Results 1 to 2 of 2

Thread: Zimbra + Debian + Xen = LDAP problems

  1. #1
    Tony Lewis is offline Member
    Join Date
    Mar 2007
    Posts
    12
    Rep Power
    8

    Default Zimbra + Debian + Xen = LDAP problems

    Background:

    I want Zimbra running under Xen. The fact that LDAP wants NPTL means that I need to use Debian 4.0 (etch) in the guest, because it has a Xen-friendly libc package (libc6-xen). Without this package, LDAP won't install.

    When I install, LDAP fails to start. Using "sh -x" a lot, I see that /opt/zimbra/conf/slapd.{crt,key} don't exist. I assume they should get created during the installation, but something is going wrong.

    The first symptom I see is that the local config sets "ldap_is_master' to false, and complains when I set the master URL to the same as the box I'm installing on. When I change this, I progress to the SSL errors above.

    I run "sh -x /opt/zimbra/bin/zmcreatecert" and see (snipped):
    -------------------------
    + openssl ca -out /opt/zimbra/ssl/ssl/server/server.crt -notext -config /opt/zimbra/ssl/ssl/zmssl.cnf -in /opt/zimbra/ssl/ssl/server/server.csr -keyfile /opt/zimbra/ssl/ssl/ca/ca.key -cert /opt/zimbra/ssl/ssl/ca/ca.pem -batch
    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    unable to load CA private key
    5140:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:642:Expecting: ANY PRIVATE KEY
    unable to write 'random state'
    + openssl x509 -CA /opt/zimbra/ssl/ssl/ca/ca.pem -CAkey /opt/zimbra/ssl/ssl/ca/ca.key -CAserial /opt/zimbra/ssl/ssl/ca/ca.srl -req -in /opt/zimbra/ssl/ssl/server/tomcat.csr -extensions v3_req -extfile /opt/zimbra/ssl/ssl/zmssl.cnf -out /opt/zimbra/ssl/ssl/server/tomcat.crt -days 365
    Signature ok
    subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=zimbra.home
    unable to load certificate
    5141:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:642:Expecting: TRUSTED CERTIFICATE
    unable to write 'random state'
    + cp /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/conf/slapd.crt
    cp: cannot stat `/opt/zimbra/ssl/ssl/server/server.crt': No such file or directory

    -------------------------

    So, my certificates are stuffed, it would appear.

    I *think* the root cause might be the SSL version. Native in Debian 4.0 is 0.9.8. The openssl package is linked to this, though libssl0.9.7 is still available. I downgraded openssl to run from sarge (i.e. the 0.9.7x version) before running the install, but it didn't seem to help. I can't get rid of libssl0.9.8 permanently, as many things depend on this.

    I see reference to symlinking 0.9.8 to 0.9.7 but can't find an authoritative post or article. Is this what I need to do? Sounds harsh.

    If it's useful, I can provide full logs.

    Thanks,

    Tony

  2. #2
    Tony Lewis is offline Member
    Join Date
    Mar 2007
    Posts
    12
    Rep Power
    8

    Default Fixed

    It turns out it was because I cheated on the get_plat_tags.sh script. I edited the script itself to return DEBIAN3.1 when it found 4.0 in /etc/debian_release. However, that was only the script used for installation, not the script that was installed within the package.

    Hence my system had no idea what platform it was on, and breaking badly.

    The proper workaround, until Debian Etch (4.0) is a supported Zimbra platform, as mentioned elsewhere, is to append "3.1" to the end of /etc/debian_release *before* running the installation.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  3. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  5. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 09:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •