Problems installing (cvs) on FC4 (x86_64)

[shohamlevy]

Hi.

Let me start by saying that I really appreciate the fact that Zimbra is FOSS. I also know that it is just the beginning, and that as such it suffers from many compatibility issues.

I am trying to build and install from the CVS version. I am using FC4, on a x86_64 machine. I have encountered some problems while building ThirdParty tools - but I resolved them (I can send the diffs if needed): they mostly invlove adding "-fPIC" to the Native compilation. Once I am done, I will post my experience.

Also, the CVS head is not very stable, and doesn't always compile. Can you please make sure that at least the CVS HEAD branch compiles? I was forced many times to mix-and-match files from vaious dates, just to make the server/client compile ;-)

I use the following guidelines:
* "http://www.zimbra.com/blog/archives/2005/08/developing_with.html"
* ZimbraServer/docs/build_cvs_howto.txt

Currently, I have reached the stage where I need to run /opt/zimbra/libexec/zmldapinit. It fails, because of an authentication?? file.
++++++
TLS: could not load verify locations (file:`/opt/zimbra/conf/ca/ca.pem',dir:`').
++++++

What is this ca.pem file? The "conf/ca" directory is empty in my case - where should have it been initialized?

Thanks.

These are the last lines of running the init script in verbose mode (+slapd in verbose):
=================================================

Code:

daemon_init: ldap://:389/
/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema: line 2832: bad config line (ignored)
bdb_db_init: Initializing BDB database
TLS: could not load verify locations (file:`/opt/zimbra/conf/ca/ca.pem',dir:`').
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:104
TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:107
TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:279
main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy.
Started slapd: pid

if [ $? -ne 0 ]; then
        exit 1
fi

${zimbra_home}/openldap/bin/ldapmodify -a -c -H ldap://127.0.0.1:389 -w ${ldap_root_password} -D "${zimbra_ldap_userdn}" -x -f ${config_dir}/zimbra.ldif
ldap_bind: Can't contact LDAP server (-1)

if [ $? -ne 0 ]; then
        exit 2
fi

===============================

[marcmac]

You can do one of two things here - create certs for ldap to use (zmcreateca, zmcreatecert, zmcertinstall mailbox)

OR

edit /opt/zimbra/bin/ldap, and remove the "ldaps://" specifier, and the last four lines of /opt/zimbra/conf/slapd.conf (start with TLS). (You may need to make that change in /opt/zimbra/openldap/etc/openldap/slapd.conf)

[shohamlevy]

Hi Marc, thanks for the fast reply. It helped me make some progress, but not enough. Btw, I saw that last time I mistakenly used the GNU java, not JDK from SUN. I found out when the "zmcreatecert" gave me keytool errors - of course, this is a JDK extension, not in the GNU Java.

I tried both ways. Slapd hangs on startup, and I still get errors on the zimbra.schema:
========================
daemon_init: ldap://:389/
/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema: line 2832: bad config line (ignored)
bdb_db_init: Initializing BDB database
bdb_db_open:
slapd starting
========================
... and then it hangs forever.

Any ideas?

[marcmac]

How are you starting ldap?

Try commenting out the "loglevel 0" line in /opt/zimbra/conf/slapd.conf and restarting, that may give more info.

Don't worry about the schema error, it's not hurting anything.

[shohamlevy]

Sorry for the delay, I am on GMT+2.

I removed the "loglevel 0" - but it did not make a difference. So I sudo'd myself to run strace, and here are the last lines of the command:
*******
sudo strace /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u `whoami` -h "ldap://:389/" -f /opt/zimbra/conf/slapd.conf -d 10
*******

Output (last strace lines):
==============================

Code:

sendto(3, "<135>Dec 13 11:26:23 slapd[10615"..., 50, MSG_NOSIGNAL, NULL, 0) = 50
open("/opt/zimbra/openldap/var/run/slapd.pid", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 9
fstat(9, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaab8c8000
write(9, "10615\n", 6)                  = 6
close(9)                                = 0
munmap(0x2aaaab8c8000, 4096)            = 0
open("/opt/zimbra/openldap/var/run/slapd.args", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 9
fstat(9, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaab8c8000
write(9, "/opt/zimbra/openldap/libexec/sla"..., 113) = 113
close(9)                                = 0
munmap(0x2aaaab8c8000, 4096)            = 0
mmap(NULL, 610304, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaab8c8000
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|0x40, -1, 0) = 0x40000000
mprotect(0x40000000, 4096, PROT_NONE)   = 0
clone(child_stack=0x40800270, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID|CLONE_DETACHED, parent_tidptr=0x408009f0, tls=0x40800960, child_tidptr=0x408009f0) = 10616
futex(0x408009f0, FUTEX_WAIT, 10616, NULLdaemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL

===============================

Thanks.

[marcmac]

What do you get from ldd /opt/zimbra/openldap/libexec/slapd?

[shohamlevy]

Code:

$ ldd openldap/libexec/slapd
        libsasl2.so.2 => /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2 (0x00002aaaaaad1000)
        libssl.so.5 => /lib64/libssl.so.5 (0x0000003aaa200000)
        libcrypto.so.5 => /lib64/libcrypto.so.5 (0x0000003aaa600000)
        libbind.so.3 => /usr/lib64/libbind.so.3 (0x0000003504000000)
        libc.so.6 => /lib64/libc.so.6 (0x0000003aa4a00000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003aaba00000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000003aa4f00000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003aa6900000)
        libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000003aaa400000)
        libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003aa9800000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003aa9600000)
        libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000003aa9e00000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x0000003aa5100000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003aac300000)
        /lib64/ld-linux-x86-64.so.2 (0x0000003aa4800000)
        libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000003aa9a00000)
[/color][/font]

=================================


In addition, I now have problems with zmcreatecert -

Code:

$ ./bin/zmcreatecert
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias  already exists

==============
keytool command exit status is: 1

[marcmac]

It looks like it's finding the libs ok. I'm not really sure why ldap isn't starting - does the openldap build tell you anything?

Which version of slapd are you using?

Search the forums for how to remove the my_ca alias.