Results 1 to 6 of 6

Thread: LDAP not starting - Debian sid

Hybrid View

  1. #1
    Join Date
    Feb 2006
    Posts
    2
    Rep Power
    9

    Default LDAP not starting - Debian sid

    Dear all,

    I am stuck with LDAP not starting after a otherwise straightforward install.
    After building debs from the latest RPM binaries and tweaking install, util and pre/postinstall scripts to recognise sid etc... slapd is not starting.

    Setting local config values...Done
    Setting up CA...Done
    Creating SSL certificate...Done
    Initializing ldap...FAILED (256)

    ERROR

    Configuration failed


    After starting slapd manually with debugging switched on:
    udo /opt/zimbra/openldap/libexec/slapd -4 -h "ldap://:389" -f /opt/zimbra/conf/slapd.conf -d 5001

    I get a TLS error at the very end:

    (#) $OpenLDAP: slapd 2.2.28 (Nov 9 2005 12:31:52) $
    root@build.liquidsys.com:/home/build/p4/main/ThirdParty/openldap/openldap-2.2.28/servers/slapd
    daemon_init: listen on ldap://:389
    daemon_init: 1 listeners to open...
    ldap_url_parse_ext(ldap://:389)
    daemon: initialized ldap://:389
    daemon_init: 1 listeners opened
    slapd init: initiated server.
    slap_sasl_init: initialized!
    bdb_back_initialize: initialize BDB backend
    bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
    >>> dnNormalize:
    => ldap_bv2dn(cn=Subschema,0)
    ldap_err2string
    <= ldap_bv2dn(cn=Subschema)=0 Success
    => ldap_dn2bv(272)
    ldap_err2string
    <= ldap_dn2bv(cn=subschema)=0 Success
    ......
    TLS: could not load client CA list (file:`/opt/zimbra/conf/ca/ca.pem',dir:`').
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:644
    main: TLS init def ctx failed: -1
    slapd shutdown: freeing system resources.
    slapd stopped.
    connections_destroy: nothing to destroy.

    Openssl is installed, the certificates are all created,

    I am out of my depth with LDAP and need some serious advise on where to look next.

    Thank you!

  2. #2
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default certs

    Did you try recreating the certs?
    zmcreateca
    zmcertinstall mailbox

  3. #3
    Join Date
    Feb 2006
    Posts
    2
    Rep Power
    9

    Default Can't create certs

    Quote Originally Posted by marcmac
    Did you try recreating the certs?
    zmcreateca
    zmcertinstall mailbox
    marcmarc: Thank you for the swift reply.

    Yes, I tried to create the certs manually (following your suggestions in thread http://www.zimbra.com/forums/showpos...49&postcount=4)

    Unfortunately I continuously get the following error when I 'zmcertinstall mailbox':

    ** Importing server cert

    keytool error: java.lang.Exception: Public keys in reply and keystore don't match

    Next I start deleteing the certs, but get an error when trying to remove the my_ca alias: Does not exist!

    keytool -delete -alias my_ca -keystore /opt/zimbra/tomcat/conf/keystore -keypass zimbra
    Enter keystore password: zimbra
    keytool error: java.lang.Exception: Alias does not exist

    zmcreatecert works only when cacerts (/opt/zimbra/java/jre/lib/security/) has been deleted previously. Otherwise the following happens:

    zmcreatecert
    ** Importing CA

    keytool error: java.lang.Exception: Certificate not imported, alias already exists
    ** Creating keystore

    ** Creating server cert request

    Generating a 1024 bit RSA private key
    ..............++++++
    ...............................................+++ +++
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    ** Signing cert request

    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature....

    I find that odd, as the keytool reports previously that alias my_ca cannot be deleted from .../keystore as it does not exist.

    What am I missing?

    PS: All file access permissions seem to be ok on cacerts and keystore

    Thank you,
    still clueless

  4. #4
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default my_ca

    my_ca is in /opt/zimbra/java/jre/lib/security/cacerts, not conf/keystore - do the delete of my_ca in that file, then delete tomcat in conf/keystore.

  5. #5
    Join Date
    Mar 2006
    Posts
    67
    Rep Power
    9

    Default Enter Keystore password on my_ca removal

    Quote Originally Posted by marcmac
    my_ca is in /opt/zimbra/java/jre/lib/security/cacerts, not conf/keystore - do the delete of my_ca in that file, then delete tomcat in conf/keystore.
    When I do:

    keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

    It works.

    When I do:

    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts

    I get Enter keystore password:

    I can I delete my_ca so I can put in a real ssl cert?

  6. #6
    Join Date
    Mar 2006
    Posts
    67
    Rep Power
    9

    Default

    Quote Originally Posted by comptekki
    When I do:

    keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra

    It works.

    When I do:

    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts

    I get Enter keystore password:

    I can I delete my_ca so I can put in a real ssl cert?
    Never mind.

    This works:

    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit

Similar Threads

  1. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 11:12 AM
  2. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 07:45 AM
  3. Ldap not starting, Debian testing
    By ali3n0 in forum Installation
    Replies: 4
    Last Post: 10-30-2006, 04:58 AM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM
  5. Zimbra on Debian?
    By omry_y in forum Installation
    Replies: 25
    Last Post: 11-04-2005, 11:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •