Results 1 to 5 of 5

Thread: opendkim ldap Invalid credentials

  1. #1
    Join Date
    Dec 2012
    Posts
    10
    Rep Power
    3

    Default opendkim ldap Invalid credentials

    Hi,

    I did try to search in the forum but can't find any similar error, the MTA can't be started due to opendkim error, I sure the ldap is working fine and I can get those info DKIMDomain, DKIMKey, DKIMSelector and DKIMIdentity when I use ldapsearch

    ldapsearch -h xxx.xxx.xxx.xxx -p 389 -b "dc=domain,dc=com" -x -a never -D "uid=zmpostfix,cn=appaccts,cn=zimbra" -W

    # domain.com
    dn: dc=domain,dc=com
    zimbraDomainType: local
    objectClass: dcObject
    objectClass: organization
    objectClass: zimbraDomain
    objectClass: amavisAccount
    objectClass: DKIM
    zimbraId: 441acfe8-cc64-4ee5-ssa0-3a811696a5c2
    zimbraDomainName: domain.com
    zimbraMailStatus: enabled
    o: domain.com domain
    dc: domain
    DKIMSelector: DCE398DC-DE1C-11E2-B21A-2576E2F7387D
    DKIMDomain: domain.com
    DKIMKey:: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDWE FJQkFBS0JnUURORk5B
    dEZPWUZMYS81VDMzL2xTbHJ3SjczT3NqRUhQL1NRVmU3NmFHeU d5bGNwSzNoClBmVEFlcjJpdCtGR
    lVVYkNuRTFLWEZZM3hiMU11UlIyUG9CRmF0WUtWT20rKzArWDZ KWnlxSlBwanQzSzdFN0UKalF6YT
    JHeVltS1VOVUgxbjBjOHNRL2RKVWNEZWFVLys1V3g4eGdOYy9L aVpKSExuQXZyaGw5TDlBUUlEQVF
    BQgpBb0dBWVlCQnNRMDhocjIvNmpIbTMzcFZKUXVCQ0YyRVVla lBuM0M5ZTNPS0VwbGpRczV3ZEtQ
    MkZ3VEQzL2E0ClBUSjFCOVV6MGVTd2dQZWNGanZ3QkgrV2o0K3 FsTWtjWkpia0E2L3lrMU15U2hWV
    XArYnBVN2hJaHlHZUpheEYKdjF4SmZXbk5vbmdLZVFvaGkrTHJ kVzU4RDdPZEp1ZzBRYzR1cE4yeU
    ZwaHlLQUVDUVFENDdPOEN2MCtiQzBUNApCcGZlMHlVRmRGRC9q WUphTS9rRHBBa3lxekErazdVeUR
    SMklrUXptS3NiWnlYb3A3WnhuREwttvM0VxRGY0L1FICkZwS2F EVjloQWtFQTB1ampydmRWTklUWlk4
    UmxHZTRERUtrc3FkRFV6NzNTcFg4NmNJT1I1RDJGa29GREw5VF oKa3hXOUZJU2dPV2VYR2dYQ2ZqQ
    2RaS1dxb1NEQ3lTNmhvUUpBR3dddjhYa25zTnZvUzNuVEp0M3J ySXBvVlM1SApnMkVLT1hXZk5TZE
    dvZzZ6VlVZTUF3SEd4b1NzWFZZcWJLeno5a1p2NHRqV0pVTngz TzU1VUVmUUlRSkFCaXdtCnJiSXp
    YaXdkS0p4UTBTZDBFNEsvK2VCUXVodTJGSDNhdWZ3L3dzeENJb jJCOTk1azE3Y2xKM3FTTGR2b1Fp
    eTAKK25oMXdzSk9jaFRCWHwww3dRSkJBTDdhUkt6ak03TDFvRS tLNnhDZXA2MGF3UVdmeituSjFHV
    282OTQ2VEE2VAptbC9BRDRQeGQwWU1CazJrV1pKWUcrcFJMZzZ RWUZ0Qjc3Tm9qVDZRWWE4PQotLS
    0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
    DKIMIdentity: domain.com


    I also don't think this is caused by DNS problem and there is no much information show in the zimbra.log as well, I'd be grateful if anyone can give an idea the possibility cause or provide me a command how to start debug mode in opendkim.

    Thanks.

  2. #2
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    Join Date
    Dec 2012
    Posts
    10
    Rep Power
    3

    Default

    Thanks for your reply, but I'm not using own compilation opendkim, all the packages are coming with zimbra and those configuration are created during installation.

    I'm using 8.0.2 GA 5569
    Last edited by vickycpw; 02-06-2013 at 03:02 AM.

  4. #4
    Join Date
    Dec 2012
    Posts
    10
    Rep Power
    3

    Default

    I start the ldap in debug mode and found an error when try to startup opendkim, I get an error "unable to get TLS client DN" but opendkim is trying to connect ldap without SSL

    [zimbra@iceman bin]$ ./zmopendkimctl start
    opendkim: /opt/zimbra/conf/opendkim.conf: ldap://xxx.xxx.xxx.xxx:389/?DKIMSelector?sub?(DKIMIdentity=$d): dkimf_db_open(): Invalid credentials
    Failed to start opendkim: 0

    511181e6 connection_get(12): got connid=1011
    511181e6 connection_read(12): checking for input on id=1011
    TLS trace: SSL_accept:before/accept initialization
    TLS trace: SSL_accept:SSLv3 read client hello A
    TLS trace: SSL_accept:SSLv3 write server hello A
    TLS trace: SSL_accept:SSLv3 write certificate A
    TLS trace: SSL_accept:SSLv3 write server done A
    TLS trace: SSL_accept:SSLv3 flush data
    TLS trace: SSL_accept:error in SSLv3 read client certificate A
    TLS trace: SSL_accept:error in SSLv3 read client certificate A
    511181e6 connection_get(12): got connid=1011
    511181e6 connection_read(12): checking for input on id=1011
    TLS trace: SSL_accept:SSLv3 read client key exchange A
    TLS trace: SSL_accept:SSLv3 read finished A
    TLS trace: SSL_accept:SSLv3 write session ticket A
    TLS trace: SSL_accept:SSLv3 write change cipher spec A
    TLS trace: SSL_accept:SSLv3 write finished A
    TLS trace: SSL_accept:SSLv3 flush data
    511181e6 connection_read(12): unable to get TLS client DN, error=49 id=1011
    511181e6 connection_get(12): got connid=1011
    511181e6 connection_read(12): checking for input on id=1011
    ber_get_next
    ber_get_next: tag 0x30 len 58 contents:
    511181e6 op tag 0x60, time 1360101862
    ber_get_next
    511181e6 conn=1011 op=1 do_bind
    ber_scanf fmt ({imt) ber:
    ber_scanf fmt (m}) ber:
    511181e6 >>> dnPrettyNormal: <uid=zmpostfix,cn=appaccts,cn=zimbra>
    511181e6 <<< dnPrettyNormal: <uid=zmpostfix,cn=appaccts,cn=zimbra>, <uid=zmpostfix,cn=appaccts,cn=zimbra>
    511181e6 do_bind: version=3 dn="uid=zmpostfix,cn=appaccts,cn=zimbra" method=128
    511181e6 mdb_dn2entry("uid=zmpostfix,cn=appaccts,cn=zimbra" )
    511181e6 => mdb_dn2id("uid=zmpostfix,cn=appaccts,cn=zimbra")
    511181e6 <= mdb_dn2id: got id=0x7
    511181e6 => mdb_entry_decode:
    511181e6 <= mdb_entry_decode
    511181e6 send_ldap_result: conn=1011 op=1 p=3
    511181e6 send_ldap_response: msgid=2 tag=97 err=49
    ber_flush2: 14 bytes to sd 12
    511181e6 connection_get(12): got connid=1011
    511181e6 connection_read(12): checking for input on id=1011
    ber_get_next
    ber_get_next: tag 0x30 len 5 contents:
    511181e6 op tag 0x42, time 1360101862
    ber_get_next
    TLS trace: SSL3 alert read:warning:close notify
    511181e6 ber_get_next on fd 12 failed errno=0 (Success)
    511181e6 conn=1011 op=2 do_unbind
    511181e6 connection_close: conn=1011 sd=12
    TLS trace: SSL3 alert write:warning:close notify
    ^C511181e9 daemon: shutdown requested and initiated.
    511181e9 slapd shutdown: waiting for 0 operations/tasks to finish
    511181e9 slapd shutdown: initiated
    511181e9 ==> unique_close
    511181e9 slapd destroy: freeing system resources.
    511181e9 ==> unique_db_destroy
    511181e9 slapd stopped.

  5. #5
    Join Date
    Dec 2012
    Posts
    10
    Rep Power
    3

    Default

    Finally I get the solution, this is because of the password (LDAP Replication, Ldap postfix, Ldap amavis, Ldap nginx and Ldap Bes Searcher) contain special character such like !@#$%.....
    Everything is running fine after I re-install and change those password to A~z and 0~9.
    Right now the zimbra is running with HA+DRBD

Similar Threads

  1. LDAP Invalid credentials
    By biscayne in forum Administrators
    Replies: 1
    Last Post: 07-23-2012, 07:37 AM
  2. LDAP Invalid credentials
    By biscayne in forum Installation
    Replies: 0
    Last Post: 07-03-2012, 06:53 AM
  3. LDAP error code 49 - invalid credentials
    By fieze in forum Installation
    Replies: 8
    Last Post: 05-09-2008, 06:12 AM
  4. LDAP: error code 49 - Invalid Credentials
    By olibite in forum Installation
    Replies: 0
    Last Post: 03-28-2008, 08:46 AM
  5. LDAP Invalid Credentials on install
    By rory_d in forum Installation
    Replies: 1
    Last Post: 09-30-2005, 09:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •