We are running ZCS 5.0.7. It was originally setup as a two-node cluster. We had problems with the cluster and disabled clustering sometime back. There is a third server that was built as an LDAP replica when we were experimenting with moving all the mail boxes over to get rid of the remnants of the cluster install.

We have been having issues with SASL authentication recently that we've been trying to resolve and came across one setting yesterday. In /opt/zimbra/cyrus-sasl/etc/saslauthd.conf, we have the following for the 'zimbra_url' line (sanitized):

zimbra_url: https://#serverb#:7071/service/admin/soap/ https://#serverc#:7071/service/admin/soap/ https://#server2#:7071/service/admin/soap/ https://#servera#:7071/service/admin/soap/

A and B were the original cluster members and A is our active single server at this time (internal names). C is the server that was added as an LDAP replica. Server 2 is the public name of the second cluster node.

We edited this file and removed the first three entries since they shouldn't be there and restarted Zimbra. Something regenerated this file and put the entries back in.

Looking at /var/log/zimbra.log, we see we get authentication errors when Zimbra tries to connect to one of the invalid entries.

Good server selected:

Apr 1 05:47:25 mail1a saslauthd[12103]: zmauth: authenticating against elected url 'https://#servera#:7071/service/admin/soap/' ...
Apr 1 05:47:26 mail1a saslauthd[12103]: zmpost: url='https://#servera#:7071/service/admin/soap/' returned buffer->data='0_858be0d213f64f96109cacb2b39416adb54eec54_69643d3 3363a34623365313531382d323934342d346536392d3863636 12d3930363830353239343335333b6578703d31333a3132333 83733373634363035363b747970653d363a7a696d6272613b6 d61696c686f73743d31323a31302e312e302e34303a38303b172800000beach', hti->error=''

Bad server selected:

Apr 1 05:27:56 mail1a saslauthd[12107]: zmauth: authenticating against elected url 'https://#server2#:7071/service/admin/soap/' ...
Apr 1 05:27:56 mail1a saslauthd[12107]: zmpost: url='https://#server2#:7071/service/admin/soap/' returned buffer->data=' Error 404 NOT_FOUND




Powered by jetty://

What other location in the Zimbra config needs to be edited to remove the bogus SASL auth server entries for 'zimbra_url'?

David Goldmsith