LDAP invalid credentials

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Posts: 1
Joined: Tue Jun 19, 2018 2:22 pm

LDAP invalid credentials

Postby bnabilos » Tue Jun 19, 2018 2:34 pm


My Zimbra installation stopped working this morning, it looked like a file system crash as the system switched to "read-only" mode. I restarted the server and ran a file system check which completed successfully.

After restarting the server, Zimbra won't start. After checking the logs, I found that Zimbra couldn't connect to LDAP.

LDAP service is starting
zmcontrol restart returns an error saying that it couldn't connect to LDAP server

I tried to connect to LDAP using this command:

Code: Select all

ldapsearch -LLL -h mail.myhostname.com -p 389 -D uid=zimbra,cn=admins,cn=zimbra -W

Using the password I have in /opt/zimbra/conf/localconfig.xml but I get the following error:

Code: Select all

ldap_bind: Invalid credentials (49)

Runnig it with debug mode returns the following:

Code: Select all

ldap_new_connection 1 1 0
ldap_connect_to_host: TCP mail.myhostname.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 54 bytes to sd 3
ldap_result ld 0xf923d0 msgid 1
wait4msg ld 0xf923d0 msgid 1 (infinite timeout)
wait4msg continue ld 0xf923d0 msgid 1 all 1
** ld 0xf923d0 Connections:
* host: mail.myhostname.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Jun 19 14:31:37 2018

** ld 0xf923d0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0xf923d0 request count 1 (abandoned 0)
** ld 0xf923d0 Response Queue:
  ld 0xf923d0 response count 0
ldap_chkResponseList ld 0xf923d0 msgid 1 all 1
ldap_chkResponseList returns ld 0xf923d0 NULL
read1msg: ld 0xf923d0 msgid 1 all 1
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0xf923d0 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0xf923d0 0 new referrals
read1msg:  mark request completed, ld 0xf923d0 msgid 1
request done: ld 0xf923d0 msgid 1
res_errno: 49, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_bind: Invalid credentials (49)
ldap_free_connection 1 1
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed

Restarting other services returns the same error:

Code: Select all

$ zmlogswatchctl restart
Stopping logswatch...logswatch is not running.
Starting logswatch...[] INFO: master is down, falling back to replica...
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
   at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
   at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
   at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:40)
   at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
   at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
   at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:101)
   at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
   at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:65)
   at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:88)
   at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:48)
   at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:265)
   at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:262)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
   at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
   at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
   at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
   at java.lang.Class.newInstance(Class.java:433)
   at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:286)
   at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:243)
   at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:810)
   at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3691)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='invalid credentials')
   at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
   at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
   at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:876)
   at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:779)
   at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:726)
   at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:112)
   ... 17 more
zimbra logger service is not enabled!  failed.

Do you have an idea what could cause that and how to fix it?

Thank you.

User avatar
Advanced member
Advanced member
Posts: 128
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil

Re: LDAP invalid credentials

Postby fs.schmidt » Wed Jun 20, 2018 12:32 am


Please try this first (as user zimbra):

source ~/bin/zmshutil; zmsetvars
ldapsearch -x -H $ldap_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -b '' -LLL

If it doesn't work, please try the steps in the following article to recover your LDAP:


Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 26 guests