install problem with FC4: LDAP: error code 49 - Invalid Credentials

[sahuguet]

Hi,

I have been following the various posts for FC4 and made some progress accordingly:
- sym links for the crypto libs
- mysql config for systems with little RAM

now I am stuck with LDAP authentication. I get an authentication error when I try to check the LDAP config.

[zimbra@godavari conf]$ zmprov gas
ERROR: service.FAILURE (system failure: getDirectContext) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])


My guess is that with the various installs I have done, the LDAP password might be out of sync between two components (e.g. LDAP server and Java app).
Is there a way to fix it by hand?

Another question is how to start a clean install.
I am doing \rm -r /opt/zimbra and then a re-install via install.sh.
Is there a cleaner way of doing it?

regards,

Arnaud

[KevinH]

Quote:

Originally Posted by sahuguet

My guess is that with the various installs I have done, the LDAP password might be out of sync between two components (e.g. LDAP server and Java app).
Is there a way to fix it by hand?

zmldappasswd should be able to reset it. change both the user level and use the --root option to change the ldap password.

Quote:

Originally Posted by sahuguet

Another question is how to start a clean install.
I am doing \rm -r /opt/zimbra and then a re-install via install.sh.
Is there a cleaner way of doing it?

install.sh -u

This will remove everything. I suggest you try this if you've tried multiple installs. Best way to clean up and start fresh.

[sahuguet]

The LDAP credential error has disappeared.

For some reasons, I cannot start the services using zmcontrol start.
I have to start them "manually":
- ldap start
- mysql.server start
- tomcat start

I get the following error in the zimbra.log file:

Code:

2005-09-13 00:52:15,764 INFO  [main] [] soap - Servlet SoapServlet starting up
2005-09-13 00:52:16,409 INFO  [main] [] misc - version=2005.0.0_39.FC3 release=1_ARMSTRONG builddat
e=20050829-1058 buildhost=wolfowitz.liquidsys.com
2005-09-13 00:52:17,538 FATAL [main] [] soap - Unable to start servlet
java.lang.RuntimeException: Error communicating with LDAP
        at com.zimbra.cs.util.Zimbra.checkLDAP(Zimbra.java:86)
        at com.zimbra.cs.util.Zimbra.startup(Zimbra.java:117)
        at com.zimbra.soap.SoapServlet.init(SoapServlet.java:77)

And I have checked that my slapd server is running.

Is there a way to check that the LDAP server is properly configured?
With mysql, I can use the zmmysqlstatus command.

Is there something similar with LDAP?
Otherwise, is there a ldapsearch command I could try to check that things are working fine?

regards,

Arnaud

[KevinH]

One quick check is to telnet to port 389

telnet 0 389


See if ldap is actually bound to that port.

[sahuguet]

LDAP is running.

I was thinking more of an ldapsearch command that retrieves some attributes, as a way to check that everything is fine.

For instance, I would like to retrieve some user info:

Code:

[root@godavari log]# /opt/zimbra/openldap/bin/ldapsearch -b "cn=admins,cn=zimbra"  -D "uid=zimbra,cn=admins,cn=zimbra" -X objectclass=organizationalPerson
SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Insufficient access (50)
        additional info: SASL(-14): authorization failure: unable authorization ID

For the password, I am using the one I provided during the install for admin@.

regards,

Arnaud

[marcmac]

zmprov gas - if ldap is working, that will return a server list.

I suspect that the problem is credentials, and you need to reset the password with zmldappassword

Quote:

Originally Posted by sahuguet

LDAP is running.

I was thinking more of an ldapsearch command that retrieves some attributes, as a way to check that everything is fine.

For instance, I would like to retrieve some user info:

Code:

[root@godavari log]# /opt/zimbra/openldap/bin/ldapsearch -b "cn=admins,cn=zimbra"  -D "uid=zimbra,cn=admins,cn=zimbra" -X objectclass=organizationalPerson
SASL/DIGEST-MD5 authentication started
Please enter your password: 
ldap_sasl_interactive_bind_s: Insufficient access (50)
        additional info: SASL(-14): authorization failure: unable authorization ID

For the password, I am using the one I provided during the install for admin@.

regards,

Arnaud

[marcmac]

Quote:

Originally Posted by sahuguet

LDAP is running.


For the password, I am using the one I provided during the install for admin@.

regards,

Arnaud

Just saw this - that's not the ldap password.

The ldap password can be retrieved via zmlocalconfig -s zimbra_ldap_password