[zimbra@mail init.d]$ zmcontrol -v
Release 8.0.7_GA_6021.RHEL6_64_20140408123911 RHEL6_64 FOSS edition.
Yesterday we rebooted our zimbra server and now the service’s will not start.
There have been no changes to zembra or the server in weeks maybe even months just a reboot. I have looked and verified DNS, files permissions and ssl certs all are correct and seam to me in order.
If someone could help, we are also willing to pay for support or consultant to help resolve this issue.
[zimbra@mail ldap]$ zmcontrol restart
Host mail.nnwifi.com
Stopping vmware-ha…Done.
Stopping zmconfigd…Done.
Stopping stats…Done.
Stopping mta…Done.
Stopping spell…Done.
Stopping snmp…Done.
Stopping cbpolicyd…Done.
Stopping archiving…Done.
Stopping opendkim…Done.
Stopping antivirus…Done.
Stopping antispam…Done.
Stopping proxy…Done.
Stopping memcached…Done.
Stopping mailbox…Done.
Stopping logger…Done.
Stopping ldap…Done.
Host mail.nnwifi.com
Starting ldap…Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd…Done.
Starting logger…Failed.
Starting logswatch…[] INFO: master is down, falling back to replica…
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
ExceptionId:main:1459864082648:b89c3161812b01c9
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:88)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:72)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:38)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:64)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:99)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:37)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:63)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:86)
at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:46)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:257)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:254)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.lang.Class.newInstance(Class.java:374)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:281)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:238)
at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:799)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3581)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage=’invalid credentials’)
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:876)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:779)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:726)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:113)
… 17 more
zimbra logger service is not enabled! failed.
Starting mailbox…Failed.
Starting antispam…Done.
Starting opendkim…Failed.
opendkim: /opt/zimbra/conf/opendkim.conf:
ldap://mail.nnwifi.com:389/?DKIMSelecto … dentity=$d
): dkimf_db_open(): Invalid credentials
Failed to start opendkim: 0
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
Hi,
My Zimbra installation stopped working this morning, it looked like a file system crash as the system switched to «read-only» mode. I restarted the server and ran a file system check which completed successfully.
After restarting the server, Zimbra won’t start. After checking the logs, I found that Zimbra couldn’t connect to LDAP.
LDAP service is starting
zmcontrol restart returns an error saying that it couldn’t connect to LDAP server
I tried to connect to LDAP using this command:
Code: Select all
ldapsearch -LLL -h mail.myhostname.com -p 389 -D uid=zimbra,cn=admins,cn=zimbra -W
Using the password I have in /opt/zimbra/conf/localconfig.xml but I get the following error:
Code: Select all
ldap_bind: Invalid credentials (49)
Runnig it with debug mode returns the following:
Code: Select all
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP mail.myhostname.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 51.254.93.89:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 54 bytes to sd 3
ldap_result ld 0xf923d0 msgid 1
wait4msg ld 0xf923d0 msgid 1 (infinite timeout)
wait4msg continue ld 0xf923d0 msgid 1 all 1
** ld 0xf923d0 Connections:
* host: mail.myhostname.com port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Jun 19 14:31:37 2018
** ld 0xf923d0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0xf923d0 request count 1 (abandoned 0)
** ld 0xf923d0 Response Queue:
Empty
ld 0xf923d0 response count 0
ldap_chkResponseList ld 0xf923d0 msgid 1 all 1
ldap_chkResponseList returns ld 0xf923d0 NULL
ldap_int_select
read1msg: ld 0xf923d0 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0xf923d0 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0xf923d0 0 new referrals
read1msg: mark request completed, ld 0xf923d0 msgid 1
request done: ld 0xf923d0 msgid 1
res_errno: 49, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_bind: Invalid credentials (49)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed
Restarting other services returns the same error:
Code: Select all
$ zmlogswatchctl restart
Stopping logswatch...logswatch is not running.
Starting logswatch...[] INFO: master is down, falling back to replica...
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
ExceptionId:main:1529417978844:ba1c9394c358da7d
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:40)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:101)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:65)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:88)
at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:48)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:265)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:262)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at java.lang.Class.newInstance(Class.java:433)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:286)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:243)
at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:810)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3691)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='invalid credentials')
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:876)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:779)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:726)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:112)
... 17 more
zimbra logger service is not enabled! failed.
Do you have an idea what could cause that and how to fix it?
Thank you.
hello,
i have problem with ldap authentication and zimbra. For all user i receive auth error. com.zimbra.cs.ldap.LdapException: LDAP error: — unable to ldap authenticate: invalid credentials
log of ldap on sme:
@40000000567143cc1f528ff4 567143c2 conn=1411 op=43 SRCH base=»dc=***,dc=org» scope=2 deref=3 filter=»(uid=g*****)»
@40000000567143cc1f63a30c 567143c2 conn=1411 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text=
@40000000567143cc1fa2e274 567143c2 conn=1423 fd=26 ACCEPT from IP=192.168.10.65:43634 (IP=0.0.0.0:389)
@40000000567143cc1fb7973c 567143c2 conn=1423 op=0 BIND dn=»uid=g*****,ou=Users,dc=***,dc=org» method=128
@40000000567143cc1fb7a6dc 567143c2 conn=1423 op=0 RESULT tag=97 err=49 text=
@40000000567143cc1fcb752c 567143c2 conn=1423 op=1 UNBIND
@40000000567143cc1fccec2c 567143c2 conn=1423 fd=26 closed
I’m sure that the password is correct. you have any suggestion?
Thanks
« Last Edit: March 03, 2016, 10:59:16 AM by Stefano »
Logged
oh, yes, my friend..
since zimbra is not a SME service nor a contrib, I guess you have another server with it..
you’d tell us how you configured ldap authentication and give us as much details as you can, if you want us to understand whot’s going wrong and help you 
Logged
Most likely Zimbra is not using any security to bind to LDAP, so it just rejects any password. You have to use SSL (port 636) or TLS (port 389)
Logged
C’est la fin du monde !!! 
i have configured zimbra in other server (centos 6)
in zimbra i configure LDAP filter uid=%u and LDAP search base «dc=***,dc=org» , Use DN/Password to bind to external server: No
i use port 389 (no ssl) . if i use ssl i have invalid certificate error
Logged
i use port 389 (no ssl) . if i use ssl i have invalid certificate error
It won’t work. You have to use SSL or TLS. If you can’t make Zimbra accept your self signed cert, then you should buy a trusted one (or try the LetsEncrypt how-to)
Logged
C’est la fin du monde !!!
Thanks.. i buy ssl certificate and all work
Logged
guest22
Please add [Solved] to the subject.
@admin, please move to general discussion.
Logged
Гость, 28/03/2015 — 12:38
Возникла проблема — намертво зависла вирт машина на esxi 5.5. через консоль и ssh зайти не смог, пришлось рестартануть принудительно. после рестрата зимбра перестала запусткаться.
Версия — Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 FOSS edition.
C DNS все в порядке
С сертификатом все в порядке по дате.Стоит заверенный comodo.
С датой все в порядке.
Непонятно что случилось, за несколько дней до этого спокойно рестартовал.
Уже 2 дня бьюсь, не могу понять что случилось.
При попытки сделать резервную копию ldap получаю пустой файл.
При попытки зафлушить ошибка : zimbra@mail:~/data/ldap/mdb/db$ zmprov flushCache account && zmprov flushCache cos && zmprov flushCache domain && zmprov flushCache server [] INFO: I/O exception (java.net.ConnectException) caught when processing request: Connection refused [] INFO: Retrying request ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)
Ldap без реплики.
вот такая бяка :
zimbra@mail:~/data/ldap/mdb/db$ zmcontrol restart
Host mail.mailserver.zone
Stopping vmware-ha…Done.
Stopping zmconfigd…Done.
Stopping stats…Done.
Stopping mta…Done.
Stopping spell…Done.
Stopping snmp…Done.
Stopping cbpolicyd…Done.
Stopping archiving…Done.
Stopping opendkim…Done.
Stopping antivirus…Done.
Stopping antispam…Done.
Stopping proxy…Done.
Stopping memcached…Done.
Stopping mailbox…Done.
Stopping logger…Done.
Stopping ldap…Done.
Host mail.mailserver.zone
Starting ldap…Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd…Done.
Starting logger…Failed.
Starting logswatch…[] INFO: master is down, falling back to replica…
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
ExceptionId:main:1426834365023:dbc223f29f1897fb
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:88)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:72)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:38)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:64)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:99)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:37)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:63)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:86)
at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:46)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:257)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:254)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.lang.Class.newInstance(Class.java:374)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:281)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:238)
at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:799)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3581)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage=’invalid credentials’)
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1837)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:666)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:562)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:113)
… 17 more
zimbra logger service is not enabled! failed.
Starting mailbox…Failed.
Starting antispam…Done.
Starting opendkim…Failed.
/opt/zimbra/bin/zmopendkimctl: line 54: kill: (25745) — No such process
opendkim: /opt/zimbra/conf/opendkim.conf: ldap://mail.mailserver.zone:389/?DKIMSelector?sub?(DKIMIdentity=$d): dkimf_db_open(): Invalid credentials
Failed to start opendkim: 0
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
Новые пользователи
Сейчас на сайте
Сейчас на сайте 0 пользователей и 2 гостя.
I have succesfully replicated Zimbra LDAP server to standalone OpenLDAP server. I plan to use the replicated server as central LDAP server for our internal application authentication service.
Steps that I follow to replicate Zimbra LDAP are:
1. Install new OpenLDAP server.
2. Copy all schema definition from Zimbra to new server
3. Add new database with olcSuffix: «» and add replication and other configs:
dn: olcDatabase={2}mdb,cn=config
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /var/lib/ldap1
olcSuffix:
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
olcDbIndex: entryCSN eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq
olcDbIndex: zimbraForeignPrincipal eq
olcDbIndex: zimbraYahooId eq
olcDbIndex: zimbraId eq
olcDbIndex: zimbraVirtualHostname eq
olcDbIndex: zimbraVirtualIPAddress eq
olcDbIndex: zimbraMailDeliveryAddress eq,sub
olcDbIndex: zimbraAuthKerberos5Realm eq
olcDbIndex: zimbraMailForwardingAddress eq
olcDbIndex: zimbraMailCatchAllAddress eq,sub
olcDbIndex: zimbraMailHost eq
olcDbIndex: zimbraMemberOf eq
olcDbIndex: zimbraShareInfo sub
olcDbIndex: zimbraSharedItem eq,sub
olcDbIndex: zimbraMailTransport eq
olcDbIndex: zimbraMailAlias eq,sub
olcDbIndex: zimbraACE sub
olcDbIndex: zimbraDomainName eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: zimbraCalResSite eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: displayName pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: zimbraCalResRoom eq,sub
olcDbIndex: zimbraCalResCapacity eq
olcDbIndex: zimbraCalResBuilding eq,sub
olcDbIndex: zimbraCalResFloor eq,sub
olcDbIndex: zimbraDomainAliasTargetID eq
olcDbIndex: zimbraUCServiceId eq
olcDbIndex: DKIMIdentity eq
olcDbIndex: DKIMSelector eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: memberUid eq
structuralObjectClass: olcMdbConfig
entryUUID: 3b19a066-8133-1036-9c54-457b17c0eeaa
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20170207034245Z
olcSyncrepl: {0}rid=919 provider=ldap://master.example.com type=refresh
AndPersist retry="5 5 300 +" searchbase="" attrs="*,+" bindmethod=simple bi
nddn="uid=zimbra,cn=admins,cn=zimbra" credentials=secret
olcDbMaxSize: 85899345920
olcRootDN: cn=admin,cn=config
entryCSN: 20170207042001.780092Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20170207042001Z
I have succesfully replicated all the data from Zimbra to the new LDAP server. But I can’t bind to the replicated server using zimbra user. e.g.
uid=desdulianto,ou=people,dc=example,dc=com.
ldapwhoami -vvv -x -h localhost -D uid=desdulianto,ou=people,dc=example,dc=com -W
ldap_initialize( ldap://localhost )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
But I can verify the password using Apache Directory Studio (cannot bind though).
Is there any mistake or other configuration that I need to add?
Thanks.