So after ditching the VMware Zimbra appliances, I have instead installed several Ubuntu 12.04.02 (64-bit) VM's with ZCS 8.0.2. The idea is to have two LDAP servers (one primary, one slave) and one Mailbox and one MX server (for now) I am still having LDAP issues though as I can't get the other components to connect/verify the LDAP Admin passwords.

On ldap-1, I have the ldap service up and running:

-=-
zimbra@ldap-1:~$ zmcontrol status
Host ldap-1.isc.org
ldap Running
stats Running
zmconfigd Running
-=-

And there is no firewall running on the box:

-=-
root@ldap-1:/opt/zimbra/log# ufw status
Status: inactive
-=-

(Now there is a thought that perhaps the default/inactive status may still block the LDAP (389) port)

Tried to setup replication on ldap-2; ldap-1 was setup to allow replication:

-=-
zimbra@zl1:~$ /opt/zimbra/libexec/zmldapenablereplica
Enabling sync provider on master...succeeded
-=-

So should be easy to setup ldap-2 as a slave, run the installer and use ldap-1 as the LDAP server to pull from. When I enter the LDAP Admin password, it says it can't be verified. Looking at the /tmp/zmsetup.log the cause is:

-=-
Tue Feb 5 02:20:28 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 02:20:28 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 02:20:28 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 02:20:29 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 02:20:29 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 02:20:29 2013 Couldn't bind to ldap-1.domain.org as uid=zmreplica,cn=admins,cn=zimbra
Tue Feb 5 02:20:29 2013 Checking ldap replication is enabled on ldap-1.domain.org:389
Tue Feb 5 02:20:29 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 02:20:29 2013 ldap configuration not complete. Unable to verify ldap replication is enabled on ldap-1.domain.org
-=-

As you see it's not getting thru the initial connection to auth or verify that replication is enabled.

Tried setting up the mailbox server, same issue when connecting to the LDAP server:

-=-
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-store
Tue Feb 5 00:05:27 2013 zimbra-store is enabled
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-proxy
Tue Feb 5 00:05:27 2013 zimbra-proxy is not enabled
Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-proxy
Tue Feb 5 00:05:27 2013 zimbra-proxy is not enabled
Tue Feb 5 00:05:27 2013 checking isEnabled zimbra-proxy
Tue Feb 5 00:05:27 2013 zimbra-proxy is not enabled
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 Checking ldap on ldap-1.domain.org:389
Tue Feb 5 00:05:27 2013 failed: Unable to contact ldap at ldap://ldap-1.domain.org:389: Connection refused
Tue Feb 5 00:05:27 2013 Couldn't bind to ldap-1.domain.org as uid=zimbra,cn=admins,cn=zimbra
Tue Feb 5 00:05:27 2013 *** Running as zimbra user: /opt/zimbra/bin/zmlicense -c
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : An error occurred while attempting to connect to server localhost:389: java.io.IOException: An error occurred while attempting to establish a connection to server localhost:389: java.net.ConnectException: Connection refused
ExceptionId:main:1360051529050:5a2c8682ebd32591
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapEx ception.java:88)
at
com.zimbra.cs.ldap.unboundid.UBIDLdapException.map ToLdapException(UBIDLdapException.java:72)
at
com.zimbra.cs.ldap.unboundid.UBIDLdapException.map ToLdapException(UBIDLdapException.java:38)
at
com.zimbra.cs.ldap.unboundid.LdapConnectionPool.cr eateConnPool(LdapConnectionPool.java:117)
at
com.zimbra.cs.ldap.unboundid.LdapConnectionPool.cr eateConnectionPool(LdapConnectionPool.java:64)
at
com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init( UBIDLdapContext.java:95)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(U BIDLdapClient.java:37)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClie nt.java:63)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClien t.java:86)
at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapPro v.java:46)
at
com.zimbra.cs.account.ldap.LdapProvisioning.<init> (LdapProvisioning.java:256)
at
com.zimbra.cs.account.ldap.LdapProvisioning.<init> (LdapProvisioning.java:253)
at sun.reflect.NativeConstructorAccessorImpl.newInsta nce0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInsta nce(NativeConstructorAccessorImpl.java:57)
at
sun.reflect.DelegatingConstructorAccessorImpl.newI nstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Construc tor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at com.zimbra.cs.account.Provisioning.getInstance(Pro visioning.java:278)
at com.zimbra.cs.account.Provisioning.getInstance(Pro visioning.java:238)
at
com.zimbra.cs.license.LdapLicenseCounter.<init>(Ld apLicenseCounter.java:48)
at com.zimbra.cs.license.LicenseManager.<init>(Licens eManager.java:76)
at com.zimbra.cs.license.LicenseManager.<clinit>(Lice nseManager.java:80)
at com.zimbra.cs.license.LicenseCLI.exec(LicenseCLI.j ava:97)
at com.zimbra.cs.license.LicenseCLI.main(LicenseCLI.j ava:161)
Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An
error occurred while attempting to connect to server localhost:389:
java.io.IOException: An error occurred while attempting to establish a
connection to server localhost:389: java.net.ConnectException:
Connection refused')
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAP Connection.java:741)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAP Connection.java:675)
at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPC onnection.java:507)
at
com.unboundid.ldap.sdk.SingleServerSet.getConnecti on(SingleServerSet.java:229)
at com.unboundid.ldap.sdk.ServerSet.getConnection(Ser verSet.java:98)
at
com.unboundid.ldap.sdk.LDAPConnectionPool.createCo nnection(LDAPConnectionPool.java:616)
at
com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(L DAPConnectionPool.java:562)
at
com.zimbra.cs.ldap.unboundid.LdapConnectionPool.cr eateConnPool(LdapConnectionPool.java:113)
... 21 more
Caused by: java.io.IOException: An error occurred while attempting to establish a connection to server localhost:389: java.net.ConnectException: Connection refused
at
com.unboundid.ldap.sdk.LDAPConnectionInternals.<in it>(LDAPConnectionInternals.java:142)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAP Connection.java:732)
... 28 more
-=-

(I hope that the java LDAP calls to localhost quiet down when it can auth against ldap-1)

Anyway, it does look like ldap-1 is the culprit, it's just not talking to the outside. Likely need to tweak the logging level on the LDAP process
on ldap-1 in case it's starting up weird - and also see if I can fake client connection in LDAP to test it out before trying again.

Any avenues I should be trying here?