Upgrade from 7.2.0 to 8.0 fail with ldap error

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
10424bofh
Outstanding Member
Outstanding Member
Posts: 286
Joined: Sat Sep 13, 2014 1:15 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby 10424bofh » Thu Sep 20, 2012 10:08 pm

System ubuntu 10.04 LTS 64

Current Zimbra FOSS 7.2.0
Upgrade Fails with that log
Fri Sep 21 04:53:14 2012 done.

Fri Sep 21 04:53:15 2012 This appears to be 7.2.0_GA

Fri Sep 21 04:53:15 2012 Setting local config ssl_allow_untrusted_certs to true

Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/bin/zmlocalconfig -f -e ssl_allow_untrusted_certs='true' 2> /dev/null

Fri Sep 21 04:53:15 2012 Upgrading ldap data...

Fri Sep 21 04:53:15 2012 done.

Fri Sep 21 04:53:15 2012 Upgrading LDAP configuration database...

Fri Sep 21 04:53:15 2012 done.

Fri Sep 21 04:53:15 2012 Loading database...

Fri Sep 21 04:53:15 2012 *** Running as zimbra user: /opt/zimbra/openldap/sbin/slapadd -q -b '' -F /opt/zimbra/data/ldap/config -l /opt/zimbra/data/ldap/ldap.80

505bd69c ldif_read_file: checksum error on "/opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif"

Fri Sep 21 04:53:16 2012 slapadd import failed.

Fri Sep 21 04:53:16 2012 UPGRADE FAILED - exiting.


any ideas?
maybe its nothing but why it stated untrusted certs to be true? ife installed a commercial certificate

is it just bogus or something wrong with the certs?
edit: what is interresting that i do not have a /olcDatabase={2}mdb.ldif so why he even bother to check that ?

i tried to find that file in any conifg but no luck i guess is related to some config key


apsantos
Posts: 8
Joined: Fri Sep 12, 2014 10:30 pm

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby apsantos » Fri Sep 21, 2012 2:01 am

same problem where, but i have the file "olcDatabase={2}mdb.ldif"
i have noticed that there is a another log error: Package 'zimbra-ldap' isn't signed with proper key
when i do clean install no problem reported.
10424bofh
Outstanding Member
Outstanding Member
Posts: 286
Joined: Sat Sep 13, 2014 1:15 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby 10424bofh » Fri Sep 21, 2012 2:13 am

sounds like cert
do you have a comercial or a private cert?

make shure in case you got a private cert that it is up to date and still valid
btw oyu have that file?

what zimbra are you running ? FOSS or NE?
apsantos
Posts: 8
Joined: Fri Sep 12, 2014 10:30 pm

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby apsantos » Fri Sep 21, 2012 3:40 am

hi,
FOSS with self-signed certificate
how do i check the validation of certificat?
another error log: slapadd[1598] general protection ip:4eeba8 sp:7fbe6575d8d0 error:0 in slapd[400000+14e000]
cat /opt/zimbra/data/ldap/config/cn=config/olcDatabase={2}mdb.ldif:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 b7f493ee

dn: olcDatabase={2}mdb

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: {2}mdb

olcSuffix:

olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=adm

ins,cn=zimbra" write

olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"

write

olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi

mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z

imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admi

ns,cn=zimbra" write by * none

olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write

by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam

avis,cn=appaccts,cn=zimbra" read by * read

olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr

ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break

olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn

.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break

olcAccess: {6}to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=zi

mbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * none

olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di

splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal

Code,sn,st,street,streetAddress,telephoneNumber,title,uid,homePhone,pager,mob

ile,userCertificate by dn.children="cn=admins,cn=zimbra" write by dn.base="

uid=zmpostfix,cn=appaccts,cn=zimbra" read by * read

olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa

nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z

imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar

dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z

imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv

eryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpo

stfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmamavis,cn=appaccts,cn=zi

mbra" read by * read

olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by *

read

olcLastMod: TRUE

olcMaxDerefDepth: 15

olcReadOnly: FALSE

olcRootDN: cn=config

olcSizeLimit: unlimited

olcTimeLimit: unlimited

olcMonitoring: TRUE

olcDbDirectory: /opt/zimbra/data/ldap/mdb/db

olcDbNoSync: TRUE

olcDbIndex: objectClass eq

olcDbIndex: entryUUID eq

olcDbIndex: entryCSN eq

olcDbIndex: cn pres,eq,sub

olcDbIndex: uid pres,eq

olcDbIndex: zimbraForeignPrincipal eq

olcDbIndex: zimbraYahooId eq

olcDbIndex: zimbraId eq

olcDbIndex: zimbraVirtualHostname eq

olcDbIndex: zimbraVirtualIPAddress eq

olcDbIndex: zimbraMailDeliveryAddress eq,sub

olcDbIndex: zimbraAuthKerberos5Realm eq

olcDbIndex: zimbraMailForwardingAddress eq

olcDbIndex: zimbraMailCatchAllAddress eq,sub

olcDbIndex: zimbraShareInfo sub

olcDbIndex: zimbraMailTransport eq

olcDbIndex: zimbraMailAlias eq,sub

olcDbIndex: zimbraACE sub

olcDbIndex: zimbraDomainName eq,sub

olcDbIndex: mail pres,eq,sub

olcDbIndex: zimbraCalResSite eq,sub

olcDbIndex: givenName pres,eq,sub

olcDbIndex: displayName pres,eq,sub

olcDbIndex: sn pres,eq,sub

olcDbIndex: zimbraCalResRoom eq,sub

olcDbIndex: zimbraCalResCapacity eq

olcDbIndex: zimbraCalResBuilding eq,sub

olcDbIndex: zimbraCalResFloor eq,sub

olcDbIndex: zimbraMailHost eq

olcDbMode: 0600

olcDbMaxsize: 85899345920

olcDbSearchStack: 16

structuralObjectClass: olcMdbConfig

entryUUID: 152ab0a8-333e-102d-8700-d562901af228

creatorsName: cn=config

createTimestamp: 20081020215916Z

olcDbCheckpoint: 64 5

entryCSN: 20120508131730.926865Z#000000#000#000000

modifiersName: cn=config

modifyTimestamp: 20120508131730Z
10424bofh
Outstanding Member
Outstanding Member
Posts: 286
Joined: Sat Sep 13, 2014 1:15 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby 10424bofh » Fri Sep 21, 2012 5:36 am

Ahm did the file bevore the upgrade exist or is it after the upgrade?

i think its made during the process
about the cert use this
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
gilles.guillotin
Posts: 2
Joined: Sat Sep 13, 2014 2:54 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby gilles.guillotin » Fri Sep 21, 2012 7:09 am

Hi,
I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.

It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.
Concerning certificate, this command is placed before the error occurs :
[QUOTE]Setting local config ssl_allow_untrusted_certs to true[/QUOTE]
So, this might not be certificate related.
10424bofh
Outstanding Member
Outstanding Member
Posts: 286
Joined: Sat Sep 13, 2014 1:15 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby 10424bofh » Fri Sep 21, 2012 9:45 am

[quote user="gilles.guillotin"]Hi,
I'm currently having the same issue trying to upgrade from 7.2.0 to 8.0 FOSS.

It seems that olcDatabase={2}mdb.ldif is generated during process of upgrade.
Concerning certificate, this command is placed before the error occurs :

So, this might not be certificate related.[/QUOTE]
thanks for the intel, i suspected something like that.
wll that line concern me, i got the same but have commercial certs installed, so like my initial posts says im curious now about that

also i read somewhere you need commercial certs and thers a bug with untrusted, i think somwhere at the releasenotes

can be wrong but i really think i picked that one up somewhere
apsantos
Posts: 8
Joined: Fri Sep 12, 2014 10:30 pm

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby apsantos » Fri Sep 21, 2012 1:16 pm

in the release note they talk about certs:
...

Verify Certificates Expiration Date

ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for

communication between some components. The self-signed certificates that

are automatically created by the ZCS install have a default expiration in ZCS

7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825

days (5 years).

If you have an ZCS installation that is over one year old and are using self-

signed certificates, your certificates will need to be updated either prior to the

upgrade or immediately following the upgrade.
10424bofh
Outstanding Member
Outstanding Member
Posts: 286
Joined: Sat Sep 13, 2014 1:15 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby 10424bofh » Fri Sep 21, 2012 1:37 pm

[quote user="apsantos"]in the release note they talk about certs:
...

Verify Certificates Expiration Date

ZCS 8.0.x requires a valid self-signed or commercial SSL certificate for

communication between some components. The self-signed certificates that

are automatically created by the ZCS install have a default expiration in ZCS

7.2 or earlier of 365 days, beginning with ZCS 8.0 default expiration is 1825

days (5 years).

If you have an ZCS installation that is over one year old and are using self-

signed certificates, your certificates will need to be updated either prior to the

upgrade or immediately following the upgrade.[/QUOTE]
ok i looked it up theres aslo another issue but only for multinode. under known issue you will find that a roling upgrade on a multinodeconfig is only with a commercial cert possible
so does not affect single server installs
Albin Mujkic
Posts: 4
Joined: Sat Sep 13, 2014 2:55 am

Upgrade from 7.2.0 to 8.0 fail with ldap error

Postby Albin Mujkic » Fri Sep 21, 2012 1:58 pm

I had the same problem and it is not certificate related.
The problem was that i have changed ldap settings:

ldap_common_threads,ldap_common_toolthreads,ldap_db_cachesizeldap_db_idlcachesize,ldap_cache_domain_maxsize

by following OpenLDAP Performance Tuning instructions (OpenLDAP Performance Tuning - Zimbra :: Wiki).
I had set the ldap settings to default again:



su - zimbra

zmlocalconfig -e ldap_common_threads=8

zmlocalconfig -e ldap_common_toolthreads=1

zmlocalconfig -e ldap_db_cachesize=10000

zmlocalconfig -e ldap_db_idlcachesize=10000

zmlocalconfig -e ldap_cache_domain_maxsize=100
zmcontrol restart
and upgrade to 8.0 finished successfully.
For multinode installation do this on ldap master and replicas to.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 9 guests