(S)) support IPv6?

  4. #4
    mhammett is offline Special Member
    Join Date
    Nov 2009
    Posts
    100
    Rep Power
    5

    Default

    That seems kind of important...
    Release 7.1.1_GA_3196.RHEL5_64_20110527011124 CentOS5_64 FOSS edition.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Connecting Alfresco to Zimbra LDAP
    By jsosic in forum Administrators
    Replies: 5
    Last Post: 02-15-2012, 05:33 AM
  2. Replies: 0
    Last Post: 06-13-2011, 11:40 AM
  3. Outlook having problems connecting to Zimbra server
    By Labsy in forum Administrators
    Replies: 3
    Last Post: 03-09-2011, 12:33 PM
  4. [SOLVED] Connecting Outlook To Zimbra LDAP
    By emmaylots in forum Administrators
    Replies: 6
    Last Post: 10-16-2009, 06:30 AM
  5. ZD Problems connecting to MS exchange on campus
    By Rmbrme in forum Installation Help
    Replies: 0
    Last Post: 07-26-2009, 05:54 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •