Installing Zimbra using OSX LDAP

[camiriddle]

I'm installing Zimbra on a 10.4.7 OSX Server. I've configured the system, to the best of my ability to use the LDAP already resident on the server rather than have zimbra create its own:

Main menu

1) Hostname: xserve.technorati.net
2) Ldap master host: xserve.technorati.net
3) Ldap port: 389
4) Ldap password: set
5) zimbra-ldap: Disabled
6) zimbra-store: Enabled
+Create Admin User: no
+SMTP host: xserve.technorati.net
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: http
+Enable POP/IMAP proxy: no
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://xserve.technorati.net:7780/aspell.php

7) zimbra-mta: Enabled
8) zimbra-snmp: Enabled
9) zimbra-logger: Enabled
10) zimbra-spell: Enabled
r) Start servers after configuration yes
s) Save config to file
x) Expand menu

I disabled the creation of admin, since one already exists. Since it continues with the install process, I assume it successfully contacts the ldap server. However, when it gets to actually running the install, I get:

Setting local config values...Done
Setting up CA...Done
Creating SSL certificate...Done
Fetching CA from ldap...ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
Done
Installing SSL certificate...Done
Creating server entry for xserve.technorati.net...Done
Setting spell check URL...Done
Setting service ports on xserve.technorati.net...Done
Adding xserve.technorati.net to zimbraMailHostPool in default COS...ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
Done

and when I look at the install log, I see a bunch of these:

** Creating CA private key

Generating a 1024 bit RSA private key
....++++++
......++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'


where nothing can write to 'random state' but the ssl cert creation seems successful, but then I see:

Certificate is to be certified until Jul 12 21:56:06 2007 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=xserve.technorati.net
Getting CA Private Key
unable to write 'random state'
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationExcept
ion [LDAP: error code 49 - Invalid Credentials])
** Importing server cert

ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationExcept
ion [LDAP: error code 49 - Invalid Credentials])
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationExcept
ion [LDAP: error code 49 - Invalid Credentials])
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationExcept
ion [LDAP: error code 49 - Invalid Credentials])
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationExcept
ion [LDAP: error code 49 - Invalid Credentials])
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationExcept
ion [LDAP: error code 49 - Invalid Credentials])
zmprov [cmd] [args ...]


All of this leads me to wonder what LDAP password the install is really asking for, what user zimbra is using to try and log into the ldap system and what I _should_ be using for this.

Additionally, while the install claims to succeed, a zmcontrol status returns:

Cannot determine services - exiting

If at all possible, I would prefer to have zimbra installed on this server, using the OSX ldap. I have tried this both with ssl disabled for ldap on the server and again enabled, but have the same issues either way.

Can anyone help?

[camiriddle]

So, I tried installing a parallel ldap on a different port and got the exact same errors, except this time, the install failed completely. Getting the impression this stuff just won't install if ldap is already on the box, no matter what.

[KevinH]

So, I tried installing a parallel ldap on a different port and got the exact same errors, except this time, the install failed completely. Getting the impression this stuff just won't install if ldap is already on the box, no matter what.

Yes at this time you have to leave LDAP on port 389. We have the ability to change it to a different port but that doesn't work for the initial install. This is an open bug that we still need to fix.