Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Problems with Zimbra installation on OS X Server - LDAP and Tomcat

  1. #1
    mezza is offline Active Member
    Join Date
    Mar 2007
    Posts
    26
    Rep Power
    8

    Default Problems with Zimbra installation on OS X Server - LDAP and Tomcat

    Hi,

    I've installed Zimbra on Mac OS X Server 10.4.9 and the basic MTA and IMAP and POP services are all working well.

    However, I'm having significant difficulties with getting the web interface to work correctly and any help would be appreciated. I'm trying to use Zimbra with the Apache 1.3 server that comes preinstalled since that's running other static and dynamic sites.

    I've also noticed two unusual issues:

    A. when trying to restart tomcat in between using zmprov to change settings it complains that it can't connect to the Slapd. Eg:

    Code:
    $sudo -u zimbra /opt/zimbra/bin/tomcat restart
    problem reading config from ldap. Make sure ldap is running.
    Slapd is definitely running, as is seen if I issue:

    Code:
    $sudo -u zimbra /opt/zimbra/bin/ldap status
    slapd running pid: 372
    B. The tomcat configuration file in /opt/zimbra/tomcat/conf/server.xml.in is buggy. The SSL section directives are delimited by badly formed comments which causes that entire section to be ignored.

    HTML Code:
    <!-- HTTPSBEGIN
            <Connector port="%%zimbraMailSSLPort%%"
                       acceptCount="1024" URIEncoding="UTF-8"
                       enableLookups="false"
                       compression="on"
                       compressionMinSize="1024"
                       compressableMimeType="text/html,text/plain,text/css"
                       noCompressionUserAgents=".*MSIE 6.*"
                       maxThreads="100" minSpareThreads="100" maxSpareThreads="100"
                       scheme="https" secure="true"
                       ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
                       clientAuth="false" sslProtocol="TLS"
                       keystoreFile="/opt/zimbra/tomcat/conf/keystore" keystorePass="zimbra"/>
            HTTPSEND -->
    Easy enough to fix, but odd. This prompted me to uninstall and reinstall Zimbra and this is reproducible.

    Here's my installation procedure and setup:

    1. Downloaded the install-mac.sh posted on the wiki as well as the Zimbra 4.5.3_GA_733 disk image

    2. Installed using:
    Code:
    sudo ./install-mac.sh -d zcs-4.5.3_GA_733.MACOSX.dm
    g

    3. When I get to the zmsetup phase, just accept defaults except set the web server mode to 'mixed' and set zimbraMailPort and zimbraMailSSLPort to 8080 and 8443 respectively (to avoid any potential issues with Tomcat trying to bind to ports which Apache has bound to already)

    4. Add ProxyPass and ProxyReversePass directives to the virtual hosts files created by using ServerAdmin eg:

    Code:
    
            ServerName AAA.XXX.XXX
            ServerAdmin XXX@AAA.XXX.XXX
            DocumentRoot "/Library/WebServer/Documents"
            DirectoryIndex index.html index.php
            CustomLog "/var/log/httpd/access_log" "%h %l %u %t \"%r\" %>s %b"
            ErrorLog "/var/log/httpd/error_log"
            ErrorDocument 404 /error.html
            ProxyPass / http://AAA.XXX.XXX:8080/
            ProxyPassReverse / http://AAA.XXX.XXX:8080/
            LogLevel warn
    
    And exactly the same for 443->8443:

    Code:
    
            ServerName AAA.XXX.XXX
            ServerAdmin XXX@AAA.XXX.XXX
            DocumentRoot "/Library/WebServer/Documents"
            DirectoryIndex index.html index.php
            CustomLog "/var/log/httpd/access_log" "%h %l %u %t \"%r\" %>s %b"
            ErrorLog "/var/log/httpd/error_log"
            ErrorDocument 404 /error.html
            ProxyPass / https://AAA.XXX.XXX:8443/
            ProxyPassReverse / https://AAA.XXX.XXX:8443/
            LogLevel warn
    
    With the setup as above, I can connect to the Zimbra webmail interface on port 80, but it doesn't redirect me to 443.

    Doing a
    Code:
    curl -i http://localhost:8080
    on the deployment box gives me the response I expect, but
    Code:
    curl -i -k https://localhost:8443
    gives me:

    Code:
    HTTP/1.1 302 Moved Temporarily
    Server: Apache-Coyote/1.1
    Expires: Tue, 24 Jan 2000 17:46:50 GMT
    Cache-control: no-store, no-cache, must-revalidate, max-age=0
    Pragma: no-cache
    Location: http://localhost:8080/?initMode=https
    Content-Type: text/html
    Content-Length: 0
    Date: Fri, 16 Mar 2007 12:18:20 GMT
    Any ideas what's going on?

    Thanks in advance.

    mezza

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Ahh 10.4.9 has lots of reported issues in general. I've heard numerous problems with it causing crashes, etc. (Not specifically related to zimbra)

    Have you run the zmsetup script?

  3. #3
    mezza is offline Active Member
    Join Date
    Mar 2007
    Posts
    26
    Rep Power
    8

    Default Identified issues

    I did a fresh reinstall on OS X Server, ensuring that the web server was NOT running when I did so. This time, all seems fine and Zimbra's webmail interface is responding to requests on ports 8080 and 8443 after running the zmsetup.pl script, during which I set the mail mode to 'mixed' to force HTTPS authentication.

    At this point
    Code:
    curl -i http://FQDN:8080
    gets me a 302 redirect as expected to https://FQDN:8443, and
    Code:
    curl -i -k https://FQDN:8443
    gives me the login page on the server.

    The Apache proxying also works fine, and the only issue I'm dealing with is how to handle the 302 redirection from 8443 to 8080 for the login page.

    There is still the issue with restarting Tomcat, which is that it claims not to be able to find the running slapd process. So I did a restart using /opt/zimbra/bin/zmcontrol stop and start instead.

    Now, without having changed anything on the configuration,
    Code:
    curl -i http://FQDN:8080
    gets me the insecure login page!?
    Code:
    curl -i -k https://FQDN:8443
    gets me nothing!?

    So after all this, I am currently unable to get Zimbra to respond to ports 8080 and 8443 correctly.

    Any help welcome.

  4. #4
    mezza is offline Active Member
    Join Date
    Mar 2007
    Posts
    26
    Rep Power
    8

    Default Update

    Ok. Did a fresh reinstall of Zimbra (again). Set webmail ports to 8080 and 8443 (SSL) and set mode to 'mixed'.

    Zimbra web interface responds on ports 8080 and 8443 as expected and
    Code:
    curl -i http://FQDN:8080
    gets me a 302 redirect as expected to https://FQDN:8443.

    The Apache Proxy and ProxyPass directives in my original post work fine, and all I'm contending with is how to get the 302 redirects between the secure and insecure ports working properly with a RewriteRule or Redirect directive (more on that later).

    Very very concerningly,
    Code:
    sudo /opt/zimbra/bin/tomcat restart
    is still complaining about not being able to reach the LDAP server, and after doing so, Zimbra's webmail interface no longer responds on port 8443, instead of which I get the login page on port 8080. The same thing happens if I use /opt/zimbra/bin/zmcontrol to restart Zimbra.

    The only way I am able to get the webmail working again is to rerun the zmsetup.pl script.

    Any ideas on what's going on?

    Back to the RewriteRule, can anyone tell me why this doesn't work:

    HTML Code:
    <VirtualHost XXX.XXX.XXX.XXX:80>
            ServerName FQDN
            ServerAdmin XXX@FQDN2
            DocumentRoot "/Library/WebServer/Documents"
            DirectoryIndex index.html index.php
            CustomLog "/var/log/httpd/access_log" "%h %l %u %t \"%r\" %>s %b"
            ErrorLog "/var/log/httpd/error_log"
            ErrorDocument 404 /error.html
            Redirect abacus https://FQDN/
            ProxyPass /abacus !
            ProxyPass / http://FQDN:8080/
            ProxyPassReverse / http://FQDN:8080/
            ProxyPassReverse /abacus/ https://FQDN:8443/
            LogLevel warn
    </VirtualHost>
    All I'm doing is to try and get the initial 302 redirect to https://FQDN:8443 to be rewritten to http://FQDN/abacus/... and then to catch that with a redirect rule to pass it to https://FQDN. Currently, as I have the insecure and secure ports set to 8080 and 8443, all the redirects are between those two ports when trying to login.

  5. #5
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    What does your hosts file look like?
    -john

  6. #6
    mezza is offline Active Member
    Join Date
    Mar 2007
    Posts
    26
    Rep Power
    8

    Default Hosts file

    Hi John,

    127.0.0.1 localhost
    255.255.255.255 broadcasthost
    ::1 localhost
    XX.XX.XX.XX FQDN

    Regards,

    mezza

  7. #7
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Try
    127.0.0.1 localhost.localdomain localhost
    x.x.x.x hostname.domain hostname

  8. #8
    mezza is offline Active Member
    Join Date
    Mar 2007
    Posts
    26
    Rep Power
    8

    Default Update

    John,

    Updated /etc/hosts to ONLY contain the entries you suggested and rebooted the server.

    Then ran
    Code:
    sudo -u zimbra /opt/zimbra/bin/zmcontrol start
    and checked to see whether the Zimbra webmail interface was running on port 8443 but got no response:

    Code:
    $ curl -i -k https://localhost
    curl: (7) couldn't connect to host
    I've now restored the /etc/hosts file to it's original, and restarted the server and then started up Zimbra by running the zmsetup.pl script (which seems to be the ONLY way to get Zimbra to start up correctly on my machine).

    BR

    Mezza

  9. #9
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    We don't' bind to localhost in all cases.
    What about the fqdn?

  10. #10
    mezza is offline Active Member
    Join Date
    Mar 2007
    Posts
    26
    Rep Power
    8

    Default Update

    Hi John.

    No joy. After a
    Code:
    sudo -u zimbra /opt/zimbra/bin/zmcontrol restart
    there is no response to port 8443 from the webmail.

    Seems to be that there's something that the zmsetup.pl script does that the zmcontrol wrapper script doesn't. Afraid my Perl's useless, but do you know what it might be?

    Mezza

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  2. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  3. Getting problems in FC4 while instalation
    By kitty_bhoo in forum Installation
    Replies: 13
    Last Post: 09-12-2006, 10:34 PM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •