Problem upgrade LDAP server 8.0.3 to 8.6

[diogo_falcomer]

Hi guys,

I was discusting upgrade my enviroment to 8.6 in this thread: viewtopic.php?f=13&t=59365

In this weekend, i open a window to upgrade, in the first try to upgrade the ldap appear the problem below:

Code: Select all

Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
       Fix cert configuration prior to upgrading.
  

Investigating my ldap still running in 389 port and not SSL connection. this would be the problem?

All foruns in google to that problem the link was broken.

When i try to upgrade to 8.0.9 this problem doesn't occour.

[vavai]

HI,

Hi guys,

I was discusting upgrade my enviroment to 8.6 in this thread: viewtopic.php?f=13&t=59365

In this weekend, i open a window to upgrade, in the first try to upgrade the ldap appear the problem below:

Code: Select all

Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
       Fix cert configuration prior to upgrading.
  

Investigating my ldap still running in 389 port and not SSL connection. this would be the problem?

All foruns in google to that problem the link was broken.

When i try to upgrade to 8.0.9 this problem doesn't occour.

This problem usually occurred when your SSL certificate using different name compare to it's hostname. Check your hostname, /etc/hosts and result of /opt/zimbra/bin/zmcertmgr viewdeployedcrt

[diogo_falcomer]

Thanks vavai.

In the server /etc/hostname vage only the first name of the server, have completed it to "nameserver.mydomain.com"

Have corrected this on the hosts too.

I will try to test on a test enviroment.

[vavai]

Hi

Thanks vavai.

In the server /etc/hostname vage only the first name of the server, have completed it to "nameserver.mydomain.com"

Have corrected this on the hosts too.

I will try to test on a test enviroment.

Have you take a look and check the result of /opt/zimbra/bin/zmcertmgr viewdeployedcrt regarding the hostname?

[quanah]

Hi guys,
Investigating my ldap still running in 389 port and not SSL connection. this would be the problem?

Zimbra uses startTLS over port 389 by default. Do not confuse not using port 636 as not having encrypted connections.

[diogo_falcomer]

Have you take a look and check the result of /opt/zimbra/bin/zmcertmgr viewdeployedcrt regarding the hostname?

Yes, my cert is a wildcart (*.mydomain.com), the problem probably is on the /etc/hosts, the /etc/hosts doesn't have the complete FQDN to server, only the first name of the server.

Zimbra uses startTLS over port 389 by default. Do not confuse not using port 636 as not having encrypted connections.

Thanks Quanah, I asked only to confirm that it could be. I believe the problem is the same as reported by Vavai.

As the environment is production. I can not test during those days.

[diogo_falcomer]

I have solved the problem with this commands.

Code: Select all

zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmcontrol restart

Hostname, certs all ok... only disable the starttls to solve the problem.

thanks for the reply guys!!