LDAP invalid credentials

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
bnabilos
Posts: 1
Joined: Tue Jun 19, 2018 2:22 pm

LDAP invalid credentials

Post by bnabilos »

Hi,

My Zimbra installation stopped working this morning, it looked like a file system crash as the system switched to "read-only" mode. I restarted the server and ran a file system check which completed successfully.

After restarting the server, Zimbra won't start. After checking the logs, I found that Zimbra couldn't connect to LDAP.

LDAP service is starting
zmcontrol restart returns an error saying that it couldn't connect to LDAP server

I tried to connect to LDAP using this command:

Code: Select all

ldapsearch -LLL -h mail.myhostname.com -p 389 -D uid=zimbra,cn=admins,cn=zimbra -W
Using the password I have in /opt/zimbra/conf/localconfig.xml but I get the following error:

Code: Select all

ldap_bind: Invalid credentials (49)
Runnig it with debug mode returns the following:

Code: Select all

ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP mail.myhostname.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 51.254.93.89:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect: 
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 54 bytes to sd 3
ldap_result ld 0xf923d0 msgid 1
wait4msg ld 0xf923d0 msgid 1 (infinite timeout)
wait4msg continue ld 0xf923d0 msgid 1 all 1
** ld 0xf923d0 Connections:
* host: mail.myhostname.com  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Jun 19 14:31:37 2018


** ld 0xf923d0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0xf923d0 request count 1 (abandoned 0)
** ld 0xf923d0 Response Queue:
   Empty
  ld 0xf923d0 response count 0
ldap_chkResponseList ld 0xf923d0 msgid 1 all 1
ldap_chkResponseList returns ld 0xf923d0 NULL
ldap_int_select
read1msg: ld 0xf923d0 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0xf923d0 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0xf923d0 0 new referrals
read1msg:  mark request completed, ld 0xf923d0 msgid 1
request done: ld 0xf923d0 msgid 1
res_errno: 49, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_bind: Invalid credentials (49)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed
Restarting other services returns the same error:

Code: Select all

$ zmlogswatchctl restart
Stopping logswatch...logswatch is not running.
Starting logswatch...[] INFO: master is down, falling back to replica...
[] FATAL: failed to initialize LDAP client
com.zimbra.cs.ldap.LdapException: LDAP error: : invalid credentials
ExceptionId:main:1529417978844:ba1c9394c358da7d
Code:ldap.LDAP_ERROR
	at com.zimbra.cs.ldap.LdapException.LDAP_ERROR(LdapException.java:90)
	at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:74)
	at com.zimbra.cs.ldap.unboundid.UBIDLdapException.mapToLdapException(UBIDLdapException.java:40)
	at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:117)
	at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnectionPool(LdapConnectionPool.java:63)
	at com.zimbra.cs.ldap.unboundid.UBIDLdapContext.init(UBIDLdapContext.java:101)
	at com.zimbra.cs.ldap.unboundid.UBIDLdapClient.init(UBIDLdapClient.java:39)
	at com.zimbra.cs.ldap.LdapClient.getInstance(LdapClient.java:65)
	at com.zimbra.cs.ldap.LdapClient.initialize(LdapClient.java:88)
	at com.zimbra.cs.account.ldap.LdapProv.<init>(LdapProv.java:48)
	at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:265)
	at com.zimbra.cs.account.ldap.LdapProvisioning.<init>(LdapProvisioning.java:262)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
	at java.lang.Class.newInstance(Class.java:433)
	at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:286)
	at com.zimbra.cs.account.Provisioning.getInstance(Provisioning.java:243)
	at com.zimbra.cs.account.ProvUtil.initProvisioning(ProvUtil.java:810)
	at com.zimbra.cs.account.ProvUtil.main(ProvUtil.java:3691)
Caused by: LDAPException(resultCode=49 (invalid credentials), errorMessage='invalid credentials')
	at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1894)
	at com.unboundid.ldap.sdk.LDAPConnectionPool.createConnection(LDAPConnectionPool.java:988)
	at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:876)
	at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:779)
	at com.unboundid.ldap.sdk.LDAPConnectionPool.<init>(LDAPConnectionPool.java:726)
	at com.zimbra.cs.ldap.unboundid.LdapConnectionPool.createConnPool(LdapConnectionPool.java:112)
	... 17 more
zimbra logger service is not enabled!  failed.
Do you have an idea what could cause that and how to fix it?

Thank you.
User avatar
fs.schmidt
Outstanding Member
Outstanding Member
Posts: 278
Joined: Sat Sep 13, 2014 3:37 am
Location: Brazil
Contact:

Re: LDAP invalid credentials

Post by fs.schmidt »

Hello,

Please try this first (as user zimbra):

source ~/bin/zmshutil; zmsetvars
ldapsearch -x -H $ldap_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -b '' -LLL

If it doesn't work, please try the steps in the following article to recover your LDAP:

https://wiki.zimbra.com/wiki/LDAP_data_import_export
Post Reply