ldap problem on fedora core 6

[JurgN]

Hi,

I'm having problems with ldap while installing zimbra on fedora core 6. Does anyone know what I need to do in order to proceed the installation. (I ran out of ideas. )


Main menu

1) Hostname: www.hostname.nl
2) Ldap master host: www.hostname.nl
3) Ldap port: 389
4) Ldap password: set
5) zimbra-ldap: Enabled
6) zimbra-store: Enabled
7) zimbra-mta: Enabled
8) zimbra-snmp: Enabled
9) zimbra-logger: Enabled
10) zimbra-spell: Enabled
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.6148]
Saving config in /opt/zimbra/config.6148...Done
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup.log.6148
Setting local config values...Done
Setting up CA...Done
Creating SSL certificate...Done
Initializing ldap...daemon: bind(7) failed errno=98 (Address already in use)
slap_open_listener: failed on ldap://www.hostname.nl:389
ERROR - failed to start slapd

FAILED (1)


ERROR



Configuration failed

Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
complete the configuration.

Errors have been logged to /tmp/zmsetup.log.6148


Thanks in advance,

Jurgen

[phoenix]

This is the error:

Code:

Initializing ldap...daemon: bind(7) failed errno=98 (Address already in use)

it would appear that you have something running on port 389 - check what it is, kill it and try the install again. Are there any other errors earlier in the log?

[kantmakm]

I am having the same issue with an Enterprise zimbra install on (i know, unsuported) Fedora Core 6 64-bit machine.

After some hacking around, I finally got everything to install, and zimbra is sort of running, except that when running zmsetup.pl it fails with the following error

Code:

Initializing ldap...daemon: bind(7) failed errno=98 (Address already in use)
slap_open_listener: failed on ldap://mail.hostname.com:389
ERROR - failed to start slapd

I have confirmed there there are no other services running on port 389, and I backtracked through the scripts to find the actual command being issued to start the service, which includes the -4 flag.

I will disable IPv6 in the OS and see if that helps.

--kantmakm

[SpEnTBoY]

are you positive nothing is bound to the port? what does something like:

Code:

# lsof -i :389

show? as mentioned earlier it appears as though something is already bound to the port. Another possibility (although highly unlikely) is that the process initialization is trying to spawn multiple daemons on the same port before exiting cleanly and exits killing off the parent and child. I've seen this with Sun Directory Services but never with and other app as it applies to open ldap.

Another possibility could be ipv6 as well but that is typically preceded by a 97 error (Address family not supported by protocol). Yet another possibility is whitespace preceding any core option in slapd.conf. This is also unlikely as this is already configured but possible if you had whitespace in any of your config options when you supplied them to the setup. Check the slapd.conf file for any whiltespace in front of things like rootpw and rootdn

regards,
Lonny

[kantmakm]

lsof -i :389 returns nothing - will check for whitespace - thanks for the response!

[kantmakm]

So still no answer on whats going on with ldap on fedora core 6, but i did learn something by running strace with the -v and -f flags logged in as the zimbra user:

Code:

5666  open("/usr/lib64/libkrb5support.so.0", O_RDONLY) = 3
5666  read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\34\300"..., 832) = 832
5666  fstat(3, {st_dev=makedev(253, 0), st_ino=59080864, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=64, st_size=32488, st_atime=2007/05/15-15:50:51, st_mtime=2006/09/06-14:36:01, st_ctime=2007/05/10-12:38:17}) = 0
5666  mmap(0x330dc00000, 2125392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x330dc00000
5666  mprotect(0x330dc07000, 2093056, PROT_NONE) = 0
5666  mmap(0x330de06000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x330de06000
5666  close(3)                          = 0
5666  mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaae34000
5666  mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaae35000
5666  mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaaaae36000
5666  arch_prctl(ARCH_SET_FS, 0x2aaaaae359d0) = 0
5666  mprotect(0x3305a81000, 4096, PROT_READ) = 0
5666  mprotect(0x330d611000, 4096, PROT_READ) = 0
5666  mprotect(0x3305344000, 16384, PROT_READ) = 0
5666  mprotect(0x3305602000, 4096, PROT_READ) = 0
5666  mprotect(0x3304e19000, 4096, PROT_READ) = 0
5666  munmap(0x2aaaaaaac000, 147261)    = 0
5666  geteuid()                         = 501
5666  write(2, "sudo: ", 6)             = 6
5667  <... read resumed> "sudo: ", 32768) = 6
5667  read(0,  
5666  write(2, "must be setuid root", 19 
5667  <... read resumed> "must be setuid root", 32768) = 19

note the must be setuid root error - i think that is definitely why slapd is not starting, the question is where in the scripts is this problem occuring, and why is it (apparently) only a problem on core 6?

Note that the permissions for /bin/sudo on the machine are correct and sudo works in general:

Code:

---s--x--x 2 root root 164360 Oct 1 2006 sudo

[jholder]

Does the zimbra user have sudo rights?
Search the wiki for sudo for more info on that.

Zimbra uses sudo to be able to bind to an interface on port 389.

[Garp]

Hi!

I tried for ever with FC6 with no success (same mumbo jumbo as you got).. Did a clean install with FC5 instead and everything works like a charm :-)

[kantmakm]

all the expected entries are in /etc/sudoers for the zimbra user, and i even added the following just to be sure:

Code:

zimbra ALL=(ALL)   NOPASSWD:  ALL

i can su - to zimbra and run any command via sudo.

[kantmakm]

so i did an active tail on /var/log/secure to see what was going on while running zmsetup.pl as root and learned some more:

Code:

May 16 13:06:22 hermes su: pam_unix(su-l:session): session opened for user zimbra by root(uid=0)
May 16 13:06:23 hermes su: pam_keyinit(su-l:session): Unable to change GID to 501 temporarily 
May 16 13:06:23 hermes su: pam_unix(su-l:session): session closed for user zimbra
May 16 13:06:24 hermes su: pam_unix(su-l:session): session opened for user zimbra by root(uid=0)
May 16 13:06:24 hermes su: pam_keyinit(su-l:session): Unable to change GID to 501 temporarily 
May 16 13:06:24 hermes su: pam_unix(su-l:session): session closed for user zimbra
May 16 13:06:43 hermes su: pam_unix(su-l:session): session opened for user zimbra by root(uid=0)
May 16 13:06:46 hermes sudo:   zimbra : TTY=pts/3 ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://hermes.company.com:389 -f /opt/zimbra/conf/slapd.conf
May 16 13:06:48 hermes sudo:   zimbra : TTY=pts/3 ; PWD=/opt/zimbra ; USER=root ; COMMAND=/opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://hermes.company.com:389 -f /opt/zimbra/conf/slapd.conf -d 1
May 16 13:06:48 hermes su: pam_keyinit(su-l:session): Unable to change GID to 501 temporarily 
May 16 13:06:48 hermes su: pam_unix(su-l:session): session closed for user zimbra

i'm wondering if the "Unable to change GID to 501 temporarily " is the problem?

GID 501 = zimbra group