Добрый день!
Возникла проблема, над которой бьюсь второй день
Перелопатил кучу форумов- но пока проблему не решил…
Установлен почтовый сервер Zimbra 8,6,0
на Ubuntu 14.04 Server
Сервер проработал 2 года,120 почтовых ящиков, сервер в RAID, занято 68% от объема диска
Работал нормально, (со своевременным перевыпуском самоподписанных сертификатов на 365 дней)
Утром сервер завис, пришлось жестко перезагружать.
после перезагрузки отказались стартовать некоторые службы.
Выглядело это следующим образом:
zimba@mail:/home/admin$ zmcontrol status
search error: unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be innacurate.
Host mail.*tech*.ru
Amavis Running
Antispam Running
Antivirus Running
dnscache Running
ldap Running
logger Stopped
zmlogswachctl is not running
mailbox Stopped
zmmailboxctl is not running
memcached Running
mta Running
opendkim Stopped
zmopendkimctl is not running
service webapp Stopped
zmmailboxctl is not running
snmp Running
spell Running
stats Running
Zimbra webapp Stopped
zmmailboxctl is not running
zimbraAdmin webapp Stopped
zmmailboxctl is not running
zimlet webapp Stopped
zmmailboxctl is not running
zmconfigd stopped
zmconfigd is not running.
Обычно все решалось перевыпуском сертификата, но сейчас с ним какой то трабл…
Останавливаю службы zimbra.
из под root создаю новый корневой сертификат, затем новый самоподписанный сертификат,
разворачиваю сертификаты,
и в двух строчках получаю ошибки:
* Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS….. done
* Saving global config key zimbraCertAuthorityCertSelfSigned…. failed
* Saving global config key zimbraCertAuthorityKeySelfSigned…. failed
* Copying CA to /opt/zimbra/conf/ca… done
проверил разрешения: chown -R zimbra:zimbra /opt/zimbra
захожу в учетку зимбры и запускаю службы zmconfig start
Сыпятся ошибки:
zimbra@mail:~/bin$ zmcontrol start
Host mail.*tech*.ru
Starting ldap…Done.
Search error: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd…Failed.
Starting zmconfigd…failed.
Starting logger…Failed.
Starting logswatch…[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
ExceptionId:main:1373476600901:f0d261570792fedd
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:88)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:101)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:39)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:64)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:95)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:37)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:63)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:86)
at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:46)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:256)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:253)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:278)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:238)
at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:744)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3505)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage=’invalid credentials’)
at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1837)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:112)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:562)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:113)
… 17 more
zimbra logger service is not enabled! failed.
Starting mailbox…failed.
Starting antispam…Done.
Starting antivirus…Done.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
Starting opendkim….. failed.
файлы hosts, hostname проверены. Сервер резолвится.
Буду признателен за любую помощь и идеи…
habibzain Follow
Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.
April 3, 2023
1 min read
Hi Dude. Some time ago I was doing a fresh installation of zimbra on a cloud provider, suddenly I arrived at “Initializing ldap … Failed” the installation process stopped. This is the problem I faced while installing zimbra on a cloud platform. Zimbra error LDAP when running install and can’t continue. There is error “Connection refused at /opt/zimbra/libexec/zmldapinit”.
I created an instance with the following specs:
- CPU: 2 cores.
- RAM: 4GB
- Storage: 40GB disks.
- OS: Ubuntu 18.
Like Cloud platforms in general (eg GCP, AWS) in instances there are only Local IPs. External Public IP embedded in “VPC Network” feature.
Troubleshoot.
At first I suspected that the LDAP version in my ubuntu repository was outdated. Because in the installation log like this.
Mon Apr 3 14:48:36 2023 zimbra-ldap is enabled Mon Apr 3 14:48:36 2023 Initializing ldap... Mon Apr 3 14:48:36 2023 *** Running as zimbra user: /opt/zimbra/libexec/zmldapinit Connection refused at /opt/zimbra/libexec/zmldapinit line 138. Mon Apr 3 14:49:24 2023 failed.
And also in /var/log/zimbra.log show like this.
Apr 3 14:48:53 mail slapd[58073]: @(#) $OpenLDAP: slapd 2.4.59 (Jul 7 2021 22:26:24) $#012#011openldap Apr 3 14:48:53 mail slapd[58073]: daemon: bind(7) failed errno=99 (Cannot assign requested address) Apr 3 14:48:53 mail slapd[58073]: slapd stopped.
Fix the Problem.
After googling and read some threat in zimbra forum, i found this link.
Big problem is I forgot not to add local IP in /etc/hosts.
Here is /etc/hosts before:
#cat /etc/hosts 127.0.0.1 localhost 103.117.57.220 mail.habibza.in mail
This case solved with add local IP in /etc/hosts. Like here.
# cat /etc/hosts 127.0.0.1 localhost 103.117.57.220 mail.habibza.in mail 10.13.20.145 mail.habibza.in mail
After save and then continue re-run with command “/opt/zimbra/libexec/zmsetup.pl”. Installation success until finish.
That is simply way to fix zimbra error LDAP when running install. Please feel free for comment. Maybe usefull.
habibzain Follow
Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.
- #ldap
Zimbra на одном из дружественных серверов внезапно перестала выходить на связь. Сообщая при авторизации «Ошибка сети»
Перезапуск сервера ничего не дал. Запуск зимбры вручную выдавал ошибку ldap:
$ zmcontrol start
Host mail.yourdomain.com
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn’t exist.
Попытки проверить права доступа, постучать в бубен, выйти и войти ничего не дали. Единственой зацепкой стал тот факт, что устонавливали зимбру примерно год назад.
Гугление принесло интересный результат — сдох сертификат SSL. Чисто от старости. Благо, что все равно самоподписанный.
Единственная найденная осмысленная дока давала следующие советы:
Первые шаги надо делать от рута.
Генерим Certificate Authority (CA).
# /opt/zimbra/bin/zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done.
Теперь генерим сертификат, подписанный CA еще на 365 дней.
# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
** Saving server config key zimbraSSLPrivateKey…failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
Теперь развертываем сертификат.
# /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate…done.
** Saving server config key zimbraSSLPrivateKey…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.
Теперь развертываем CA
# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving global config key zimbraCertAuthorityCertSelfSigned…done.
** Saving global config key zimbraCertAuthorityKeySelfSigned…done.
** Copying CA to /opt/zimbra/conf/ca…done.
И, наконец, смотрим что у нас получилось:
# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
::service mta::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
::service proxy::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
::service mailboxd::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
::service ldap::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
#
Все!
Теперь переключаемся в пользователя zimbra и пробуем запустить:
~$ zmcontrol start
Host mail.yourdomain.com
Starting ldap…Done.
Starting logger…Done.
Starting convertd…Done.
Starting mailbox…Done.
Starting antispam…Done.
Starting antivirus…Done.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
$
Варианты сообщений об ошибке:
Unable to determine enabled services from ldap
Unable to determine enabled services Cache is out of date or doesnt exist
Saving global config key zimbraCertAuthorityCertSelfSigned failed
Saving server config key zimbraSSLPrivateKey failed
Unable to determine enabled services from ldap Unable to determine enabled services Cache is out of date or doesnt exist
If you encounter the error message “Initializing ldap…failed” during the installation of Zimbra on CentOS 6.2 x86_64, it indicates a problem with the initialization of the LDAP service. LDAP (Lightweight Directory Access Protocol) is a protocol used by Zimbra for user authentication and directory services.
*** CONFIGURATION COMPLETE - press 'a' to apply Select from menu, or press 'a' to apply config (? - help) a Save configuration data to a file? [Yes] yes Save config in file: [/opt/zimbra/config.9228] Saving config in /opt/zimbra/config.9228...done. The system will be modified - continue? [No] yes Operations logged to /tmp/zmsetup.03312012-204237.log Setting local config values...done. Setting up CA...done. Deploying CA to /opt/zimbra/conf/ca ...done. Creating SSL certificate...done. Installing mailboxd SSL certificates...done. Initializing ldap...failed. (28416) ERROR Configuration failed Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to complete the configuration. Errors have been logged to /tmp/zmsetup.03312012-204237.log
In this quick tutorial, we will walk you through the steps to fix this issue and successfully install Zimbra on your CentOS 6.2 x86_64 system.
Step 1: Check System Requirements:
Before proceeding with the fix, ensure that your CentOS 6.2 x86_64 system meets the minimum system requirements for Zimbra. Make sure you have sufficient resources, such as CPU, memory, and disk space, to run Zimbra smoothly. Additionally, verify that you have a stable internet connection for downloading the necessary packages.
Step 2: Install Required Packages:
To resolve the “Initializing ldap…failed” issue, you may need to install additional packages. Open a terminal or connect to your server via SSH and execute the following commands:
sudo yum install perl -y sudo yum install nc -y
These commands will install the required Perl and nc (netcat) packages, which are necessary for Zimbra to function properly.
Step 3: Disable SELinux:
SELinux (Security-Enhanced Linux) is a security mechanism that can interfere with the proper functioning of Zimbra. To avoid any conflicts, it is recommended to disable SELinux temporarily during the installation process. Open the SELinux configuration file using a text editor:
sudo vi /etc/selinux/config
Locate the line that says SELINUX=enforcing and change it to SELINUX=disabled. Save the file and exit the text editor.
Step 4: Reboot the System:
To apply the changes made to SELinux, reboot your CentOS system by executing the following command:
sudo reboot
After the reboot, SELinux will be disabled, allowing Zimbra to initialize the LDAP service without any interference.
Step 5: Retry Zimbra Installation:
Once your system has restarted, attempt to install Zimbra again using the installation command appropriate for your Zimbra version. For example:
sudo ./install.sh
Follow the on-screen prompts to complete the installation process. With SELinux disabled and the required packages installed, Zimbra should be able to initialize the LDAP service successfully.
Conclusion:
In this guide, we have addressed the “Initializing ldap…failed” error during Zimbra installation on CentOS 6.2 x86_64. By ensuring system requirements are met, installing the required packages, disabling SELinux, and retrying the installation, you should be able to resolve the issue and successfully install Zimbra on your system.
If you have any further questions or encounter any difficulties, please feel free to ask.
I’m currently moving my zimbra from Ubuntu 12.04 to Ubuntu 14.04
On both sides it’s a zimbra OSE 8.7.1, I already did all these steps :
Backuping zimbra with specificities :
- include all hidden files
- keeping original permissions
- use mdb_copy to transfer LDAP database with it real size and not with the 90G of space reserved
installing zimbra 8.7.1 from scratch
moving /opt/zimbra folder to /opt/zimbra-origin and fulfill the /opt/zimbra/ folder with all the backup files (including mdb files)
install (upgrade) instalation with -s option
removing (rm -rf /opt/zimbra/zimbramon/lib/x86_64-linux-gnu-thread-multi) incompatible software (perl incompatibility)
regenerate ssl certificates
fix permission (/opt/zimbra/libexec/zmfixperms —extended)
now when i perfom a zmcontrol start there is the output :
Host couriel.myhost.com
Starting ldap...Done.
Search error: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting ldap...Done.
Starting zmconfigd...Failed.
Starting zmconfigd...failed.
Starting logger...Failed.
Starting logswatch...[] INFO: master is down, falling back to replica...
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : An error occurred while attempting to connect to server couriel.myhost.com:389: java.io.IOException: An error occurred while attempting to establish a connection to server couriel.myhost.com:389: java.net.ConnectException: Connection refused
ExceptionId:main:1502133838579:4c9955ae08e3afb7
Code:ldap.LDAP_ERROR
at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:40)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:109)
at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:65)
at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:88)
at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:48)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:271)
at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:268)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:287)
at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:244)
at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:1004)
at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3955)
Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server couriel.myhost.com:389: java.io.IOException: An error occurred while attempting to establish a connection to server couriel.myhost.com:389: java.net.ConnectException: Connection refused')
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:741)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:675)
at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:507)
at com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:229)
at com.unboundid.ldap.sdk.ServerSet.getConnection(ServerSet.java:98)
at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:616)
at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:562)
at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:112)
... 17 more
Caused by: java.io.IOException: An error occurred while attempting to establish a connection to server couriel.myhost.com:389: java.net.ConnectException: Connection refused
at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:142)
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:732)
... 24 more
zimbra logger service is not enabled! failed.
Starting mailbox...Failed.
Starting antispam...Done.
Starting opendkim...Done.
Starting mta...Failed.
Error: postfix not installed
Starting stats...Done.
and zmcontrol status output :
Connect: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Host couriel.myhost.com
antispam Running
ldap Stopped
logger Stopped
zmlogswatchctl is not running
mailbox Stopped
mysql.server is not running.
zmmailboxdctl is not running.
mta Stopped
Error: postfix not installed
opendkim Running
stats Stopped
zmconfigd Stopped
zmconfigd is not running.
netstat -antp show me that nothing is listening on port 389. Any idea?