I was able to test this a little more and while the script works perfectly for installation it fails to reload the ldap certificate and gives a false sense that everything worked perfectly. As a result - some point in the future that running ldap process will have an expired certificate. That causes a lot of side effects with stop/restarts/status etc. If you restart zimbra or reboot your hosts before the expiration then one might not notice this because the updated cert would have been reloaded. I have updated the wiki to reflect this code change. Too bad because restarting/reloading did shave a little time off the outage to update the certificate.
Note: Given how badly an expired ldap certificate behaves in this failure mode, I am going with the full restart vs finessing the addition of an ldap restart/reload to those other 3 restart/reloads myself.
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Who is online
Users browsing this forum: No registered users and 27 guests