Results 1 to 7 of 7

Thread: Promoting a Replica Server to Master. Invalid Credentials

  1. #1
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    151
    Rep Power
    8

    Default Promoting a Replica Server to Master. Invalid Credentials

    So following King0770-Notes-MovingUsers - Zimbra :: Wiki to migrate from a RHEL5 32bit zcs 7.2.5 NE install to Ubuntu 10 64bit zcs 7.2.5NE we've successfully migrated all accounts, using proxy we had next to no down time. Went to promote replica by following:Promoting Replica to LDAP Master - Zimbra :: Wiki we get invalid credentials ldap error 49. when running ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password"

    we confirmed zmlocalconfig -s ldap_root_password matches old server and new.
    we confirmed ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password" runs fine onthe old server
    we confirmed ldapmodify -x -H ldapi:/// -D "cn=config" -w "ldap root password" runs fine on our test environment replica machine

    clearly replication is working as all accounts are on both servers and everything is working fine on the replica.
    Certificates match (was a wild card) on both servers.

    no obvious errors that i can find in /var/log/zimbra.log

    tried to see if /opt/zimbra/libexec/zmldapreplicatool -t off based on this wiki Turning off starttls for replication - Zimbra :: Wiki (can't find the post that referenced it) but the command wouldn't run on either server
    Tried Resetting LDAP and MySQL Passwords - Zimbra :: Wiki (It says only to zcs 5.. but the command and its values still seems the same) the zmldappasswd -r newrootpass (same as zmlocalconfig -s ldap_root_password) seems to run ok, but still no joy on the ldapmodify command.

    We've opened a ticket with support but no response as of yet.. I am posting to see if anyone has any further suggestions... I have a feeling its something like the replica ldap password hash doesn't match "zmlocalconfig -s ldap_root_password" when trying the direct ldapmodify command or something like that.... but i defer to the experts!

  2. #2
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    151
    Rep Power
    8

    Default

    So. Seeing as zimbra support response was less than responsive on this issue I ended up trying something.

    Looking at the config.#### file that is saved during install, i compared tried the password for one of the non replicated services (eg nxginx) in the ldap command.. BINGO it worked. I then used this post:ShanxT-LDAP-Auth-Failed - Zimbra :: Wiki following Changing ldap directly section, managed to change the password that zmldappasswd -r newrootpass would not do.


    1. Generate the password hash using 'slappasswd':
    Code:
    NEWPASS='/opt/zimbra/openldap/sbin/slappasswd -v -s 'Very_secure_pass_591' -h {SSHA}`
    2. BASE64 encode this password hash:

    Code:
    NEWPASSB64=`echo -n "$NEWPASS" | openssl enc -base64`
    3. As the zimbra user, stop ldap:
    Code:
    ldap stop
    4. Replace this new password in the file ~/data/ldap/config/cn=config/olcDatabase={0}config.ldif:

    Code:
    cp '~/data/ldap/config/cn=config/olcDatabase={0}config.ldif' /tmp/
    sed -i "s/olcRootPW.*/olcRootPW:: $NEWPASSB64" '~/data/ldap/config/cn=config/olcDatabase={0}config.ldif'
    The above command takes a backup of 'olcDatabase={0}config.ldif', and the places the new password in the file. If the command fails for whatever reason, just do the steps manually. Take a backup, and replace the existing value of 'olcRootPW:: ' in the 'olcDatabase={0}config.ldif' file with the value of $NEWPASS64.

    5. Start ldap:

    Code:
    ldap start
    6. To test, run:
    Code:
    ldapwhoami -x -h `zmhostname` -D "cn=config" -w 'ldap_root_password_value'
    7. Then update localconfig.xml as well

  3. #3
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    or you could have just used the zmldappasswd command to update the root password.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    151
    Rep Power
    8

    Default

    Quote Originally Posted by quanah View Post
    or you could have just used the zmldappasswd command to update the root password.
    Man Your as bad as support. READ my post

    Code:
    Tried Resetting LDAP and MySQL Passwords - Zimbra :: Wiki (It says only to zcs 5.. but the command and its values still seems the same) the zmldappasswd -r newrootpass (same as zmlocalconfig -s ldap_root_password) seems to run ok, but still no joy on the

  5. #5
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    hm.. This implies that the value in localconfig is not the value that was actually used when the replica was created. That'd be an odd situation to be in. It would generally imply someone ran zmlocalconfig -e ldap_root_password and changed it to some new value, rather than correctly using zmldappasswd -r to update the value.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    tbovingdon is offline Special Member
    Join Date
    Oct 2006
    Posts
    151
    Rep Power
    8

    Default

    Not gonner lie.. that IS very likely what happened. :S Good news is its fixed and happy you can mark as solved.

  7. #7
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,265
    Rep Power
    10

    Default

    Cool. Yeah, recovering from that situation you pretty much have to hand modify cn=config, which is ugly. Glad you got it working.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Question regarding promoting ldap replica to master
    By chauvetp in forum Administrators
    Replies: 1
    Last Post: 11-23-2012, 08:47 PM
  2. Promoting Replica to LDAP Master for Zimbra 6 NE
    By americo in forum Administrators
    Replies: 0
    Last Post: 07-18-2011, 01:57 PM
  3. Promoting Replica to LDAP Master for Zimbra 6 NE
    By americo in forum Installation
    Replies: 0
    Last Post: 07-18-2011, 01:57 PM
  4. Replies: 0
    Last Post: 06-09-2011, 11:10 PM
  5. Replies: 0
    Last Post: 06-09-2011, 11:10 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •