Results 1 to 2 of 2

Thread: Zimbra + Debian + Xen = LDAP problems

  1. #1
    Join Date
    Mar 2007
    Rep Power

    Default Zimbra + Debian + Xen = LDAP problems


    I want Zimbra running under Xen. The fact that LDAP wants NPTL means that I need to use Debian 4.0 (etch) in the guest, because it has a Xen-friendly libc package (libc6-xen). Without this package, LDAP won't install.

    When I install, LDAP fails to start. Using "sh -x" a lot, I see that /opt/zimbra/conf/slapd.{crt,key} don't exist. I assume they should get created during the installation, but something is going wrong.

    The first symptom I see is that the local config sets "ldap_is_master' to false, and complains when I set the master URL to the same as the box I'm installing on. When I change this, I progress to the SSL errors above.

    I run "sh -x /opt/zimbra/bin/zmcreatecert" and see (snipped):
    + openssl ca -out /opt/zimbra/ssl/ssl/server/server.crt -notext -config /opt/zimbra/ssl/ssl/zmssl.cnf -in /opt/zimbra/ssl/ssl/server/server.csr -keyfile /opt/zimbra/ssl/ssl/ca/ca.key -cert /opt/zimbra/ssl/ssl/ca/ca.pem -batch
    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    unable to load CA private key
    5140:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:642:Expecting: ANY PRIVATE KEY
    unable to write 'random state'
    + openssl x509 -CA /opt/zimbra/ssl/ssl/ca/ca.pem -CAkey /opt/zimbra/ssl/ssl/ca/ca.key -CAserial /opt/zimbra/ssl/ssl/ca/ -req -in /opt/zimbra/ssl/ssl/server/tomcat.csr -extensions v3_req -extfile /opt/zimbra/ssl/ssl/zmssl.cnf -out /opt/zimbra/ssl/ssl/server/tomcat.crt -days 365
    Signature ok
    unable to load certificate
    5141:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:642:Expecting: TRUSTED CERTIFICATE
    unable to write 'random state'
    + cp /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/conf/slapd.crt
    cp: cannot stat `/opt/zimbra/ssl/ssl/server/server.crt': No such file or directory


    So, my certificates are stuffed, it would appear.

    I *think* the root cause might be the SSL version. Native in Debian 4.0 is 0.9.8. The openssl package is linked to this, though libssl0.9.7 is still available. I downgraded openssl to run from sarge (i.e. the 0.9.7x version) before running the install, but it didn't seem to help. I can't get rid of libssl0.9.8 permanently, as many things depend on this.

    I see reference to symlinking 0.9.8 to 0.9.7 but can't find an authoritative post or article. Is this what I need to do? Sounds harsh.

    If it's useful, I can provide full logs.



  2. #2
    Join Date
    Mar 2007
    Rep Power

    Default Fixed

    It turns out it was because I cheated on the script. I edited the script itself to return DEBIAN3.1 when it found 4.0 in /etc/debian_release. However, that was only the script used for installation, not the script that was installed within the package.

    Hence my system had no idea what platform it was on, and breaking badly.

    The proper workaround, until Debian Etch (4.0) is a supported Zimbra platform, as mentioned elsewhere, is to append "3.1" to the end of /etc/debian_release *before* running the installation.

Similar Threads

  1. Replies: 26
    Last Post: 04-19-2011, 09:24 AM
  2. Replies: 9
    Last Post: 03-01-2008, 07:21 PM
  3. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  4. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM
  5. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 09:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts