Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page LDAP not starting - Debian sid

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-03-2006, 03:46 AM
Starter Member
  
Posts: 2
Default LDAP not starting - Debian sid
Dear all,

I am stuck with LDAP not starting after a otherwise straightforward install.
After building debs from the latest RPM binaries and tweaking install, util and pre/postinstall scripts to recognise sid etc... slapd is not starting.

Setting local config values...Done
Setting up CA...Done
Creating SSL certificate...Done
Initializing ldap...FAILED (256)

ERROR

Configuration failed

After starting slapd manually with debugging switched on:
udo /opt/zimbra/openldap/libexec/slapd -4 -h "ldap://:389" -f /opt/zimbra/conf/slapd.conf -d 5001

I get a TLS error at the very end:

(#) $OpenLDAP: slapd 2.2.28 (Nov 9 2005 12:31:52) $
root@build.liquidsys.com:/home/build/p4/main/ThirdParty/openldap/openldap-2.2.28/servers/slapd
daemon_init: listen on ldap://:389
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://:389)
daemon: initialized ldap://:389
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
>>> dnNormalize:
=> ldap_bv2dn(cn=Subschema,0)
ldap_err2string
<= ldap_bv2dn(cn=Subschema)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=subschema)=0 Success
......
TLS: could not load client CA list (file:`/opt/zimbra/conf/ca/ca.pem',dir:`').
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:644
main: TLS init def ctx failed: -1
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

Openssl is installed, the certificates are all created,

I am out of my depth with LDAP and need some serious advise on where to look next.

Thank you!
Reply With Quote
  #2 (permalink)  
Old 02-03-2006, 08:11 AM
Zimbra Employee
  
Posts: 2,103
Default certs
Did you try recreating the certs?
zmcreateca
zmcertinstall mailbox
Reply With Quote
  #3 (permalink)  
Old 02-05-2006, 05:02 PM
Starter Member
  
Posts: 2
Default Can't create certs
Quote:
Originally Posted by marcmac
Did you try recreating the certs?
zmcreateca
zmcertinstall mailbox
marcmarc: Thank you for the swift reply.

Yes, I tried to create the certs manually (following your suggestions in thread SSL Problem - No common encryption algorithm)

Unfortunately I continuously get the following error when I 'zmcertinstall mailbox':

** Importing server cert

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

Next I start deleteing the certs, but get an error when trying to remove the my_ca alias: Does not exist!

keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
Enter keystore password: zimbra
keytool error: java.lang.Exception: Alias does not exist

zmcreatecert works only when cacerts (/opt/zimbra/java/jre/lib/security/) has been deleted previously. Otherwise the following happens:

zmcreatecert
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
..............++++++
...............................................+++ +++
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature....

I find that odd, as the keytool reports previously that alias my_ca cannot be deleted from .../keystore as it does not exist.

What am I missing?

PS: All file access permissions seem to be ok on cacerts and keystore

Thank you,
still clueless
Reply With Quote
  #4 (permalink)  
Old 02-05-2006, 06:36 PM
Zimbra Employee
  
Posts: 2,103
Default my_ca
my_ca is in /opt/zimbra/java/jre/lib/security/cacerts, not conf/keystore - do the delete of my_ca in that file, then delete tomcat in conf/keystore.
Reply With Quote
  #5 (permalink)  
Old 04-03-2006, 10:25 AM
Senior Member
  
Posts: 67
Default Enter Keystore password on my_ca removal
Quote:
Originally Posted by marcmac
my_ca is in /opt/zimbra/java/jre/lib/security/cacerts, not conf/keystore - do the delete of my_ca in that file, then delete tomcat in conf/keystore.
When I do:

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

It works.

When I do:

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts

I get Enter keystore password:

I can I delete my_ca so I can put in a real ssl cert?
Reply With Quote
  #6 (permalink)  
Old 04-03-2006, 12:38 PM
Senior Member
  
Posts: 67
Default
Quote:
Originally Posted by comptekki
When I do:

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

It works.

When I do:

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts

I get Enter keystore password:

I can I delete my_ca so I can put in a real ssl cert?
Never mind.

This works:

keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.