Results 1 to 10 of 10

Thread: ldap error after certificate change

  1. #1
    Join Date
    Sep 2008
    Posts
    18
    Rep Power
    7

    Default ldap error after certificate change

    Hi.

    I had problems with my certificate in mac clients (email) so I decided to make a selfsigned certificate in the admin gui.

    after that I get:
    "Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate."

    And I cant reach the server anymore...

    hostsfile:
    127.0.0.1 localhost
    255.255.255.255 broadcasthost


    I believe that I had done changes to that file a couple of weeks ago but there is no sign of them now.


    is there a way to get back in the gui and or be able to get mail of the server
    ___
    5.0.9_GA_2533.MACOSXx86_10.5, Zimbra, Inc.
    MACOSXx86_10.5

  2. #2
    Join Date
    Sep 2008
    Posts
    18
    Rep Power
    7

    Default

    trying to upgrade to newer version and it tells me that the hostname doesnt match the hostname in the certificate...

    can I just remove the certificate and then get back in...

  3. #3
    Join Date
    Sep 2008
    Posts
    18
    Rep Power
    7

    Default

    new install (upgrade) still same problem.
    trashed two folders in the sslfolder.
    still same problem (can it be other than certificate related)

    I think its a big problem that a small change can stop you from getting in to the adminsettings. Its to easy for everything to f*ck up and its really vonorable (spelling!).

    I gave it a try, no 8-9 tries. 60 days went by but here the road ends and I will be following this from the side. I am sure it will lead to its own destruction because things dont work if you dont know your way around the terminal since 20 years back or so. There are cheap suits that doesnt require any skils and doesnt break when you change small settings.

    my recommendations is to get things to work before adding new features. This should never hav left the 0.X stadium because some parts are just poor.
    No offense to the programmers but the project should have been held back and not spread in all directions.

  4. #4
    Join Date
    Aug 2007
    Location
    Pune, India
    Posts
    46
    Rep Power
    8

    Default

    Looks like you are hitting bug #29600 (Bug 29600 – provide a configurable way to allow mismatched certificate for java to LDAP starttls).

    Workaroud:
    zmlocalconfig -e ssl_allow_untrusted_certs=TRUE
    zmlocalconfig -e ssl_allow_mismatched_certs=TRUE

    Also correct your /etc/hosts file for server ip address and its fqdn.
    - Irfan




  5. #5
    Join Date
    Sep 2008
    Posts
    18
    Rep Power
    7

    Default

    wel a bug is a bug but even though I thank you for your fix it wont let me in.
    all is running but there is no way in via the gui and/or emailclients

  6. #6
    Join Date
    Sep 2008
    Posts
    18
    Rep Power
    7

    Default

    this is ridiculous...

    I thought Id give another try despite my hazzle in the past.
    (thanx to the response to this thread I thought there was a hope)

    But now I sit here still, with no way in...
    server is running but it wont let me in thrue http/https.

    I cant even start to describe how angry this makes me that all the mail is gone just because I wanted to make a selfsigned certificate.
    It was the admingui that guided me to this mess and that is worrying.

    Is there any more parts of the application that is combined with disaster to touch? I recommend that those parts should be taken out.

    I mean that is like having a button in the middle of the screen saying "fix all problems" but the actual message would be "screw me over bigtime"... why would someone do a button like that?

  7. #7
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    as irfan has pointed out you really should fix your hosts file aswell as there is no mention of your FQDN for your server

  8. #8
    Join Date
    Aug 2007
    Location
    Pune, India
    Posts
    46
    Rep Power
    8

    Default

    Have u fixed the hosts file?
    - Irfan




  9. #9
    Join Date
    Sep 2008
    Posts
    18
    Rep Power
    7

    Default

    just finished with a total restore of the whole OS.
    2 weeks old :-(

    Havent had the time to look at anything but its working now.

    we store 1 weeks mail at another host so its just 1 week thats gone.
    nevertheless its frustrating not be able to touch any settings without being afraid that I have to restore from a complete systembackup.

  10. #10
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Depends on what settings as /etc/hosts is outside of ZCS and if not correct can also effect the core OS functionality. 2 week old OS backup perhaps take a look at your backup regime aswell.

Similar Threads

  1. Replies: 8
    Last Post: 08-07-2008, 06:18 AM
  2. Replies: 4
    Last Post: 07-12-2008, 10:36 PM
  3. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 11:12 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 07:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •