Upgrade from 8.6 to 8.8: Unable to create a successful TLS connection to the ldap masters

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
tminh
Posts: 7
Joined: Sat Apr 14, 2018 1:53 pm

Upgrade from 8.6 to 8.8: Unable to create a successful TLS connection to the ldap masters

Post by tminh »

Hi everybody !

I'm using zcs 8.6, when I try to upgrade to version 8.8, I encounter this issue: "Unable to create a successful TLS connection to the ldap masters"

I did search on the forum, there are some people who have same issue with me , but my situation is different. I'm using ZCS 8.6 and authenticate with Active Directory (Windows 2012 R2). Please guide me how to troubleshoot this issue :roll:

PS: I found the "solution" from "alessandro.motta" - I re-post it here if it's helpful for someone else:

Code: Select all

Step 1:-
Make changes on file "/opt/zimbra/libexec/zmupgrade.pm" and bypass the certificate check.

This section of zmupgrade.pm uses the Net::LDAP option of "verify=>'require'":
-----------------------------------------------------------------------------
403 if ( $ldap_starttls_supported ) {
404 my $result = $ldap->start_tls(
405 verify => 'require',
406 capath => "/opt/zimbra/conf/ca",
407 );
408 if ($result->code) {
409 main::progress("Unable to start TLS: ". $result->error . " when connecting to ldap master.\n");
410 return 1;
411 }
412 }
-----------------------------------------------------------------------------

From:-
verify => 'require',

To:-
verify => 'none',


Step 2:-
Now execute the following command to disable TLS on LDAP and restart zimbra services.

su - zimbra
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmcontrol restart

Step 3:-
Now run the ./install.sh to upgrade existing setup to v8.6
Last edited by tminh on Sat Apr 14, 2018 2:56 pm, edited 1 time in total.
User avatar
axslingr
Outstanding Member
Outstanding Member
Posts: 256
Joined: Sat Sep 13, 2014 2:20 am
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 UBUNTU18

Re: Upgrade from 8.6 to 8.8: Unable to create a successful TLS connection to the ldap masters

Post by axslingr »

If you don't actually need a TLS connection, you can try these two commands and restart Zimbra.

Code: Select all

zmlocalconfig -e ldap_starttls_supported=0

zmlocalconfig -e ldap_starttls_required=false
Lance
tminh
Posts: 7
Joined: Sat Apr 14, 2018 1:53 pm

Re: Upgrade from 8.6 to 8.8: Unable to create a successful TLS connection to the ldap masters

Post by tminh »

Thank you for your information. Now I can upgrade ZCS to 8.8 :D
Post Reply