Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Initializing ldap...FAILED (256) on Mac OSX 10.4.4

  1. #1
    kenzoida is offline Junior Member
    Join Date
    Feb 2006
    Posts
    8
    Rep Power
    9

    Default Initializing ldap...FAILED (256) on Mac OSX 10.4.4

    I'm getting an error on initializing ldap running zmsetup.pl after installing zcs-3.0.0_GA_156.MACOSX. I'm not exactly sure what log files to look in to see the details of the error or how to go about fixing this problem. Any help greatly appreciated.

    *** CONFIGURATION COMPLETE - press 'a' to apply
    Select from menu, or press 'a' to apply config (? - help) a
    Save configuration data to a file? [Yes]
    Save config in file: [/opt/zimbra/config.4550]
    Saving config in /opt/zimbra/config.4550...Done
    The system will be modified - continue? [No] Yes
    Operations logged to /tmp/zmsetup.log.4550
    Setting local config values...Done
    Setting up CA...Done
    Creating SSL certificate...Done
    Initializing ldap...FAILED (256)


    ERROR



    Configuration failed

    Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
    complete the configuration

    Here is my config file:

    AVUSER=admin@sawdust.local
    CREATEADMIN=admin@sawdust.local
    CREATEDOMAIN=sawdust.local
    DOCREATEADMIN=yes
    DOCREATEDOMAIN=yes
    DOTRAINSA=yes
    EXPANDMENU=no
    HOSTNAME=sawdust.local
    HTTPPORT=80
    HTTPSPORT=443
    IMAPPORT=143
    IMAPSSLPORT=993
    LDAPHOST=sawdust.local
    LDAPPORT=389
    MODE=http
    MTAAUTHHOST=sawdust.local
    POPPORT=110
    POPSSLPORT=995
    REMOVE=no
    RUNAV=yes
    RUNSA=yes
    SMTPDEST=admin@sawdust.local
    SMTPHOST=sawdust.local
    SMTPNOTIFY=yes
    SMTPSOURCE=admin@sawdust.local
    SNMPNOTIFY=yes
    SNMPTRAPHOST=sawdust.local
    SPELLURL=http://sawdust.local:7780/aspell.php
    STARTSERVERS=yes
    TRAINSAHAM=nr_d0vjb5z@sawdust.local
    TRAINSASPAM=wehqloscpf@sawdust.local
    UPGRADE=yes
    USESPELL=yes
    INSTALL_PACKAGES="zimbra-apache zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-snmp zimbra-spell zimbra-store "

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    Take a look at /tmp/install.log or zmsetup.log
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    kenzoida is offline Junior Member
    Join Date
    Feb 2006
    Posts
    8
    Rep Power
    9

    Default

    So this is the content of the log:

    ** Creating CA private key

    Generating a 1024 bit RSA private key
    ......................................++++++
    ..++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
    -----
    ** Creating CA cert

    Signature ok
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
    Getting Private key
    unable to write 'random state'
    ** Importing CA

    Certificate was added to keystore
    keytool error: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/V
    ersions/1.5/Home/lib/security/cacerts (Permission denied)
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    ...........++++++
    .....................................++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
    Serial Number: 2 (0x2)
    Validity
    Not Before: Feb 9 03:52:28 2006 GMT
    Not After : Feb 9 03:52:28 2007 GMT
    Subject:
    countryName = US
    stateOrProvinceName = N/A
    organizationName = Zimbra Collaboration Suite
    commonName = sawdust.local
    X509v3 extensions:
    X509v3 Basic Constraints:
    CA:FALSE
    Netscape Comment:
    OpenSSL Generated Certificate
    X509v3 Subject Key Identifier:
    28:91:25:1A2:CC:A1:83:07:05:81:02:F2:A9:81:00:2F:1B:81:94
    X509v3 Authority Key Identifier:
    DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
    serial:B7:07:E0:A8:94:4B:64:8A

    Certificate is to be certified until Feb 9 03:52:28 2007 GMT (365 days)

    Write out database with 1 new entries
    Data Base Updated
    unable to write 'random state'
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=sawdust.local
    Getting CA Private Key
    unable to write 'random state'
    ERROR - failed to start slapd

    So then after reviewing several posts, I tried to recreate the cert using:

    rm -rf /opt/zimbra/ssl
    mkdir /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/ssl
    su - zimbra

    keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra (1 line)
    keytool error: java.lang.Exception: Alias does not exist

    keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra (1 line)
    That seemed to have worked ok.

    zmcreateca

    ** Creating CA private key

    Generating a 1024 bit RSA private key
    .................................................. .................................................. ...........++++++
    .................................................. ...........................++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
    -----
    ** Creating CA cert

    Signature ok
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
    Getting Private key
    unable to write 'random state'

    zmcreatecert

    ** Importing CA

    Certificate was added to keystore
    keytool error: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts (Permission denied)
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    .................................................. .................................................. .................................................. ......++++++
    .....................................++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
    Serial Number: 2 (0x2)
    Validity
    Not Before: Feb 9 04:24:19 2006 GMT
    Not After : Feb 9 04:24:19 2007 GMT
    Subject:
    countryName = US
    stateOrProvinceName = N/A
    organizationName = Zimbra Collaboration Suite
    commonName = sawdust.local
    X509v3 extensions:
    X509v3 Basic Constraints:
    CA:FALSE
    Netscape Comment:
    OpenSSL Generated Certificate
    X509v3 Subject Key Identifier:
    C4:2A:91:E5:F6:5D:08E:03:94:59:0A:6C:A0:B0:7A:39:39:447
    X509v3 Authority Key Identifier:
    DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
    serial:C5:91:A8:11:49:BC:4A:6B

    Certificate is to be certified until Feb 9 04:24:19 2007 GMT (365 days)

    Write out database with 1 new entries
    Data Base Updated
    unable to write 'random state'
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=sawdust.local
    Getting CA Private Key
    unable to write 'random state'

    zmcertinstall mailbox

    ** Importing server cert

    keytool error: java.lang.Exception: Public keys in reply and keystore don't match

    What should I do next?

  4. #4
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    What are the permissins on /opt/zimbra/ssl?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  5. #5
    kenzoida is offline Junior Member
    Join Date
    Feb 2006
    Posts
    8
    Rep Power
    9

    Default

    The permissions are:

    drwx------ 3 zimbra zimbra 102 Feb 8 23:23 ssl/

  6. #6
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    18

    Default

    What happens if you try with chmod 777 ssl?
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  7. #7
    kenzoida is offline Junior Member
    Join Date
    Feb 2006
    Posts
    8
    Rep Power
    9

    Default

    I'm still having problems deleting my_ca:

    keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zim
    keytool error: java.lang.Exception: Alias does not exist

    After recreating the ssl dir and setting 777 permissions, I'm now noticing that the permissions are reset after each of these commands. I'm fixing the permissions before the next command but I'm still getting the same error on zmcertinstall mailbox.

    zmcreateca
    ll ssl ssl/ssl/ca

    drwx------ 3 zimbra zimbra 102 Feb 9 12:32 ssl/

    drwx------ 7 root zimbra 238 Feb 9 12:36 ./
    drwx------ 7 root zimbra 238 Feb 9 12:35 ../
    -rwx------ 1 root zimbra 647 Feb 9 12:33 ca.csr*
    -rwx------ 1 root zimbra 887 Feb 9 12:33 ca.key*
    -rwx------ 1 root zimbra 863 Feb 9 12:33 ca.pem*
    -rwx------ 1 root zimbra 3 Feb 9 12:36 ca.srl*
    -rwx------ 1 root zimbra 3 Feb 9 12:35 ca.srl.old*

    chmod 777 ssl ssl/ssl/ca

    drwxrwxrwx 3 zimbra zimbra 102 Feb 9 12:32 ssl/

    -rwxrwxrwx 1 root zimbra 647 Feb 9 12:33 ca.csr*
    -rwxrwxrwx 1 root zimbra 887 Feb 9 12:33 ca.key*
    -rwxrwxrwx 1 root zimbra 863 Feb 9 12:33 ca.pem*
    -rwxrwxrwx 1 root zimbra 3 Feb 9 12:36 ca.srl*
    -rwxrwxrwx 1 root zimbra 3 Feb 9 12:35 ca.srl.old*


    zmcreatecert
    ll ssl ssl/ssl/server

    drwx------ 3 zimbra zimbra 102 Feb 9 12:32 ssl/

    -rwx------ 1 root zimbra 1127 Feb 9 12:36 server.crt*
    -rwx------ 1 root zimbra 647 Feb 9 12:36 server.csr*
    -rwx------ 1 root zimbra 891 Feb 9 12:36 server.key*
    -rwx------ 1 root zimbra 826 Feb 9 12:36 tomcat.crt*
    -rwx------ 1 root zimbra 642 Feb 9 12:36 tomcat.csr*

    chmod 777 ss ssl/ssl/server

    drwxrwxrwx 3 zimbra zimbra 102 Feb 9 12:32 ssl/

    -rwxrwxrwx 1 root zimbra 1127 Feb 9 12:36 server.crt*
    -rwxrwxrwx 1 root zimbra 647 Feb 9 12:36 server.csr*
    -rwxrwxrwx 1 root zimbra 891 Feb 9 12:36 server.key*
    -rwxrwxrwx 1 root zimbra 826 Feb 9 12:36 tomcat.crt*
    -rwxrwxrwx 1 root zimbra 642 Feb 9 12:36 tomcat.csr*

    zmcertinstall mailbox

    ** Importing server cert

    keytool error: java.lang.Exception: Public keys in reply and keystore don't match

  8. #8
    kenzoida is offline Junior Member
    Join Date
    Feb 2006
    Posts
    8
    Rep Power
    9

    Default

    Hi Kevin, is there anything else I can try? I've reinstalled several times but am still stuck at the same point during LDAP setup. thx.

  9. #9
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default ldap startup

    Quote Originally Posted by kenzoida
    Hi Kevin, is there anything else I can try? I've reinstalled several times but am still stuck at the same point during LDAP setup. thx.
    still getting error on Mac OS X after installation

    The place to perform the edits is after package installation (after apple's installer exits) and prior to running zmsetup.pl - make the edit to the file /opt/zimbra/bin/ldap:

    Change
    Code:
    sudo /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h "ldaps:// ldap://:389/" \
                -f /opt/zimbra/conf/slapd.conf
    to
    Code:
    sudo /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h "ldap://:389/" \
                -f /opt/zimbra/conf/slapd.conf

  10. #10
    kenzoida is offline Junior Member
    Join Date
    Feb 2006
    Posts
    8
    Rep Power
    9

    Default

    Yes, that did the trick. Reinstalling and fixing that line got me past the ldap issues and services started up fine, albeit very slowly. Thanks!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Upgrade: 4.5.5 -> 4.5.6 failed, LDAP/slapd issues
    By Daimyo in forum Installation
    Replies: 7
    Last Post: 08-04-2007, 09:23 PM
  2. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  3. Initializing ldap...FAILED (256)
    By rmvg in forum Installation
    Replies: 10
    Last Post: 01-03-2007, 08:55 AM
  4. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 03:39 PM
  5. Replies: 4
    Last Post: 11-15-2006, 12:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •