Zimbra

kenzoida · #1 (**permalink**) 02-08-2006, 07:38 PM

I'm getting an error on initializing ldap running zmsetup.pl after installing zcs-3.0.0_GA_156.MACOSX. I'm not exactly sure what log files to look in to see the details of the error or how to go about fixing this problem. Any help greatly appreciated.

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.4550]
Saving config in /opt/zimbra/config.4550...Done
The system will be modified - continue? [No] Yes
Operations logged to /tmp/zmsetup.log.4550
Setting local config values...Done
Setting up CA...Done
Creating SSL certificate...Done
Initializing ldap...FAILED (256)

ERROR

Configuration failed

Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
complete the configuration

Here is my config file:

AVUSER=admin@sawdust.local
CREATEADMIN=admin@sawdust.local
CREATEDOMAIN=sawdust.local
DOCREATEADMIN=yes
DOCREATEDOMAIN=yes
DOTRAINSA=yes
EXPANDMENU=no
HOSTNAME=sawdust.local
HTTPPORT=80
HTTPSPORT=443
IMAPPORT=143
IMAPSSLPORT=993
LDAPHOST=sawdust.local
LDAPPORT=389
MODE=http
MTAAUTHHOST=sawdust.local
POPPORT=110
POPSSLPORT=995
REMOVE=no
RUNAV=yes
RUNSA=yes
SMTPDEST=admin@sawdust.local
SMTPHOST=sawdust.local
SMTPNOTIFY=yes
SMTPSOURCE=admin@sawdust.local
SNMPNOTIFY=yes
SNMPTRAPHOST=sawdust.local
SPELLURL=http://sawdust.local:7780/aspell.php
STARTSERVERS=yes
TRAINSAHAM=nr_d0vjb5z@sawdust.local
TRAINSASPAM=wehqloscpf@sawdust.local
UPGRADE=yes
USESPELL=yes
INSTALL_PACKAGES="zimbra-apache zimbra-core zimbra-ldap zimbra-logger zimbra-mta zimbra-snmp zimbra-spell zimbra-store "

KevinH · #2 (**permalink**) 02-08-2006, 08:02 PM

Take a look at /tmp/install.log or zmsetup.log

kenzoida · #3 (**permalink**) 02-08-2006, 09:36 PM

So this is the content of the log:

** Creating CA private key

Generating a 1024 bit RSA private key
......................................++++++
..++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert

Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
Getting Private key
unable to write 'random state'
** Importing CA

Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/V
ersions/1.5/Home/lib/security/cacerts (Permission denied)
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
...........++++++
.....................................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Feb 9 03:52:28 2006 GMT
Not After : Feb 9 03:52:28 2007 GMT
Subject:
countryName = US
stateOrProvinceName = N/A
organizationName = Zimbra Collaboration Suite
commonName = sawdust.local
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
28:91:25:1A

2:CC:A1:83:07:05:81:02:F2:A9:81:00:2F :1B:81:94
X509v3 Authority Key Identifier:
DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
serial:B7:07:E0:A8:94:4B:64:8A

Certificate is to be certified until Feb 9 03:52:28 2007 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=sawdust.local
Getting CA Private Key
unable to write 'random state'
ERROR - failed to start slapd

So then after reviewing several posts, I tried to recreate the cert using:

rm -rf /opt/zimbra/ssl
mkdir /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/ssl
su - zimbra

keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra (1 line)
keytool error: java.lang.Exception: Alias does not exist

keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra (1 line)
That seemed to have worked ok.

zmcreateca

** Creating CA private key

Generating a 1024 bit RSA private key
.................................................. .................................................. ...........++++++
.................................................. ...........................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert

Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
Getting Private key
unable to write 'random state'

zmcreatecert

** Importing CA

Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home/lib/security/cacerts (Permission denied)
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
.................................................. .................................................. .................................................. ......++++++
.....................................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Feb 9 04:24:19 2006 GMT
Not After : Feb 9 04:24:19 2007 GMT
Subject:
countryName = US
stateOrProvinceName = N/A
organizationName = Zimbra Collaboration Suite
commonName = sawdust.local
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C4:2A:91:E5:F6:5D:08

E:03:94:59:0A:6C:A0:B0:7A:39 :39:44

7
X509v3 Authority Key Identifier:
DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=sawdust.local
serial:C5:91:A8:11:49:BC:4A:6B

Certificate is to be certified until Feb 9 04:24:19 2007 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=sawdust.local
Getting CA Private Key
unable to write 'random state'

zmcertinstall mailbox

** Importing server cert

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

What should I do next?

KevinH · #4 (**permalink**) 02-08-2006, 09:54 PM

What are the permissins on /opt/zimbra/ssl?

kenzoida · #5 (**permalink**) 02-09-2006, 08:28 AM

The permissions are:

drwx------ 3 zimbra zimbra 102 Feb 8 23:23 ssl/

KevinH · #6 (**permalink**) 02-09-2006, 10:16 AM

What happens if you try with chmod 777 ssl?

kenzoida · #7 (**permalink**) 02-09-2006, 10:52 AM

I'm still having problems deleting my_ca:

keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zim
keytool error: java.lang.Exception: Alias does not exist

After recreating the ssl dir and setting 777 permissions, I'm now noticing that the permissions are reset after each of these commands. I'm fixing the permissions before the next command but I'm still getting the same error on zmcertinstall mailbox.

zmcreateca
ll ssl ssl/ssl/ca

drwx------ 3 zimbra zimbra 102 Feb 9 12:32 ssl/

drwx------ 7 root zimbra 238 Feb 9 12:36 ./
drwx------ 7 root zimbra 238 Feb 9 12:35 ../
-rwx------ 1 root zimbra 647 Feb 9 12:33 ca.csr*
-rwx------ 1 root zimbra 887 Feb 9 12:33 ca.key*
-rwx------ 1 root zimbra 863 Feb 9 12:33 ca.pem*
-rwx------ 1 root zimbra 3 Feb 9 12:36 ca.srl*
-rwx------ 1 root zimbra 3 Feb 9 12:35 ca.srl.old*

chmod 777 ssl ssl/ssl/ca

drwxrwxrwx 3 zimbra zimbra 102 Feb 9 12:32 ssl/

-rwxrwxrwx 1 root zimbra 647 Feb 9 12:33 ca.csr*
-rwxrwxrwx 1 root zimbra 887 Feb 9 12:33 ca.key*
-rwxrwxrwx 1 root zimbra 863 Feb 9 12:33 ca.pem*
-rwxrwxrwx 1 root zimbra 3 Feb 9 12:36 ca.srl*
-rwxrwxrwx 1 root zimbra 3 Feb 9 12:35 ca.srl.old*

zmcreatecert
ll ssl ssl/ssl/server

drwx------ 3 zimbra zimbra 102 Feb 9 12:32 ssl/

-rwx------ 1 root zimbra 1127 Feb 9 12:36 server.crt*
-rwx------ 1 root zimbra 647 Feb 9 12:36 server.csr*
-rwx------ 1 root zimbra 891 Feb 9 12:36 server.key*
-rwx------ 1 root zimbra 826 Feb 9 12:36 tomcat.crt*
-rwx------ 1 root zimbra 642 Feb 9 12:36 tomcat.csr*

chmod 777 ss ssl/ssl/server

drwxrwxrwx 3 zimbra zimbra 102 Feb 9 12:32 ssl/

-rwxrwxrwx 1 root zimbra 1127 Feb 9 12:36 server.crt*
-rwxrwxrwx 1 root zimbra 647 Feb 9 12:36 server.csr*
-rwxrwxrwx 1 root zimbra 891 Feb 9 12:36 server.key*
-rwxrwxrwx 1 root zimbra 826 Feb 9 12:36 tomcat.crt*
-rwxrwxrwx 1 root zimbra 642 Feb 9 12:36 tomcat.csr*

zmcertinstall mailbox

** Importing server cert

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

kenzoida · #8 (**permalink**) 02-10-2006, 09:57 AM

Hi Kevin, is there anything else I can try? I've reinstalled several times but am still stuck at the same point during LDAP setup. thx.

marcmac · #9 (**permalink**) 02-10-2006, 10:05 AM

Quote:

Originally Posted by kenzoida

Hi Kevin, is there anything else I can try? I've reinstalled several times but am still stuck at the same point during LDAP setup. thx.

still getting error on Mac OS X after installation

The place to perform the edits is after package installation (after apple's installer exits) and prior to running zmsetup.pl - make the edit to the file /opt/zimbra/bin/ldap:

Change

Code:

sudo /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h "ldaps:// ldap://:389/" \
            -f /opt/zimbra/conf/slapd.conf

to

Code:

sudo /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h "ldap://:389/" \
            -f /opt/zimbra/conf/slapd.conf

kenzoida · #10 (**permalink**) 02-11-2006, 02:42 PM

Yes, that did the trick. Reinstalling and fixing that line got me past the ldap issues and services started up fine, albeit very slowly. Thanks!

Zimbra

Downloads

Product Information

Toolbox

Why Join?