Results 1 to 3 of 3

Thread: [SOLVED] ldap errors

  1. #1
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default [SOLVED] ldap errors

    After installing an SSL certificate and restarting the server, I keep getting this error
    Code:
    [zimbra@zimbra ~]$ zmcontrol start
    Host zimbra.mprinc.com
    	Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Aside from that, Zimbra is starting okay, but I don't know if it will continue to do so. I know there's some standard info that needs to be posted in situations like this but first some background and additional notes.


    • Initial install went fine with zimbra.mprinc.com.
    • Later created two domains: mprinc.com and connectedcalifornia.org.
    • Virtual hosts for the two are zimbra.mprinc.com and zimbra.connectedcalifornia.org, respectively.
    • Did not alter mx records for mprinc.com and connectedcalifornia.org as those are currently pointing to a live server. I would like to leave those records in place until transition to Zimbra.
    • When creating the CSR for zimbra.mprinc.com, I entered zimbra.connectedcalifornia.org as a Subject Alternate Name
    • However when I view the cert in Zimra, the Subject Alternate Name is "zimbra.mprinc.com, www.zimbra.mprinc.com" (maybe GoDaddy doesn't allow SANs with the type of cert I bought?)

    With that out of the way,

    Code:
    [zimbra@zimbra log]$ cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1		localhost.localdomain localhost
    99.147.40.125	zimbra.mprinc.com zimbra
    ::1		localhost6.localdomain6 localhost6
    [zimbra@zimbra log]$ cat /etc/resolv.conf
    search mprinc.com
    nameserver 99.147.40.124
    nameserver 68.94.156.1
    nameserver 68.94.157.1
    [zimbra@zimbra log]$ dig mprinc.com mx
    
    ; <<>> DiG 9.3.4-P1 <<>> mprinc.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56200
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
    
    ;; QUESTION SECTION:
    ;mprinc.com.			IN	MX
    
    ;; ANSWER SECTION:
    mprinc.com.		10800	IN	MX	10 mail.mprinc.com.
    mprinc.com.		10800	IN	MX	20 mx2.mprinc.com.
    
    ;; AUTHORITY SECTION:
    mprinc.com.		10800	IN	NS	ns1.sbcglobal.net.
    mprinc.com.		10800	IN	NS	ns.mprinc.com.
    
    ;; ADDITIONAL SECTION:
    mail.mprinc.com.	10800	IN	A	99.147.40.124
    mx2.mprinc.com.		10800	IN	A	99.147.40.84
    ns.mprinc.com.		10800	IN	A	99.147.40.124
    
    ;; Query time: 1 msec
    ;; SERVER: 99.147.40.124#53(99.147.40.124)
    ;; WHEN: Thu Jun  4 18:01:04 2009
    ;; MSG SIZE  rcvd: 165
    
    [zimbra@zimbra log]$ dig connectedcalifornia.org mx
    
    ; <<>> DiG 9.3.4-P1 <<>> connectedcalifornia.org mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4083
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 6
    
    ;; QUESTION SECTION:
    ;connectedcalifornia.org.	IN	MX
    
    ;; ANSWER SECTION:
    connectedcalifornia.org. 86400	IN	MX	50 smtp.connectedcalifornia.org.
    connectedcalifornia.org. 86400	IN	MX	75 mx2.mprinc.com.
    
    ;; AUTHORITY SECTION:
    connectedcalifornia.org. 5025	IN	NS	ns19b.nameservers.net.
    connectedcalifornia.org. 5025	IN	NS	ns19a.nameservers.net.
    
    ;; ADDITIONAL SECTION:
    smtp.connectedcalifornia.org. 19328 IN	A	99.147.40.124
    mx2.mprinc.com.		10800	IN	A	99.147.40.84
    ns19a.nameservers.net.	4990	IN	A	161.58.134.98
    ns19a.nameservers.net.	4990	IN	A	161.58.75.72
    ns19b.nameservers.net.	4990	IN	A	198.170.241.2
    ns19b.nameservers.net.	4990	IN	A	161.58.134.114
    
    ;; Query time: 85 msec
    ;; SERVER: 99.147.40.124#53(99.147.40.124)
    ;; WHEN: Thu Jun  4 18:01:12 2009
    ;; MSG SIZE  rcvd: 243
    
    [zimbra@zimbra log]$ dig zimbra.mprinc.com mx
    
    ; <<>> DiG 9.3.4-P1 <<>> zimbra.mprinc.com mx
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6944
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;zimbra.mprinc.com.		IN	MX
    
    ;; ANSWER SECTION:
    zimbra.mprinc.com.	10800	IN	MX	10 zimbra.mprinc.com.
    
    ;; AUTHORITY SECTION:
    mprinc.com.		10800	IN	NS	ns.mprinc.com.
    mprinc.com.		10800	IN	NS	ns1.sbcglobal.net.
    
    ;; ADDITIONAL SECTION:
    zimbra.mprinc.com.	10800	IN	A	99.147.40.125
    ns.mprinc.com.		10800	IN	A	99.147.40.124
    
    ;; Query time: 0 msec
    ;; SERVER: 99.147.40.124#53(99.147.40.124)
    ;; WHEN: Thu Jun  4 18:01:23 2009
    ;; MSG SIZE  rcvd: 131
    
    [zimbra@zimbra log]$ dig mprinc.com any
    
    ; <<>> DiG 9.3.4-P1 <<>> mprinc.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50088
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3
    
    ;; QUESTION SECTION:
    ;mprinc.com.			IN	ANY
    
    ;; ANSWER SECTION:
    mprinc.com.		10800	IN	MX	10 mail.mprinc.com.
    mprinc.com.		10800	IN	MX	20 mx2.mprinc.com.
    mprinc.com.		10800	IN	A	199.237.238.185
    mprinc.com.		10800	IN	SOA	ns.mprinc.com. ewilen.mprinc.com. 1183161117 10800 3600 1209600 10800
    mprinc.com.		10800	IN	NS	ns.mprinc.com.
    mprinc.com.		10800	IN	NS	ns1.sbcglobal.net.
    
    ;; ADDITIONAL SECTION:
    mail.mprinc.com.	10800	IN	A	99.147.40.124
    mx2.mprinc.com.		10800	IN	A	99.147.40.84
    ns.mprinc.com.		10800	IN	A	99.147.40.124
    
    ;; Query time: 0 msec
    ;; SERVER: 99.147.40.124#53(99.147.40.124)
    ;; WHEN: Thu Jun  4 18:01:33 2009
    ;; MSG SIZE  rcvd: 224
    
    [zimbra@zimbra log]$ dig connectedcalifornia.org any
    
    ; <<>> DiG 9.3.4-P1 <<>> connectedcalifornia.org any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41110
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 6
    
    ;; QUESTION SECTION:
    ;connectedcalifornia.org.	IN	ANY
    
    ;; ANSWER SECTION:
    connectedcalifornia.org. 86372	IN	MX	75 mx2.mprinc.com.
    connectedcalifornia.org. 86372	IN	MX	50 smtp.connectedcalifornia.org.
    connectedcalifornia.org. 84040	IN	SOA	feed19.nameservers.net. hostmaster.rapidsite.net. 2009060419 7200 3600 604800 86400
    connectedcalifornia.org. 4997	IN	NS	ns19a.nameservers.net.
    connectedcalifornia.org. 4997	IN	NS	ns19b.nameservers.net.
    connectedcalifornia.org. 67004	IN	A	198.106.189.123
    
    ;; AUTHORITY SECTION:
    connectedcalifornia.org. 4997	IN	NS	ns19b.nameservers.net.
    connectedcalifornia.org. 4997	IN	NS	ns19a.nameservers.net.
    
    ;; ADDITIONAL SECTION:
    smtp.connectedcalifornia.org. 19300 IN	A	99.147.40.124
    mx2.mprinc.com.		10800	IN	A	99.147.40.84
    ns19a.nameservers.net.	4962	IN	A	161.58.75.72
    ns19a.nameservers.net.	4962	IN	A	161.58.134.98
    ns19b.nameservers.net.	4962	IN	A	161.58.134.114
    ns19b.nameservers.net.	4962	IN	A	198.170.241.2
    
    ;; Query time: 0 msec
    ;; SERVER: 99.147.40.124#53(99.147.40.124)
    ;; WHEN: Thu Jun  4 18:01:40 2009
    ;; MSG SIZE  rcvd: 351
    
    [zimbra@zimbra log]$ dig zimbra.mprinc.com any
    
    ; <<>> DiG 9.3.4-P1 <<>> zimbra.mprinc.com any
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21307
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;zimbra.mprinc.com.		IN	ANY
    
    ;; ANSWER SECTION:
    zimbra.mprinc.com.	10800	IN	A	99.147.40.125
    zimbra.mprinc.com.	10800	IN	MX	10 zimbra.mprinc.com.
    
    ;; AUTHORITY SECTION:
    mprinc.com.		10800	IN	NS	ns1.sbcglobal.net.
    mprinc.com.		10800	IN	NS	ns.mprinc.com.
    
    ;; ADDITIONAL SECTION:
    ns.mprinc.com.		10800	IN	A	99.147.40.124
    
    ;; Query time: 0 msec
    ;; SERVER: 99.147.40.124#53(99.147.40.124)
    ;; WHEN: Thu Jun  4 18:01:45 2009
    ;; MSG SIZE  rcvd: 131
    
    [zimbra@zimbra log]$ host `hostname`
    zimbra.mprinc.com has address 99.147.40.125
    zimbra.mprinc.com mail is handled by 10 zimbra.mprinc.com.
    If there is a problem with the cert for zimbra.mprinc.com I could re-key, and if necessary/possible I could have a spare cert I could use for zimbra.connectedcalifornia.org instead of using a SAN.

  2. #2
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Well, no answers here so I contacted support, spoke to someone there via email.

    He suggested moving /opt/zimbra/log/.zmcontrol.cache and restarting.

    When I did this, I had to issue zmcontrol start twice to get zimbra going, but it did start. I.e.,

    Code:
    [zimbra@zimbra log]$ zmcontrol start
    Host zimbra.mprinc.com
    	Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.
    [zimbra@zimbra log]$ zmcontrol start
    Host zimbra.mprinc.com
    	Starting logger...Done.
    	Starting convertd...Done.
    	Starting mailbox...
    It seems I can also start ldap separately with ldap start, then wait a bit and do zmcontrol start.

    So apparently ldap is just slow to respond the first time, but once the cache has been built, this isn't a problem. I'll mark this solved but if anyone has any more insights, I'd appreciate it.

  3. #3
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Another user has reported the same issue with a GoDaddy cert: ZCS 6.0rc1 & godaddy SSL cert problems

    I'm still seeing this after changing my GoDaddy cert to one that allows multiple Subject Alternative Names.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 02:08 AM
  2. upgrading from 5.0.4 to 5.0.5 opensource
    By smoke in forum Installation
    Replies: 4
    Last Post: 10-19-2008, 10:38 AM
  3. Replies: 8
    Last Post: 08-07-2008, 05:18 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 03:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •