I'm using zcs 8.6, when I try to upgrade to version 8.8, I encounter this issue: "Unable to create a successful TLS connection to the ldap masters"
I did search on the forum, there are some people who have same issue with me , but my situation is different. I'm using ZCS 8.6 and authenticate with Active Directory (Windows 2012 R2). Please guide me how to troubleshoot this issue
PS: I found the "solution" from "alessandro.motta" - I re-post it here if it's helpful for someone else:
Code: Select all
Step 1:-
Make changes on file "/opt/zimbra/libexec/zmupgrade.pm" and bypass the certificate check.
This section of zmupgrade.pm uses the Net::LDAP option of "verify=>'require'":
-----------------------------------------------------------------------------
403 if ( $ldap_starttls_supported ) {
404 my $result = $ldap->start_tls(
405 verify => 'require',
406 capath => "/opt/zimbra/conf/ca",
407 );
408 if ($result->code) {
409 main::progress("Unable to start TLS: ". $result->error . " when connecting to ldap master.\n");
410 return 1;
411 }
412 }
-----------------------------------------------------------------------------
From:-
verify => 'require',
To:-
verify => 'none',
Step 2:-
Now execute the following command to disable TLS on LDAP and restart zimbra services.
su - zimbra
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmlocalconfig -e ssl_allow_untrusted_certs=true
zmcontrol restart
Step 3:-
Now run the ./install.sh to upgrade existing setup to v8.6