LDAP error after crash help needed

[smclinden]

My server crashed, yesterday, and when it restarted starts but cannot be queried. I am using LetsEncrypt certs from Nov 17, 2018. I refreshed the certificates from November but I get the following (nothing has changedin months):

zmcontrol start
Starting LDAP
Connect: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.

[zimbra@smtp ~]$ ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "mail=USER@DOMAIN" #Using real user email
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I verified that it is listening on port 389 and that the DNS and MX records are correct. It is, likely, a certificate issue but I can only find potential fixes for self-signed certificates, not commercial certificates.

[zimbra@smtp conf]$ dig informed.net mx

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> informed.net mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;informed.net. IN MX

;; ANSWER SECTION:
informed.net. 6400 IN MX 0 smtp.informed.net.

;; AUTHORITY SECTION:
informed.net. 6400 IN NS ns1.aspstation.net.
informed.net. 6400 IN NS ns2.aspstation.net.

;; ADDITIONAL SECTION:
smtp.informed.net. 6400 IN A 66.207.131.23
ns1.aspstation.net. 86400 IN A 66.207.128.2
ns2.aspstation.net. 86400 IN A 66.207.128.3

;; Query time: 0 msec
;; SERVER: 66.207.128.2#53(66.207.128.2)
;; WHEN: Sat Dec 29 14:56:40 EST 2018
;; MSG SIZE rcvd: 157

[zimbra@smtp conf]$

[zimbra@smtp conf]$ more /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
66.207.131.23 smtp.informed.net smtp

[zimbra@smtp conf]$ more /etc/resolv.conf
# Generated by NetworkManager
search informed.net
nameserver 66.207.128.2
nameserver 66.207.128.3
[zimbra@smtp conf]$

[zimbra@smtp conf]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt all
- imapd: /opt/zimbra/conf/imapd.crt
notBefore=Nov 17 17:28:37 2018 GMT
notAfter=Feb 15 17:28:37 2019 GMT
subject= /CN=smtp.informed.net
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
SubjectAltName=smtp.informed.net
- ldap: /opt/zimbra/conf/slapd.crt
notBefore=Nov 17 17:28:37 2018 GMT
notAfter=Feb 15 17:28:37 2019 GMT
subject= /CN=smtp.informed.net
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
SubjectAltName=smtp.informed.net
- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem
notBefore=Nov 17 17:28:37 2018 GMT
notAfter=Feb 15 17:28:37 2019 GMT
subject= /CN=smtp.informed.net
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
SubjectAltName=smtp.informed.net
- mta: /opt/zimbra/conf/smtpd.crt
notBefore=Nov 17 17:28:37 2018 GMT
notAfter=Feb 15 17:28:37 2019 GMT
subject= /CN=smtp.informed.net
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
SubjectAltName=smtp.informed.net
- proxy: /opt/zimbra/conf/nginx.crt
notBefore=Nov 17 17:28:37 2018 GMT
notAfter=Feb 15 17:28:37 2019 GMT
subject= /CN=smtp.informed.net
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
SubjectAltName=smtp.informed.net
[zimbra@smtp conf]$

[DualBoot]

Hello,

which version of Zimbra ? mono or multi server ? Only one Zimbra LDAP ?

Then stop all Zimbra process and start LDAP service only and check /var/log/zimbra.log to see what is going wrong.

Regards,

[smclinden]

I started with 8.8.8 and did an update with the 8.8.8 image. That didn't fix a thing. I've tried disabling TLS, etc., but I can't seem to access the LDAP service.

No errors on startup. But any attempt to access LDAP fail with:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I've been dead for 5 days and nothing I have done seems to fix it. Nothing else is running and I zeroed out the logs so I am not sure why I am getting the zmmailboxd messages.


Jan 2 13:41:15 smtp slapd[30951]: @(#) $OpenLDAP: slapd 2.4.46 (Sep 18 2018 11:08:43) $#012#011build@c787:/home/build/git/87/packages/thirdparty/openldap/build/RHEL7_64/zimbra-openldap/rpm/BUILD/openldap-2.4.4
6/servers/slapd
Jan 2 13:41:15 smtp slapd[30952]: slapd starting
Jan 2 13:48:27 smtp ldapsearch: DIGEST-MD5 common mech free
Jan 2 13:48:32 smtp zmmailboxdmgr[31704]: file /opt/zimbra/log/zmmailboxd_manager.pid does not exist
Jan 2 13:48:32 smtp zmmailboxdmgr[31704]: assuming no other instance is running
Jan 2 13:48:32 smtp zmmailboxdmgr[31704]: file /opt/zimbra/log/zmmailboxd.pid does not exist
Jan 2 13:48:32 smtp zmmailboxdmgr[31704]: assuming no other instance is running
Jan 2 13:48:32 smtp zmmailboxdmgr[31704]: no manager process is running

[root@smtp log]# netstat -anp | grep slap
tcp 0 0 66.207.131.23:389 0.0.0.0:* LISTEN 31638/slapd
unix 2 [ ACC ] STREAM LISTENING 108433 31638/slapd /opt/zimbra/data/ldap/state/run/ldapi
unix 2 [ ] DGRAM 108423 31638/slapd
unix 3 [ ] STREAM CONNECTED 109095 31638/slapd /opt/zimbra/data/ldap/state/run/ldapi

[DualBoot]

Can you telnet the LDAP port ? with 127.0.0.1 and the IP you have assigned ?

[smclinden]

Yes, I get the standard Telnet prompt.

When I do a zmcontrol start I get:

Connect: Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.

Even though ldap starts shortly thereafter.

Then, I get the following (I truncated it for readability) in /var/log/maillog:

Jan 3 08:06:06 smtp zmmailboxdmgr[4794]: file /opt/zimbra/log/zmmailboxd_manager.pid does not exist
Jan 3 08:06:06 smtp zmmailboxdmgr[4794]: assuming no other instance is running
Jan 3 08:06:06 smtp zmmailboxdmgr[4794]: file /opt/zimbra/log/zmmailboxd.pid does not exist
Jan 3 08:06:06 smtp zmmailboxdmgr[4794]: assuming no other instance is running
Jan 3 08:06:06 smtp zmmailboxdmgr[4794]: no manager process is running
Jan 3 08:06:23 smtp sSMTP[4253]: Unable to connect to "mail" port 25.
Jan 3 08:06:23 smtp sSMTP[4253]: Cannot open mail:25

Jan 3 08:07:37 smtp postfix/proxymap[6997]: fatal: /opt/zimbra/conf/ldap-vad.cf: bad string length 0 < 1: server_host =
Jan 3 08:08:42 smtp postfix/trivial-rewrite[6979]: warning: private/proxymap socket: service dict_proxy_open: Success
Jan 3 08:08:42 smtp postfix/smtpd[7515]: warning: private/proxymap socket: service dict_proxy_open: Connection reset by peer
Jan 3 08:08:42 smtp postfix/master[6973]: warning: process /opt/zimbra/common/libexec/proxymap pid 8060 exit status 1
Jan 3 08:08:42 smtp postfix/master[6973]: warning: /opt/zimbra/common/libexec/proxymap: bad command startup -- throttling

[DualBoot]

what provide :

Code: Select all

zmlocalconfig ldap_master_url ldap_url

and

Code: Select all

zmhostname

[smclinden]

So I tried to fix things by re-running zmsetup.pl and I get this (it doesn't seem to handle the creation of mysql properly):

Thu Jan 3 11:51:55 2019 *** Running as zimbra user: /opt/zimbra/bin/mysql.server start
Starting mysqld...done.
Thu Jan 3 11:52:26 2019 *** Running as zimbra user: /opt/zimbra/bin/mysql.server start
mysqld_safe already running with pid 16138
Thu Jan 3 11:52:38 2019 *** Running as zimbra user: /opt/zimbra/bin/mysql.server start
mysqld_safe already running with pid 16138
Thu Jan 3 11:52:50 2019 *** Running as zimbra user: /opt/zimbra/bin/mysql.server start
mysqld_safe already running with pid 16138
Thu Jan 3 11:53:02 2019 *** Running as zimbra user: /opt/zimbra/bin/mysql.server start
mysqld_safe already running with pid 16138
[root@smtp tmp]#

[smclinden]

[zimbra@smtp ~]$ zmlocalconfig ldap_master_url ldap_url
ldap_master_url = ldap://smtp.informed.net:389
ldap_url = ldap://smtp.informed.net:389
[zimbra@smtp ~]$ zmhostname
smtp.informed.net
[zimbra@smtp ~]$